Drawing back the curtain on cyberwar

Shane Harris' book "@War" details the personalities and turf battles behind the U.S. government's conclusion that cyberspace is a national security asset.

Shane Harris' new book details the turning points and turf battles in federal cybersecurity policy.

Journalist Shane Harris has written a richly detailed, page-turning recent history of the militarization of cyberspace. The combination of thoroughness and accessibility makes "@War: The Rise of the Military-Internet Complex" an important contribution to the ever-changing, seemingly unfathomable field of cybersecurity.

Harris offers an inside account of how, over the course of more than a decade, U.S. military, intelligence and civilian agencies have ramped up their cyber capabilities to try to stay ahead of threats posed by criminal hackers and nation states. But the book does more than chronicle that transformation. It also picks up on the personalities and bureaucratic turf battles behind it and reflects on the broader implications for the security and openness of the Internet.

The book's subtitle is a variant of President Dwight Eisenhower's warning against the potentially outsize influence of industry on U.S. defense policy. The military-Internet complex treats the Web as a battlefield, writes Harris, a senior correspondent at The Daily Beast. That battlefield is full of government and corporate secrets, and it has spawned a lucrative market for protecting them.

FCW readers will appreciate the book's detailing of the interagency tensions that come with grappling with a new domain. The 2009 birth of U.S. Cyber Command under the leadership of the National Security Agency director gave NSA even more clout among agencies in cyberspace. But Jane Holl Lute, who became deputy secretary of the Department of Homeland Security that year, challenged the notion that NSA was uniquely suited to defend civilian cyberspace, Harris writes.

"Pretend the Manhattan phone book is the universe of malware," she is quoted as telling colleagues. "NSA only has about one page of the book."

That turf battle is likely far from settled, and DHS has continued to expand its own cyber-defense capabilities.

Cyberwarfare is not a new concept, but it is a fairly new practice. One of the pivotal moments came in 2007, during the surge of U.S. forces in Iraq, according to Harris. He profiles Bob Stasio, then an Army lieutenant whose signals-intelligence platoon is credited with tracking down hundreds of insurgents. He used cell phone signals to determine insurgents' locations and sent reports back to commanders to correlate the data with a wider view of the battlefield.

Stasio's handiwork was made possible by President George W. Bush's decision to unleash NSA's cyber capabilities, Harris writes. In a May 2007 meeting with then-Director of National Intelligence Mike McConnell, Bush signed off on NSA's use of computer viruses and spyware to penetrate the communication networks of Iraqi insurgents.

That cyber arsenal helped quell the Iraqi insurgency at the time, but it was not without hazards. Collateral damage is as real a possibility in cyberspace as in other types of warfare, and the malware risked infecting the devices of innocent Iraqis and spreading further.

The U.S. military's surge in Iraq allowed NSA to use cyber weapons it had been stockpiling for years, Harris writes, and he describes how NSA buys them from defense contractors that acquire them from third-party vendors. The hoarding of cyber weapons bolsters U.S. offensive capabilities but leaves Internet users in the dark about software and hardware flaws that then remain unpatched.

Harris also details other turning points in federal cybersecurity policy, including Operation Buckshot Yankee, the Pentagon's response to a 2008 breach of its classified systems. One of the most important lines in "@War," however, comes in its preface and is informed by the dogged reporting that gives the book such value. Pushing back against the tendency of government officials to decline to discuss cybersecurity because it pertains to "classified" information, Harris writes, "The public cannot understand these issues, and governments can't make sound law and policy, without candid and frank discussions in the light of day."

If every journalist covering cybersecurity had those words hanging above his or her desk, cyberspace would be less murky. "@War" does use extensive anonymous -- along with many on-the-record -- sources, but Harris explains his criteria for offering anonymity while noting the considerable risk that intelligence sources take in talking to journalists.

The refrain from government officials that classified information gives them a unique ability and privilege to combat cyberthreats needs to be evaluated against public evidence. Harris makes this point by recounting a 2009 meeting between federal officials and security personnel from some of the top U.S. banks. When an FBI official asked how a program to share cyberthreat information between the government and the financial industry was progressing, a bank representative expressed disappointment, Harris writes.

The report the FBI had shared with the banks had drawn on classified information and included threat-signature details, but the banks had already obtained that information by sharing it with one another or buying it from private security firms.

That meeting illustrates a theme that courses through Harris' book: There is no hegemon in cyberspace. The Tor network, a routing tool originally funded by the U.S. government, has thwarted NSA's efforts to identify Internet users. Chinese hackers have dealt costly blows to Internet leviathans such as Google. Cyberspace is as contested as ever. And that's what makes this account of its militarization so important.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.