Cyber War: The Next Threat to National Security and What to Do About It Read online

  Cyber War

  The Next Threat to National Security and What to Do About It

  Richard A. Clarke and Robert K. Knake

  Copyright

  CYBER WAR. Copyright © 2010 by Richard A. Clarke and Robert K. Knake.

  All rights reserved under International and Pan-American Copyright Conventions.

  By payment of the required fees, you have been granted the non-exclusive, non-transferable right to access and read the text of this e-book on-screen. No part of this text may be reproduced, transmitted, down-loaded, decompiled, reverse engineered, or stored in or introduced into any information storage and retrieval system, in any form or by any means, whether electronic or mechanical, now known or hereinafter invented, without the express written permission of HarperCollins e-books.

  Library of Congress Cataloging-in-Publication Data has been applied for.

  ePub Edition © March 2010 ISBN: 978-0-06-199239-1

  10 9 8 7 6 5 4 3 2 1

  To the late William Weed Kaufmann, who taught me and so many

  others how to analyze national security issues.

  RICHARD CLARKE

  To my wife, Elizabeth, whose support knows no bounds. And for our

  daughter, Charlotte, may you grow up in a more peaceful century.

  ROB KNAKE

  Table of Contents

  Cover

  Title Page

  Copyright

  Dedication

  Contents

  Introduction

  One

  Two

  Three

  Four

  Five

  Six

  Seven

  Eight

  Glossary

  About the Authors

  Other Books by Richard A. Clarke

  Credits

  About the Publisher

  Introduction

  It was in the depths of a gray and chill Washington winter. On a side street not far from Dupont Circle, in a brownstone filled with electric guitars and an eclectic collection of art, we gathered to remember the man who had taught us how to analyze issues of war and defense. Two dozen of his former students, now mostly in their fifties, drank toasts that February night in 2009 to Professor William W. Kaufmann, who had died weeks earlier at age ninety. Bill, as everyone referred to him that night, had taught defense analysis and strategic nuclear weapons policy at MIT for decades, and later at Harvard and the Brookings Institution. Generations of civilian and military “experts” had earned that title by passing through his courses. Bill was also an advisor to six Secretaries of Defense, sitting in the “front office” on the E Ring of the Pentagon. He shuttled between Boston and Washington every week for decades.

  Behind his back, some of us had referred to Professor Kaufmann as “Yoda,” in part because of a vague physical and stylistic resemblance, but chiefly because we thought of him as our Jedi master, the man who understood the workings of the Force and tried to teach them to us. As an analyst and advisor, Bill had been one of a handful of civilians who had created the framework of strategic nuclear war doctrine in the late 1950s and early 1960s. They had walked the United States back from a nuclear strategy that had called for the United States to go first in a nuclear war, to use all of its nuclear weapons in one massive attack, and to destroy hundreds of cities in Europe and Asia. Bill and his colleagues had probably prevented a global nuclear war and had made strategic arms control possible. Our conversation that night, lubricated by the same martinis Bill used to drink with us, turned to the future. What could we do to honor the memory of William W. Kaufmann and the other strategists of the second half of the twentieth century? We could, someone suggested, continue their work, use what Bill had taught us, ask the tough analytical questions about today’s strategy. Another at the table suggested that today is very different from the 1950s, when nuclear weapons were being deployed without a thoughtful strategy; strategies are well developed today.

  But is it such a different time? In the first decade of the twenty-first century, the U.S. developed and systematically deployed a new type of weapon, based on our new technologies, and we did so without a thoughtful strategy. We created a new military command to conduct a new kind of high-tech war, without public debate, media discussion, serious congressional oversight, academic analysis, or international dialogue. Perhaps, then, we are at a time with some striking similarities to the 1950s. Perhaps, then, we need to stimulate learned discussion and rigorous analysis about that new kind of weapon, that new kind of war.

  It is cyberspace and war in it about which I speak. On October 1, 2009, a general took charge of the new U.S. Cyber Command, a military organization with the mission to use information technology and the Internet as a weapon. Similar commands exist in Russia, China, and a score of other nations. These military and intelligence organizations are preparing the cyber battlefield with things called “logic bombs” and “trapdoors,” placing virtual explosives in other countries in peacetime. Given the unique nature of cyber war, there may be incentives to go first. The most likely targets are civilian in nature. The speed at which thousands of targets can be hit, almost anywhere in the world, brings with it the prospect of highly volatile crises. The force that prevented nuclear war, deterrence, does not work well in cyber war. The entire phenomenon of cyber war is shrouded in such government secrecy that it makes the Cold War look like a time of openness and transparency. The biggest secret in the world about cyber war may be that at the very same time the U.S. prepares for offensive cyber war, it is continuing policies that make it impossible to defend the nation effectively from cyber attack.

  A nation that has invented the new technology, and the tactics to use it, may not be the victor, if its own military is mired in the ways of the past, overcome by inertia, overconfident in the weapons they have grown to love and consider supreme. The originator of the new offensive weaponry may be the loser unless it has also figured out how to defend against the weapon it has shown to the rest of the world. Thus, even though the American colonel Billy Mitchell was the first to understand the ability of small aircraft to sink mighty battleships, it was the Japanese Imperial Navy that acted on that understanding, and came close to defeating the Americans in the Pacific in World War II. It was Britain that first developed the tank, and a French colonel, Charles de Gaulle, who devised the tactics of rapid attack with massed tanks, supported by air and artillery. Yet it was a recently defeated Germany that perfected the tank in the 1930s and first employed de Gaulle’s tactics, which later became known as blitzkrieg. (As recently as 1990, and again in 2003, the U.S. military went to war with an updated version of the seventy-year-old blitzkrieg tactic: fast movement of heavy tank units, supported by aircraft.)

  Warmed by the camaraderie of my fellow ex-students, and by the martinis, I left the brownstone and wandered out into that cold night, pondering this irony of history, and making a commitment to myself, and to Bill, that I would try to stimulate open, public analysis and discussion of cyber-war strategy before we stumbled into such a conflict. This book is the down payment on that commitment. I knew that I needed a younger partner to join me in trying to understand the military and technological implications of cyber war well enough to produce this book. Different generations think of cyberspace differently. For me, looking at my sixtieth birthday in 2010, cyberspace is something that I saw gradually creep up around me. It happened after I had already had a career dealing with nuclear weapons, in a bipolar world. I became the first Special Advisor to the President for Cyber Se
curity in 2001, but my views of cyber war are colored by my background in nuclear strategy and espionage.

  Rob Knake was thirty when he and I wrote this book. For his generation, the Internet and cyberspace are as natural as air and water. Rob’s career has focused on homeland security and the transnational threats of the twenty-first century. We have worked together at Harvard’s Kennedy School of Government, at Good Harbor Consulting, and on the Obama for America campaign. In 2009, Rob won the prestigious International Affairs Fellowship at the Council on Foreign Relations with an appointment to study cyber war. We decided to use the first-person singular in the text because many times I will be discussing my personal experiences with government, with the information-technology industry, and with Washington’s clans, but the research, writing, and concept development were a joint enterprise. We have wandered around Washington and other parts of this country together in search of answers to the many questions surrounding cyber war. Many people have helped us in that search, some of them wishing to remain unnamed in this book because of their past or present associations. We had spent long hours discussing, debating, and arguing until we found a synthesis of our views. Rob and I both agree that cyber war is not some victimless, clean, new kind of war that we should embrace. Nor is it some kind of secret weapon that we need to keep hidden from the daylight and from the public. For it is the public, the civilian population of the United States and the publicly owned corporations that run our key national systems, that are likely to suffer in a cyber war.

  While it may appear to give America some sort of advantage, in fact cyber war places this country at greater jeopardy than it does any other nation. Nor is this new kind of war a game or a figment of our imaginations. Far from being an alternative to conventional war, cyber war may actually increase the likelihood of the more traditional combat with explosives, bullets, and missiles. If we could put this genie back in the bottle, we should, but we can’t. Therefore, we need to embark on a complex series of tasks: to understand what cyber war is, to learn how and why it works, to analyze its risks, to prepare for it, and to think about how to control it.

  This book is an attempt to begin to do some of that. It is not a technical book, not meant to be an electrical engineer’s guide to the details of cyber weapons. Nor is it designed to be a Washington wonk’s acronym-filled, jargon-encrusted political or legal exegesis. Finally, it is also definitely not a military document and not written to be immediately translatable into Pentagonese. Therefore, some experts in each of those fields may think the book simplistic in places where it discusses things they understand and opaque in parts that stretch beyond their expertise. Overall, we have tried to strike a balance and to write in an informal style that will be both clear and occasionally entertaining. Lest you take too much comfort in those assurances, however, it is necessary in a book on this subject to discuss the technology, the ways of Washington, as well as some military and intelligence themes. Likewise, it is impossible to avoid entirely the use of acronyms and jargon, and therefore we include a glossary (starting in Backmatter).

  I have been taught by senior national security officials for decades never to bring them a problem without also suggesting a solution. This book certainly reveals some problems, but it also discusses potential solutions. Putting those or other defenses in place will take time, and until they are a reality, this nation and others are running some new and serious risks to peace, to international stability, to internal order, and to our national and individual economic well-being.

  The authors wish to thank the many people who helped us with this book, most important the experts in and out of governments who helped us on condition that they go unnamed. Pieter Zatko, John Mallery, Chris Jordan, Ed Amoroso, Sami Saydjari, and Barnaby Page helped us understand some of the more technical aspects of cyber security. Paul Kurtz served as a constant sounding board and helped shape our thinking in innumerable ways. Ken Minihan, Mike McConnell, and Rich Wilhelm gave us added insight from their decades in government and the private sector, Alan Paller, Greg Rattray, and Jim Lewis gave their insights and latest thinking on this complex topic. We thank Janet Napolitano for taking time out of her busy schedule to meet with us and for being willing to do so on the record. We also thank Rand Beers for his wisdom. Will Howerton helped in a major way to get this book across the finish line. He possesses a keen editorial eye and a gift for research. Will Bardenwerper also provided editorial assistance.

  Bev Roundtree, as she has been on so many projects over the decades, was the sine qua non.

  CHAPTER ONE

  TRIAL RUNS

  A quarter-moon reflected on the slowly flowing Euphrates, a river along which nations have warred for five thousand years. It was just after midnight, September 6, 2007, and a new kind of attack was about to happen along the Euphrates, one that had begun in cyberspace. On the east side of the river, seventy-five miles south into Syria from the Turkish border, up a dry wadi from the riverbank, a few low lights cast shadows on the wadi’s sandy walls. The shadows were from a large building under construction. Many North Korean workers had left the construction site six hours earlier, queuing in orderly lines to load onto buses for the drive to their nearby dormitory. For a construction site, the area was unusually dark and unprotected, almost as if the builder wanted to avoid attracting attention.

  Without warning, what seemed like small stars burst above the site, illuminating the area with a blue-white clarity brighter than daylight. In less than a minute, although it seemed longer to the few Syrians and Koreans still on the site, there was a blinding flash, then a concussive sound wave, and then falling pieces of debris. If their hearing had not been temporarily destroyed by the explosions, those on the ground nearby would then have heard a longer acoustic wash of military jet engines blanketing the area. Had they been able to look beyond the flames that were now sweeping the construction site, or above the illuminating flares that were still floating down on small parachutes, the Syrians and Koreans might have seen F-15 Eagles and F-16 Falcons banking north, back toward Turkey. Perhaps they would even have made out muted blue-and-white Star of David emblems on the wings of the Israeli Air Force strike formation as it headed home, unscathed, leaving years of secret work near the wadi totally destroyed.

  Almost as unusual as the raid itself was the political silence that followed. The public affairs offices of the Israeli government said nothing. Even more telling, Syria, which had been bombed, was silent. Slowly, the story started to emerge in American and British media. Israel had bombed a complex in eastern Syria, a facility being built by North Koreans. The facility was related to weapons of mass destruction, the news accounts reported from unnamed sources. Israeli press censors allowed their nation’s newspapers to quote American media accounts, but prohibited them from doing any reporting of their own. It was, they said, a national security matter. Prompted by the media accounts, the Syrian government belatedly admitted there had been an attack on their territory. Then they protested it, somewhat meekly. Syrian President Assad asserted that what had been destroyed was “an empty building.” Curiously, only North Korea joined Damascus in expressing outrage at this surprise attack.

  Media accounts differed slightly as to what had happened and why, but most quoted Israeli government sources as saying that the facility had been a North Korean–designed nuclear weapons plant. If that was true, North Korea had violated an agreement with the United States and other major powers that it would stop selling nuclear weapons know-how. Worse, it meant that Syria, a nation on Israel’s border, a nation that had been negotiating with Israel through the Turks, had actually been trying secretly to acquire nuclear weapons, something that even Saddam Hussein had stopped doing years before the U.S. invasion of Iraq.

  Soon, however, self-anointed experts were casting doubt on the “Syria was making a nuclear bomb” story.

  Satellite pictures, taken by reconnaissance satellite, were revealed by Western media. Experts noted that the site had little security aro
und it before the bombing. Some contended that the building was not tall enough to house a North Korean nuclear reactor. Others pointed to the lack of any other nuclear infrastructure in Syria. They offered alternative theories. Maybe the building was related to Syria’s missile program. Maybe Israel had just gotten it wrong and the building was relatively innocent, like Saddam Hussein’s alleged “baby milk factory” of 1990 or Sudan’s supposed aspirin plant of 1998, both destroyed in U.S. strikes. Or maybe, said some commentators, Syria was not the real target. Maybe Israel was sending a message to Iran, a message that the Jewish state could still successfully carry out surprise air strikes, a message that a similar strike could occur on Iranian nuclear facilities unless Tehran stopped its nuclear development program.

  Media reports quoting unnamed sources claimed various degrees of American involvement in the raid: the Americans had discovered the site on satellite photography, or the Americans had overlooked the site and the Israelis had found it on satellite images given to them routinely by the U.S. intelligence community; the Americans had helped plan the bombing, perhaps persuading the Turkish military to look the other way as the Israeli attack formation sailed over Turkey to surprise Syria by attacking from the north. Americans—or were they Israelis?—had perhaps snuck into the construction site before the bombing to confirm the North Korean presence, and maybe verify the nuclear nature of the site. President George W. Bush, uncharacteristically taciturn, flatly refused to answer a reporter’s question about the Israeli attack.

  The one thing that most analysts agreed upon was that something strange had happened. In April 2008, the CIA took the unusual step of producing and publicly releasing a video showing clandestine imagery from inside the facility before it was bombed. The film left little doubt that the site had been a North Korean–designed nuclear facility. The story soon faded. Scant attention was paid when, seven months later, the UN’s International Atomic Energy Agency (IAEA) issued its report. It had sent inspectors to the site. What the inspectors found was not a bombed-out ruin, nor did they come upon a beehive of renewed construction activity. Instead, the international experts were taken to a site that had been neatly plowed and raked, a site showing no signs of debris or construction materials. It looked like an unimproved home lot for sale in some desert community outside of Phoenix, perfectly anodyne. The disappointed inspectors took pictures. They filled plastic ziplock baggies with soil samples and then they left the banks of the Euphrates and flew back to their headquarters on an island in the Danube near Vienna. There they ran tests in their laboratories.