@War: The Rise of the Military-Internet Complex (3 page)

The US military and intelligence agencies are fielding a new generation of cyber warriors, trained to monitor the computer systems of foreign adversaries, break in to them, and when necessary disable and destroy them.
Cyber warfare
, like
cyberspace
, is an amorphous term. But it applies to a spectrum of offensive activities. Just as espionage is an inextricable part of traditional warfare, so too is spying on a computer a prerequisite to attacking it. To be sure, the United States has spent far more time and money spying on computers and stealing information than it has taking down critical infrastructures and destroying physical facilities through a computer connection. But it has done that, too. And it will do it more often, and more effectively. Indeed, cyber warfare—the combination of spying and attack—was instrumental to the American military victory in Iraq in 2007, in ways that have never been fully explained or appreciated. The military, working with US intelligence agencies, used offensive cyber techniques (hacking) to track down people in the physical world and then capture or kill them.

But just as protecting cyberspace is not the exclusive domain of government, waging war in cyberspace is becoming a private affair. A burgeoning industry of cyber arms merchants and private security forces is selling its goods and services both to the government and to corporations that will no longer endure relentless espionage or the risk of cyber attack. The armies of nations will inevitably meet one another on the cyber battlefield. But the armies of corporations will meet there, too.

Governments don't operate in cyberspace alone. Defending computer networks, and launching attacks on them, requires the participation, willing or otherwise, of the private sector. The vast majority of computer networks in the United States are privately owned. The government cannot possibly protect or patrol all of them. But most of the world's communications travel through equipment located in the United States. The government has a privileged position to exploit those networks, and an urgent need to protect them. To those ends, a military-Internet complex has emerged.

Like the military-industrial complex before it, this new cooperative includes the makers of tanks and airplanes, missiles and satellites. But it includes tech giants, financial institutions, and communications companies as well. The United States has enlisted, persuaded, cajoled, and in some cases compelled companies into helping it fend off foreign and domestic foes who have probed the American electrical grid and looked for other weaknesses in critical infrastructures. The NSA has formed secret arrangements with marquee technology companies, including Google, to monitor private networks for threats. It has shared intelligence with major banks and financial institutions in order to prevent a catastrophic cyber attack on Wall Street.

But the government also has attempted to force some companies into letting the NSA place monitoring equipment on its networks. And it has paid technology companies to install backdoors in their products that it can use to spy on foreign intelligence services and monitor military movements. Those clandestine access points also allow the military to launch cyber attacks in foreign countries. Without the cooperation of the companies, the United States couldn't fight cyber wars. In that respect, the new military-Internet complex is the same as the industrial one before it. The government doesn't fight wars alone. It relies on companies to design weapons, move and feed troops, build and maintain aircraft, ships, and satellites. The United States became the most formidable military in world history through a mutually beneficial alliance with corporations. It aims to do so again in cyberspace.

 

The United States is rapidly building its capacity to dominate cyberspace. In 2014 the government planned to spend more than $13 billion on cyber defense programs, mostly to protect government computers and networks, and to share threat intelligence with private industry.
To put that in some perspective, in the same year the government planned to spend $11.6 billion on direct efforts to combat climate change, which Obama has called “the global threat of our time.”
Over the next five years, the Defense Department alone plans to spend $26 billion on technology for cyber defense and offense. Precisely how much the United States intends to spend on the offensive component is classified. But in cyberspace, the line between offense and defense is blurry and constantly shifting. The same infrastructure that is being put in place to defend networks is the one that is used to launch attacks. Government officials prefer to talk publicly about defense, which is a strategic and a cynical calculation: it's easier to drum up funds and political support for repelling invaders than it is for building a cyber army to attack and spy on other countries. And yet, that is precisely what the United States is doing, and using some of the billions of dollars nominally appropriated for “defensive” purposes to do so.

 

The business of cyber security is booming. Companies and individuals around the world spend $67 billion a year protecting their computers and networks. Many of the experts they hire learned their trade in the military or an intelligence agency. Indeed, the Pentagon has become a training ground for private cyber sentries, who can double or even triple their salaries when they jump to a private security firm. The same defense contractors that were once the target of cyber spies now sell the expertise to protect networks and wage war on them to their customers, including utilities and banks—the very companies that the government had set out to protect in the first place.

The struggle to control cyberspace is defining American national security in the twenty-first century. But the response to cyber threats promises to change the shape of cyberspace more than the threats themselves do. The decisions that government and business leaders make today will have profound implications not just for Americans but for people around the world, who are increasingly united in their reliance on a broad, distributed, and often hard-to-define space that is neither entirely a commons nor the property of one corporation or government. That threats exist in cyberspace is undeniable. Answering them is a befuddling and often perilous exercise, but one in which we all have a stake.

 

 

 

 

ONE

B
OB STASIO NEVER
planned to become a cyber warrior.
After he graduated high school, Stasio enrolled at the University at Buffalo and entered the ROTC program. He majored in mathematical physics, studying mind-bending theories of quantum mechanics and partial differential equations. The university, eager to graduate students steeped in the hard sciences, waived the major components of his core curriculum requirements, including English. Stasio never wrote a paper in his entire college career.

Stasio arrived at Fort Lewis, Washington, in 2004, when he was twenty-two years old. His new brigade intelligence officer took one look at the second lieutenant's résumé, saw the background in math and physics, and told Stasio, “You're going to the SIGINT platoon.”

SIGINT, or signals intelligence, is the capture and analysis of electronic communications. Like all branches of intelligence, it's a blend of science and art, but it's heavy on the science. The brigade intelligence officer had worked at the National Security Agency and recognized that Stasio's physics training would come in handy, because so much of SIGINT involves the technical collection of radio signals, fiber-optic transmissions, and Internet packets.

Stasio's military training in college focused on how to use a rifle and lead a squad. But he had spent six months learning the basics of intelligence gathering and analysis at the army's intelligence school at Fort Huachuca, Arizona. When he came to Fort Lewis, Stasio was assigned to a Stryker brigade, a mechanized force designed to be light on its feet, capable of deploying into combat in just a few days. It was Stasio's job to locate the enemy on the battlefield by tracking his communications signals. And he was also supposed to divine his adversary's intentions by eavesdropping on the orders a commander gave to troops, or listening for the air strike that a platoon leader was calling in from behind the lines. Stasio would join the Fourth Brigade, Second Infantry Division, “the Raiders,” and deploy to Iraq. He'd be working with a team of linguists, who would be essential, since Stasio didn't speak Arabic. But when it came time to meet them, Stasio started to worry: nearly all of the linguists spoke only English and Korean.

The army had designed its signals intelligence system for the Cold War. Thousands of troops still served on the Korean Peninsula. They were still trained in how to fight a land battle with North Korean forces, in which the physics of SIGINT—locating tanks and troops—would be central to the mission. But the Raiders were going off to fight a network of Iraqi insurgents, volunteer jihadists, and terrorists. These guys didn't drive tanks. They didn't organize themselves according to a military hierarchy. And of course, they didn't speak Korean.

Stasio decided that his intelligence training would be mostly useless in Iraq, where the US occupation was coming unglued. Army casualties were mounting, the result of a well-orchestrated campaign of roadside bombings by insurgents. The soldiers who didn't die in these attacks were coming home with limbs missing, or with severe brain injuries that would impair them physically and emotionally for the rest of their lives. SIGINT wasn't preventing these attacks. Indeed, it was hardly being used at all. In October 2004 the military's top signals intelligence officer estimated that as much as 90 percent of all information in Iraq was being supplied by a network of human spies and informants—and they weren't helping the Americans reduce the bombing attacks and insurgent strikes.

Stasio read as much as he could about insurgencies, noting in particular how they organized themselves using a network model, with many independent nodes of people working in teams, separate from a central controller. This was the opposite design of a vertical, military bureaucracy, with orders filtering down from the top through several layers of officers. In principle, the intelligence discipline in which Stasio was trained should still work. He was expected to locate his enemy using electronic signals and figure out his next move. But the tools the army had supplied to do this were ill suited to the shadowy, urban battlefields of Iraq. The Raiders used a collection “platform” known as the Prophet system, a rugged truck affixed with a tall, roof-mounted radio antenna about the size of a streetlamp. The older officers in the brigade liked the Prophet because it told them what enemy forces were in their immediate area of operations. It was a tactical device, and they controlled it, driving it to wherever they wanted to collect intelligence.

But the Prophet was designed to collect radio waves, and on a wide-open and relatively flat area of battle. Stasio knew that the enemy fighters in Iraq were communicating using cell phones and e-mail and through videos they'd posted on the Internet. They were moving in small groups through the dense concrete maze of Baghdad and other crowded Iraqi cities. The Prophet wasn't the most useful tool. Indeed, when Stasio finally got to Iraq, he saw that the military intelligence units that had come before him were using the Prophet not to collect signals but to transport food and other supplies around the base.

There was another reason the old-timers liked the Prophet—it was theirs. They could drive it wherever they wanted. They had control over the collection and analysis of intelligence. Stasio thought that his more senior officers generally distrusted intel that came from back in the States, frequently from Washington, DC, and the national intelligence agencies such as the CIA and the NSA, which, from the battlefield, looked like big, lumbering bureaucracies filled with software engineers and computer geeks who were too removed from the on-the-ground tactical needs of forces in Iraq.

But Stasio knew the national agencies, and in particular the NSA, had something he needed: data. Namely, servers full of electronic communications and signals collected by the agency's listening posts around the world. Stasio thought that if he could tap into SIGINT from Iraq, he might be able to understand something about the size and shape of the insurgent networks by piecing together their communications records. This was painstaking work, and it would require hours sitting in front of a computer, probably in some air-conditioned trailer, not driving a Prophet through dusty streets. Stasio was a fan of the HBO series
The Wire
, and he was particularly fond of one character, Lester, who uncovers a network of drug dealers in Baltimore by tracking their cell phone calls. Stasio wanted to do the same thing in Iraq.

He pleaded with his brigade intelligence officer at Fort Lewis: instead of sending him out to the rifle range to practice infantry techniques and study the bulky Prophet, let him and a few of his fellow intelligence officers spend time in the state-of-the-art intelligence facility on the base, learning how to use software for diagramming networks and digesting Internet and cell phone traffic. These tools had been largely overlooked by tactical military intelligence units, Stasio argued. But they could be enormously helpful in Iraq.

The officer agreed.

Stasio and a fellow lieutenant devised their own training regimen, which hinged on a concept called “reachback.” The idea was that in the field, small military intelligence units would set up their own computers and local networks, but they would reach back to the massive databases at the NSA and other agencies that were collecting useful intel from across the entire spectrum of military and intelligence operations, including satellite images, tips from informants, summaries of interrogations of captured fighters, even political forecasts produced by CIA analysts. To Stasio, no single piece of data was insignificant. But a single piece on its own was of little use. The information had to be “fused” into a nuanced picture.