More on this book
Community
Kindle Notes & Highlights
Read between
November 14 - November 29, 2018
As is true with nuclear weapons, only the president could authorize the American use of a cyberweapon for destructive purposes.
Appropriately, the look of the world’s most famous spy agency was a bit deceiving: As the story of Olympic Games made clear, the agency was deeply into the digital age. But it had no interest in overtly displaying its prowess.
There’s no room for error when taking off from and landing on aircraft carriers, and those high stakes appealed to Cartwright’s sense of precision. But he also learned that naval aviators can never look like they are sweating the details, even when there is only one chance to catch the cable that keeps a plane from plunging into the sea during a deck landing.
Partly that reluctance reflected the fact that the United States still believed it had a lead, if a narrowing one, in cyber technology.
“It’s just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.”
I mean, there are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese. —James Comey, then FBI director, October 5, 2014
As Nye says, “Electrons are cheaper, faster, safer, and more deniable than spies.”
He then argued, “we’re fighting for the Ukraine, but nobody else is fighting for the Ukraine.” “It doesn’t seem fair,” Trump told us, never lingering on what Putin was doing to the Ukrainian people or the offenses to the country’s sovereignty. “It doesn’t seem logical.” That was the part of the interview, we learned later, that the Russians noticed.
When the electric grid began to fail, he thought, or communications were lost to submarines at sea, it might not look at first like a cyberattack. It might look more like a screw-up. Which of course is exactly how cyberattacks often unfolded in Ukraine, where screw-ups were a pretty common explanation for just about anything that went wrong.
And even if the American utilities had hung on to the old systems, the engineers who knew how they worked had long since retired. It would, one energy executive told me, be quite a challenge to find someone with the knowledge of how to save the day.
For a decade it was regarded as a great force for democracy: as people of different cultures communicated, the best ideas would rise to the top and autocrats would be undercut. The IRA was based on the opposite thought: social media could just as easily incite disagreements, fray social bonds, and drive people apart.
Exposed but not yet thwarted, they had the luxury of exploring every nook and cranny of the DNC’s main server, which was only slightly larger than a laptop computer. Once this was drained, they moved on to targets outside the DNC.
And while it was one thing for a private security firm like CrowdStrike to name the Russians, the US government had to have a much higher level of certainty. “If you do it,” one senior intelligence official said to me, “you have to be prepared to answer the question, ‘So what are you going to do about it?’ ”
That air of inevitability about her candidacy ended up being one of her greatest liabilities.
Trump himself seemed to understand what was at stake. “The new joke in town,” he wrote on Twitter, “is that Russia leaked the disastrous DNC emails, which should never have been written (stupid), because Putin likes me.” Soon it would not be a joke.
Ridiculous as it sounded, it was a reminder of how in the public’s mind, cyberattacks seemed so complex and mysterious that the topic lent itself to false claims and political misdirection.
Russia’s multifaceted, Gerasimov-inspired approach underscored the administration’s failure to anticipate that cyberattacks can be used to undermine more than banks, databases, and electrical grids—they can be used to fray the civic threads that hold together democracy itself.
The Chinese weren’t stealing as much. Instead, they were buying into America, perfectly legally. And the United States was struggling to figure out how to stop them without rejecting the principles of a free, global market.
Soon Raytheon, the largest missile-defense contractor, started talking openly at conferences about the new opportunities in “left of launch” technologies, particularly cyber and electronic strikes executed at the moment of launch. A Raytheon document from one of its industry conferences, which was posted on a public website until we began asking questions about it, was not exactly subtle. One slide showed a range of adversaries against whom “left of launch” was particularly well suited, with a picture of a solemn Kim Jong-un sandwiched between Vladimir Putin and Xi Jinping.
“This was part of an evolving effort to find ways to disable key industries,” said Brian Lord, a former deputy director for intelligence and cyber operations at Britain’s GCHQ. “All I have to do is create a moderately disabling attack on a key part of the social infrastructure, and then watch the media sensationalize it and panic the public.”
Cyberweapons are entirely different from nuclear arms, and their effects have so far remained relatively modest. But to assume that will continue to be true is to assume we understand the destructive power of the technology we have unleashed and that we can manage it. History suggests that is a risky bet.
There are simply too many vital networks, growing too quickly, to mount a convincing defense. Offense is still wildly outpacing defense. As Bruce Schneier, a cyber expert whose work is a must-read on the topic, put it so well: “We are getting better. But we are getting worse faster.”
For that reason, even after a decade of debate it’s still not clear who in the federal government, if anyone, is responsible for defending the country—and the economy—from the most sophisticated cyberattacks.
The government isn’t going to play a role in protecting American institutions except when it comes to the most critical of infrastructures: the electric grid, the voting system, the water and wastewater systems, the financial system, and nuclear weapons. Once we’ve understood this fact, we need a Manhattan Project to lock down our most critical systems. That will take presidential leadership.
And while the intelligence agencies would insist on secrecy, that would defeat the point: for our response to deter attackers, it needs to be very public—as public as an American airstrike on a chemical-weapons plant in Syria, or an Israeli strike on a nuclear reactor.
The clock cannot be turned back. So it is time for arms control.
To survive it, we must make some fundamental decisions, akin to ones we made after the invention of the airplane and the atomic bomb—decisions that enabled us to navigate a constant state of peril.
