America the Vulnerable

This kind of theft is targeted and systematic. The U.S. Navy spent about $5 billion to develop a quiet electric drive for its submarines and ships so they’d be silent and hard to track.¹ Chinese spies stole it. The navy spent billions more to develop new radar for their top-of-the-line Aegis Cruiser. Chinese spies stole that, too. The electronic intelligence services of the Chinese and the Russians are working us over—taking advantage of our porous networks and indifference to security to steal billions of dollars’ worth of military and commercial secrets. Some of our allies, like the French and the Israelis, have tried it too.

Pentagon information systems have been under attack since at least 1998. In August 2006, Major General William Lord of the air force let the public in on the secret when he mentioned that massive heist of up to twenty terabytes. To carry this volume of documents in paper form, you’d need a line of moving vans stretching from the Pentagon to the Chinese freighters docked in Baltimore harbor fifty miles away. If the Chinese tried to do that, we’d have the National Guard out in fifteen minutes. But when they did it electronically, hardly anyone noticed. As it happens, the data were stolen from the Pentagon’s unclassified networks, but those networks hold lots of sensitive information—including the names and private identifying information of every man and woman in the U.S. armed forces.

It would be a serious mistake to think that the difference between classified and unclassified is the difference between important and unimportant, or sensitive and nonsensitive. Lots of information is sensitive but not classified, especially when it relates to technology and personnel. According to the air force’s General Lord, when the Chinese pulled off this heist, they were “looking for your identity so they can get into the network as you.”² General Lord did not reveal what is perhaps even more troubling: We don’t know exactly what data were taken because the Defense Department doesn’t bother to encrypt this kind of data. They thought it was too much trouble. But the Chinese, on their way out the electronic door, did encrypt it. Too much trouble? They didn’t think so.

According to the Government Accountability Office, the number of unauthorized accesses or installations of malicious software on U.S. government computers increased by 650 percent since 2006.³ The trend is disquieting, and the official data almost certainly undercounts the problem.

And this trend is hardly limited to the public sector. To give just one example of the magnitude of threat aimed at private companies: A sophisticated team of hackers broke into a Royal Bank of Scotland payroll system in late 2008 and stole information that let them counterfeit credit balances on ATM cards. They then mounted a coordinated attack on 139 ATMs in the United States, Canada, Russia, and China that netted about $9 million in thirty minutes. If this were a traditional bank robbery, it would rank as one of the largest in history. Chinese and Russian cyberoperators have made advanced, persistent intrusions into the networks of other banks too—to what end, we don’t yet know. This kind of intrusion infects a system with malicious code that’s difficult—sometimes even impossible—to wipe out, because it continually changes to evade detection. It opens electronic “trapdoors” so that outsiders can bypass the system’s security, and if one door is nailed shut, the code automatically opens another one. We don’t even know who’s doing this. This point will come up again and again throughout this book, because our inability to figure out who’s responsible for illegal behavior on our electronic networks is a fundamental reason why we can’t safeguard our personal data, corporate intellectual property, or national defense secrets.

Nor can we ensure the safety of the infrastructure without which our world would collapse: electricity grids, financial systems, air-traffic control, and other networks. All these systems run electronically; all run on the same public telecommunications backbone; and increasingly all run on commercial, off-the-shelf hardware and software that can be bought anywhere in the world. Many of these systems have already been penetrated by criminal gangs or foreign intelligence services—sometimes to steal, sometimes to reconnoiter for uncertain purposes—using offensive tools that are often more effective than our defenses. All of these systems could become targets for disruption in wartime or even during a lower-grade conflict like a diplomatic standoff.

These are all things I learned during my four and a half years as inspector general of the nation’s electronic intelligence service, the National Security Agency, and my subsequent three years as head of U.S. counterintelligence. In the latter job I was responsible for strategy and policy coordination among the CIA, FBI, Defense Department, and other government departments and agencies. Counterintelligence is the business of dealing with foreign intelligence activities against our own intelligence services, military, and national security infrastructure. This business used to be concerned almost entirely with foreign spies, and that remains its core mission. But electronic espionage has increased exponentially since the mid-1990s, so counterintelligence has become deeply concerned with what’s happening on—and to—the nation’s electronic networks.

ONE MORNING ABOUT five months after 9/11, I was perched on a sofa in a large office on the top floor of a glass-enclosed building called OPS 2B, in Fort George G. Meade, Maryland, thirty miles north of Washington, answering questions from then Lieutenant General Michael V. Hayden, the director of the National Security Agency, and his then deputy William Black. They were interviewing me for the position of the NSA’s inspector general. This is a nonpolitical, top-secret job at the top level of the intelligence community’s version of the civil service. The IG is in charge of internal investigations, and he audits and inspects the agency’s operations for fraud, abuse, and just plain inefficiency. Along with the head of security, he’s one of the two people in any agency—especially an intelligence agency—you do not want darkening your doorway. Like most people, I’d rather be liked than disliked, but if you need to be liked, this job is not for you. By my early thirties, however, having been an antitrust prosecutor, I was already used to lawyers for price fixers and monopolists accusing me of single-handedly destroying the U.S. economy. I knew what I’d be in for if I got the job.

A cordial man in his late fifties, Mike Hayden was unassuming even with three stars on each shoulder of his blue air force uniform. Hayden had run signals intelligence, or SIGINT, for the air force, and before that had flown countless hours in the windowless fuselage of unmarked airplanes, wearing earphones and collecting radio signals in Eastern Europe. He had also been deputy chief of staff to the four-star commander in Korea. But he was not a techie. Hayden had been the star pupil of the nuns and priests in an Irish Catholic neighborhood in Pittsburgh and had driven a taxi to work his way through Duquesne University, where he studied history, not engineering or computer science. He was ambitious, but he never forgot his Pittsburgh roots.

Black was a different type altogether. If you looked at an organization chart of the NSA at the time, all the solid lines ran predictably to Hayden, the NSA director, or DIRNSA, and the dotted lines ran all over, but the invisible lines ran to a table in Bill Black’s next-door office, where this bald, blunt character in cowboy boots summoned subordinates, pulled bureaucratic levers, and worked the phones. On the wall over his left shoulder he had hung a drawing of Wyatt Earp, so when you sat at his table you were staring down the barrel of Earp’s Buntline Special. Bill was a bureaucratic operator, and many feared him. I liked him. He grew up on a ranch in New Mexico, and in the late stages of the cold war ran what was then called A Group. A Group was the NSA’s main game: It was in charge of collecting signal intelligence against the Soviet Union. A dark master of electronic intelligence, Bill knew every intelligence satellite in the sky and what it did, and every success and every blunder in the history of the NSA, which he loved deeply. He knew the wheels within the wheels. He also had a wellearned reputation as a tough SOB who wasn’t afraid to make decisions. (In government, anybody who isn’t afraid to make decisions is regarded as an SOB.) After 9/11, Hayden brought Black back from retirement, and the two of them were determined to steer the NSA out of the doldrums, budget slashing, and decline of the 1990s. They wanted an outsider as IG, someone not afraid to tell them the truth.

And so began my near nine-year journey into the belly of the intelligence beast, first at the NSA and then running counterintelligence for the director of National Intelligence, where my biggest headache was cyberespionage in a world where everything was becoming electronically connected to everything else. In those positions I had a hair-raising view of the incessant conflicts being waged in cyberspace—conflicts short of war but involving concerted attempts to penetrate our nation’s information systems and critical infrastructure. Some of these conflicts could indeed turn into war, but the tendency to treat them as such is likely to lead us astray. In American law and politics, “war” and “peace” are presented as a binary toggle switch: We’re either enjoying peace or waging war. In this view, in which the world is drawn with straight lines and right angles, peace and struggle cannot coexist. But the world is not so easily compartmentalized, and as I argue in this book, we are now in a period, typical in international affairs, in which conflict and symbiosis, struggle and trade, exist side by side in a condition that is neither war nor peace, and which is both promising and dangerous.

Personal and organizational secrets all live on the same electronic systems. Gaming and social media technologies once thought to be solely for personal and entertainment uses are now at the front edge of many business applications. Boundaries of many kinds are eroding—legally, behaviorally, electronically—in all aspects of our lives: between the public and private behaviors of ordinary people, for example, in the dress, speech, and decorum appropriate to the street, the office, or houses of worship; between what the government does and what privately owned companies do; and, not least, between nation-states and nonstate actors. Large corporations have police, military, and intelligence capabilities that are hardly distinguishable from those of most governments. Organizations like al-Qaeda, Lebanese Hezbollah, and the Russian mob operate across international borders with ease and have budgets that exceed those of many nation-states. Meanwhile, some of those nation-states are hardly more than lines on a map. Technical capabilities that a decade or two ago could be found only in advanced military aircraft—GPS, for example—now come standard in your rental car and can be bought at RadioShack for a few bucks. Computing capacity greater than governments could muster during the cold war now resides in mobile devices that fit in a pocket. The original iPhone, released in 2007, weighed a hundred times less than a portable computer from 1982, was five hundred times smaller, cost ten times less, and ran a hundred times faster.⁴ There are now 5.3 billion handsets in use around the world, and three fourths of them are in the developing world.⁵

In the postindustrial West we think technology advances in the order in which it was invented—usually by us. Plumbing came before wired telephones and radio, which came before airplanes, which came before penicillin, which came before television, and so on. But this isn’t the way the rest of the world experiences modernity. Thirty years ago, approaching Lahore’s airport in a Pakistan International Airlines Boeing 727, I watched out the window as a stick-wielding peasant prodded a buffalo tethered to a water wheel—a scene from biblical times. Ten years ago, in rural Yunnan Province, China, I stopped for lunch at a roadside restaurant where the ducks on the menu were slaughtered out back. The only toilet was an open-air hole in the ground, and a local businessman was squatting over it while talking on a cell phone. Technology in the developing world is moving fast—but not in the order we take for granted. People in the developing world may not have all the modern conveniences we do, but they do have the same digital technology and programming skills we do. And many of them have the skills to pick our electronic pockets.

The boundary between national and economic security is also eroding—has eroded, in fact, almost completely. When it comes to national security the boundary between public and corporate secrets has also more or less vanished. The current U.S. National Security Strategy—that’s the president’s statement to Congress about the nation’s principal security concerns—contains sixty-eight references to economic issues.⁶ The boundary between military and economic secrets remains firm in the law of Western nations, but the law is always trying to catch up with life. The technology our military relies on is mostly developed in the private sector, and most of the research it’s based on is carried out in universities and private companies. The know-how of our engineering firms, the drugs that our pharmaceutical companies spend billions to develop, the trade secrets of our aerospace industry—these are the bases of our national welfare. Much of our infrastructure is also privately owned and subject to attack. Terrorists pilot jetliners indiscriminately into private office buildings as well as into the headquarters of government departments and blow up passenger trains in Russia and under the streets of London. As a result, the infrastructure, the technologies, and the information that governments must protect extend well beyond government property.

The Office of the National Counterintelligence Executive, which I headed from 2006 to 2009, is charged with protecting America’s secrets. Our responsibilities required us not only to understand and thwart the systematic efforts of foreign intelligence services to insert spies into our government, but also to prevent foreign spies from working in the bowels of private industry and the nation’s laboratories. But human spies are no longer the whole game. If someone can steal secrets electronically from your office from Shanghai or Moscow, perhaps they don’t need a human spy. Or perhaps the spy’s job is no longer stealing secrets but subverting your network to allow the secrets to bleed out over the Internet. In a networked world, I quickly saw that counterintelligence must contend with the penetrations of the public and private electronic networks that are the backbone of our communications, the storehouses of our technology, and the nervous system of our economy and government. These networks, I regret to say, are porous and insecure, vulnerable not only to casual hackers but even more so to professional electronic thieves and powerful foreign intelligence services. But we want seamless, effortless interconnectivity and the productivity that comes with it—who doesn’t? And so our vulnerabilities multiply as we continue to privilege convenience over security.

Meanwhile, the world is speeding up. We experience this acceleration in the pace of our daily lives, in product cycles and fashion trends, in the instantaneous dissemination of information, in the awesome and continual increases in the capacity of our electronic systems, in the speed at which our products and ideas are copied and pirated. Businesses know that their ability to profit from their own innovation depends on their ability to get their products to market faster than ever and to exploit them more quickly than ever—before they become obsolete or unfashionable, or are ripped off by an overseas pirate with low overhead and no R&D costs. Value appears and disappears with bewildering speed. Who today remembers the computing juggernauts Wang Laboratories or Digital Equipment Corporation? Financial giants like Bear Stearns, Lehman Brothers, and Washington Mutual vanished overnight.

The value of intelligence is also transitory. This is especially true of SIGINT—the electronic stuff. It’s useful only if you can act on it in time, and the time for action is getting shorter and shorter. Information from an African country about an impending attack on an airliner at Kennedy Airport is useless if you can’t put it in the hands of security officials at the airport right away. With tactical military intelligence—that is, on-the-spot information about unfolding situations—commanders must be able to feed it into their decision cycles, which grow shorter and shorter.

This kind of acceleration is ubiquitous in our society. For example, if the price of a security on Wall Street is momentarily $0.005 more or less than the price of the same security in London or Frankfurt or Singapore, a trader whose electronic systems are agile enough to act on that difference can make millions in less than a second. So both the public and the private sectors are bowing to unrelenting pressure to enhance the connectivity that both increases productivity and decreases security, to shorten decision cycles, and to move information faster and more widely. That pressure also creates a dilemma, because the more widely and quickly you make information available, the more trouble you have protecting it. Regardless of whether that information is a classified diplomatic cable, valuable engineering drawings, or your own medical records, when you put it on an electronic network to which thousands of people have access, it is no longer really secret—or private. The name for this condition is transparency, and it is a fundamental condition of contemporary life, for good and ill.

In this book I hope to show that the difficulties of protecting your privacy and mine and the difficulties of keeping secrets in an intelligence agency or corporate office are remarkably alike. Secrecy is to companies and governments as privacy is to individuals. Both rise or fall on the same technologies and cultural proclivities, and at the moment both are falling precipitously.

In 1949, the architect Philip Johnson built himself a remarkable house on an eleven-acre Connecticut estate of woods and meadow: a transparent glass rectangle with a completely open floor plan, and without shades or curtains. Even the sleeping area was completely exposed to the outside. Johnson did make one concession to privacy in his glass house: He enclosed the bathroom, whose walls were the only interior structure to extend from floor to ceiling. Nearby he constructed a more conventional house, called Brick House, for weekend guests. But transparency was not an unalloyed virtue, even for a modernist architect, and soon Johnson sought police protection to ward off trespassers, and he nailed up a sign pleading: THIS HOUSE IS NOW OCCUPIED. PLEASE RESPECT THE PRIVACY OF THE OWNER. This measure apparently did not meet with great success, because Johnson eventually moved into Brick House and used Glass House chiefly for entertaining. Even modernist architects need places of refuge. Johnson’s transparent dwelling is now an icon of twentieth-century architecture—and a fitting image of our current predicament in which relentless transparency threatens our security and our privacy.

I begin this book by examining the threats to our personal security, all of which are more dire than we generally realize. Then I expand the focus to the welter of threats facing the larger-scale enterprises and institutions that together form our society: companies, financial markets, infrastructure, the military, and intelligence. Throughout the book, as I widen our view, we’ll see that the same principles—the same dangers—apply at all levels, from the personal to the national. In all cases, the views I express are my own, not the U.S. government’s. Our world is becoming a collection of glass houses that provide only the illusion of shelter. Finally, I’ll draw on my experience to offer suggestions for how all of us—individuals, companies, and the government itself—can shore up these ever more fragile and transparent structures.