A thought commonly attributed to George Orwell holds that good people can sleep at night only because rough men are awake and ready to protect them. But in the modern world, two other groups are also vital to a sound sleep: software engineers and computer geeks.
That's the scary but well-documented thesis of "@War: The Rise of the Military-Internet Complex" by Shane Harris, a deep dive into the world of cyberwar and cyberwarriors. The Sept. 11 terrorist attacks involved planes crashing into buildings; the next could be a surprise shutdown of computer systems that control the U.S. economy and government and much of its military capability.
"There is no concept of deterrence today in cyber," a former hacker turned security executive tells Harris. "It's a global free fire zone."
The U.S. military and intelligence community, Harris reports, were slow to join the cyberarms race but are now muscling up apace, only modestly slowed by the revelations by former National Security Agency contractor Edward Snowden about domestic intelligence gathering that smacked of Big Brother.
Harris is even-handed in his references to Snowden, seeing him as neither whistle-blowing hero nor treasonous narcissist: "It turned out that the NSA, which wanted to protect computers from Wall Street to the water company, couldn't keep a twenty-nine year-old contractor from making off with the blueprints to its global surveillance system."
Harris, a fellow at the New America Foundation, knows his stuff: the people, the agencies, and the dizzying array of acronyms and clever mission names like Starburst, Buckshot Yankee, TAO (Tailored Access Operations) and ROC (Remote Operations Center). His reporting is thorough and his narrative is smooth in conveying that nearly everybody is spying on and hacking everybody else.
The U.S. hacked the president of Mexico to determine if he was a dupe of the drug cartels. The Chinese slipped a bug into the laptop of the U.S. secretary of Commerce during a trip to Beijing. The email of then-Defense Secretary Robert Gates was hacked.
"Chinese cyber forces, along with their counterparts in Russia, have designed technologies to hack into U.S. military aircraft," Harris reports. "The Chinese in particular have developed a method for inserting computer viruses through the air into three models of planes that the air force uses for reconnaissance and surveillance."
Chinese hacking is aimed not just at the U.S. military but also military contractors, including those working on the newest U.S. warplane, the Joint Strike Fighter, Harris reports. "Cyber espionage and warfare are just the latest examples in a long and, for the Chinese, proud tradition."
To thwart the Chinese, and other nation-state and rogue adversaries, the U.S. is updating an old strategy: a partnership between government and industry.
Army Gen. Keith Alexander, then-NSA director and also commander of the U.S. Cyber Command, went to the 2012 Def Con conference in Las Vegas, "dressed in blue jeans and a black T-shirt, shedding his army uniform for an outfit more palatable to his audience of hackers and security researchers."
The speech went well, but the next year, after the Snowden revelations, Alexander's invitation for a return engagement was rescinded. Instead the spymaster went to a rival conference, called Black Hat. He was booed and heckled and tried gamely to fight back, "We stand for freedom!"
Harris sketches the evolution of the White House attitude toward cyberwar.
As the book asserts, then-President George W. Bush authorized a computer worm called Stuxnet to frustrate and degrade the Iranian nuclear program but not inflict enough damage to alert the Iranians to the covert attack. President Obama ordered Stuxnet enhanced so that about 1,000 centrifuges were destroyed by being forced to spin at dangerous speeds. While that may have slowed the Iranians' program by two years, "@War" argues that it also alerted them to the hacking and limited the intelligence-gathering capability.
Obama also approved only the most modest changes in NSA snooping after the Snowden disclosures, Harris says.
Given the seriousness of the topic, "@War" is not a book with a lot of laughs. But there is some grim mirth in watching a midlevel Army officer puncture the arrogance of defense industry executives who felt their computer systems were secure from hacking.
Then there is Tor, which stands for "The Onion Router," a software download that allows Web users to mask their identity: "Anyone can use Tor — drug traffickers, child pornographers, hackers, terrorists, spies, all of whom have found it a viable means for achieving anonymity online and evading detection by law enforcement and intelligence agencies."
NSA and its British counterpart decided to penetrate Tor. Problem: One of Tor's biggest supporters is the State Department, which had invested millions of dollars in spreading software to allow pro-democracy dissidents in the Arab world and elsewhere to communicate online without being arrested by repressive regimes.
"The United States now has two competing and directly opposed policies: trying to prop up Tor and at the same time tearing it down," Harris reports.
Welcome to the modern world.
The Rise of the Military-Internet Complex
Houghton Mifflin Harcourt: 251 pp., $27