It reads like science fiction, but it’s true: how the U.S. is preparing for war in cyberspace. Journalist and author Shane Harris (’98) explores how the U.S. plans to dominate the cyber battlefield in his new book, “@War: The Rise of the Military-Internet Complex” (Eamon Dolan/Houghton Mifflin Harcourt). Harris, a political science major, is a senior correspondent at The Daily Beast where he covers national security, intelligence and cyber security. He also has written for Foreign Policy magazine, the Washingtonian magazine and National Journal. He spoke by phone with Wake Forest Magazine from New York City on Nov. 12, shortly before appearing on MSNBC. Following are his edited, condensed comments.
Is “@War” a follow-up to your last book, “The Watchers: The Rise of America’s Surveillance State”?
Sort of; as I was researching for the first book how the government was using cyberspace as far as (tracking) terrorists and uncovering terrorist plots, those same things were also being used to detect computer hackers and viruses. It was another way in which the surveillance state was being directed. It didn’t really fit into the narrative of “The Watchers” but I thought if I wrote another book, I would really like to tackle that.
You write that cyberspace is the “fifth domain” of warfare. Can you explain that?
It’s a term that people in the military use. There are four classic domains of war in which the United States fights and builds weapons for: land, air, sea and space. Cyberspace is the fifth domain. It has unique features and characteristics that make it a proper domain in its own right. We have to find ways to do battle on that plane as in the other domains. How do you monitor computer networks and break into networks of our adversaries to find out what they’re doing or to cause damage to their networks, while also learning how to defend our networks? Cyberspace is a battlefield to fight in and defend.
What do you mean by the term “military-Internet complex?”
The way that corporations (Facebook, Google) have been used, either willingly or coerced, to cooperate. These companies are an indispensable weapon. The government doesn’t “own” computer networks; 85 percent of them are owned by others. In order to operate in cyberspace, the government needs companies’ cooperation. It’s an alliance geared to the ultimate objective, to dominate cyberspace, offensively and defensively.
How does that help with some of the enemies we’re facing today, such as ISIS, that are not traditional state enemies and that might not use computer networks in the way that a foreign government would?
Right now, it’s probably helping to some extent in that we can monitor ISIS communications, although they’re being very careful about using email and cell phones and are good at staying off the radar. The best example I can give is in 2007 when the U.S. military and NSA (National Security Agency) gathered up all the communications going into and out of Iraq. It was an extraordinary thing, gobbling up everything and penetrating the communications networks of Al-Qaeda in Iraq. So there is a precedent for this. Along with human analysis, it can show how a group moves and how it communicates.
We’ve been talking about how the U.S. engages in cyberwarfare. Let’s flip it around. Obviously we’re not alone in doing this; where are the biggest threats to the U.S. coming from?
The Chinese government and military have been relentless about using hackers to break into companies (computer networks) to steal trade secrets, pricing information, etc., to give Chinese companies an unfair trade advantage. In Russia, you see a nexus of cybercrime and organized criminal organizations that perpetuate financial theft, credit card theft, identity theft, with the implicit support of the government. Iran is building up an ambitious offensive cyberattack capability that has already launched attacks on bank websites, causing them to crash.
We do know that hackers, certainly in China and possibly Russia, have penetrated and probed the industrial control systems that control the power grid and the flow of electricity. So far there has never been a confirmed blackout in the United States caused by a hacker. The U.S. would probably consider that as an act of war and launch a counterstrike, either online or by military action. We haven’t seen the nightmare scenario – physical attacks as opposed to financial crimes. But the fear of the military is if we ever get into a war with one of those countries, they would use (cyberwarfare) methods that we would not be fully prepared for. These countries don’t have the ability to attack us directly, but they could attack us remotely and cause damage.
What does it mean to the average person who uses the Internet for work or online shopping; why should we care about cyberwarfare?
One reason to care is what are they doing with the information and did they legally acquire it. Since Edward Snowden, I think the government has followed the law as it’s written, but we need to have a full debate about what the government is collecting and what they are doing with it.
The government, in preparing the battlefield to dominate (cyberspace), to give it an advantage, has fundamentally weakened Internet (security) for all of us. The NSA is undermining the encryption process by inserting weaknesses into widely used encryption that only the NSA can understand and exploit. But what happens if that weakness is figured out by a foreign government? I like to say that it’s like the NSA requiring you to have a certain lock on your front door, and they’re the only ones that have the secret key to open it; but what happens if someone else finds it?
There’s also something called “zero day.” These are flaws in a computer system that are not known by the developer. There is a gray market for that information; the NSA is the largest single purchaser of zero-day information. When they know of one of these flaws, should it be disclosed? Are you compromising security by not disclosing a known flaw that could be used by hackers?
The most frequent words I’ve read in reviews of your book are scary and disturbing. Should we be scared?
I don’t think we have to be scared. A lot of the information is unsettling. But it’s important to remember that this doesn’t mean the lights are going out tomorrow. I’m skeptical of people in government who are trying for more authority in the cyber realm by claiming that we’re one calamity away from a “cyber-Pearl Harbor” as Leon Panetta once warned.
Are we winning the cyberwar?
I wouldn’t say we’re wining. The barrier to entry to create a national cyber force is not as high as building a navy or air force or army. Countries that can’t challenge us militarily are going to opt to build up their cyber capabilities. China is throwing thousands of more people into this than we are, and they are less constrained in what they do. Our capabilities are as good as any other country.
I’m trying to wrap my head around the fact that you were once a Lilting Banshee as a Wake Forest student. Help me out with that; how’d you go from writing sketch comedy to writing about cyberwarfare?
The transition isn’t obvious? I always joke that having a good sense of humor is a good tool for surviving in Washington. I moved to Washington after graduating. I knew that I wanted to write and tell stories, and I was interested in government and politics. I had a great editor at a magazine who said that what I should be doing is writing longer form, nonfiction stories that read like a novel. There’s a long tradition of that, going back to Harold Hayes (’48) at Esquire.