Dark Territory by Fred Kaplan Read Free Book Online

penetrating its source—and, once inside the mother ship, the enemy’s command-control system, he could feed it false information, altering, disrupting, or destroying the machine, disorienting the commanders: controlling the information to keep the peace and win the war.
    None of this came as news to Wilhelm; he’d been skirmishing on the information war’s front lines for years. But six weeks into the new job, he came to McConnell’s office and said, “Mike, we’re kind of fucked here.”
    Wilhelm had been delving into the details of what information war —a two-way war, in which both sides use the same weapons—might look like, and the sight wasn’t pretty. The revolution in digital signals and microelectronics was permeating the American military and American society. In the name of efficiency, generals and CEOs alike were hooking up everything to computer networks. The United States was growing more dependent on these networks than any country on earth. About 90 percent of government files, including intelligence files, were flowing alongside commercial traffic. Banks, power grids, pipelines, the 911 emergency call system—all of these enterprises were controlled through networks, and all of them were vulnerable, most of them to very simple hacking.
    When you think about attacking someone else’s networks, Wilhelm told McConnell, keep in mind that they can do the same things to us. Information warfare wasn’t just about gaining an advantage in combat; it also had to be about protecting the nation from other countries’ efforts to gain the same advantage.
    It was a rediscovery of Willis Ware’s warning from a quarter century earlier.
    McConnell instantly grasped the importance of Wilhelm’s message. The Computer Security Center, which Bobby Ray Inman created a decade earlier, had since lured little in the way of funding or attention. The Information Security (now called Information Assurance) Directorate was still—literally—a sideshow, located a twenty-minute drive from headquarters.
    Meanwhile, the legacy of Reagan’s presidential directive on computer security, NSDD-145, lay in tatters. Congressman Jack Brooks’s overhaul of the directive, laid out in the Computer Security Act of 1987, gave NSA control over the security of military computers and classified networks, but directed the National Bureau of Standards, under the Department of Commerce, to handle the rest. The formula was doomed from the start: the NBS lacked technical competence, while the NSA lacked institutional desire. When someone at the agency’s Information Assurance Directorate or Computer Security Center discovered a flaw in a software program that another country might also be using, the real powers at NSA—the analysts in the SIGINT Directorate—wanted to exploit it, not fix it; they saw it as a new way to penetrate a foreign nation’s network and to intercept its communications.
    In other words, it wasn’t so much that the problem went ignored; rather, no one in power saw it as a problem.
    McConnell set out to change that. He elevated the Information Assurance Directorate, gave it more money at a time when the overall budget—not just for the NSA but for the entire Defense Department—was getting slashed, and started moving personnel back and forth, between the SIGINT and Information Assurance directorates, just for short-term tasks, but the idea was to expose the two cultures to one another.
    It was a start, but not much more than that. McConnell had a lot on his plate: the budget cuts, the accelerating shift from analog circuits to digital packets, the drastic decline in radio signals, and the resulting need to find new ways to intercept communications. (Not long after McConnell became director, he found himself having to shut down one of the NSA antennas in Asia; it was picking up no radio signals; all the traffic that it had once