Seymour Hersh's recent peek inside "cyber warfare" possibly affirms two things we kinda already knew: people are easily spooked, and there's plenty of money to be made by spooking them. The story, oddly, starts with some hot coffee.
Hersh begins by recounting an old story, that is still a good read. In 2001, an American EP-3E Aries II spy plane was flying over the South China Sea, doing what spy planes near China do best—spying on China. Things were going swimmingly, until the EP-3E quite literally collided with a Chinese interceptor jet—the counterintelligence equivalent of bumping into your girlfriend while she's on a date with another guy. Diplomatically awkward to say the least, but also deadly—the Chinese pilot was killed, and the American plane was able to just barely crash land at—and this was less than ideal—a Chinese air base.
There were 24 intelligence officers onboard the plane, but their existence was secondary compared to the hardware and software used to control the plane's sensitive recon equipment—tech worth hundreds of millions of dollars. You would think there might be a sophisticated method of preventing this stuff from falling into foreign hands, but, it turns out, Pentagon protocol instructed the crew to react as you and your girlfriend might after the above infidelity hypothetical—wildly swinging around a fire axe and throwing scalding coffee everywhere. Actually. The hope was to damage the onboard equipment beyond use—and backwards engineering—by the Chinese. But after 11 days, the crew was sent back to the US, and the plane stayed behind, where it eventually became clear that the crew had not sufficiently trashed the thing.
How did we know? The Chinese made it clear, Hersh explains, using the same communications channels we were using to snoop to broadcast their knowledge of our covert activities:
The Chinese were apparently showing the U.S. their hand. ("The N.S.A. would ask, ‘Can the Chinese be that good?' " the former official told me. "My response was that they only invented gunpowder in the tenth century and built the bomb in 1965. I'd say, ‘Can you read Chinese?' We don't even know the Chinese pictograph for ‘Happy hour.' ")
Events like this aren't new. What is new is the proliferation of a new fear, and a new front: the "cyber" front. It employees tens of thousands of Americans, eats up of millions of tax dollars, and generally leaves everyone confused. And it's based upon a myth that, at any point, a Chinese Cyber Soldier could press a button and knock down the Chrysler Building, or cause rolling blackouts across the US. If you'd like a vividly idiotic illustration of what cyber warfare cheerleaders want you to think is possible, just read Hersh's excerpt from "Cyber War," a sensationalist, OH DEAR GOD NO account of what China could do to us with cyber bazookas:
Within a quarter of an hour, 157 major metropolitan areas have been thrown into knots by a nationwide power blackout hitting during rush hour. Poison gas clouds are wafting toward Wilmington and Houston. Refineries are burning up oil supplies in several cities. Subways have crashed in New York, Oakland, Washington, and Los Angeles. . . . Aircraft are literally falling out of the sky as a result of midair collisions across the country. . . . Several thousand Americans have already died.
If the book's author, former White House national-security aide Richard Clarke, can team up with Michael Bay, he might have Summer 2012's big dumb hit on his hands. But for now, this ridiculous scene of crashed trains and plummeting planes should guide our national security interests about as much as "The Berenstain Bears Visit the Dentist," notes Hersh:
Clarke's book, with its alarming vignettes, was praised by many reviewers. But it received much harsher treatment from writers in the technical press, who pointed out factual errors and faulty assumptions. For example, Clarke attributed a severe power outage in Brazil to a hacker; the evidence pointed to sooty insulators.
Before going further, it's worth reflecting on the words we're using here: cyber. Cyber. Cyber warfare. Cyberspace. It's a term as antiquated and nebulous as the alleged "war" being fought upon it. It connotes cluelessness. These are terms that I imagine might resonate with my mother, who refers to her home router as "the Comcast" and calls me every time Word won't quit. But there is no "cyber space"—and it's an ambiguity exploited, it might seem, to benefit both private and government interests.
Scaring the American public into thinking it's engaged in a new war is profitable. It keeps myriad consulting firms flush—like Booz Allen Hamilton, which landed a $34 million Pentagon contract after its executive vice president testified before congress. "Hello, Congress. You have X. I have X pills. They will cost you $34 million. Thanks!" It also keeps government entities awash in cash, like the Pentagon's Cyber Command, or the NSA, which employes a bunker full of its own hackers in a secret compound outside Baltimore. (This is the same NSA, it should be mentioned, that Hersh says instructed foreign agents to seal their USB ports with liquid cement to prevent attack by malicious flash drive).
A US Navy admiral confessed the following to Hersh, almost depressing as it is true:
The U.S. Navy, worried about budget cuts, "needs an enemy, and it's settled on China," and that "using what your enemy is building to justify your budget is not a new game."
This cash doesn't make anyone safer, however, because there isn't much of a threat to begin with. At least not the one being sold in consulting white papers and on the floors of Congress. No matter how much the doomsday novelists and budget-hungry officers might want you to think of your dog, fire hydrant, and Lower Manhattan as ready to explode with the tap of a Chinese spacebar, China wouldn't even if it could: "Current Chinese officials have told me that we're not going to attack Wall Street, because we basically own it," says one of Hersh's sources. Now that's a reality more frightening than any Tron-esque vision of cyber warriors throwing cyber-javelins at each other.
That isn't to say that internet-based hostilities between nations don't exist. They do, and they're worth taking seriously. Many signs support speculation that the recent Stuxnet worm was a deliberate attempt by Israel (and perhaps other parties) to undermine Iran's nuclear program. If true, an act of overt aggression, to be sure. And, had such a worm succeeded in permanently impairing or disabling entirely the nuclear-energy plant of another country, by most definitions this would be fightin' words, not mere hacking—an act of war. But taking such risks seriously does not a war make. And, as Hersh points out, if what actually went down is cyber "warfare," then war ain't what it used to be:
If Stuxnet was aimed specifically at Bushehr, it exhibited one of the weaknesses of cyber attacks: they are difficult to target and also to contain. India and China were both hit harder than Iran, and the virus could easily have spread in a different direction, and hit Israel itself. Again, the very openness of the Internet serves as a deterrent against the use of cyber weapons.
The "cyber" nature of "cyber" warfare might, in the end, be self-nullifying. So if there's not open fighting in any traditional sense of the word, what is there? Hersh explains that for the most part, a lot of old fashioned annoying asshole hacking and pre-internet corporate espionage have been folded under this corny, misleading mantle of cyber-whatever. Says another source, a think tank fellow and former staffer at the Departments of State and Commerce during the Clinton Administration:
"Some of it is economic espionage that we know and understand. Some of it is like the Wild West. Everybody is pirating from everybody else. The U.S.'s problem is what to do about it. I believe we have to begin by thinking about it"-the Chinese cyber threat-"as a trade issue that we have not dealt with."
They do it. We do it. We've both been doing it. At best, maybe this is just wasteful—though it does keep a lot of Beltway types in fresh Dockers. But at worst, this obfuscating Maypole dance of bureaucracy and private consulting keeps our heads in the (CYBER!) clouds, and not pointed at anything that will keep the world safer. It'll be of the utmost importance to keep from mistaking trade tensions and dirty economic rivalries with outright warfare—a word not to be dropped or appropriated lightly. Hersh concludes with perhaps the article's most head-shaking bit, an explanation of why that American recon plane crashed in the first place: the military was so worried about losing its jobs on the eve of the 2000 election that nobody was paying attention to our spy missions.
There was no leadership in the Defense Department, as both Democrats and Republicans waited for the Supreme Court to decide the fate of the Presidency. The predictable result was an increase in provocative behavior by Chinese fighter pilots who were assigned to monitor and shadow the reconnaissance flights. This evolved into a pattern of harassment in which a Chinese jet would maneuver a few dozen yards in front of the slow, plodding EP-3E, and suddenly blast on its afterburners, soaring away and leaving behind a shock wave that severely rocked the American aircraft. On April 1, 2001, the Chinese pilot miscalculated the distance between his plane and the American aircraft.
Is the same apparatus responsible for a fuck-up of that magnitude suddenly going rule the internet with steel eyes and iron fist, simply because we apply a term to their endeavor that belongs in a Windows 95 game? Start brewing the coffee. [The New Yorker]