Return to Winter: Russia, China, and the New Cold War Against America (15 page)

Of course, the Russian and Chinese effort on behalf of rogue regimes is far from the only avenue in which they threaten American security. Both countries are actively pursuing an entire range of
policies designed, if not wholly, then at least in substantial part, to negate or transcend U.S. influence. Unfortunately, Washington has been no better at recognizing these other threats—the most immediate and troubling of which is cyber warfare.

CHAPTER 3

Cyber Security: The New Battlefield

“I call it the Wild West, because you can be anywhere and do anything and be effective. . . . All you need is an Internet connection.”

—
GENERAL WILLIAM SHELTON, COMMANDER OF AIR FORCE SPACE COMMAND
¹

“Cyber-networks are the new frontier of counterintelligence. If you can steal information or disrupt an organization by attacking its networks remotely, why go to the trouble of running a spy?”

—
JOEL BRENNER
²

“The problem is 1,000 times worse than what we see.”

—
ALAN PALLER, RESEARCH DIRECTOR, SANS INSTITUTE
³

“We have a national problem and it is significant. The next big issue will be a cyber 9/11. I’ve been sounding the alarm, and I’ve been doing this now for 20 years. We are going to have a cyber event that is catastrophic.”

—
RETIRED VICE ADMIRAL MIKE MCCONNELL
⁴

“It’s fair to say we’re already living in an age of state-led cyber war, even if most of us aren’t aware of it.”

—
ERIC SCHMIDT, GOOGLE CEO
⁵

T
he press called it “the shirtsleeves summit”: President Obama and Chinese president Xi Jinping meeting for bilateral talks in the
unlikely setting of Sunnylands, an estate in Rancho Mirage, California, built by the billionaire Walter Annenberg. The beautifully landscaped grounds, at the intersection of Bob Hope and Frank Sinatra Drives, might encourage a more informal dialogue, Americans hoped, and build trust between the two leaders. And it seemed to be working: At one point, Obama and Xi talked privately for almost an hour as they sat in the shade on a bench made of California redwood—a personal gift from the president to his Chinese guest.

“The president had very good discussions in an informal atmosphere—uniquely informal atmosphere—with President Xi,” said Tom Donilon, Obama’s national-security adviser. “If you go back through studying each of the encounters between an American president and the leadership of China since President Nixon’s historic meeting in February of 1972 in China, I think the uniqueness and the importance of a number of aspects of this encounter really come to the fore,” he said.
⁶

And the summit did produce some results: most substantively, an agreement to cooperate closely in pressuring North Korea to give up its nuclear program.

But on another issue—one with perhaps more “uniqueness and importance” than any other discussed—there was no progress between the two leaders. In fact, there was barely an acknowledgement, on the Chinese side, that the issue existed. This was the matter of cyber warfare and cyber hacking, which Obama had promised the American people he would make a top priority at the talks. The subject had become a flashpoint in U.S.–China relations: The previous fall, outgoing Defense Secretary Leon Panetta had warned of a possible “cyber Pearl Harbor” caused by computer hackers who were trying to bring down critical infrastructure systems.

Moreover, as Obama and Xi sat together in Sunnylands, the Edward Snowden affair was breaking in the media. The day before
Obama and Xi arrived at the estate,
The Guardian
, a British newspaper, broke the story that the National Security Agency had obtained access to voluminous data from the systems of private Internet-based companies, including Google, Facebook, Apple, and others. It was all part of an undisclosed government program called PRISM, under which the NSA could collect data including search history, emails, file transfers, and Web chats.
⁷
New angles kept appearing: The British equivalent of PRISM was Tempora, under which the British Government Communications Headquarters conducted massive electronic surveillance and freely shared their findings with the NSA. As an uproar began, the source of these bombshell findings unveiled himself: American Edward Snowden, a former CIA employee and, at the time, an “infrastructure analyst” for NSA contractor Booz-Allen Hamilton. Snowden made the disclosures from Hong Kong, where he had gone under the guise of receiving epilepsy treatment; once there, he spilled the goods on the classified U.S. government programs to
Guardian
journalist Glenn Greenwald.

That’s right—the most notorious national-security leaker in recent American history fled to China for shelter and protection. And, after the Hong Kong government rejected American pleas to extradite him, Snowden flew off to Moscow. There, he sheltered for weeks in the transit area of Moscow’s Sheremetyevo Airport—while Russian president Vladimir Putin, like the Chinese, refused to extradite him to the United States.

We’ll explore the Snowden case in more detail in our “Intelligence Wars” chapter, but its explosion into the news just as Obama was attempting to press China on cyber hacking and thievery could not have been more symbolic. The Snowden leaks exposing vital national-security programs, and the American failure to get him back for prosecution, represented a huge win for Russia and China—all the more so when Snowden, in effect, told the Chinese that we were spying on
them, confirming their accusations against the U.S. The Snowden fiasco also mirrored the general ineffectiveness of U.S. efforts to confront its adversaries on the cyber issue.

Sitting with Xi at Sunnylands, Obama detailed a number of massive cyber attacks against American targets and made clear that the U.S. had no doubt they came from China. He warned Xi that Chinese cyber attacks would directly threaten the American–Chinese relationship, especially economically. But the president found Xi as immovable as Mao. Xi would protest only that China suffers cyber intrusions, too; he gave no quarter, made no admissions, and pledged no cooperation. Donilon, for his part, claimed that Obama had raised the issue with some force—Donilon made no mention of Xi’s response, which was unpromising. It was more of a one-way phone conversation than a negotiation.
⁸

While Xi seemed tight-lipped about the subject, his actual message couldn’t have been clearer, and it was based in the most traditional kind of power politics: I’m going to keep doing what I’m doing because it benefits me, and because the price to you of trying to stop it is too high. In other words, China’s cyber war against the U.S. would continue.

Obama’s attempt to confront Xi came on the heels of stunning news reports earlier in 2013 that made clear the extent and sophistication of Chinese-based cyber attacks on every major aspect of American life—financial institutions, private-sector businesses, military systems, government servers, political groups, and infrastructure and power grids. These attacks have been going for years, but only recently has definitive evidence linked them to China. It is now undeniable that China is the leading global practitioner of cyber warfare.

However, the Chinese are not alone. Their Axis partner, Russia, also excels at cyber sabotage and aggressive technological attacks, though the Russians’ expertise takes different forms. Proof of Russia’s involvement in attacks on the American mainland has so far
been lacking, but independent Russian hacker groups—if they really are independent of Moscow—have launched audacious, damaging attacks on U.S. and Western financial targets. The hacking of American retailer Target in December 2013, the largest of its kind in U.S. history—involving 40 million stolen credit card numbers—originated from Russian computers.
⁹

Like Xi, however, Putin dismisses questions about cyber attacks, scoffing at the mention of “hackers” as if they were beneath his notice. And he maintains his denials that Russia was behind the sabotage that disabled Estonia in 2007 and Georgia in 2008, bringing havoc to these countries at a time when they challenged Moscow. The Chinese have attempted nothing on this scale to date.

Finally, there is Iran, which, remarkably, has launched what is believed to be the most destructive attack yet on a private-sector target: the “Shamoon” virus, which brought down 30,000 computers of the Saudi oil giant Aramco in 2012.

Cyber security may well be the ultimate battleground in our conflict with the Axis forces—cyber assault is the most immediate threat the U.S. faces, as well as the one we understand the least. Moreover, it is an area in which our key adversaries excel, in different ways. On this playing field, the power imbalances between America and the Axis are meaningless: In cyber war, the strength of your military and the size of your GDP and navy are irrelevant. What matters is whether you and your intelligence assets have the technological chops and the political daring to launch sophisticated attacks on the world’s only superpower. Russia, China, and Iran have already shown that they have all the capabilities and a good share of the political daring. They are defiant and unrepentant when challenged.

To be sure, from an offensive perspective, the United States has displayed its mettle. The U.S. possesses the most sophisticated cyberwar capabilities in the world, as it demonstrated in 2009, when the
Stuxnet virus disabled the Iranian nuclear facility at Natanz. Washington denied responsibility, but most experts are confident that Stuxnet was an American operation. So are the Iranians, who launched the Shamoon virus at least partly in retaliation.

The issue for the U.S., then, is not whether it can launch effective attacks, but whether it can defend itself against them. For all the worries that Americans and their political leaders have about protecting the country against military or terrorist attacks, an invisible and virtual enemy could inflict far more extensive damage on the nation. The ball here, as elsewhere, is in America’s court: The intentions and behavior of its two primary adversaries could not be more consistent, confrontational, or transparent. It is past time that Washington got serious about the looming cyber catastrophe.

THE VULNERABILITY

Richard Clarke must be accustomed, by now, to giving dire warnings—and to being ignored until it is either too late or precariously close to being so. The man who spent the years before 9/11 warning, mostly in vain, about the threat posed by al-Qaeda eventually turned his attentions to cyberspace. In 2010, his book
Cyber War
, written with Robert Knake, described potential attacks of unimaginable scope, complexity, and destructiveness and laid out how the U.S. remains undefended. And, as he had in the years before 9/11, he sketched a graphic scenario:

       
Several thousand Americans have already died, multiples of that number are injured and trying to get to hospitals. . . . In the days ahead, cities will run out of food because of the train-system failures and the jumbling of data at trucking and distribution centers. Power will not come back up because nuclear plants have gone into secure
lockdown and many conventional plants have had their generators permanently damaged. High-tension transmission lines on several key routes have caught fire and melted. Unable to get cash from ATMs or bank branches, some Americans will begin to loot stores. Police and emergency services will be overwhelmed.
¹⁰

Such an attack, if it came, would render America more helpless than it had ever been in wartime, and would make the toll of 9/11 seem like child’s play. Could it really happen? Clarke insisted it could: “A sophisticated cyber war attack by one of several nation-states could do that today, in
fifteen minutes
, without a single terrorist or soldier ever appearing in this country.”
¹¹

It took a while for official Washington to embrace his alarm. In 2010, when Clarke’s book came out, President Obama’s then–cyber chief, Howard Schmidt, scoffed: “There is no cyber war,” he said. “I think that is a terrible metaphor and I think that is a terrible concept. As for getting into the power grid, I can’t see that that’s realistic.”
¹²
But as the evidence piled up and our lack of preparedness became more evident, that complacency began to lift.

Leon Panetta has spent decades in public life. His style is reserved and matter-of-fact. A political jack-of-all-trades, he has served in Congress and in the White House as chief of staff; he has also been CIA director and defense secretary. So when he stepped to the podium in October 2012 at the Intrepid Sea, Air, and Space Museum in Manhattan to address a business audience, few expected that he would deliver the most resounding warning of his political career—one that Americans desperately needed to hear.

“A cyber attack perpetrated by nation-states or violent extremist groups could be as destructive as the terrorist attack of 9/11,” Panetta said. “Such a destructive cyber terrorist attack could paralyze the nation.” As an example, he pointed to Iran’s Shamoon attack on Saudi
Aramco, which employed a “wiping” mechanism and a so-called kill switch to eradicate system memory in 30,000 computers, rendering them useless. The virus replaced essential system files with the image of a burning American flag. The business executives in attendance didn’t need prodding to imagine the impact of such an attack on their companies. But Panetta warned of darker scenarios.
¹³

Broad-based infrastructure attacks, he warned, “would cause physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability.” He described how sophisticated computer hackers—especially from Russia, China, and Iran—could bring down portions of the nation’s infrastructure. “An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals.” Panetta said. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
¹⁴

Panetta’s words reflected a growing awareness among American officials. Earlier in 2012, in an unclassified Worldwide Threat Assessment before the Senate Select Committee on Intelligence, Director of National Intelligence James Clapper listed cyber threats as just behind terrorism and nuclear proliferation in the list of strategic threats to U.S. security and economic interests. He named Russia and China as the state actors most active in stealing secrets from the United States through cyberspace.
¹⁵