Dark Territory (16 page)

On June 4, Milosevic surrendered. It was widely observed that no one had ever before won a war through airpower alone. But this war wasn't won that way, either. It was won through a combination of the pummeling air strikes
and
the isolating impact of information warfare.

Afterward, in a postwar PowerPoint briefing, Admiral James Ellis, Commander of Allied Forces, Southern Europe, hailed the information operation as
“at once a great success . . . and perhaps the greatest failure of the war.” All the tools were in place, he went on, but “only a few were used.” The campaign employed “great people” with “great access to leadership,” but they hadn't been integrated with the operational commands, so they had less impact “on planning and execution” than they might have had. The whole enterprise of information warfare, Ellis wrote, had “incredible potential” and “must become” a “point of main effort” in the asymmetric wars to come. However, the concept was “not yet understood by war fighters.” One reason for this lapse, he said, was that everything about information warfare was “classified beyond their access,” requiring special security clearances that only a few officers possessed. Had the tools and techniques been fully exploited, Ellis concluded, the war might have lasted half as long.

This was the most telling aspect of the information warfare campaign: it was planned and carried out by a secret unit of the Pentagon's Joint Staff, with assistance from the even more secretive NSA, CIA, and GCHQ. As the twentieth century came to a close,
America's military commanders weren't yet willing to let hackers do the business of soldiers and bombardiers. A few senior officers were amenable to experimenting, but the Defense Department lacked the personnel or protocols to integrate this new dimension of war into an actual battle plan. The top generals had signed doctrinal documents on “information warfare” (and, before that, “counter command-control war”), but they didn't appear to take the idea very seriously.

A small group of spies and officers set out to change that.

I
. J-39 also figured out how to hack into Milosevic's own bank accounts; President Clinton was intrigued with the idea. But senior officials, especially in the Treasury Department, strongly advised against going down that road, warning of severe blowback. In subsequent years, intelligence agencies tracked down other hostile leaders' finances, but the option of actually hacking their bank accounts was never actively pursued.

A
RT
M
ONEY
was flustered. He was the ASD(C3I), the assistant secretary of defense for command, control, communications, and intelligence—and thus the Pentagon's point man on information warfare, its civilian liaison with the NSA. The past few years should have vindicated his enthusiasms. Eligible Receiver, Solar Sunrise, and Moonlight Maze had sired an awareness that the military's computer networks were vulnerable to attack. J-39's operations in the Balkans proved that the vulnerabilities of other countries' networks could be exploited for military gain—that knowing how to exploit them could give the United States an advantage in wartime. And yet, few of America's senior officers evinced the slightest interest in the technology's possibilities.

Money's interest in military technology dated back to a night in 1957, when, as a guard at an Army base in California, he looked up at the sky and saw
Sputnik II
, the Soviet Union's second space satellite, orbiting the earth before the Americans had launched even a first—a beacon of the future, at once fearsome and enthralling. Four years later, he enrolled at San Jose State for an engineering degree.
Lockheed's plant in nearby Sunnyvale was hiring any engineer who could breathe. Money took a job on the night shift, helping to build the system that would launch the new Polaris missile from a tube in a submarine. Soon he was working on top secret spy satellites and, after earning his diploma, the highly classified devices that intercepted radio signals from Soviet missile tests.

From there, he went to work for ESL, the firm that Bill Perry had founded to develop SIGINT equipment for the NSA and CIA; by 1990, Money rose to the rank of company president. Six years later, at the urging of Perry, his longtime mentor, who was now secretary of defense, he came to work at the Pentagon, as assistant secretary of the Air Force for research, development, and acquisition.

That job put him in frequent touch with John Hamre, the Pentagon's comptroller. In February 1998, Solar Sunrise erupted; Hamre, now deputy secretary of defense, realized, to his alarm, that no one around him knew what to do; so he convinced his boss, Secretary of Defense William Cohen, to make Art Money the new ASD(C3I).

Money was a natural for the job. Hamre was set on turning cyber security into a top priority; Money, one of the Pentagon's best-informed and most thoroughly connected officials on cyber matters, became his chief adviser on the subject. It was Money who suggested installing intrusion-detection systems on Defense Department computers. It was Money who brought Dusty Rhoads into J-39 after hearing about his work in the Blue Flag war games at the 609th Information Warfare Squadron. It was Money who brought together J-39, the NSA, and the CIA during the campaign in the Balkans.

The concept of information warfare—or cyber warfare, as it was now called—should have taken off at this point, but it hadn't because most of the top generals were still uninterested or, in some cases, resistant.

In the summer of 1998, in the wake of Solar Sunrise, Money was instrumental in setting up JTF-CND—Joint Task Force-Computer
Network Defense—as the office to coordinate protective measures for all Defense Department computer systems, including the manning of a 24/7 alert center and the drafting of protocols spelling out what to do in the event of an attack. In short, Money was piecing together the answer to the question Hamre posed at the start of Solar Sunrise: “Who's in charge?”

The initial plan was to give Joint Task Force-Computer Network Defense an
offensive
role as well, a mandate to develop options for attacking an adversary's networks. Dusty Rhoads set up a small, hush-hush outpost to do just that. But he, Money, and Soup Campbell, the one-star general in charge of the task force, knew that the services wouldn't grant such powers to a small bureau with no command authority.

However, Campbell made a case that, to the extent the military services had plans or programs for cyber offensive operations (and he knew they did), the task force ought, at the very least, to be briefed on them. His argument was unassailable: the task force analysts needed to develop defenses against cyber attacks; knowing what kinds of attacks the U.S. military had devised would help them expand the range of defenses—since, whatever America was plotting against its adversaries, its adversaries would likely soon be plotting against America.

Cohen bought the argument and wrote a memo to the service chiefs, ordering them to share their computer network attack plans with the joint task force. Yet at a meeting chaired by John Hamre, the vice chiefs of the Army, Navy, and Air Force—speaking on behalf of their bosses—blew the order off. They didn't explicitly disobey the order; that would have been insubordination, a firing offense. Instead, they redefined their attack plans as something else, so they could say they had no such plans to brief. But their evasion was obvious: they just didn't want to share these secrets with others, not even if the secretary of defense told them to do so.

Clearly, the task force needed a broader charter and a home with more power.
So, on April 1, 2000, JTF-CND became JTF-CNO, the
O
standing for “Operations,” and those operations included not just Computer Network Defense but also, explicitly, Computer Network
Attack
. The new task force was placed under the purview of U.S. Space Command, in Colorado Springs. It was an odd place to be, but SpaceCom was the only unit that wanted the mission. In any case, it was a
command
, invested with war-planning and war-fighting powers.

Still, Money, Campbell, Hamre, and the new task force commander, Major General James D. Bryan, saw this, too, as a temporary arrangement. Colorado Springs was a long way from the Pentagon or any other power center; and the computer geeks from the task force were complaining that their counterparts at Space Command, who had to be meshed into the mission, didn't know anything about cyber offense.

Money felt that the cyber missions—especially those dealing with cyber
offense
—should ultimately be brought to the Fort Meade headquarters of the NSA. And so did the new NSA director, Lieutenant General Michael Hayden.

Mike Hayden came to the NSA in March 1999, succeeding Ken Minihan. It wasn't the first time Hayden followed in his footsteps. For close to two years, beginning in January 1996, Hayden commanded Kelly Air Force Base in San Antonio. Kelly was where Minihan had run the Air Force Information Warfare Center, which pioneered much of what came to be called cyber warfare—offense
and
defense—and, by the time Hayden arrived, it had grown in sophistication and stature.

Hayden knew little about the subject before his tenure at Kelly, but he quickly realized its possibilities.
A systematic thinker who
liked to place ideas in categories, he came up with a mission concept that he called GEDA—an acronym for Gain (collect information), Exploit (use the information to penetrate the enemy's networks), Defend (prevent the enemy from penetrating our networks), Attack (don't just penetrate the enemy network—disable, disorient, or destroy it).

At first glance, the concept seemed obvious. But Hayden's deeper point was that all these missions were intertwined—they all involved the same technology, the same networks, the same actions: intelligence and operations in cyberspace—cyber security, cyber espionage, and cyber war—were, in a fundamental sense, synonymous.

Hayden was stationed overseas, as the intelligence chief for U.S. forces in South Korea, when Solar Sunrise and Moonlight Maze stirred panic in senior officialdom and made at least some generals realize that the trendy talk about “information warfare” might be worthy of attention.
Suddenly, if just to stake a claim in upcoming budget battles, each of the services hung out a cyber shingle: the Army's Land Information Warfare Activity, the Navy's Naval Information Warfare Activity, and even a Marine Corps Computer Network Defense unit, joined the long-standing Air Force Information Warfare Center in the enterprise.

Many of these entities had sprung up during Ken Minihan's term as NSA director, and the trend worried him for three reasons. First, there were financial concerns: the defense budget was getting slashed in the wake of the Cold War; the NSA's share was taking still deeper cuts; and he didn't need other, more narrowly focused entities—novices in a realm that the NSA had invented and mastered—to drain his resources further. Second, some of these aspiring cyber warriors had poor operational security; they were vulnerable to hacking by adversaries, and if an adversary broke into their networks, he might gain access to files that the NSA had shared.

Finally, there was an existential concern. When Minihan became
NSA director, Bill Perry told him, “Ken, you need to preserve the mystique of Fort Meade.” The
mystique
—that was the key to the place, Minihan realized early on: it was what swayed presidents, cabinet secretaries, committee chairmen, and teams of government lawyers to let the NSA operate in near-total secrecy, and with greater autonomy than the other intelligence agencies. Fort Meade was where brilliant, faceless code-makers and code-breakers did things that few outsiders could pretend to understand, much less duplicate; and, for nearly the entire post–World War II era, they'd played a huge, if largely unreported, role in keeping the peace.

Now, the mystique was unraveling. With the Cold War's demise, Minihan gutted the agency's legendary A Group, the Soviet specialists, in order to devote more resources to emerging threats, including rogue regimes and terrorists. The agency could still boast of its core
technical
base: the cryptologists, the in-house labs, and their unique partnership with obscure outside contractors—that was where the mystique still glowed. Minihan needed to build up that base, expand its scope, shift its agenda, and preserve its mastery—not let it be diluted by lesser wannabes splashing in the same stream.

Amid the profusion of entities claiming a piece of Fort Meade's once-exclusive turf, and the parallel profusion of terms for what was essentially the same activity (“information warfare,” “information operations,” “cyber warfare,” and so forth), Minihan tried to draw the line. “I don't care what you call it,” he often said to his political masters. “I just want you to call
me
.”

To keep NSA at the center of this universe, Minihan created a new office, at Fort Meade, called the IOTC—the Information Operations Technology Center. The idea was to consolidate all of the military's sundry cyber shops: not to destroy them—he didn't want to set off bureaucratic wars—but to corral them into his domain.

He had neither the legal authority nor the political clout to do this by fiat, so he asked Art Money, whom he'd known for years and
who'd just become ASD(C3I), to scour the individual services' cyber budgets for duplicative programs; no surprise, Money found many. He took his findings to John Hamre, highlighted the redundancies, and made the pitch. No agency, Money said, could perform these tasks better than the NSA—which, he added, happened to have an office called the IOTC, which would be ideal for streamlining and coordinating these far-flung efforts. Hamre, who had recently come to appreciate the NSA's value, approved the idea and put the new center under Money's supervision.

When Hayden took over NSA, Money pressed him to take the center in a different direction. Minihan's aim, in setting up the IOTC, was to emphasize the
T
—Technology: that was the NSA's chief selling point, its rationale for remaining at the top of the pyramid. Money wanted to stress the
O
—Operations: he wanted to use the IOTC as a back door for the NSA to get into cyber offensive operations.