Dark Territory (19 page)

Bush threw out lots of Clinton's initiatives, among them those having to do with cyber security. Clarke, the architect of those policies, stayed on in the White House and retained his title of National Coordinator for Security, Infrastructure Protection, and Counterterrorism. But, it was clear, Bush didn't care about any of those issues, nor did Vice President Dick Cheney or the national security adviser, Condoleezza Rice. Under Clinton, Clarke had the standing, even if not the formal rank, of a cabinet secretary, taking part in the NSC Principals meetings—attended by the secretaries of defense, state, treasury, and other departments—when they discussed the issues in his portfolio. Rice took away this privilege. Clarke interpreted the move as not only a personal slight but also a diminution of his issues.

During the first few months of Bush's term, Clarke and CIA director George Tenet, another Clinton holdover, warned the president repeatedly about the looming danger of an attack on America by Osama bin Laden. But the warnings were brushed aside. Bush and his closest advisers were more worried about missile threats from Russia, Iran, and North Korea; their top priority was to abrogate the thirty-year-old Anti-Ballistic Missile Treaty, the landmark Soviet-American arms-control accord, so they could build a missile-defense system. (
On the day of the 9/11 attacks, Rice was scheduled to deliver a speech on the major threats facing the land; the draft didn't so much as mention bin Laden or al Qaeda.)

In June 2001, Clarke submitted his resignation. He was the chief White House adviser on counterterrorism, yet nobody was paying attention to terrorism—or to him. Rice, taken aback, urged him not
to leave. Clarke relented, agreeing to stay but only if they limited his responsibilities to cyber security, gave him his own staff (which eventually numbered eighteen), and let him set up and run an interagency Cyber Council. Rice agreed, in part because she didn't care much about cyber; she saw the concession as a way to keep Clarke onboard while keeping him out of issues that did interest her. However, she needed time to find a replacement for the counterterrorism slot, so Clarke agreed to stay in that position as well until October 1.

He still had a few weeks to go as counterterrorism chief when the hijacked planes smashed into the World Trade Center and the Pentagon. Bush was in Florida, Cheney was dashed to an underground bunker, and, by default, Clarke sat in the Situation Room as the crisis manager, running the interagency conference calls and coordinating, in some cases directing, the government's response.

The experience boosted his standing somewhat, not enough to let him rejoin the Principals meetings, but enough for Rice to start paying a bit of attention to cyber security. However, she balked when Clarke suggested renewing the
National Plan for Information Systems Protection
, which he'd written for Clinton in his last year as president. She vaguely remembered that the plan set mandatory standards for private industry, and that would be anathema to President Bush.

In fact, much as Clarke wished that it had, the plan—the revised version, after he had to drop his proposal for a federal intrusion-detection network—called only for public-private cooperation, with corporations in the lead. But Clarke played along, agreeing with Rice that the Clinton plan was deeply flawed and that he wanted to do a drastic rewrite.
Rice let him draft an executive order, which Bush signed on September 30, calling for a new plan. For the next several months, Clarke and some of his staff went on the road, doing White House “cyber town halls” in ten cities—including Boston, New York, Philadelphia, Atlanta, San Francisco, Los Angeles, Portland,
and Austin—inviting local experts, corporate executives, IT managers, and law-enforcement officers to attend.

Clarke would start the sessions on a modest note. Some of you, he would say, criticized the Clinton plan because you had no involvement in it. Now, he went on, the Bush administration was writing a new plan, and the president wants you, the people affected by its contents, to write the annexes that deal with your sector of critical infrastructure. Some of the experts and executives in some of the cities actually submitted ideas; those in telecommunications were particularly enthused.

In fact, though, Clarke wasn't interested in their ideas. He did, however, need to melt their opposition; the whole point, the only point, of the town hall theatrics was to get their buy-in—to co-opt them into believing that they had something to do with the report.
As it turned out, the final draft—a sixty-page document called
The National Strategy to Secure Cyberspace
, signed by President Bush on February 14, 2003—contained more passages kowtowing to industry, and it assigned some responsibility for securing nonmilitary cyberspace to the new Department of Homeland Security. But otherwise, the language on the vulnerability of computers came straight out of the Marsh Report, and the ideas on what to do about it were nearly identical to the plan that Clarke had written for Clinton.

The document set the framework for how cyber security would be handled over the next several years—as well as the limits in the government's ability to handle it at all, given industry's resistance to mandatory standards and (a problem that would soon become apparent) the Homeland Security Department's bureaucratic and technical inadequacies.

Clarke didn't stick around to fight the political battles of enforcing and refining the new plan. On March 19, Bush ordered the invasion of Iraq. In the buildup to the war, Clarke had argued that it would divert attention and resources from the fight against bin Laden and
al Qaeda. Once the war's wheels were firmly in motion, Clarke resigned in protest.

But a few years after the invasion, as the war devolved from liberation to occupation and the enemy switched from Saddam Hussein to a disparate array of insurgents, the cyber warriors at Fort Meade and the Pentagon stepped onto the battlefield for the first time as a significant, even decisive force.

I
. Out of CNE sprang a still more baroque subdivision of signals intelligence: C-CNE, for Counter-Computer Network Exploitation—penetrating an adversary's networks in order to watch him penetrating
our
networks.

W
HEN
General John Abizaid took the helm of U.S. Central Command on July 7, 2003, overseeing American military operations in the Middle East, Central Asia, and North Africa, his political bosses in Washington thought that the war in Iraq was over. After all, the Iraqi army had been routed, Saddam Hussein had fled, the Baathist regime had crumbled. But Abizaid knew that the war was just beginning, and he was flustered that President Bush and his top officials neither grasped its nature nor gave him the tools to fight it. One of those tools was cyber.

Abizaid had risen through the Army's ranks in airborne infantry, U.N. peacekeeping missions, and the upper echelon of Pentagon staff jobs. But early on in his career, he tasted a slice of the unconventional. In the mid-1980s, after serving as a company commander in the brief battle for Grenada, he was assigned to the Army Studies Group, which explored the future of combat. The Army vice chief of staff, General Max Thurman, was intrigued by reports of the Soviet army's research into remote sensing and psychic experiments. Nothing came of them, but they exposed Abizaid to the notion that war might be about more than just bullets and bombs.

In his next posting, as executive assistant to General John Shalikashvili, chairman of the Joint Chiefs of Staff, Abizaid once accompanied his boss on a trip to Moscow. Figuring their quarters were bugged, the staff set up little tents so they could discuss official business away from Russian eavesdropping. Later, in Bosnia, as assistant commander of the 1st Armored Division, Abizaid learned that the CIA was flying unmanned reconnaissance planes over Sarajevo—and he was aware of the worry, among U.S. intelligence officials on the ground, that the Russians might seize control of a plane by hacking its communications link.

By 2001, when Abizaid was promoted to director of the Joint Staff in the Pentagon, the plans and programs for cyber security and cyber warfare were in full bloom. His job placed him in the thick of squabbles and machinations among and within the services, so he knew well the tensions between operators and spies throughout the cyber realm. In the event of war, the operators, mainly in the military services, wanted to
use
the intelligence gleaned from cyber; the spies, mainly in the NSA and CIA, saw the intelligence as vital for its own sake and feared that using it would mean losing it—the enemy would know that we'd been hacking into their networks, so they'd change their codes or erect new barriers. Abizaid understood this tension—it was a natural element in military politics—but he was, at heart, an operator. He took the guided tour of Fort Meade, was impressed with the wonders that the NSA could accomplish, and thought it would be crazy to deny their fruits to American soldiers in battle.

In the lead-up to the invasion of Iraq, Abizaid, who was by now the deputy head of Central Command, flew to Space Command headquarters in Colorado Springs, home of Joint Task Force-Computer Network Operations, which would theoretically lead cyber offense and defense in wartime. He was appalled by how bureaucratically difficult it would be to muster any kind of cyber offensive campaign: for one thing, the tools of cyber attack and cyber espionage were so
shrouded in secrecy that few military commanders even knew they existed.

Abizaid asked Major General James D. Bryan, the head of the joint task force, how he would go about getting intelligence from al Qaeda's computers into the hands of American soldiers in Afghanistan. Bryan traced the circuitous chain of command, from Space Command to a bevy of generals in the Pentagon, up to the deputy secretary of defense, then the secretary of defense, over to the National Security Council in the White House, and finally to the president. By the time the request cleared all these hurdles, the soldiers' need for the intel would probably have passed; the war itself might be over.

Bush ordered the invasion of Iraq on March 19. Three weeks later, after a remarkably swift armored assault up through the desert from Kuwait, Baghdad fell. On May Day, three weeks after the toppling, President Bush stood on the deck of the USS
Abraham Lincoln
, beneath a banner reading “Mission Accomplished,” and declared that major combat operations were over. But later that month, the American proconsul, L. Paul Bremer, issued two directives, disbanding the Iraqi army and barring Baathist party members from power. The orders alienated the Sunni population so fiercely that, by the time Abizaid took over as CentCom commander, an insurgency was taking form, raging against both the new Shiite-led Iraqi government and its American protectors.

Abizaid heard about the vast reams of intelligence coming out of Iraq—communications intercepts, GPS data from insurgents' cell phones, photo imagery of Sunni jihadists flowing in from the Syrian border—but nobody was piecing the elements together, much less incorporating them into a military plan. Abizaid wanted to get inside those intercepts and send the insurgents false messages, directing them to a certain location, where U.S. special-ops forces would be lying in wait to kill them. But he needed cooperation from NSA and CIA to weave this intel together, and he needed authorization from
political higher-ups to use it as an offensive tool. At the moment, he had neither.

The permanent bureaucracies at Langley and Fort Meade didn't want to cooperate: they knew that the world was watching—including the Russians and the Chinese—and they didn't want to waste their best intelligence-gathering techniques on a war that many of them regarded as less than vital.
Meanwhile, Secretary of Defense Donald Rumsfeld wouldn't acknowledge that there
was
an insurgency. (Rumsfeld was old enough to know, from Vietnam days, that defeating an insurgency required a
counter
insurgency strategy, which in turn would leave tens of thousands of U.S. troops in Iraq for years, maybe decades—whereas he just wanted to get in, get out, and move on to oust the next tyrant standing in the way of America's post–Cold War dominance.)

Out of frustration, Abizaid turned to a one-star general named Keith Alexander. The two had graduated from West Point a year apart—Abizaid in the class of 1973, Alexander in '74—and they'd met again briefly, almost twenty years later, during battalion-command training in Italy. Now Alexander was in charge of the Army Intelligence and Security Command, at Fort Belvoir, Virginia, the land forces' own SIGINT center, with eleven thousand surveillance officers deployed worldwide—a mini-NSA all its own, but geared explicitly to Army missions. Maybe Alexander could help Abizaid put an operational slant on intelligence data.

He'd come to the right man. Alexander was something of a technical wizard. Back at West Point, he worked on computers in the electrical engineering and physics departments. In the early 1980s, at the Naval Postgraduate School, in Monterey, California, he built his own computer and developed a program that taught Army personnel how to make the transition from handwritten index cards to automated databases. Soon after graduating, he was assigned to the Army Intelligence Center, at Fort Huachuca, Arizona, where he spent his
first weekend memorizing the technical specifications for all the Army's computers, then prepared a master plan for all intelligence and electronic-warfare data systems. In the run-up to Operation Desert Storm, the first Gulf War of 1991, Alexander led a team in the 1st Armored Division, at Fort Hood, Texas, wiring together a series of computers so that they could process data more efficiently. Rather than relying on printouts and manual indexing, the analysts and war planners back in the Pentagon could access data that was stored and sorted to their needs.

Before assuming his present command at Fort Belvoir, Alexander had been Central Command's chief intelligence officer. He told Abizaid about the spate of technical advances on the boards, most remarkably tools that could intercept signals from the chips in cell phones, either directly or through the switching nodes in the cellular network, allowing SIGINT teams to track the location and movements of Taliban fighters in Pakistan's northwest frontier or the insurgents in Iraq—even if their phones were turned off. This was a new weapon in the cyber arsenal; no one had yet exploited its possibilities, much less devised the procedures for one agency to share the intelligence feed with other agencies or with commanders in the field. Abizaid was keen to get this sharing process going.