Dark Territory (22 page)

The hackers also stole material from some sites that gave them valuable intelligence on the Georgian military—its operations,
movements, and communiqués—so the Russian troops could roll over them all the more swiftly.

Just as with Estonia, Kremlin spokesmen denied launching the cyber attacks, though the timing—coordinated so precisely with the other forms of attack—splashed extreme doubt on their claims of innocence.

After four days of fighting, the Georgian army retreated. Soon after, Russia's parliament formally recognized South Ossetia and Abkhazia as independent states. Georgia and much of the rest of the world disputed the status, seeing the enclaves as occupied Georgian territory, but there wasn't much they could do about it.

In the sixteen months from April 2007 to August 2008, when America hacked Iraqi insurgents' email, Israel spoofed Syrian air defenses, and Russia flooded the servers of Estonia and Georgia, the world witnessed the dawn of a new era in cyber warfare—the fulfillment of a decade's worth of studies, simulations, and, at the start of the decade in Serbia, a tentative tryout.

The Estonian operation was a stab at political coercion, though in that sense it failed: in the end, the statue of the Red Army soldier was moved from the center of Tallinn to a military graveyard on the town's outskirts.

The other three operations were successes, but cyber's role in each was tactical: an adjunct to conventional military operations, in much the same way as radar, stealth technology, and electronic countermeasures had been in previous conflicts. Its effects were probably short-lived as well; had the conflicts gone on longer, the target-nations would likely have found ways to deflect, diffuse, or disable the cyber attacks, just as the Estonians did with the help of Western allies. Even in its four-day war in South Ossetia, Georgia managed to reroute some of its servers to Western countries and
filter some of the Russian intrusions; the cyber attack evolved into a
two-way
cyber war, with improvised tactics and maneuvers.

In all its incarnations through the centuries, information warfare had been a gamble, its payoff lasting a brief spell, at best—just long enough for spies, troops, ships, or planes to cross a border undetected, or for a crucial message to be blocked or sent and received.

One question that remained about this latest chapter, in the Internet era, was whether ones and zeroes, zipping through cyberspace from half a world away, could inflict
physical
damage on a country's assets. The most alarming passages of the Marsh Report and a dozen other studies had pointed to the vulnerability of electrical power grids, oil and gas pipelines, dams, railroads, waterworks, and other pieces of a nation's critical infrastructure—all of them increasingly controlled by computers run on commercial systems. The studies warned that foreign intelligence agents, organized crime gangs, or malicious anarchists could take down these systems with cyber attacks from anywhere on earth. Some classified exercises, including the simulated phase of Eligible Receiver, posited such attacks. But were the scenarios plausible? Could a clever hacker
really
destroy a physical object?

On March 4, 2007, the Department of Energy conducted an experiment—called the Aurora Generator Test—to answer that question.

The test was run by a retired naval intelligence officer named Michael Assante. Shortly after the 9/11 attacks, Assante was tasked to the FBI's National Infrastructure Protection Center, which had been set up in the wake of Solar Sunrise and Moonlight Maze, the first major cyber intrusions into American military networks. While most of the center's analysts focused on Internet viruses, Assante examined the vulnerability of the automated control systems that ran power grids, pipelines, and other pieces of critical infrastructure that the Marsh Report had catalogued.

A few years later, Assante retired from the Navy and went to work as vice president and chief security officer of the American Electrical Power Company, which delivered electricity to millions of customers throughout the South, Midwest, and Mid-Atlantic. Several times he raised these problems with his fellow executives. In response, they'd acknowledge that someone could hack into a control system and cause power outages, but, they would add, the damage would be short-term: a technician would replace the circuit breaker, and the lights would go back on. But Assante would shake his head. Back at the FBI, he'd talked with protection and control engineers, the specialists' specialists, who reminded him that circuit breakers were like fuses: their function was to protect very costly components, such as power generators, which were much harder, and would take much longer, to replace. A malicious hacker wouldn't likely stop at blowing the circuit breaker; he'd go on to damage or destroy the generator.

Finally persuaded that this might be a problem, Assante's bosses sent him to the Idaho National Laboratory, an 890-square-mile federal research facility in the prairie desert outside Idaho Falls, to examine the issues more deeply. First, he did mathematical analyses, then bench tests of miniaturized models, and finally set up a real-life experiment. The Department of Homeland Security had recently undertaken a project on the most worrisome dangers in cyberspace, so its managers agreed to help fund it.

The object of the Aurora test was a 2.25-megawatt power generator, weighing twenty-seven tons, installed inside one of the lab's test chambers. On a signal from Washington, where officials were watching the test on a video monitor, a technician typed a mere twenty-one lines of malicious code into a digital relay, which was wired to the generator. The code opened a circuit breaker in the generator's protection system, then closed it just before the system responded, throwing its operations out of sync.
Almost instantly, the generator
shook, and some parts flew off. A few seconds later, it shook again, then belched out a puff of white smoke and a huge cloud of black smoke. The machine was dead.

Before the test, Assante and his team figured that there would be damage; that's what their analyses and simulations had predicted. But they didn't expect the magnitude of damage or how quickly it would come. Start-up to breakdown, the test lasted just three minutes, and it would have lasted a minute or two shorter, except that the crews paused to assess each phase of damage before moving on.

If the military clashes of 2007—in Iraq, Syria, and the former Soviet republics—confirmed that cyber weapons could play a tactical role in new-age warfare, the Aurora Generator Test revealed that they might play a strategic role, too, as instruments of leverage or weapons of mass destruction, not unlike that of nuclear weapons. They would, of course, wreak much less destruction than atomic or hydrogen bombs, but they were much more accessible—no Manhattan Project was necessary, only the purchase of computers and the training of hackers—and their effects were lightning fast.

There had been similar, if less dramatic, demonstrations of these effects in the past.
In 2000, a disgruntled former worker at an Australian water-treatment center hacked into its central computers and sent commands that disabled the pumps, allowing raw sewage to flow into the water. The following year, hackers broke into the servers of a California company that transmitted electrical power throughout the state, then probed its network for two weeks before getting caught.

The problem, in other words, was long known to be real, not just theoretical, but few companies had taken any steps to solve it. Nor had government agencies stepped in: those with the ability lacked the legal authority, while those with the legal authority lacked the ability; since action was difficult, evasion was easy. But for anyone
who watched the video of the Aurora Generator Test, evasion was no longer an option.

One of the video's most interested viewers, who showed it to officials all around the capital, from the president on down, was the former NSA director who coined the phrase “information warfare,” Rear Admiral Mike McConnell.

I
. 
Ironically, while complaining that Alexander might not handle NSA data in a strictly legal manner, Hayden was carrying out a legally dubious domestic-surveillance program that mined the same NSA database, including phone conversations and Internet activity of American citizens. Hayden rationalized this program, code-named Stellar Wind, as proper because it had been ordered by President Bush and deemed lawful by Justice Department lawyers.

O
N
February 20, two weeks before the Aurora Generator Test, Mike McConnell was sworn in as director of national intelligence. It was a new job in Washington, having been created just two years earlier, in the wake of the report by the 9/11 Commission concluding that al Qaeda's plot to attack the World Trade Center succeeded because the nation's scattered intelligence agencies—FBI, CIA, NSA, and the rest—didn't communicate with one another and so couldn't connect all the dots of data. The DNI, a cabinet-level post carrying the additional title of special adviser to the president, was envisioned as a sort of supra-director who would coordinate the activities and findings of the entire intelligence community; but many saw it as just another bureaucratic layer.
When the position was created, President Bush offered it to Robert Gates, who had been CIA director and deputy national security adviser during his father's presidency, but Gates turned it down upon learning that he would have no power to set budgets or hire and fire personnel.

McConnell had no problem with the job's bureaucratic limits.
He took it with one goal in mind: to put cyber, especially cyber security, on the president's agenda.

Back in the early- to mid-1990s, as NSA director, McConnell had gone through the same roller-coaster ride that many others at Fort Meade had experienced: a thrilled rush at the marvels that the agency's SIGINT teams could perform—followed by the realization that whatever we can do to our enemies, our enemies could soon do to us: a dread deepened, in the decade since, by America's growing reliance on vulnerable computer networks.

After McConnell left the NSA in early 1996, he was hired by Booz Allen, one of the oldest management consulting firms along the capital's suburban Beltway, and transformed it into a powerhouse contractor for the U.S. intelligence agencies—an R&D center for SIGINT and cyber security programs, as well as a haven of employment for senior NSA and CIA officials as they ferried back and forth between the public and private sectors.

Taking the DNI job, McConnell gave up a seven-figure salary, but he saw it as a singular opportunity to push his passions on cyber into policy. (Besides, the sacrifice was hardly long-term; after his two-year stint back in government, he returned to the firm.) In pursuit of this goal, he stayed as close as he could to the Oval Office, delivering the president's intelligence briefing at the start of each day. A canny bureaucratic player with a casual drawl masking his laser-beam intensity, McConnell also dropped in, at key moments, on the aides and cabinet secretaries who had an interest in cyber security policy, whether or not they realized it. These included not only the usual suspects at State, Defense, and the National Security Council staff, but also the Departments of Treasury, Energy, and Commerce, since banks, utilities, and other corporations were particularly prone to attack. To McConnell's dismay, but not surprise, few of these officials displayed the slightest awareness of the problem.

So, McConnell pulled a neat trick out of his bag. He would bring the cabinet secretary a copy of a memo. Here, McConnell would say, handing it over. You wrote this memo last week. The Chinese hacked it from your computer. We hacked it back from their computer.

That grabbed their attention. Suddenly officials who'd never heard of cyber started taking a keen interest in the subject; a few asked McConnell for a full-scale briefing. Slowly, quietly, he was building a high-level constituency for his plan of action.

In late April, President Bush received a request to authorize cyber offensive operations against the insurgents in Iraq. This was the plan that Generals Abizaid, Petraeus, McChrystal, and Alexander had honed for months—finally sent up the chain of command through the new secretary of defense, Robert Gates, who had returned to government just two months earlier than McConnell, replacing the ousted Donald Rumsfeld.

From his experiences at the NSA and Booz Allen, McConnell understood the nature and importance of this proposal. Clearly, there were huge gains to be had from getting inside the insurgents' networks, disrupting their communications, sending them false emails on where to go, then dispatching a special-ops unit to kill them when they got there. But there were also risks: inserting malware into insurgents' email might infect other servers in the area, including those of American armed forces and of Iraqi civilians who had no involvement in the conflict. It was a complex endeavor, so McConnell scheduled an hour with the president to explain its full dimensions.

It was still a rare thing for a president to be briefed on cyber offensive operations—there hadn't been many of them, at this point—and the proposal came at a crucial moment: a few months into Bush's troop surge and the shift to a new strategy, new commander, and new defense secretary.
So McConnell's briefing, which took place on May 16, was attended by a large group of advisers: Vice President
Cheney, Secretary Gates, Secretary of State Condoleezza Rice, National Security Adviser Stephen Hadley, the Joint Chiefs of Staff vice chairman Admiral Edmund Giambastiani (the chairman, General Peter Pace, was traveling), Treasury Secretary Henry Paulson, and General Keith Alexander, the NSA director, in case someone asked about technical details.

As it turned out, there was no need for discussion.
Bush quickly got the idea, finding the upside enticing and the downside trivial. Ten minutes into McConnell's hour-long briefing, he cut it short and approved the plan.