Dark Territory (45 page)

Clark, Wesley,
112
,
113
,
115

Clarke, Richard,
139
,
174
,
175
–76,
177
,
191
n,
200,
225
,
274

books written by,
240
–42

in Bush (G.W.) administration,
140
–41,
143

as Clinton's counterterrorism adviser,
89
,
95
–97

critical-infrastructure plan of,
239
–40

FBI briefing and,
254
–55

Hamre and,
95
–96

L0pht and,
91
–4

National Plan for Information Systems Protection
written by,
100
–105,
141
–42

9/11 attacks and,
141

9/11 Commission testimony of,
240

PDD-63 as drafted by,
97
–99

presumptuousness of,
95
–96,
98
,
101
,
240

in Review Group,
240
,
243
,
245
,
247
,
251
,
253
,
254
–55

Zatko and,
90
–95,
103
–4

Clinton, Bill,
3
,
40
,
55
,
74
,
87
,
89
,
96
,
102
,
115
,
175
–76,
239

cyber security summit of,
102
–4

Executive Order 13010 of,
47
,
48
–49,
74

Haitian invasion planned by,
58
–59,
107
–8

Lewinsky affair and,
103
,
115

PDD-39 of,
39
–40

PDD-63 of,
95

Clipper Chip,
36
–37,
40
,
58
,
100
,
128
,
239
,
244

CNCI,
see
Comprehensive National Cybersecurity Initiative (CNCI)

Coalition Vulnerability Assessment Team,
65
–66

Cohen, William,
113
,
120
,
121

Cold War,
4
,
84
,
129
,
184
,
284

cryptology in,
13

end of,
29
,
30
,
123
,
124

espionage in,
138
–39

NSA and,
12

nuclear options in,
218

unspoken rules in,
272
–73

command-control systems,
13
,
15
,
43
,
51
,
65
,
224

Commerce Department, U.S.,
34

cyber security as viewed in,
172
–73

Comprehensive National Cybersecurity Initiative (CNCI),
177
–78,
180
,
198
–99,
278

Computer Crime Initiative Plan,
41
–42

computer industry:

cyber security as low priority of,
102
–3,
104
–5,
176

PDD-63 resisted by,
98
,
99
–100

Snowden leaks and,
234

Computer Network Attack (CNA),
122
,
137
–38,
180
,
204
,
211
,
212
,
219
,
220
,
281
,
283

Computer Network Defense (CND),
122
,
137
–38,
180

Computer Network Exploitation (CNE),
137
–38,
180
,
204
,
212
,
281

computer networks,
33

back doors in,
8
,
73

IDS devices in,
176

infrastructure and,
41
,
45
,
52
–53

inherent vulnerability of,
172
,
174
,
176
–77,
179
,
206
–7,
241
,
276
–77

see also
Internet

computers, computer software:

omnipresence of,
5

race between hackers and patchers in,
136
–37

security of,
see
cyber security

zero-day vulnerabilities in,
137

Computers at Risk
(National Research Council),
54

Computer Sciences Corp.,
132

Computer Security Act (1987),
34

Computer Security Center (NSA),
18
–19,
34
,
60

Congress, U.S.,
192

CNCI and,
178
–79

defense authorization bills of,
46
–47

NSA and,
3
,
20
,
27
,
195
–96

select intelligence committees of,
256

Congressional Budget Office,
71

Constitution, U.S., Fourth Amendment of,
192
,
250

Cornerstones of Information Warfare
(Weaver),
108

corporations:

cyber security as low priority of,
102
–3,
104
–5,
176
,
274

regulations feared by,
98
–99,
101
,
176
,
200
,
274
–75

as reluctant to share information,
281
–82

Cotter, George,
18
–19

counter command-control (counter-C2) warfare,
15
–16,
33
,
41
,
58
,
59
,
76
,
84
,
220

in Desert Storm,
21
–25

counterinsurgency strategies,
148
,
158
–59,
160

Critical Foundations
(Marsh Report),
53
–55,
72
,
80
,
89
,
94
,
100
,
139
,
142
,
166
,
199
,
241

“Critical Infrastructure Protection” (PDD-63),
95
,
139

Clarke's draft of,
97
–99

computer industry objections to,
98
,
99
–100

see also National Plan for Information Systems Protection

Critical Infrastructure Working Group,
40
–41,
42
–43,
48
,
51

report of,
46
,
47
–48,
50

Cryptolog,
219–20

cryptology,
5
,
7
,
11
,
13
,
18

Cuckoo's Egg, The
(Stoll),
61
,
82
–83

“cyber,” first use of term,
45
–46

cyber attacks, cyber warfare,
4
–6,
53

Abizaid's prioritizing of,
145
–48,
149
–50

as acts of war,
214
,
271
,
317
n

Alexander's expertise in,
149
,
157
–58

banking industry and,
104
,
275

Bush (G.W.) administration and,
3

on Central Command,
181
–84,
185

by China,
see
China, cyber warfare by

denial-of-service,
102
–3,
162
–63,
213
,
216

distinction between national security and property theft in,
227

Eligible Receiver in,
see
Eligible Receiver 97 cyber attack exercise

escalation of,
213
–20,
273
–74,
284

on Estonia,
162
–64,
165
,
241

Gates's concern about,
272
–73

on Georgia,
164
–66,
241

infrastructure as targets of,
104

and inherent vulnerability of networks,
276
–77

Iran and,
4
,
213
,
265
–68

against Iraq insurgents,
158
–60,
173
,
180

on Las Vegas Sands Corporation,
265
–68

Law of Armed Conflict and,
25

Moonlight Maze and,
78
–79,
81
–88,
98
,
119
,
123
,
187
,
212
–13,
223
,
241
,
276

morality of,
215

by North Korea,
4
,
213
,
216
,
268
–71,
272
n

nuclear weapons vs.,
215
–16,
218

Obama administration and,
3
–4

physical damage from,
166
–69,
174
,
198
,
214
,
215

political influence as goal of,
267

race between hackers and patchers in,
136
–37

Reagan administration and,
1
–3,
6
–7

risks of,
212
–13

by Russia,
4
,
42
,
164
–66,
224

secrecy of,
212
,
214
–15,
216
,
219
,
284
–85

Solar Sunrise and,
74
–78,
80
,
81
,
98
,
101
,
119
,
120
,
123
,
183
,
187
,
241

strategic role of,
168
,
215

terrorists and,
98

unintended consequences of,
217

U.S. military's resistance to,
117
–18,
119
,
120

U.S. offensive operations in,
4
,
48
–49,
174
,
211
–12,
291
n

zero-day vulnerabilities and,
137

see also
hacking, hackers; information warfare;
specific operations and attacks

Cyber Command, U.S.,
4
,
211
,
279
–80

Alexander as head of,
189
,
211

combatant support mission of,
280
,
283

consolidation of armed services cyber agencies under,
195

critical-infrastructure security mission of,
280
–83

Defense Department network security mission of,
280
,
283

fusion of NSA and,
243
,
260

McConnell's proposal for,
185

Review Group recommendations for,
257

Rogers as head of,
282

Cyber Council,
176

cyber crime,
41
–42,
46

CNE and,
139

cyber deterrence,
283

asymetrical response in,
277
–78

Defense Science Board and,
278
–79

McConnell and,
278

nuclear deterrence vs.,
284
–85

cyber-offensive teams,
211
–12

Cyber Operations Policy Working Group,
217

cyber security,
17
,
186
,
243
,
257

active defense (offensive operations) in,
281
,
282
,
283

air gaps in,
206
–7

ARPANET and,
8
–9

back doors and,
8
,
37
,
73

banking industry's low priority for,
175

Bush (G.W.) administration complacency about,
140
–41

Clinton's summit on,
102
–4

CNE and,
139

computer industry's low priority for,
102
–3,
104
–5,
176

computer networks and,
33

Defense Science Board report on,
275
–79

detection as goal of,
277

exponential rise in breaches of,
273
–74

information-sharing and,
281
–82

infrastructure and,
186
–89

Internet and,
52
–53

McConnell's briefing of Bush on,
174
–75

McConnell's focus on,
172
,
198
,
278

military's complacency about,
64
,
105
,
119

Obama's prioritizing of,
200
–201

resilience as goal of,
277

Review Group's prioritizing of,
257
–58

Wilhelm's focus on,
40

cyberspace,
41
,
45

as domain of warfare,
6

Cyberspace Policy Review,
199–200

Cyber War
(Clarke),
241
–42,
243

DarkSeoul,
269

data packets,
5
–6,
131
,
156
,
157
–58,
192
–93,
194
,
248
,
249
–50

Dayton Accords,
110
,
112

DEF CON Hacking Conference,
136

defense contractors: