Authors: Fred Kaplan
CHAPTER 1: “COULD SOMETHING LIKE THIS REALLY HAPPEN?”
That night's feature:
During his eight years as president, at Camp David and in the White House screening room, Reagan watched 374 movies, an average of nearly one a week, though often more. (“Movies Watched at Camp David and White House,” Aug. 19, 1988, 1st Lady Staff Office Papers, Ronald Reagan Library.)
WarGames
was an unusual choice; he usually watched adventures, light comedies, or musicals. But one of the film's screenwriters, Lawrence Lasker, was the son of the actress Jane Greer and the producer Edward Lasker, old friends of Reagan from his days as a Hollywood movie star. Lawrence used his family connections to get a print to the president. (Interviews.)
The following Wednesday morning:
Office of the President, Presidential Briefing Papers, Box 31, 06/08/1983 (case file 150708) (1), Ronald Reagan Library; and interviews. This meeting is mentioned in Lou Cannon,
President Reagan: The Role of a Lifetime
(New York: Simon & Schuster, 1991), 38, but, in addition to getting the date wrong, Cannon depicts it as just another wacky case of Reagan taking movies too seriously; he doesn't recount the
president's question to Gen. Vessey, nor does he seem aware that the viewing and this subsequent White House meeting had an impact on history. See also Michael Warner, “Cybersecurity: A Pre-history,”
Intelligence and National Security
, Oct. 2012.
“highly susceptible to interception”:
NSDD-145 has since been declassified:
http://fas.org/irp/offdocs/nsdd145.htm
.
Established in 1952:
As later codified in Executive Order 12333, signed by Ronald Reagan on Dec. 4, 1981, the NSA and FBI were barred from undertaking foreign intelligence collection “for the purpose of acquiring information concerning the domestic activities of United States persons,” this last phrase referring to American citizens, legal residents, and corporations (
http://www.archives.gov/federal-register/codification/executive-order/12333.html
).
In its first three years:
Ellen Nakashima, “Pentagon to Boost Cybersecurity Force,”
Washington Post
, Jan. 27, 2013; and interviews.
In the American Civil War:
Edward J. Glantz, “Guide to Civil War Intelligence,”
The Intelligencer: Journal of U.S. Intelligence Studies
(Winter/Spring 2011), 57; Jason Healey, ed.,
A Fierce Domain: Conflict in Cyberspace, 1986 to 2012
(Washington, D.C.: Atlantic Council, 2013), 27.
During World War II:
See esp. David Kahn,
The Codebreakers
(New York: Scribner; rev. ed., 1996), Ch. 14.
a man named Donald Latham:
Warner, “Cybersecurity: A Pre-history”; and interviews.
In April 1967:
Willis H. Ware,
Security and Privacy in Computer Systems
(Santa Monica: RAND Corporation, P-3544, 1967). This led to a 1970 report by a Defense Science Board task force, known as “the Ware Panel,”
Security Controls for Computer Systems
(declassified by RAND Corporation as R-609-1, 1979); and interviews.
He well understood:
Willis H. Ware,
RAND and the Information Evolution: A History in Essays and Vignettes
(Santa Monica: RAND Corporation, 2008).
Ware was particularly concerned:
Ibid., 152ff.
In 1980, Lawrence Lasker and Walter Parkes:
Extra features,
WarGames: The 25th Anniversary Edition,
Blu-ray disc; and interviews.
The National Security Agency had its roots:
See Kahn,
The Codebreakers
, 352. The stories about the tenth floor of the embassy and Inman's response to reports of a fire are from interviews. The fact that U.S. intelligence was listening in on Brezhnev's limo conversations (though not its method) was revealed by Jack Anderson, “CIA Eavesdrops on Kremlin Chiefs,”
Washington Post
, Sept. 16, 1971. Anderson's source was a right-wing Senate aide who argued
that the transcripts proved the Russians were cheating on the latest nuclear arms control treaty. After Anderson's story appeared, the Russians started encrypting their phone conversations. The NSA broke the codes. Then the Russians installed more advanced encryption, and that was the end of the operation. (All this backstory is from interviews.)
In his second term as president:
Don Oberdorfer,
From the Cold War to a New Era
(Baltimore: Johns Hopkins University Press, 1998), 67.
When they found out about the microwaves:
Associated Press, “Russia Admits Microwaves Shot at US Embassy,” July 26, 1976; “Science: Moscow Microwaves,”
Time
, Feb. 23, 1976. The news stories note that personnel on the tenth floor were experiencing health problems due to the microwave beams. The stories don't revealâprobably the reporters didn't knowâthe purpose of the beams (they quote embassy officials saying they're baffled about them) or the activities on the tenth floor.
took to playing Muzak:
As a defense reporter for
The Boston Globe
in the 1980s, I often heard Muzak when I interviewed senior Pentagon officials in their offices. I asked one of them why it was playing. He pointed to his window, which overlooked the Potomac, and said the Russians might be listening with microwave beams.
CHAPTER 2: “IT'S ALL ABOUT THE INFORMATION”
Its number-one mission:
Most of this is from interviews, but see also Christopher Ford and David Rosenberg,
The Admirals' Advantage: U.S. Navy Operational Intelligence in World War II and the Cold War
(Annapolis: Naval Institute Press, 2005), esp. Ch. 5. (All the material about Desert Storm is from interviews.)
McConnell sat up as he watched:
Though
Sneakers
inspired McConnell to call the concept “information warfare,” the phrase had been used before, first by weapons scientist Thomas P. Rona in a Boeing Company monograph, “Weapon Systems and Information War” (Boeing Aerospace Company, July 1976). Rona was referring not to computers but to technology that theoretically enhanced the capability of certain weapons systems by linking them to intelligence sensors.
“decapitate the enemy's command structure”:
Warner, “Cybersecurity: A Pre-history.”
McConnell pushed hard for the Clipper Chip:
Jeffrey R. Yost, “An Interview with Dorothy E. Denning,” OH 424, Computer Security History Project, April 11, 2013, Charles Babbage Institute, University of Minnesota,
http://conservancy.umn.edu/bitstream/handle/11299/156519/oh424ded.pdf?sequence=1
; and interviews.
CHAPTER 3: A CYBER PEARL HARBOR
“critical national infrastructure”:
President Bill Clinton, PDD-39, “U.S. Policy on Counterterrorism,” June 21, 1995,
http://fas.org/irp/offdocs/pdd/pdd-39.pdf
.
Reno turned the task over:
Most of the material on the Critical Infrastructure Working Group comes from interviews with several participants, though some is from Kathi Ann Brown,
Critical Path: A Brief History of Critical Infrastructure Protection in the United States
(Fairfax, VA: Spectrum Publishing Group, 2006), Chs. 5, 6. All details about briefings and private conversations within the group come from interviews.
“high-tech matters”:
Memo, JoAnn Harris, through Deputy Attorney General [Jamie Gorelick] to Attorney General, “Computer Crime Initiative Action Plan,” May 6, 1994; Memo, Deputy Attorney General [Gorelick], “Formation of Information Infrastructure Task Force Coordinating Committee,” July 19, 1994 (provided to author); and interviews.
In recent times: Security in Cyberspace:
Hearings Before the Permanent Subcommittee on Investigations of the Comm. on Government Affairs.
104th Cong. (1996). (statement of Jamie Gorelick, Deputy Attorney General of the United States.)
the interagency meetings with Bill Studeman:
Studeman's role on interagency panels comes from Douglas F. Garthoff,
Directors of Central Intelligence as Leaders of the U.S. Intelligence Community, 1946â2005
(Washington, D.C.: CIA Center for the Study of Intelligence, 2005), 267. That he and Gorelick met every two weeks was noted in
Security in Cyberspace: Hearings Before the Permanent Subcommittee on Investigations of the Comm. on Government Affairs.
104th Cong. (1996). (statement of Jamie Gorelick, Deputy Attorney General of the United States.)
One branch of J Department:
“Critical nodes” theory has fallen short in real-life wars. The Air Force attack plan for the 1990â91 Gulf War focused on eighty-four targets as the key “nodes”: destroy those targets, and the regime would collapse like a house of cards. In fact, the war didn't end until a half million U.S. and allied troops crushed Iraq's army on the ground. See Michael Gordon and Bernard Trainor,
The Generals' War
(New York: Little, Brown, 1995), Ch. 4; Fred Kaplan,
Daydream Believers
(Hoboken: John Wiley & Sons, 2008), 20â21.
Capping Greene's briefing, the CIA:
Brown,
Critical Path
, 78; and interviews.
“in light of the breadth”:
This language was reproduced in a memorandum
from Attorney General to the National Security Council, on March 16,
http://fas.org/sgp/othergov/munromem.htm
.
One word was floating around:
The first use of “cyber war” was probably John Arquilla and David Ronfeldt,
Cyberwar Is Coming!
(Santa Monica: RAND Corporation, 1993), but their use of the phrase was more like what came to be called “netcentric warfare” or the “revolution in military affairs,” not “cyber war” as it later came to be understood.
“may have experienced as many as 250,000 attacks”:
General Accounting Office, “Information Security: Computer Attacks at Department of Defense Pose Increasing Risks” (GAO/AIMD-96-84), May 22, 1996. The report attributes the estimate to a study by the Pentagon's Defense Information Security Agency.
“Certain national infrastructures”:
President Bill Clinton, Executive Order 13010, “Critical Infrastructure Protection,” July 15, 1996,
http://fas.org/irp/offdocs/eo13010.htm
.
“We have not yet had a terrorist”:
Jamie Gorelick,
Security in Cyberspace: Hearings Before the Permanent Subcommittee on Investigations of the Comm. on Government Affairs.
104th Cong. (1996) (Statement of Jamie Gorelick, Deputy Attorney General of the United States.)
America's programs in this realm:
There were only a few slipups in revealing the existence of a cyber offensive program, and they were little noticed. In May 1995, Emmett Paige, assistant secretary of defense for command, control, communications, and intelligence, said at a conference at the National Defense University, “We have an offensive [cyber] capability, but we can't discuss it. . . . You'd feel good about it if you knew about it.” The next month, Navy Captain William Gravell, director of the Joint Staff's information warfare group, said at a conference in Arlington, “We are at the first stage of a comprehensive effort [in information warfare]. . . . What we have been doing up to now is building some very powerful offensive systems.” As for now, he added, “there is no current policy in these matters.” That would remain true for many years after. Both remarks were quoted in Neil Munro, “Pentagon Developing Cyberspace Weapons,”
Washington Technology
, June 22, 1995âwith no follow-up in any mass media,
http://washingtontechnology.com/Articles/1995/06/22/Pentagon-Developing-Cyberspace-Weapons.aspx
.
Marsh and the commissioners first convened:
Brown,
Critical Path,
93. The rest of the material on the commission comes from interviews.
“Just as the terrible long-range weapons”:
White House,
Critical Foundations: Protecting America's Infrastructures: The Report of the President's Commission on Critical Infrastructure Protection,
Oct. 1997,
http://fas.org/sgp/library/pccip.pdf
.
“a serious threat to communications infrastructure”:
Commission on Engineering
and Technical Systems, National Research Council,
Growing Vulnerability of the Public Switched Networks: Implications for National Security Emergency Preparedness
(Washington, D.C.: National Academy Press, 1989), 9.
“The modern thief”:
Commission on Engineering and Technical Systems, National Research Council,
Computers at Risk: Safe Computing in the Information Age
(Washington, D.C.: National Academy Press, 1991), 7.
“increasing dependency”:
Report of the Defense Science Board Task Force on Information Warfare-Defense
(Washington, D.C.: Office of the Undersecretary of Defense [Acquisition and Technology], 1996). Quotes are from Duane Andrews, cover letter to Craig Fields, Nov. 27, 1996.
“In our efforts to battle”:
Transcript, President Bill Clinton, Address to Naval Academy, Annapolis, MD, May 22, 1998,
http://www.cnn.com/ALLPOLITICS/1998/05/22/clinton.academy/transcript.html
.
CHAPTER 4: ELIGIBLE RECEIVER
On June 9, 1997:
Most of the material on Eligible Receiver comes from interviews with participants, but some also comes from these printed sources: Brig. Gen. Bruce Wright, “Eligible Receiver 97,” PowerPoint briefing, n.d. (declassified; obtained from the Cyber Conflict Studies Association); Dillon Zhou, “Findings on Past US Cyber Exercises for âCyber Exercises: Yesterday, Today and Tomorrow'â” (Washington, D.C.: Cyber Conflict Studies Association, March 2012); Warner, “Cybersecurity: A Pre-history.”