Imagine it's the year 2022. Across the Pacific Ocean, a small country — an American ally — has provoked a big adversary nearby. Call them Red. Red's size and military capabilities are near those of the United States.
Red responds aggressively to its neighbor's provocation. Within days, the big adversary has crippled the smaller country's power grid, communications networks and other infrastructure through cyberwarfare. Then, Red launches a preemptive cyberattack against the small country's big ally: the United States.
If you were the U.S. military, how would you respond?
That was the scenario faced by a group of high-ranking officers huddled together at an Air Force base in Colorado for the 2010 Schriever Wargame.
"It was a really instructive and, I think, very scary war gaming exercise for people in the military," writer Shane Harris tells NPR's Arun Rath. "The adversary in this game really got the advantage very quickly and won pretty decisively, because the American side really hadn't developed a playbook for how you would go to war between two large militaries in cyberspace."
Harris recounts that 2010 Schriever Wargame in his new book, @War: The Rise of the Military-Internet Complex.
The book looks cyberspace as war's "fifth domain" (after land, sea, air and space). Harris covers topics like the NSA, the role of cyber warfare in the Iraq troop surge of 2007, China's "rampant" espionage on American corporations — and the U.S. government's strategy of playing the victim.
Harris tells Rath that after that alarming war game, the U.S. military's cyberforces became much more organized and sophisticated — but that China, the real-life country that parallels the imaginary Red, also is believed to have impressive capabilities.
Interview Highlights
On what Obama might have been told on his first day in office
He actually got a little bit of a taste of this on the campaign, because his campaign email system was hacked, presumably by spies in China.
When he comes in on the first day, what he's presented with is the knowledge that the computers that control portions of the electrical power grid in the United States have been probed by foreign intelligence agencies. He is told that espionage, particularly by China, against American corporations is rampant, and that billions of dollars in intellectual property and in trade secrets are being lost every year. And that basically, there is no really coherent organized system in the U.S. government for how we're going to defend the internet, how we're going to defend the cyberspace and all of the businesses and the people that depend on it.
What he decides to do very early on in the administration is to, in his words, start treating cyberspace as a national asset, a strategic asset, and protecting it as such.
On China's cyberwarfare capabilities
The thing that China has going for it that we do not have is people. The number of people within the People's Liberation Army, within the sort of intelligence apparatus of China, which is a very opaque system in its own right, is believed to be thousands of people, who are basically hired hackers who spend much of their day aggressively trying to penetrate the computer networks of U.S. corporations especially. China is sort of gathering information that they can then pass on to Chinese businesses and corporations that give them a leg up in negotiations and in the global marketplace. They're trying to advance their economy very quickly and stealing information to do it.
Less clear is how sophisticated their sort of military offensive apparatus is compared to ours. For instance, if China ever went to war with us in the South China Sea, let's say, how sophisticated and how good would their hackers be trying to break into our naval systems and confuse our ships? We know less about that but I think the conclusion we have to reach is that because they're having so many more people doing this than we do — I mean, we have a few thousand — that China is a really formidable force. And that makes a lot of sense that they would put so many resources in this. China will never be able to, at least in the near future, challenge us in a conventional military way. They can't go head-to-head with us on land or on the sea. Cyber is a place where they can gain an extraordinary advantage and do a lot of damage.
On the U.S. government positioning itself as a victim
The United States government loves to come out and talk about how relentlessly we're being hacked and how our intellectual property is being stolen from our businesses. And that's true.
But what that covers up is that we are also one of the most aggressive countries going out there breaking into other countries' systems and spying on them. And we are one of the few countries that we know of that has launched offensive operations in cyberspace. We have used computer viruses to break infrastructure, physical things that are connected to computer networks. Very few countries are known to have done that.
I think one of the reasons why U.S. officials have been keen on showing how we're victimized is because they believe that U.S. businesses have not done enough to secure their own computer networks. From the government's perspective, they can't go in and necessarily force those companies (at least not yet) to improve their defenses, so it's been sort of more of a strategic, rhetorical calculation on the part of the government to come out and say, "We're victimized, it's terrible, lots of information is being stolen, and the only way we can stop this is you corporations have to do better security and work with us and let us help you do that."
So there's a reason why the U.S. has tried to play that victim card so repeatedly: It's because they want to get results from private businesses.
9(MDE1MTIxMDg0MDE0MDQ3NTY3MzkzMzY1NA001))
Transcript
ARUN RATH, HOST:
It's the year 2022. Across the Pacific Ocean, a small country - an American ally - has provoked a big adversary. We'll call them Red, but it's impossible not to think of Red as China. Red responds aggressively, and before long, they've crippled the small country's power grid, communications networks and other infrastructure through cyber warfare. And it launches a preemptive cyber attack against the small country's big ally, the United States. How does the U.S. military respond? That was the scenario faced by a group of high-ranking officers huddled together at an Air Force base in Colorado during a classified war game in May 2010.
SHANE HARRIS: It was a really instructive and, I think, very scary war-gaming exercise for people in the military. This was something called the Schriever Wargame.
RATH: That's Shane Harris. He wrote about the 2010 Schriever Wargame in his new book called "@War: The Rise Of The Military- Internet Complex."
HARRIS: And what happened was is the adversary in this game really got the advantage very quickly and won pretty decisively, because the American side really hadn't developed a playbook for how you would go to war between two large militaries in cyberspace. So because of that the military started becoming much more organized and sophisticated in how it organizes its cyber forces. And today what you see is each of the military services setting up their own sort of cyber-warrior components that will eventually be trained to fight alongside conventional forces so that a repeat of that war game, where we were caught really flat-footed and knocked back, isn't repeated.
RATH: Your book traces the rise of this military-Internet complex over the course of both the George W. Bush presidency and President Obama. Imagine I'm President Obama being sworn in. Can you run through the litany of problems with cyber defense he's presented with right away?
HARRIS: Sure. And in fact, he actually got a little bit of a taste of this on the campaign, because his campaign email system was hacked presumably by spies in China. When he comes in on the first day, what he's presented with is the knowledge that the computers that control portions of the electrical power grid in the United States have been probed by foreign intelligence agencies. He is told that espionage, particularly by China against American corporations, is rampant and that billions of dollars in intellectual property and in trade secrets are being lost every year, and that basically there is no really coherent organized system in the U.S. government for how we're going to defend the Internet - how we're going to defend the cyber space and all of the businesses and the people that depend on it. What he decides to do very early on in the administration is to, in his words, start treating cyberspace as a national asset - a strategic asset - and protecting it as such.
RATH: Let's talk about China, because with this new U.S. cyber warfare command, that seems like that's the main imagined adversary. Can you run through what China's cyber-warfare capabilities are, or at least what we know of them and how they stack up against what the U.S. can do?
HARRIS: The thing that China has going for it that we do not have is people. The number of people within the People's Liberation Army, within the sort of the intelligence apparatus of China - which is a very, you know, opaque system in it's own right - is believed to be thousands of people who are basically hired hackers who spend much of their day aggressively trying to penetrate the computer networks of U.S. corporations, especially.
China's sort of gathering information that they can then pass on to Chinese businesses and corporations that give them a leg-up in negotiations and in the global marketplace. They're trying to advance their economy very quickly and stealing information to do it. Less clear is how sophisticated their sort of military offensive apparatus is compared to ours. For instance, if China ever went to war with us in the South China Sea, let's say, how sophisticated and how good would their hackers be trying to break into our naval systems and confuse our ships.
We know less about that, but I think the conclusion we have to reach is that because they have so many more people doing this than we do - I mean we have a few thousand - that China is a really formidable force. And that makes a lot of sense that they would put so many resources in this. China will never be able to, at least in the near future, challenge us in a conventional military way. They can't go head-to-head with us on land or on the sea. Cyber is a place where they can gain an extraordinary advantage and do a lot of damage.
RATH: In terms of intentions and actions, though, you know, going by what President Obama has said in terms about cyber attacks, it sounds like the U.S. is more of the victim here in terms of the government and corporations that are being targeted by these Chinese hackers. I'm just wondering from having studied both sides of this, is that the case or is this more of just part of the game? How much of this - does this go both ways?
HARRIS: I think it goes both ways. And in fact, I say this in the book that, you know, the United States government loves to come out and talk about how relentlessly we're being hacked and how our intellectual property is being stolen from our businesses. And that's true.
But what that covers up is that we are also one of the most aggressive countries going out there breaking into other countries' systems and spying on them. And we are one of the few countries that we know of that has launched offensive operations in cyberspace.
We have used computer viruses to break infrastructure - physical things that are connected to computer networks. Very few countries are known to have done that. I think one of the reasons why U.S. officials have been so keen on showing how we're victimized is because they believe that U.S. businesses have not done enough to secure their own computer networks.
From the government's perspective, they can't go in and necessarily force those companies, at least not yet, to improve their defenses. So it's been sort of more of a strategic kind of rhetorical calculation on the part of the government to come out and say we are victimized. It's terrible. Lots of information is being stolen. And the only way we can stop this is you corporations have to do better security and work with us and let us help you do that. So there's a reason why the U.S. has tried to play that victim card so repeatedly. It's because they want to get results from private businesses.
RATH: That's Shane Harris. His new book is called "@War" and it's out now. Shane, thank you.
HARRIS: You're welcome, Arun. Thanks for having me. Transcript provided by NPR, Copyright NPR.
300x250 Ad
300x250 Ad