Dark Territory: The Secret History of Cyber War

“If history were taught in the form of stories, it would never be forgotten,” Rudyard Kipling said. “Dark Territory” takes this approach in trying to tell what it calls in its subtitle “The Secret History of Cyber War.”

A Pulitzer Prize winner in journalism and now a columnist for Slate, Fred Kaplan has written a number of highly regarded books on national security.

“Dark Territory” builds on this trifecta, taking the reader into the world of the new security topic du jour, cyberwar. The title comes from the former secretary of defense Robert Gates, who said that when it comes to the questions of conflict in the digital age, “we’re wandering in dark territory.” There is widespread uncertainty not just about how a cyberwar should be fought, but also over the fundamentals of who should fight it and even whether it is a war or not.

Kaplan follows Kipling’s advice, gathering the stories of American government leaders who played key roles in the development of cybersecurity policy. They range from White House officials and former directors of the National Security Agency to lesser-known figures like Willis Ware. An engineer turned policy adviser, Ware wrote the first paper warning of the problems of cybersecurity, in 1967, before Arpanet, the progenitor of the Internet, had even been created.

Kaplan had access to several of these people, and so the book is peppered with many fascinating behind-the-scenes ­anecdotes. For example, it opens with the story of Ronald Reagan watching the 1983 Matthew Broderick hacker movie “WarGames,” which led him to ask for the first national security policy directive on information systems security. At their best, these stories ultimately come together, often in surprising ways. The writers of the very same movie that so troubled Reagan turn out to have been advised by Ware, some 15 years after his first warnings.

There are, however, two problems with this history-by-story approach. The first is that the anecdotes and characters often come and go too fast. Many last a mere paragraph or two, never to be brought back. The same flaw weakens the overall book, which lacks summation or closure.

This is unfortunate, as several recurring themes are there to be pulled out. This 2016 election campaign has already seen much debate over monitoring the communications not only of potential bad guys but also of a far greater number of American citizens innocent of any wrongdoing. “Dark Territory” shows that this tension dates back decades, and that the government has consistently leaned toward more monitoring and data collection.

The point is an important one, especially since Kaplan also convincingly shows that whatever we are able to do to others, they will most likely find a way to do to us. Decades after Ware warned that the only completely secure computer is one nobody can use, the United States developed the Stuxnet computer virus, which was able to leap across most known ­defenses to sabotage Iranian nuclear research.

This, however, inspired Iran to create Shamoon, a computer virus it used in an attack that wiped out the hard drives in over 30,000 computers at the Saudi ­Aramco company. A foe like Iran can be hit in new ways, but also should be expected to develop the digital means to hit back.

The worry is that unlike in the Cold War, there is no mutuality; the United States is more dependent on the Internet than its adversaries. “If America, or US Cyber Command, wanted to wage cyber war,” Kaplan writes, “it would do so from inside a glass house.” To put it another way, the stories in “Dark Territory” detail how much attention has been focused on building new kinds of cyber-offenses and not enough on the means to ward off attacks. Too few in a position to influence policy seem to be asking if this may be the equivalent of trying to protect that glass house with a stone-sharpening kit.

Which leads to the second problem: selection bias. Kipling’s lesson on the value of history told through stories depends on a crucial aspect; the stories chosen have to be interesting, important and reflective. Though “Dark Territory” is presented as a “secret history,” it is really a collection of the not-so-secret, often less-than-exciting accounts, of mid- and executive-level ­insiders, mostly at the National Security Agency, who debated and formulated cybersecurity policy.

That’s not necessarily a bad thing. But it means Kaplan’s narrative by story is far from complete, and too often not memorable. “Dark Territory” is a book more about the briefings, commission reports and meetings of study groups than it is about actual operations. For instance, you get the inside story of how various policy directives did or didn’t make their way to the White House. That 22 NSA officers were killed in Iraq and Afghanistan, though, is mentioned merely in an aside. Similarly, the Snowden affair is told essentially from the vantage point of the review panel President Obama delegated to write a report on it, after the fact. Who Snowden was, how and why he did what he did, the operations he revealed and the repercussions all get about as much coverage as how the five members of the temporary commission decided where to locate their office.

This selection also shapes the questions that aren’t asked. Kaplan tells us that a small group of policy makers became consumed by the fear that “a handful of technical savants, from just down the street or the other side of the globe, could devastate the nation.” Exciting stuff, except that is the conclusion of a working group in 1995. What neither the insiders nor ­Kaplan himself seems willing to wrestle with is why this fear of a “cyber Pearl Harbor,” which drives almost all of the book, not to mention billions in spending in the real world, never actually happened over the ensuing two decades.

What did happen instead was a wide range of other activities below the level of outright conflict, from digital espionage to mass intellectual-property theft to ­cybercrime costing hundreds of billions of dollars. These harms all get short shrift, again reflecting the sources and focus of a book that presents its history only through a Washington DC, NSA centric lens. When private industry does make an appearance, it is usually because some unnamed executive has frustrated a government official by not being willing to do exactly what he or she wanted since it wasn’t in that executive’s business interest.

In much the same way, foreign governments are black boxes in Kaplan’s book. Perhaps this is simply an indication that leaders in Washington are having a hard time accepting a simple fact, that while the Internet may have been created by a United States government research program, it is no longer under American government control, or even American in its makeup.

That is to say, “Dark Territory” packs in a great deal of material, yet also not enough. It is a readable and informative history of policy formulation. But the overall darkness from which the book takes its title remains to be lifted.

DARK TERRITORY
The Secret History of Cyber War
By Fred Kaplan

NYT:

« UK: Twitter To Train Prosecutors To Fight Online Abuse
Open Source Intelligence: Special Ops In Syria Exposed »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

rPeople Staffing

rPeople Staffing

rPeople provides direct placement in all areas of your organization, including and specializing in Technical and Executive hiring.

Qualitèsoft Technology

Qualitèsoft Technology

Qualitèsoft Technology is a leading Software Development and Quality Assurance organization. We specialize in Custom Development, Mobile Application, Software Testing and Quality Assurance.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

Operational Center for Information Systems Security (COSSI)

Operational Center for Information Systems Security (COSSI)

COSSI is responsible for the detection and mitigation of cyber attacks directed at French Government information systems.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Shearwater Group

Shearwater Group

Shearwater Group is an award-winning organisational resilience group that provides cyber security, advisory and managed security services to help secure businesses in a connected global economy.

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards has been started with a great vision to safeguard India from the current threats in the cyber space.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.