Dark Territory: The Secret History of Cyber War

“If history were taught in the form of stories, it would never be forgotten,” Rudyard Kipling said. “Dark Territory” takes this approach in trying to tell what it calls in its subtitle “The Secret History of Cyber War.”

A Pulitzer Prize winner in journalism and now a columnist for Slate, Fred Kaplan has written a number of highly regarded books on national security.

“Dark Territory” builds on this trifecta, taking the reader into the world of the new security topic du jour, cyberwar. The title comes from the former secretary of defense Robert Gates, who said that when it comes to the questions of conflict in the digital age, “we’re wandering in dark territory.” There is widespread uncertainty not just about how a cyberwar should be fought, but also over the fundamentals of who should fight it and even whether it is a war or not.

Kaplan follows Kipling’s advice, gathering the stories of American government leaders who played key roles in the development of cybersecurity policy. They range from White House officials and former directors of the National Security Agency to lesser-known figures like Willis Ware. An engineer turned policy adviser, Ware wrote the first paper warning of the problems of cybersecurity, in 1967, before Arpanet, the progenitor of the Internet, had even been created.

Kaplan had access to several of these people, and so the book is peppered with many fascinating behind-the-scenes ­anecdotes. For example, it opens with the story of Ronald Reagan watching the 1983 Matthew Broderick hacker movie “WarGames,” which led him to ask for the first national security policy directive on information systems security. At their best, these stories ultimately come together, often in surprising ways. The writers of the very same movie that so troubled Reagan turn out to have been advised by Ware, some 15 years after his first warnings.

There are, however, two problems with this history-by-story approach. The first is that the anecdotes and characters often come and go too fast. Many last a mere paragraph or two, never to be brought back. The same flaw weakens the overall book, which lacks summation or closure.

This is unfortunate, as several recurring themes are there to be pulled out. This 2016 election campaign has already seen much debate over monitoring the communications not only of potential bad guys but also of a far greater number of American citizens innocent of any wrongdoing. “Dark Territory” shows that this tension dates back decades, and that the government has consistently leaned toward more monitoring and data collection.

The point is an important one, especially since Kaplan also convincingly shows that whatever we are able to do to others, they will most likely find a way to do to us. Decades after Ware warned that the only completely secure computer is one nobody can use, the United States developed the Stuxnet computer virus, which was able to leap across most known ­defenses to sabotage Iranian nuclear research.

This, however, inspired Iran to create Shamoon, a computer virus it used in an attack that wiped out the hard drives in over 30,000 computers at the Saudi ­Aramco company. A foe like Iran can be hit in new ways, but also should be expected to develop the digital means to hit back.

The worry is that unlike in the Cold War, there is no mutuality; the United States is more dependent on the Internet than its adversaries. “If America, or US Cyber Command, wanted to wage cyber war,” Kaplan writes, “it would do so from inside a glass house.” To put it another way, the stories in “Dark Territory” detail how much attention has been focused on building new kinds of cyber-offenses and not enough on the means to ward off attacks. Too few in a position to influence policy seem to be asking if this may be the equivalent of trying to protect that glass house with a stone-sharpening kit.

Which leads to the second problem: selection bias. Kipling’s lesson on the value of history told through stories depends on a crucial aspect; the stories chosen have to be interesting, important and reflective. Though “Dark Territory” is presented as a “secret history,” it is really a collection of the not-so-secret, often less-than-exciting accounts, of mid- and executive-level ­insiders, mostly at the National Security Agency, who debated and formulated cybersecurity policy.

That’s not necessarily a bad thing. But it means Kaplan’s narrative by story is far from complete, and too often not memorable. “Dark Territory” is a book more about the briefings, commission reports and meetings of study groups than it is about actual operations. For instance, you get the inside story of how various policy directives did or didn’t make their way to the White House. That 22 NSA officers were killed in Iraq and Afghanistan, though, is mentioned merely in an aside. Similarly, the Snowden affair is told essentially from the vantage point of the review panel President Obama delegated to write a report on it, after the fact. Who Snowden was, how and why he did what he did, the operations he revealed and the repercussions all get about as much coverage as how the five members of the temporary commission decided where to locate their office.

This selection also shapes the questions that aren’t asked. Kaplan tells us that a small group of policy makers became consumed by the fear that “a handful of technical savants, from just down the street or the other side of the globe, could devastate the nation.” Exciting stuff, except that is the conclusion of a working group in 1995. What neither the insiders nor ­Kaplan himself seems willing to wrestle with is why this fear of a “cyber Pearl Harbor,” which drives almost all of the book, not to mention billions in spending in the real world, never actually happened over the ensuing two decades.

What did happen instead was a wide range of other activities below the level of outright conflict, from digital espionage to mass intellectual-property theft to ­cybercrime costing hundreds of billions of dollars. These harms all get short shrift, again reflecting the sources and focus of a book that presents its history only through a Washington DC, NSA centric lens. When private industry does make an appearance, it is usually because some unnamed executive has frustrated a government official by not being willing to do exactly what he or she wanted since it wasn’t in that executive’s business interest.

In much the same way, foreign governments are black boxes in Kaplan’s book. Perhaps this is simply an indication that leaders in Washington are having a hard time accepting a simple fact, that while the Internet may have been created by a United States government research program, it is no longer under American government control, or even American in its makeup.

That is to say, “Dark Territory” packs in a great deal of material, yet also not enough. It is a readable and informative history of policy formulation. But the overall darkness from which the book takes its title remains to be lifted.

DARK TERRITORY
The Secret History of Cyber War
By Fred Kaplan

NYT:

« UK: Twitter To Train Prosecutors To Fight Online Abuse
Open Source Intelligence: Special Ops In Syria Exposed »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

National Cybersecurity Agency (ANCS) - Tunisia

National Cybersecurity Agency (ANCS) - Tunisia

ANCS (L'Agence Nationale de la Cybersécurité) is the national cybersecurity agency for Tunisia.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

HWG Sababa

HWG Sababa

HWG Sababa is a cybersecurity provider that offers a comprehensive suite of strategic managed security solutions, services, and consultancy.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

Stratsec

Stratsec

Stratsec is a global team of experts on a mission to protect human life, well-being and the environment against cyber-driven threats.

Aeris

Aeris

Aeris IoT Watchtower is the world’s first fully integrated cyber security solution for cellular IoT devices.