Dark Territory: The Secret History of Cyber War
“If history were taught in the form of stories, it would never be forgotten,” Rudyard Kipling said. “Dark Territory” takes this approach in trying to tell what it calls in its subtitle “The Secret History of Cyber War.”
A Pulitzer Prize winner in journalism and now a columnist for Slate, Fred Kaplan has written a number of highly regarded books on national security.
“Dark Territory” builds on this trifecta, taking the reader into the world of the new security topic du jour, cyberwar. The title comes from the former secretary of defense Robert Gates, who said that when it comes to the questions of conflict in the digital age, “we’re wandering in dark territory.” There is widespread uncertainty not just about how a cyberwar should be fought, but also over the fundamentals of who should fight it and even whether it is a war or not.
Kaplan follows Kipling’s advice, gathering the stories of American government leaders who played key roles in the development of cybersecurity policy. They range from White House officials and former directors of the National Security Agency to lesser-known figures like Willis Ware. An engineer turned policy adviser, Ware wrote the first paper warning of the problems of cybersecurity, in 1967, before Arpanet, the progenitor of the Internet, had even been created.
Kaplan had access to several of these people, and so the book is peppered with many fascinating behind-the-scenes anecdotes. For example, it opens with the story of Ronald Reagan watching the 1983 Matthew Broderick hacker movie “WarGames,” which led him to ask for the first national security policy directive on information systems security. At their best, these stories ultimately come together, often in surprising ways. The writers of the very same movie that so troubled Reagan turn out to have been advised by Ware, some 15 years after his first warnings.
There are, however, two problems with this history-by-story approach. The first is that the anecdotes and characters often come and go too fast. Many last a mere paragraph or two, never to be brought back. The same flaw weakens the overall book, which lacks summation or closure.
This is unfortunate, as several recurring themes are there to be pulled out. This 2016 election campaign has already seen much debate over monitoring the communications not only of potential bad guys but also of a far greater number of American citizens innocent of any wrongdoing. “Dark Territory” shows that this tension dates back decades, and that the government has consistently leaned toward more monitoring and data collection.
The point is an important one, especially since Kaplan also convincingly shows that whatever we are able to do to others, they will most likely find a way to do to us. Decades after Ware warned that the only completely secure computer is one nobody can use, the United States developed the Stuxnet computer virus, which was able to leap across most known defenses to sabotage Iranian nuclear research.
This, however, inspired Iran to create Shamoon, a computer virus it used in an attack that wiped out the hard drives in over 30,000 computers at the Saudi Aramco company. A foe like Iran can be hit in new ways, but also should be expected to develop the digital means to hit back.
The worry is that unlike in the Cold War, there is no mutuality; the United States is more dependent on the Internet than its adversaries. “If America, or US Cyber Command, wanted to wage cyber war,” Kaplan writes, “it would do so from inside a glass house.” To put it another way, the stories in “Dark Territory” detail how much attention has been focused on building new kinds of cyber-offenses and not enough on the means to ward off attacks. Too few in a position to influence policy seem to be asking if this may be the equivalent of trying to protect that glass house with a stone-sharpening kit.
Which leads to the second problem: selection bias. Kipling’s lesson on the value of history told through stories depends on a crucial aspect; the stories chosen have to be interesting, important and reflective. Though “Dark Territory” is presented as a “secret history,” it is really a collection of the not-so-secret, often less-than-exciting accounts, of mid- and executive-level insiders, mostly at the National Security Agency, who debated and formulated cybersecurity policy.
That’s not necessarily a bad thing. But it means Kaplan’s narrative by story is far from complete, and too often not memorable. “Dark Territory” is a book more about the briefings, commission reports and meetings of study groups than it is about actual operations. For instance, you get the inside story of how various policy directives did or didn’t make their way to the White House. That 22 NSA officers were killed in Iraq and Afghanistan, though, is mentioned merely in an aside. Similarly, the Snowden affair is told essentially from the vantage point of the review panel President Obama delegated to write a report on it, after the fact. Who Snowden was, how and why he did what he did, the operations he revealed and the repercussions all get about as much coverage as how the five members of the temporary commission decided where to locate their office.
This selection also shapes the questions that aren’t asked. Kaplan tells us that a small group of policy makers became consumed by the fear that “a handful of technical savants, from just down the street or the other side of the globe, could devastate the nation.” Exciting stuff, except that is the conclusion of a working group in 1995. What neither the insiders nor Kaplan himself seems willing to wrestle with is why this fear of a “cyber Pearl Harbor,” which drives almost all of the book, not to mention billions in spending in the real world, never actually happened over the ensuing two decades.
What did happen instead was a wide range of other activities below the level of outright conflict, from digital espionage to mass intellectual-property theft to cybercrime costing hundreds of billions of dollars. These harms all get short shrift, again reflecting the sources and focus of a book that presents its history only through a Washington DC, NSA centric lens. When private industry does make an appearance, it is usually because some unnamed executive has frustrated a government official by not being willing to do exactly what he or she wanted since it wasn’t in that executive’s business interest.
In much the same way, foreign governments are black boxes in Kaplan’s book. Perhaps this is simply an indication that leaders in Washington are having a hard time accepting a simple fact, that while the Internet may have been created by a United States government research program, it is no longer under American government control, or even American in its makeup.
That is to say, “Dark Territory” packs in a great deal of material, yet also not enough. It is a readable and informative history of policy formulation. But the overall darkness from which the book takes its title remains to be lifted.