Shane Harris, @War: The Rise of the Military-Internet Complex (Eamon Dolan/Mariner Books, 2015), 288 pp., $15.95.
The fifth domain is here. The Pentagon recently added it to the other four domains of warfare, but cyber has been around for quite some time. Cyber is still considered a technically advanced topic, explaining in large part why many people in the defense community, including myself, have been slow to fully embrace and seek to understand this essential arena for war in the twenty-first century. Shane Harris, a senior intelligence and national security correspondent for the Daily Beast, has written a well-researched and informative book about the rise of cyber. It provides newcomers with an introduction to the field, a good outline of cyber’s rise, the conduct of operations and a good overview of the fronts.
The book is divided into two major parts. The first part focuses on narrating the history of the rise of cyber operations, and the second part focuses on how the national security establishment in the United States has worked diligently in recent years to strengthen U.S. defenses in the domain.
In the first part, Harris argues that the 2003 invasion of Iraq was the first conflict in which cyber had a significant effect on the day-to-day operations. He tells the story of some of the soldiers that were initially recruited into U.S. cyber operations, not as cyber specialists, but as regular ROTC candidates. Inside the establishment, they were, based on their valuable skill sets as engineering and mathematics majors, directed to signals intelligence and other units that most needed their expertise. They then developed there, by themselves, cyber as a new domain. The techniques developed were extensively used in Iraq and Afghanistan. Through his interviews, Harris provides the reader with a close-up of how these analysts worked remotely from the United States, but were also flown into theater and set up to work in close contact with commanders on the ground. They worked from local war rooms located in aircraft hangars, filled with computers, huge screens and plenty of expensive tracking equipment—including drones. They successfully tracked insurgents’ use of electronic communications equipment in cities, busy streets and crowded alleys. And as Harris notes, “Armed with the new tactical intelligence, American patrols would take down entire bombing networks in one night.”
The privacy and integrity minded should note however: for cyber operations to be successful, they required the collection of huge amounts of data by the actors on the ground. Large swathes of the population were thus surveyed, and in Afghanistan, for example, millions of men had their fingerprints registered with the U.S. military. The large-scale data mining in these war zones, argues Harris, really gave the NSA the idea that a similar approach to data collection should be employed back home. This gave birth to the PRISM network, so loathed by many in the media and civil-rights groups, and also exposed by then National Security Agency (NSA) contractor Edward Snowden. For the bulk-collection of data to be possible, the NSA worked closely together with communications operators in the United States to provide backdoors into their networks.
Harris also provides some encouraging information regarding the training of budding cyber warriors. With most new technologies in war, the services may be skeptical of embracing change, as they are quite comfortable using the equipment they were trained with. This could be thought to play out in the recruitment of people equipped with data talent. This appears not to have been the case though. The U.S. military academies now offer cyber warfare as a field of study, and the NSA works closely together with universities to recruit promising mathematicians and computer scientists. People are interested in cyber, but the grueling task for the government is retention: private businesses can easily offer double to triple the salary to qualified personnel.
The second part of Harris’ book addresses the challenges that the United States faces from adversaries with more advanced capabilities. Harris points out that it was President George W. Bush who was first briefed on the vulnerabilities of America’s cyber infrastructure. In response, Bush ventured into building something akin to a “Manhattan Project” in cyber; Barack Obama largely supported this endeavor as well. Harris also provides the reader with amusing anecdotes about the development of U.S. cyber defense. An example is when the NSA thought a secure, air-gapped network (not connected to the Internet) had been hacked in Afghanistan, by someone carrying a USB-drive found on a parking lot. The Pentagon ended up banning, for a short time, the use of USB-drives all together throughout the armed forces, provoking much frustration among warfighters and civilians alike.
The main adversaries the United States faces in the cyber arena are well known: China, Russia, Iran and independent nonstate actors that frequently change their names. China’s People’s Liberation Army cyber commandos, Unit 61398, have become notable for the hacking and stealing of F-35 blueprints in 2006, hacking into some of the most sensitive U.S. infrastructure networks and gaining access to the Office of Personnel Management, stealing personal information of more than 20 million people.
Russia has been influencing elections and sowing doubt about the core institutions of the West. While China is a state-centered actor, the Russians, although directed centrally from Moscow, also support a wide range of independent actors. The Kremlin advises pro-Russia hackers on U.S. vulnerabilities, alerts acolytes when intelligence agencies are tracking them and even offers direct asylum if things take a turn for the worse. Harris reminds the reader that the staffers of Barack Obama and John McCain had their e-mails hacked as early as 2007.
The most interesting piece of the cyber puzzle is the role of nonstate actors. Analysts have compared these hackers to seventeenth-century English pirates, who raided foreign ships on behalf of the British empire. Harris argues that this arrangement is readily applied to today’s cyber-criminals. He also brings up the troubling fact that it is quite easy to become a self-taught cyber criminal and the institutional challenge this poses—the role of government starts to become quite muddled. In spying Harris writes, “With enough training and the right tools, a private sleuth can track a hacker as well as a government spy or a military operative can.”
Harris’ book does have some drawbacks. As an American reporter, his book is naturally focused on the U.S. intelligence community. A deeper investigative study would have significantly improved the book, especially if it provided more thorough coverage of Russian and Chinese hacking communities. There also could have been a greater focus on networks outside of the United States that were hacked. At 228 pages, the book would have been more than capable of coping with this added analysis. The book is also somewhat unstructured. Harris insists on providing case after case in cyber operations, invoking the role of state and nonstate actors throughout. He does not take the liberty, however, to clearly distinguish what should be in what chapter. This may be a sign of the author’s lack of technical expertise—which is understandable—or strained timelines for the book’s release.
Overall, I enjoyed reading this book and would recommend it to someone who hasn’t spent much time thinking (or worrying) about cyber and the implications of it. Harris managed to provide a solid background of the challenges facing the cyber world and has made me more conscious of my own data security. If you consider yourself well versed in this field, I would recommend buying a book with a slightly more international perspective and more analysis on the implications of this new “age of cyber.”
Albin Aronsson is currently an independent researcher on European defense and security affairs. He has previous experience from the military, diplomacy and think tank worlds.