Lights Out
Page 19
Shortly after taking over as secretary of defense in February 2015, Ashton Carter ordered the release of a thirty-three-page cybersecurity strategy. The document warns potential adversaries that they will suffer “unacceptable costs” if they conduct an attack on the United States. It’s an interesting exercise in deliberate ambiguity, in that cyber intrusions—espionage, theft, distributed denial-of-service attacks against U.S. interests—are a daily occurrence. It’s a bold warning, but the question of what constitutes a red line is left deliberately unclear. The document also acknowledges an urgent need “to reduce anonymity in cyberspace and increase confidence in attribution.” Those two fragments from the Pentagon’s cybersecurity strategy neatly summarize the dilemma: the United States is warning anyone who launches a cyberattack against this country of dire consequences, without defining what would trigger such a reprisal, while at the same time acknowledging that we also cannot be 100 percent certain of identifying the attacker.
In February 2015 President Obama, acutely aware of the need to synthesize the best cyber intelligence from all available sources, issued a presidential memorandum establishing the Cyber Threat Intelligence Integration Center (CTIIC), to be headed up by the director of national intelligence. Significantly, the president’s memorandum directs that “indicators of malicious cyber activity and, as appropriate, related threat reporting contained in intelligence channels [be] downgraded to the lowest classification possible.” This is intended to ensure the rapid sharing of intelligence material with the widest possible business and industry base. Downgrading its material to the lowest possible classification is not something that comes easily to the intelligence community, and it remains to be seen how enthusiastically the various intelligence agencies comply. Getting critical information from the government to private industry is only half the problem. Not only has private industry been reluctant to share information about cyber intrusions with government agencies, but it has actively lobbied against the proposition in Congress, with the result that cybersecurity legislation has languished in the Senate. Businesses have been concerned about word of successful hacking operations becoming public and hurting their image. They have been worried about news of electronic intrusions giving business rivals a competitive advantage. They have instinctively resisted ceding any of their independence and privileged information to government agencies. And, perhaps most of all, they’ve been nervous about loss of privacy and the potential legal consequences of permitting private information to become public. In the face of mounting cyber threats, businesses are slowly, painfully setting aside some of their concerns and considering a closer collaboration with federal agencies.
But apparently the fear of surrendering privacy to the U.S. government still looms larger than the threats posed by foreign governments and an array of unseen hackers. During the spring of 2015, the Senate was on the verge of passing legislation that would have given industry the right to “scrub” data, for privacy purposes, before handing information over to the government. The plan would have given the Department of Homeland Security the task of further sanitizing the information before conveying it to the NSA, or whichever government agency was deemed appropriate. It wasn’t much of a plan. Indeed, it’s difficult to imagine designing a procedure better suited to slowing down the sharing of critical information. Still, it was further than a coalition of privacy and pro-business advocates were willing to go. In mid-June of 2015, for the third year in a row, the measure was killed in the Senate.
It is fraught territory. There is probably no adjustment in our national mindset that will be more difficult to achieve than changing priorities in the tension between security and privacy. In early May 2015 a federal appeals court in New York ruled that the bulk collection of the American public’s phone records is illegal. That was the news that got the headlines. The court’s ruling, however, was more nuanced than the headlines suggested. “Such expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans,” wrote Judge Gerard E. Lynch. But then his ruling went on: “Perhaps such a contraction is required by national security needs in the face of the dangers of contemporary domestic and international terrorism. But we would expect such a momentous decision to be preceded by substantial debate, and expressed in unmistakable language.”
Lynch is exactly right. The issue does require substantial debate, and it is not easily resolved. There’s nothing new about the argument. It crops up every time there’s a threat to national security. The leaders of democracies have always argued that they are operating at a disadvantage in their dealings with totalitarian governments. The Russians don’t need to worry about infringing on the privacy concerns of their citizens or their critical industries. Neither do the Chinese. But it is in the nature of how democracies function that the pendulum of public outrage can swing dramatically from one extreme to another, depending on perceived threats to the national security, and policy adjustments usually follow. As threat perceptions rise, public concerns about privacy tend to diminish. In the immediate post-9/11 environment, very few concerns were raised about the intrusiveness of law enforcement or intelligence agencies. Indeed, criticism focused largely on the inability of the CIA, NSA, and FBI to “connect the dots,” on government’s failure to anticipate the attacks. As the years passed and the trauma of 9/11 receded in the public mind, the pendulum has swung back dramatically on the side of protecting privacy and limiting the invasiveness of our intelligence agencies.
What’s different this time is that the very nature of cyber intrusion is a threat to privacy. Few members of Congress have invested more time in studying the tensions between cybersecurity and privacy than Senator Edward Markey (D-Mass.). On the one hand, he points out, you have the private sector—Google, Yahoo, and the like—engaged in gathering massive amounts of data on the individual habits of Americans so that they can sell that information to other vendors, who can then target their products to the most likely customers. “Well,” said Markey, “what if a thirteen-year-old girl is Googling for information on anorexia? Should her mother be able to say, ‘Stop re-marketing all that anorexia information onto my girl’s computer. She’s already sick. I want you to stop’? And the industry says, ‘No, we don’t want rules on that. You can’t inhibit our ability to take the information of every individual American and re-market it to make money.’ ” But when the government expresses a similar interest in all of that information, not to make money but to protect the country, and approaches Google and Yahoo, “they’ll say to government, ‘No, we don’t want to give up that information.’ ”
If we insist too adamantly on protecting privacy, we will sacrifice both free enterprise and security. In the age of the Internet, privacy is at risk no matter what we do. What’s at issue is whether we are prepared to surrender some of our privacy to our own intelligence agencies in order to protect against even greater intrusions from a growing array of external enemies. Until the general public is made to understand the scope of the actual threat, the natural inclination will be to preserve what we know and value, against what we still suspect may never happen.
As things now stand, the general public would have a difficult time discriminating between an ordinary power outage and an act of war. No government agency has even laid the groundwork by establishing such a possibility in the public mind. Knowledge of that possibility is a necessary prerequisite if we are to have any hope of encouraging disaster preparation on the public’s part. The implications of a weeks-long (let alone months-long) loss of electricity across large regions, especially those with significant urban populations, are sufficiently grim that at least a basic level of public awareness needs to be established.
“I think one of the lessons learned from the hurricane in New Orleans,” David Petraeus told me, “is that if something like that happens, pull the trigger rapidly and get all hands on deck.” Petraeus said that as a direct consequence of what happened
after Hurricane Katrina, the military established liaison teams in all the states. He recommended that I talk with General Chuck Jacoby, also a four-star, who had just retired as commander of the U.S. Northern Command, which has the responsibility for homeland defense and military assistance in disaster relief throughout North America.
Among the challenges facing the NORTHCOM commander is the need to tread lightly while mustering the capacity to respond rapidly. There is in the United States a historical sensitivity toward the use of federal troops, particularly when it comes to maintaining or restoring order. “Every day,” Jacoby told me, “I used to say that the NORTHCOM commander’s job was to reconcile the will of the president with the authority of the governors. They own their state and they own their [National] Guard, and you know the power for authorities with enforcement capabilities really emanates from the people. So it comes up from the local police departments to sheriffs to the state to the Guard and then up to the president. And it’s a very, very deliberate legal issue to use federal military forces in an armed capacity in the homeland.”
It happens, but rarely. In 1957 President Eisenhower federalized Arkansas’s entire National Guard and then reinforced the guard with units of the 101st Airborne Division when the state refused to integrate its schools. In 1968 the 82nd Airborne Division shipped a brigade from Viet Nam to Detroit to restore order after race riots broke out. In 1992 units of the 7th Infantry Division were dispatched to Los Angeles when rioting broke out in the wake of Rodney King’s beating.
In anticipating the event of a power grid going down, however, the process will have to be streamlined and rehearsed. During the time that it takes to alert and dispatch military personnel and to mobilize the National Guard, local and state police will need to immediately secure the stores and warehouses containing essential supplies that will otherwise be stripped bare in a matter of hours. The authority exists, but without the regular conduct of combined exercises specifically designed to respond to the aftermath of a grid going down, critical supplies will be gone before law enforcement even arrives on the scene.
Jacoby was the beneficiary of lessons learned during and after Hurricane Katrina. The president now has the authority, at the request of a governor, “to direct the Department of Defense to commit resources for emergency work essential to preserve life and property in the immediate aftermath of an incident.” In fact, Jacoby argued, disaster response in general has been vastly improved in the wake of Katrina “because there’s a pretty good National Response Framework…and that’s a team that knows how to support FEMA in a disaster.” Again, though, the focus is almost always on natural disasters.
The question of maintaining security in the aftermath of a power grid being shut down, Jacoby added, can quickly be reduced to a matter of manpower. The U.S. military is a diminished force, with the army down to about 450,000 people. Whether that would be adequate, said Jacoby, is really problematic. NORTHCOM could come up with 50,000 or so troops fairly quickly, but then, said Jacoby, “if that’s not sufficient then you have to start making choices between ‘Am I sending that brigade to Iraq or am I sending that brigade to Afghanistan or am I making that deployment to Poland?’ ”
Jacoby seems a thoughtful man. He is torn between the discipline of military preparedness, with its indisputable value in a time of national crisis, and the American system, which is “designed,” as Jacoby said, “for inhibiting federal abuse of power, specifically armed power in the homeland. And that’s who we are as a people.”
Jacoby is struck by the irony that while we have the most powerful means of communicating with the public that has ever existed, it will be essentially useless without electricity. The communicating needs to happen now. “This is all pre-disaster stuff that has to be done,” he stressed.
From a purely domestic point of view, it should already be a settled issue how forces would be activated, and under whose command, as soon as the president is convinced that all or part of a power grid has been the target of a cyberattack. Maintaining public order and protecting the civilian population will become more difficult with each passing day. As FEMA administrator Craig Fugate acknowledged, it quickly becomes a matter of keeping as many people from dying as possible. It’s food, potable water, and enough generators to keep water flowing and a waste disposal system functioning. There is not now an emergency food supply even remotely adequate to what the demand would be. Among what Jacoby described as the “pre-disaster stuff” that has to be figured out is a plan under which the federal government would acquire billions of dollars’ worth of freeze-dried food, sufficient to feed tens of millions of people for a period of months. This alone will take years once the money is appropriated and the contracts have been signed.
Americans are accustomed to going where they want to go, when they want to go. Many city dwellers have focused their survival plans on just driving to the nearest state in which the power is still on. There is no guarantee that they will be invited to stay. To the contrary. One former state employee from a small rural state told me of strategy sessions planning how they would handle a mass evacuation from an affected city. Traffic police, state police, the National Guard, and civilian volunteers wearing official paraphernalia would be stationed in key locations, offering food, water, and directions to the next gas station. But the message was stark and simple: “Our state doesn’t have the infrastructure to support large numbers of evacuees. Please keep moving.” These are issues that are quietly being discussed on a state-by-state basis. There is no national strategy.
When one major sector of the country is without electricity and the rest of the country has power, what happens? Do states have the right and the legal authority to require domestic refugees, who have neither guaranteed shelter nor the funds to rent or buy shelter, to keep moving? What happens to the economy of the darkened states? With a diminished ability to generate revenue, how long will those states be able to count on the generosity of the rest of the country? Will the federal government establish refugee camps? Where? We have barely begun to consider the problems, let alone find the solutions.
Dan Geer is a computer analyst, admiringly described by colleagues as one of the industry’s “thought leaders.” Delivering the keynote address to the 2014 Black Hat hackers conference, Geer said the following: “Power exists to be used. Some wish for cyber safety, which they will not get. Others wish for cyber order, which they will not get. Some have the eye to discern cyber policies that are ‘the least worst thing.’ May they fill the vacuum of wishful thinking.”
Rudy Giuliani looks back now on the events of 9/11 and their immediate aftermath, and invokes advice he received from a judge for whom he once clerked. The judge had told his young law clerk, “For every one hour in court, four hours of preparation.”
“I think that point of relentless preparation is really important,” Giuliani told me.
When September 11 happened, it was unanticipated. “My first reaction was,” the former mayor said, “we’re not prepared for this.” New York City emergency personnel, he said, had engaged in relentless preparation with city officials, but “we hadn’t gone through it in the context of airplanes being used as missiles attacking our buildings. We had thought of the fact of possible dirty bombs [or] a small nuclear attack.” And yet, Giuliani maintained, the act of preparing itself was “enormously helpful.” To this day, the former mayor believes that “the more you prepare, the better off you are going to be, even if you haven’t quite anticipated the thing that happens.”
Epilogue
The Virtue of a Plan
When the lights go on again all over the world.
— POPULAR SONG LYRICS FROM WORLD WAR II
It was in the days before the Internet, before social media, before satellite technology, before cellphones, before television. It was, needless to say, a very long time ago, and the world was at war.
Many of my earliest memories were crafted by images of World War II. In my father’s arms, I would follow the a
rc of his finger against a late-evening summer sky, watching formations of Royal Air Force fighter planes heading toward the English Channel to engage the Luftwaffe. German bombers would be approaching the southern coast of England, accompanied by their protective escort of Messerschmitt and Heinkel fighter planes. My father would wake me a few hours later, as the RAF Hurricanes and Spitfires returned from their missions, and once again he would hold me and point to the sky, this time marking the gaps in their formations. I was two or three at the time, the unwitting repository of memories that I would only comprehend many years later.
In his magisterial volume The Bombing War: Europe 1939–1945, Richard Overy devoted an eye-opening chapter to what was, at least in 1940, an unprecedented episode in the history of warfare. “British society,” he wrote, “was the first to be tested to see whether the fantastic images of social disintegration suggested in the air culture of the pre-war years would really be the outcome.”
The British in 1940 were as innocent of what to expect from a massive German air offensive as Americans are today at the prospect of massive cyberattacks against key elements of the U.S. infrastructure. There was clear evidence that something nasty was brewing; exactly what form it would take was less clear. The world had been introduced only recently to the concept of a deliberate bombing campaign against civilian targets. On April 26, 1937, German pilots, members of the Condor Legion, flying in support of Francisco Franco’s forces, infamously bombed the town of Guernica. There was no strategic value to the target. It was akin to a boy focusing the sun on an ant with a magnifying glass, an experiment to see just how much devastation aerial bombardment could inflict on a town.