The Perfect Weapon
Page 32
“This stuff is a double-edged sword,” one person advising a major defense contractor told me. “Everyone wants it to work. But they don’t want it to work too well.”
* * *
—
Washington hid many of the details of the effort in plain sight.
When Bill Broad and I began asking around the Pentagon and the White House in 2016 about the surprising number of North Korean missile failures, we were not surprised to be met with stony silences. After the Stuxnet leak investigation, no one wanted to be accused of talking about a cyber-sabotage program—especially one that might not be working. But there were occasional hints that the answers lay in the “left of launch” program.
Bill dug into the open literature. Soon he showed up with a grin at my desk in Washington toting an inch-and-a-half-thick pile of Pentagon testimony and public documents. For a secret program, he noted, people sure had said a lot, mostly because they were lobbying for money.
The trail started with Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff when Obama was pushing for the stepped-up attacks. Shortly after the North Koreans set off a nuclear test in February 2013, Dempsey publicly announced a new “left of launch” effort that would focus on “cyberwarfare, directed energy, and electronic attack.” It was part of a larger presentation at the Pentagon on technologies that needed to be in place over the next seven years, and almost no one noticed the “left of launch” piece. But the plain fact was that the nation’s top military officer had explained that malware, lasers, and signal jamming were all becoming important new adjuncts to the traditional methods of halting potential enemy strikes.
General Dempsey never mentioned North Korea in his statement. He didn’t have to. A map accompanying the policy paper the Pentagon issued on the subject showed a missile from North Korea streaking toward the United States. That freed others to use similar imagery.
Soon Raytheon, the largest missile-defense contractor, started talking openly at conferences about the new opportunities in “left of launch” technologies, particularly cyber and electronic strikes executed at the moment of launch. A Raytheon document from one of its industry conferences, which was posted on a public website until we began asking questions about it, was not exactly subtle. One slide showed a range of adversaries against whom “left of launch” was particularly well suited, with a picture of a solemn Kim Jong-un sandwiched between Vladimir Putin and Xi Jinping. A chart illustrating how the program worked featured a bright band separating the steps that Raytheon’s technology could accomplish to defeat missiles before and after launch. The most interesting part was the band itself—representing the minutes right around launch. There, Raytheon had inserted the words “cyber” and “EW,” or electronic warfare, indicating that was the time to strike the launch process, at its most vulnerable point.
The chart showed that the cyber and electronic strikes could also target enemy factories—the latest effort at using industrial sabotage to slow the North. The program required a huge and complex effort, involving America’s national laboratories, the Energy Department, and the CIA, and it was deployed against Iran as well. But it was hardly a surefire approach. The North Koreans were learning how to build more and more of their systems indigenously, and were even beginning to make some of the highly volatile rocket fuel that would power their longest-range missiles.
That progress made it all the more urgent that the National Security Agency and its Tailored Access Operations unit get inside the North’s systems. Naturally, those operations remain among the most classified. But a tiny glimpse of the effort came from Oren J. Falkowitz, a quirky former NSA operator who started an innovative Silicon Valley cybersecurity firm named Area 1. In a Times interview about his start-up, with my colleague Nicole Perlroth, he described how some of the company’s approaches to anticipating cyberattacks were inspired by work done inside the NSA to break into computer systems for the North’s missile program, in what he characterized as an effort to understand their missile-launch schedules.
Falkowitz said nothing about what the United States did with the information it acquired, which left open the question of whether we were just conducting espionage about launch schedules or were actively seeding implants in the North Korean systems. But there were other indications—some public, some whispered—of American successes in getting into the command-and-control systems. It was hard gaining access to the North’s sealed-off computer networks, former American and South Korean operators reported. But once inside, they said, the North’s digital defenses fell pretty quickly. North Korea’s military, one noted, was as paranoid as Iran’s, but not as talented.
A review of a gathering of top antimissile experts at the Center for Strategic and International Studies in 2015 gave us even more details. Archer Macy Jr., a retired navy rear admiral, described how the Pentagon was developing ways not only of preventing successful missile launches but also of interfering in their flight paths and navigation systems. That was followed by congressional testimony in which James Syring, the director of the Pentagon’s Missile Defense Agency, described “left of launch” strikes as “game changing” because they reduced the need to “rely exclusively on expensive interceptors.”
Every once in a while during these conferences and hearings, someone would touch on the profound question at the core of the program. That happened one day when Kenneth Todorov, a retired air force brigadier general, asked how the United States would justify what amounts to preemptive war under international law: attacking the North’s missile launches first, before any strike, to gain a strategic advantage. “Are we, as a military and a nation,” he asked, prepared to “go after potential targets in advance?” And if so, are we ready for other nations to do the same to us?
Todorov was getting at a critical point that has been periodically debated since President Bush, in 2002, declared that preemption was back as a central American principle for dealing with a hostile world. If the United States saw a missile on a North Korean launch pad being fueled, loaded with a warhead, and seemingly intended for American territory or that of an ally, it would likely be within its rights under international law to take out the missile on the pad.
But “left of launch” suggested a different scenario: A preventive strike, the kind that one state executes against another in the absence of an imminent threat. Think Pearl Harbor, or of a strong state that strikes a weaker but rising competitor while it still can. That is largely forbidden by international law.
With cyberstrikes—invisible, deniable—the temptation to conduct preventive war may be higher than it has ever been before. Unsurprisingly, few government officials want to delve too deeply, at least in public, into how the laws of war apply to offensive cyber action.
In private they debate these issues constantly. But as Robert Litt, the former general counsel to the director of national intelligence during the Obama years, put it to me one day: “There is no issue on which government lawyers have spent more time, to less productive effect, than on the question of how the laws of war apply to cyber.”
* * *
—
In March 2016, just as North Korea was stepping up testing of its prized Musudan missile, I tried to engage Donald Trump on the subject of what he thought about America’s new cyber arsenal—and how he might use it if elected. Trump was at Mar-a-Lago, his Florida golf club, and my colleague Maggie Haberman and I were interviewing him as part of a detailed conversation he’d agreed to with the Times on the subject of national-security issues.
My goal in trying to get him to talk about cyberweapons in that interview was simple: I wanted to see whether a candidate who spoke about military power as if it were still 1959—tanks and aircraft carriers and nukes—had given any thought to new technologies. For anyone new to the world of diplomacy, coercion, and military planning, the first step would be to understand the newest tools in the toolbox.
Digital warfare was new stuff for him; as the conversation went on, it wasn’t clear he had ever heard of the American cyber operations against Iran. His main interest was to demonstrate, on cyber and all other issues, that he would be tougher and more decisive than Barack Obama, even if he wasn’t quite certain what Obama had done in the cyber arena. He made an argument that, as with so many other things in Trump’s worldview, America was blowing its lead:
We’re the ones that sort of were very much involved with the creation, but we’re so obsolete, we just seem to be toyed with by so many different countries, already. And we don’t know who’s doing what. We don’t know who’s got the power, who’s got that capability, some people say it’s China, some people say it’s Russia. But certainly cyber has to be a, you know, certainly cyber has to be in our thought process, very strongly in our thought process. Inconceivable that, inconceivable the power of cyber. But as you say, you can take out, you can take out, you can make countries nonfunctioning with a strong use of cyber. I don’t think we’re there. I don’t think we’re as advanced as other countries are, and I think you probably would agree with that. I don’t think we’re advanced, I think we’re going backwards in so many different ways. I think we’re going backwards with our military…we move forward with cyber, but other countries are moving forward at a much more rapid pace.
It was more assertion than analysis, more declaration than doctrine. We were trying to get Trump to discuss when it is justifiable to use cyberweapons; he took the conversation to the question of who is stronger and who is weaker, unencumbered by many facts.
Then, just to reinforce his campaign talking points, he concluded with: “We are frankly not being led very well in terms of the protection of this country.”
Ten months later, Trump was inaugurated as the forty-fifth president and inherited a complex cyber operation against a hostile state that he barely understood. In the meantime, Bill Broad and I had built a pretty compelling case that North Korea was the target of an intensive, sophisticated US effort to send its missiles awry. With more reporting, we arrived at some solid conclusions about how the attacks worked.
Then came the sensitive part: telling the government what we were preparing to publish, seeking their comments, and hearing them out if they believed any of our revelations could compromise an ongoing operation or put lives at risk. In the last weeks of the Obama administration, we met with intelligence officials, fully anticipating that their first reaction would be to tell us to refrain from printing a story on the sensitive subject. When they said nothing of the sort, we left the session thinking we still had more reporting to do.
That reporting ran into the chaos of Trump’s inauguration and his tumultuous first month in office—the blitz of executive orders, Trump’s growing paranoia about the Russia investigation, and his suspicion of a “deep state” out to undermine him and his agenda. We were not ready to publish until late February. That’s when I called K. T. McFarland, then Trump’s deputy national security adviser, and explained to her that I needed to come by and make sure the new administration was aware of a story about a major program they were inheriting.
The next day I showed up at McFarland’s tiny West Wing office. Her boss, Lt. Gen. Michael Flynn, had just been fired days before for misleading Vice President Michael Pence about his conversations with the Russian ambassador to the United States, Sergey Kislyak. Flynn had denied talking to Kislyak about overturning election-related sanctions against Russia that Obama had imposed in the last weeks of his presidency; in fact, the topic had indeed come up during their conversations.
As I walked past the national security adviser’s corner office, the door was open; someone had rolled up the carpet, stripped all the books off the shelves, and stacked Flynn’s office chair on top of his desk. It looked like a dorm room on move-out day, and certainly not the sight one expected to see a little more than a month into a new administration. It was a symbol of far more chaos to come.
While I knew the Obama transition teams had left binders full of briefing materials on North Korea for the new administration, I suspected few people had the clearances—or the time—to go through them all. Flynn, the former director of the Defense Intelligence Agency, was probably the one most current on the North Korean threat. But not only had he just been fired, his handpicked aides—derisively called “The Flynnstones”—were gradually being eased out.
When I sat down with McFarland, who had been a junior aide to Henry Kissinger in the White House forty years before, she told me that the administration had taken seriously Barack Obama’s warning that North Korea would be their most immediate national-security problem. McFarland’s job—in which she didn’t last very long—was to convene the “deputies committee”—made up of the second- and third-ranking officials in State, Defense, Energy, Treasury, and the intelligence agencies—to tee up strategies for the president and his cabinet. Unsurprisingly, most of the initial meetings were about North Korea.
But as I began to describe to McFarland what we had learned about the “left of launch” program, and how it was being used against North Korea, I could see by the look on her face that it seemed to be the first she had heard of it. That was surprising: If there was anything that the new national-security team needed to get up to speed on quickly, it was the full range of American efforts to defang the North Korean threat. Perhaps she was just a good poker player, but the discussion did not suggest the new administration had a full grasp of what it was about to face.
After a half hour, McFarland said she had to go brief the president on a different matter. But she told me she saw no national-security issues in what we were planning to publish.
“It sounds like it will all work out,” she said as she headed to the Oval Office.
She proved prematurely optimistic. After the word spread inside the administration, which had no experience dealing with sensitive national-security stories, the Times got a stiffly worded letter from the White House counsel, Donald McGahn, previously an election lawyer, accusing us of preparing to violate American national security—and hinting that the government might try to take some kind of action.
Within a few days Flynn’s replacement as national security adviser, H. R. McMaster, invited us into his office to hear for himself what we were preparing to publish. It was his first full day on the job. A strategist with a PhD in military history, and the author of an incisive history of how the American military lied to itself about the war in Vietnam, his mind went straight to historical analogy.
“Is this the Enigma codes?” he asked, a reference to the encrypted German communications that the British cracked—a secret kept for decades. Broad and I told him we didn’t think so: there was solid evidence that Kim Jong-un already understood the issue, and he had already shut down the Musudan tests after the string of failures.
McMaster had not had to deal with Korea or with cyber issues in-depth before; he made his name in the Persian Gulf and had been promoted through the ranks by Gen. David Petraeus. His most recent jobs had been running the Army Capabilities Integration Center, where he was tasked with thinking about future conflicts. But he was clearly still catching up on the scope of the Korea crisis.
He asked us to meet yet again with intelligence officials and talk through the details. A day later we descended into the Situation Room to review our findings with them. Based on previous discussions, we had already decided to omit technical details, including several that might give the North indications of where their systems were vulnerable. That was normal practice. But explaining what the United States was doing, we thought, was vital: As our executive editor, Dean Baquet, noted, there was no way for Americans to have an informed public discussion about the US response to the North Korea crisis without understanding our past struggles to deal with it. “This was one of America’s most urgent threats,” he said, and that meant covering the American use of cyberweapons “the way we covered
the Pentagon Papers, WikiLeaks, drone strikes, counterterrorism, and nuclear arms.”
With publication imminent, McMaster went to brief Trump on what we were revealing—and what we were withholding. Trump had already ramped up his critique of the Times, and McMaster cautioned me that Trump might well take to Twitter to denounce the paper—hardly a first. In fact, on the morning that the story was published, Trump started a Twitter attack. But it wasn’t about us.
“How low has President Obama gone to tapp [sic] my phones during the very sacred election process,” he wrote that morning. “This is Nixon/Watergate.” It was an accusation based on no facts.
Trump’s tweet crystallized how his obsessions, and the chaos of the transition in the first six weeks of the new presidency, had prevented the new administration from focusing on what Obama had warned was the central national-security threat the nation faced. They had been left hundreds of pages of briefing materials about North Korea, but it appears little of it was absorbed. The questions swirling around the success or failure of the primary covert program to thwart the missile launches had not been fully engaged by McFarland, who was ousted in a few weeks, and they were entirely new to McMaster, who lasted just a bit more than a year.
Clearly Trump’s mind was not yet on the dictator he would soon call “Rocket Man,” or the country he would threaten to incinerate with “fire and fury.” But positions were beginning to harden. Nineteen days before Trump’s inauguration, Kim Jong-un had taunted the president-elect with a declaration that he was then in “the final stage in preparations” for an inaugural test of his intercontinental ballistic missiles—missiles larger and more sophisticated than the Musudan. Trump had responded, with typical Twitter bravado, “It won’t happen.”