Big Brother and the Global Info Wars

Privacy, Cybersecurity, National Security, and the Future of Warfare

Privacy and safety (or at least a sense of safety) are often intertwined. Given that the deadliest predators humans have faced throughout our history have been members of our own species, it just makes sense.

If you’re sitting comfortably in your living room reading a book or watching TV and happen to look up at your front window and see a menacing-looking person standing outside staring at you, you immediately go from feeling safe to feeling unsafe.

Most people don’t have deep, dark online secrets they want to hide from others on the internet; most of us are not pornographers or terrorists or burglars. But even the most innocent, benign person would prefer that strangers aren’t reading their emails or knowing every click or purchase that comes out of their time online.

Governments, though, are another matter. There isn’t a government in the world that doesn’t have secrets that, if revealed, would damage the national security of that country. Be it military, trade, or political, governments routinely conceal information for reasons both bad and good, and competing governments are always trying to find them out.

Spying, in this regard, is as old as humankind.

From Moses’ 12 spies in the Bible to the story of the giant wooden horse that carried warriors into Troy to tales from behind the lines in World War II, we’re all familiar with the damage that can be done to a nation when it’s infiltrated by hostile agents. And this is where our Internet of Things presents a particular vulnerability for the United States.

On the internet, maintaining privacy and security is important for individuals but vital for governments.

Most Americans are familiar with the story of how the United States and Israel apparently collaborated to implant a computer worm known as Stuxnet into the nuclear enrichment systems of Iran in 2010. The worm burrowed into the computerized systems controlling the spinning centrifuges used to purify uranium, causing them to spin so fast or irregularly that they essentially broke into pieces.[i]

Far less well known is the story of how Iran responded.

A paper from the Strategic Studies Institute of the US Army War College titled Iran’s Emergence as a Cyber Power states that prior to then, virtually all of that country’s cyber capability was directed at spying on their own citizens, hoping to stop rebellions before they began. But Stuxnet changed everything.

“Today, Iran as a cyber power is the elephant in the room that everyone is finally beginning to notice,” the report’s authors wrote. “The Iranian government was originally believed to have budgeted approximately $76 million annually to its fledgling cyber force.”

Then came Stuxnet in 2010. As the War College said, “However, in late-2011, Iran invested at least $1 billion dollars in cyber technology, infrastructure, and expertise. In March 2012, the IRGC [Iran Revolutionary Guard Corps] claimed it had recruited around 120,000 personnel over the past 3 years to combat ‘a soft cyber war against Iran.’ In early-2013, an IRGC general publicly claimed Iran had the ‘fourth biggest cyber power among the world’s cyber armies.’”[ii]

On August 15, 2012, they used that power first to disable the world’s wealthiest oil company, Saudi Aramco, irretrievably destroying 30,000 computers, leaving only an image of a burning American flag on every monitor’s screen.

Then they went after a 245-foot-tall, 800-foot-long dam in Oregon, the Arthur R. Bowman Dam, which backs up the Crooked River. Had they opened its floodgates fast enough, it would have wiped out the downriver town of Pineville, killing thousands.

Fortunately for Oregonians, they got the wrong dam; instead of the Oregon dam, they successfully infiltrated and took control of the Bowman Avenue Dam in New York State, which reroutes a relatively small stream. And, to add insult to injury for the Iranians, when they hit that dam (as the CIA was just then discovering), the sluice gates had been separated from the computer system for maintenance.

In an article about the attack, Wall Street Journal reporter Danny Yadron wrote, “America’s power grid, factories, pipelines, bridges and dams—all prime targets for digital armies—are sitting largely unprotected on the Internet.” It was just a fluke that they got the wrong dam and that it was down for repairs.[iii]

The late Las Vegas billionaire Sheldon Adelson, then a close friend of Benjamin Netanyahu and a major donor to both Israeli and GOP causes, was the next victim of Iran after telling an audience at Yeshiva University in New York that the United States should drop an atomic bomb in Iran’s desert, implicitly threatening the capital, Tehran.

“You want to be wiped out? Go ahead and take a tough position,” Adelson said.

Iran’s Supreme Leader Ayatollah Ali Khamenei replied that somebody “should slap these prating people in the mouth.”[iv]

Weeks later, all the computers at the Sands, Adelson’s hotel/casino, died. Totally. Every hard drive wiped, every screen showing a photo of Adelson and Netanyahu with the inscription, “Don’t let your tongue cut your throat”; the computers may as well have been boat anchors. Bricked is the word that hackers use.

Two years earlier, the Obama administration had put forward legislation to require all privately owned “essential infrastructure” in the United States to harden their cyber capabilities. While it passed the House of Representatives, as the New York Times reported, “Senate Republicans . . . argued that the minimum standards were too burdensome for businesses, and by late July had managed to change the legislation to make them optional. In early August, the bill essentially died when it was blocked by a Republican filibuster.”[v]

Failing at getting Congress to force the American companies that controlled our infrastructure to harden their systems, President Obama signed an executive order “that promotes increased information sharing about cyberthreats between the government and private companies that oversee the country’s critical infrastructure” and “put together recommendations that companies should follow to prevent attacks.”[vi]

The order was ignored, and continues to be ignored, by American industry.

Cybersecurity for our privately owned dams, bridges, electrical generating stations, nuclear power plants, gas and oil pipelines, and water and sewage systems is now optional, and few companies—at least until ransomware attacks began in earnest in 2020—invested anything close to the necessary funds to protect against an internet-based attack.

New York Times reporter Nicole Perlroth, in her vital and brilliant book This Is How They Tell Me The World Ends: The Cyberweapons Arms Race, wrote that from 2012 to 2014 “Russian hackers made their way inside more than a thousand companies, in more than eighty-four countries, the vast majority of them American.”[vii]

While the Chinese have hacked American companies for decades and stolen what Perlroth documents as trillions of dollars’ worth of intellectual property, product designs, manufacturing techniques, and drug formulas, this Russian hack seemed to have a different purpose.

They “made their way into hundreds of industrial control systems across the country,” Perlroth wrote, using systems and strategies similar to the way Stuxnet had penetrated Iranian nuclear enrichment facilities.

“It wasn’t just US oil and gas companies anymore,” she said. “Russian hackers infected the software updates that reached the industrial controllers inside hydroelectric dams, nuclear power plants, pipelines, and the grid, and were now inside the very computers that could unleash the locks at the dams, trigger an explosion, or shut down power to the grid.”

This action “was not Chinese-style industrial espionage,” Perlroth wrote. “Moscow was preparing the battlefield.”

She quotes cybersecurity expert John Hultquist, who told her, “This was the first stage in long-term preparation for an attack. There’s no other plausible explanation.”[viii]

While a handful of nations with nuclear weapons have spent much of the past 70 years both preparing for and trying to avoid a nuclear war, cyberwar has emerged as a far more likely way the next major international conflict will go down. A few decades ago, neutron bombs were all the rage in the press—weapons that would kill all the people through a massive radiation pulse but leave the infrastructure standing and waiting to be occupied and used or looted by victorious foreign troops.

Cyberwar is sort of the opposite of neutron bombs. Instead of killing the people, it takes out the infrastructure with the goal being to disrupt society so severely as to bring down governments (the ultimate goal of most warfare).

Like a previously unknown and still largely invisible fourth dimension, digital cyberspace has gone from being nonexistent when I was born to having interpenetrated almost every home, business, and government agency in the developed world and most of the developing world. Today everything from our water/power/sewer utilities to our cellular telephone systems to our home information and entertainment systems runs on digital ones and zeros that flow through cyberspace.

And just as the United States and Russia were first into outer space, they—and now China—have become the major players in cyberspace. Rather than the next war starting with a flash from a nuclear explosion over New York or Moscow or Beijing, it’s more likely that today the first step would be one of those cities browning out as the electrical grid was fried the way the United States and Israel took out Iran’s centrifuges a decade ago.

Take out a few big dams and melt down a couple dozen nuclear reactors while shutting down communications systems for first responders, and the country would be thrown into a chaos not unlike the firebombing of Dresden or Tokyo in 1944, but without the expense, hassle, or waste of building, fueling, and flying bombers and bombs.

With no power, no telecommunications, and no water, cities would descend into chaos in days and become unlivable hellscapes within a week; drain the big banks and vanish their depositors’ records, and you’ve hit a nation at all levels from the top government/corporate to infrastructure to the individual and personal.

The risk/reward calculation for cyberwar is so much better than for nuclear war that it’s probable that nuclear warfare has become an anachronism and cyberwar is the new military frontier. Every new military weapon ever devised has made its way into warfare within two generations, from the crossbow in the 12th century (two popes tried to ban it) to guns to poison gas to nuclear bombs dropped on Hiroshima and Nagasaki.

Cyberwar will be no different as digital Big Brothers battle each other from safe, distant computer terminals while civilian populations and military operations collapse. Conceivably, a nation’s own nuclear arsenal could be used against it by programming nuclear bombs and missiles to explode in place.

Multiple nations are today planning for exactly this kind of warfare scenario, and it’s already been tried in more local ways, as mentioned earlier with our operations against Iran and Russia’s against Ukraine and Estonia, and while the United States took down Saddam Hussein’s power and telecommunications through strategic bombing prior to a larger bombing campaign of Baghdad in 2003, the post-2020s version of that strike will most likely be in cyberspace.

How Trump Undermined Our Cybersecurity

A few years before the Russian action, right after taking office in 2009, President Obama gave a speech revealing that both his and Senator John McCain’s campaigns had been hacked, as was his personal credit card.

He kicked off a robust new agency within the White House to coordinate cybersecurity across federal agencies so that America wouldn’t get caught flat-footed like we were on 9/11 when the FBI and CIA both had essential parts of the Bin Laden puzzle but failed to connect the dots.

J. Michael Daniel was Obama’s head of the office of the Cybersecurity Coordinator and special assistant to the president, working with a substantial team out of the Eisenhower Executive Office Building next door to the White House. All the bells and alarms from more than 20 US security agencies, from those associated with the military to the FBI, CIA, NSA, and parts of the government that don’t even have public names, coordinated with his operation.

They watched with horror as the day before Christmas Eve, the busiest shopping day of 2015, Russia took down Ukraine a year after voters in that country had expelled a Russian-friendly oligarch, Paul Manafort’s client Viktor Yanukovych, and replaced him with a Western-friendly president, Oleksandr Turchynov.

And by “take down,” I mean it almost literally. Kim Zetter told the story of a supervisor at one of Ukraine’s main power substations in Wired: “All he could do was stare helplessly at his screen while the ghosts in the machine clicked open one breaker after another, eventually taking about 30 substations offline. The attackers didn’t stop there, however. They also struck two other power distribution centers at the same time, nearly doubling the number of substations taken offline and leaving more than 230,000 residents in the dark. And as if that weren’t enough, they also disabled backup power supplies to two of the three distribution centers, leaving operators themselves stumbling in the dark.”[ix]

It was the second consequential cyberattack (the first being Stuxnet) of one nation-state against another. Prior hacks, mostly by Iran, North Korea, and China, were designed to extort money via ransomware, steal money directly from people’s bank accounts or credit cards, or steal product designs and other intellectual properties that could be converted to profit.

But there was no profit motive here, nor in the Stuxnet attack. Both were acts of war.

The United States still had the most powerful cyberweapons in the world, but the Russians were no slouches. For example, back in 2007 when the Estonians (a former Soviet state) removed an old Soviet-era statue from a public square, Russian hackers pulled the internet plug on the entire nation; for a brief while, no traffic got in or out of the country.[x]

In 2016, the US cyberwarfare equivalents of our nuclear arsenal were hacked from our intelligence agencies (particularly the NSA) and put up for sale on the dark web. One of those cybernukes, named by the NSA EternalBlue, was integrated into a new cyberweapon now known as NotPetya and used a year later, June 27, 2017, against Ukraine.

As Andy Greenberg wrote for Wired: “On a national scale, NotPetya was eating Ukraine’s computers alive. It would hit at least four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency. ‘The government was dead,’ summarizes Ukrainian minister of infrastructure Volodymyr Omelyan.”[xi]

About 10 percent of all the computers in Ukraine were bricked, permanently destroyed, and more than 300 companies were shut down and lost everything on their computer systems. Checkout systems in stores shut down; gas stations couldn’t process payments, so their pumps stopped working; banks went down, and not only were people unable to access their balances, but some banking information (and thus money in the banks) was simply lost, forever.

The cyberweapon even took down the monitoring systems at Chernobyl, provoking mass consternation among the scientists working remotely on the cleanup who didn’t know for hours if the site had exploded, been attacked, or just been hacked with devastating consequences.

The response of the Trump administration took a few months but was decisive: In early 2018, Trump shut down the White House Office of the Cybersecurity Coordinator and ended the job of its then-director, Rob Joyce.

In the understatement of the year, Senator Mark Warner of Virginia tweeted, “Mr. President, if you really want to put America first, don’t cut the White House Cybersecurity Coordinator, the only person in the federal government tasked with delivering a coordinated, whole-of-government response to the growing cyber threats facing our nation. . . . I don’t see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats.”[xii]

An aide to National Security Adviser John Bolton explained, using language lifted from Alexander Hamilton’s 1788 Federalist, no. 70, that they killed off the cybersecurity czar’s office because “eliminating another layer of bureaucracy delivers greater ‘decision, activity, secrecy and despatch [sic].’”[xiii]

After the two years during which Trump forbade America a cybersecurity coordinator, the incoming Biden administration discovered that Russian hackers had used that time to embed themselves deeply into the computer systems of the Treasury and Commerce departments, and nobody as of this writing is sure how far or how deep the Russian hackers went into other government agencies, including our military and intelligence agencies.

They were inside US government computers for almost a year before an outside company, FireEye, discovered the hack and alerted both the government and the media. And there’s every indication that they’re still there. [xiv]

When the Russian penetration deep into the US government’s computers hit the papers, Trump had, a month earlier, also fired Christopher Krebs, head of the Department of Homeland Security’s Cybersecurity Agency (because he’d publicly said there was no fraud in the 2020 election), so that agency was in a bind when the news came out.[xv]

FireEye, SolarWinds, and several of America’s intelligence agencies unequivocally said the attack was launched from Russia, and Secretary of State Mike Pompeo declared, “This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”[xvi]

But President Donald Trump, having now lost the office that Putin had first helped him win in 2016, and a month away from having to vacate the White House, had a different story. The AP reported on December 19, 2020, “Contradicting his secretary of state and other top officials, President Donald Trump on Saturday suggested without evidence that China—not Russia—may be behind the cyber espionage operation against the United States and tried to minimize its impact.”[xvii]

Trump then tweeted, “The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control.” He accused the media of being “petrified” of “discussing the possibility that it may be China (it may!).”[xviii]

The headline at Business Insider neatly summarized the day: “The White House was set to accuse Russia of the devastating cyberattack on the US government’s computer systems but was told at the last minute to stand down.”[xix] The order apparently came directly from Trump.

The Biden administration began the difficult, expensive, and time-consuming task of rebuilding our cybersecurity infrastructure, but Trump left behind massive damage and what may end up being a years-long Russian presence inside our systems.