We Are All Probing Each Other, All the Time
Mike McConnell is one of America’s top spymasters. He was director of National Intelligence, the supreme authority over all US intelligence agencies, from Feb. 2007 to Jan. 2009, and director of the National Security Agency from 1992 to 1996. He spoke with NPQ editor Nathan Gardels in 2009.
NPQ | As America designs a new defense posture for the 21st century—small wars and counterinsurgency instead of large deployments for land wars—where does cyberwar fit in?
MIKE McCONNELL | These three will be critical in the future. We have to specialize for these new types of war, but we never want to give up the capability for a general-purpose war. There has to be a balance. Let me focus, though, on cyberwar.
Broadly, there are only two types of communication—wireless and wire. Most of the world communicated through wireless means through high-frequency signals, microwave and satellite lines of site signals, for many years (except for undersea cables). Today, about 90 percent of all global communications goes through glass pipes—that is, optic fiber cables.
A wireless road is like a cow path compared to the 6,000-lane highway of optic fiber wire.
Different frequency light passes thorough glass strands the size of human hair to transmit information. We now have operational capacity for 100 gigabits—the equivalent of transmitting the entire contents of the Library of Congress every few hours through a single strand. When I was a young sailor at sea a few decades ago, our transmission capacity was 75 baud—100 words a minute. Now it is measured in millions and billions of words a minute.
Scientists, technologists and entrepreneurs have now figured out how to interconnect all these stands—the Internet—for instantaneous contact around the globe.
With this system, one can transmit $100 million from a bank in Tokyo to New York City in a few seconds. That is the magnitude of change. Through this system, companies like Wal-Mart can manage their inventory on a just-in time basis, ordering a new shipment of goods from a factory in rural China the moment supplies at a store in Indiana depletes beyond an established threshold. This drove costs down so far they could beat their competition to become the world’s largest retailer through increased efficiency and reduced cost in their supply chain.
On the benefit side of all this, therefore, the cost of living has gone down, the standard of living has gone up and productivity has increased significantly, creating new goods, services and wealth.
But there is a negative side. A level of vulnerability has been introduced into our way of life that is unprecedented.
We now have a smaller connected globe where information can be moved in seconds, where information managed by computer networks—which runs our utilities, our transportation, our banking and communications—can be exploited or attacked in seconds from a remote location overseas. No flotilla of ships or intercontinental missiles or standing armies can defend against such remote attacks located not only well beyond our borders, but beyond physical space—in the digital ether of cyberspace.
NPQ | To what kind of threats are we vulnerable?
McCONNELL | There are different kinds of cyber-exploitation. Mostly what goes on is stealing information from others so that those who steal it have an information advantage. The vast majority of the countries in the world today have cyber-attack capabilities. Most of them are trying to understand what their neighbors, competitors or adversaries are doing.
Another type of attack is denial-of-service. If Russia wants to block the ability of Estonia or Georgia to communicate, they fill up the information space so nothing else can get through.
Neither of these is a real long-term threat to a country. The real threat is when someone is not deterred from getting access to information in order to destroy the data, the information. If information or data is destroyed, computer systems can cease to function.
Global banking illustrates the immense vulnerability to this kind of attack. There is no gold standard today. When money is transferred, there are no printed dollar bills changing hands. It is all an accounting system run by computers based on confidence and trust that the transactions will be completed, validated and reconciled in the global financial system. “Hello, New York, this is Tokyo. Transmitting $100 million. Transmitted. Received. Accounts reconciled.” A few-seconds transaction.
What happens if someone who is not deterred attacks a large bank in New York and contaminates or destroys the data? Suddenly there is a level of uncertainty and loss of confidence. Without confidence that transactions are safe and will reconcile, financial transactions stop.
If cyberhackers can destroy online and backup data in this way, we would have a banking crisis of global proportions not unlike what we’ve just been through, in slow motion, with the toxic assets of the subprime mortgage crisis. What we would see is not unlike the level of uncertainty that spread through the banking system. Who knows what accounts would really be worth? Was that $100 million transmitted only $90 million, or $10 million? The trust has been compromised. Lack of trust would cascade through the system because of the widely interconnected contamination of data.
If the 19 terrorists who attacked the World Trade Center in 2001 had cyber-attacked one large New York bank and been successful in destroying the bank’s data and backup data, we would have had an order of magnitude greater economic impact than 9/11 had on the world.
So, we are vulnerable. A small number of people could create the significant damage from a remote, even overseas location.
If an attacker wants to attack communication or contaminate information, they need to only find one way in. But if one wants to defend against an attack, we have to defend the whole system from penetration. In a nation, therefore, every system linked to computer networks and the Internet must be defended from utilities to transportation to banking to ATM machines.
This is the warfare of the future. In my view, it is one of the highest priorities for the US. Because we are the most developed technologically—we have the most bandwidth running through our society and are more dependent on that bandwidth—we are the most vulnerable.
This mass vulnerability means we have entered a new age of threat, defense, deterrent and attack equivalent in some ways to the atomic age. A coordinated attack from a remote location by a small group on our electric grid, transportation network and banking system could create damage as potentially great as a nuclear weapon over time.
The age when America’s threat came from “over there,” across the great saltwater moats of the Atlantic and Pacific that have protected the continent, can no longer be the mindset of our defense. Today there is no distinction between “over there” and “here” because we are all connected by strands of optic fiber that run our systems and that could determine our survival.
As shocking as 9/11 was to the nation, it was only a small breach compared to the systemic threats we face today. When the terrorists get smarter, they won’t even need to come to our shores to create the kind of havoc and turmoil they did by flying planes into the Twin Tours. They will be able to do it from their laptops from overseas.
CHINA AND CYBERWAR
NPQ | Defense analysts say that 90 percent of the probes and scans of American defense systems as well as commercial computer networks come from China. What is that about?
McCONNELL | I don’t know if it is 90 percent. Probably the best in the world in the cyber realm are the United States, the Russians, the British, the Israelis and the French. The next tier is the Chinese, but they are determined to be the best.
We are an open society. A virtual sieve for cyber penetration. Most information they can readily download from the Web. It is very easy to scan a network in seconds to determine which two or three of the thousands of computers are not protected with blocking technology. One infects the unprotected computers on the inside, which in turn infects the remaining computers inside the network.
The Chinese are exploiting our systems for information advantage—looking for the characteristics of a weapons system by a defense contractor or academic research on plasma physics, for example—not in order to destroy data and do damage. But, for now, I believe they are deterred from destroying data both by the need to export to the US and by the need to keep stable currency and stable global markets.
But what happens if we have a war? A capability for information exploitation could quickly be used for information attack to destroy systems on which the US depends. Every nation with advanced technology is exploring options to establish policy and rules for how to use this new capability to wage war.
NPQ | So everyone is probing everyone else?
McCONNELL | Everyone. All the time. US probings are limited to foreigners. We cannot probe in American systems. We would need a warrant for that, and the purpose would have to be foreign intelligence value, approved by a court. Foreign attackers into the US do not have such restrictions.
The point is, we have an intelligence community, managed by the director of national intelligence, whose purpose is to understand the globe by obtaining foreign information that will give us an advantage and to assist our understanding of those who might in some way threaten our security.
Terrorist groups today are ranked near the bottom of cyberwar capability. Criminal organizations are more sophisticated. There is a hierarchy. You go from nation-states, who can destroy things, to criminals, who can steal things, to aggravating but sophisticated hackers.
At some point, however, the terrorists will get a couple of graduates from one of the best universities with skills in cyber capabilities. It is a mistake to think these terrorists are simply poor peasants or angry preachers. The terror attacks on London (in 2007) were planned and executed by professionally trained medical doctors.
Sooner or later, terror groups will achieve cyber-sophistication. It’s like nuclear proliferation, only far easier. Once you have the knowledge, you don’t have to spend years enriching uranium and testing long-range missiles. It wouldn’t take long to obtain a sophisticated attack capability. Unlike nation-states that have an interest in a stable globe with stable markets, the terrorists will not be deterred from damaging our data to achieve their goals.
For once in our history, the US should take proactive measures ahead of a disaster to plan for this instead of react after the fact. I understand the art of the possible in cyber-warfare capabilities. I know what our capabilities are today. Others will be able to do the same thing in time, so let’s do what is necessary to defend ourselves now before we have a catastrophic event.
NPQ | When we are talking about the Chinese, whom are we talking about? The government? The People’s Liberation Army?
McCONNELL | Let me put it this way. In the US, we made a decision that codebreaking was essential to our security; therefore, the president created the National Security Agency in 1952.
In World War II, we had codebreaking units in the Army, Navy and the State Department that contributed significantly to winning the war in Europe and in the Pacific. In order to manage codebreaking going into the Cold War, the president created the NSA, which reports to the secretary of defense, a Cabinet position, because the function was considered so important. The secretary of defense remains today the Cabinet official responsible for NSA’s mission of signals intelligence.
So NSA manages it for the nation. China has a similar structure and authority associated with it. So, their intelligence collection is coordinated, but just as in the US, there are competing bureaucracies carrying out the cyber-exploitation mission.
In China today, there are thousands of people in a sustained effort to collect intelligence, many of them on an entrepreneurial basis, as it were, within a competing bureaucratic structure.
China understands that a strategic vulnerability of the US is its soft cyber underbelly. I believe they seek to “own” that space.
My view is that the Chinese received a big shock when watching the action of Desert Storm (during the first Iraq war). They saw the power of the US linking computer technology with weaponry to attain precision. We had dropped 1,000 bombs in World War II to destroy a target effectively. In Vietnam, it took hundreds of bombs. Today it takes one.
One target. One bomb. We dominated the warfare sphere. We owned the ability to locate and see targets through navigation and satellite imagery others did not have. We had air superiority. We could take a valuable target out with one bomb at the time of our choosing.
I believe the Chinese concluded from the Desert Storm experience that their counter approach had to be to challenge America’s control of the battle space by building capabilities to knock out our satellites and invading our cyber networks. In the name of the defense of China in this new world, the Chinese feel they have to remove that advantage of the US in the event of a war.
So, the Chinese developed capacity to shoot down satellites. They have developed over-the-horizon radar capabilities. They have missiles that can be retargeted in flight. In short, they are seeking ways to keep us at bay in the event of a conflict, to not let us approach China. In time, as their power, influence and wealth grow, China likely will develop “power projection” weapons systems.
They see the Middle Kingdom as the center of the world. They will have gone from what they describe as “the century of shame” to “our century” going forward. And they want to protect that from the US or anybody else. The Chinese want to dominate this information space.
So, they want to develop the capability of attacking our “information advantage” while denying us this capability.