“War is merely the continuation of politics by other means.”
— Carl von Clausewitz
Like its political counterpart, the rhetoric of warfare can be astonishingly repetitive. That “the Internet has become a battlefield,” to borrow a line from page 78 of Shane Harris’ new book @War: The Rise of the Military-Internet Complex, is hardly original, even if it is an argument worth exploring.
But the metaphor loses its luster when followed two pages later by “the Internet seems to be a borderless battlefield” and, still three pages further on, with “the Internet was a battlefield.” Driving the point home, finally, is Chapter Four’s title: “The Internet Is a Battlefield.”
In fairness to Shane Harris, the comparison is particularly apt, and he is sufficiently credentialed to make it. His 2010 book, The Watchers: The Rise of America’s Surveillance State, recounted the steady buildup of a national surveillance apparatus, three years before Edward Snowden became a household name. And he has reported on the national security sector at publications ranging from The National Journal to Foreign Policy and now The Daily Beast.
Moreover, even the monotonous sloganeering underscores an undeniable fact about the modern Internet. Like the physical space in which mass carnage was wreaked in centuries past, the digital battlefield of today is frequently hostile, unpredictable, and prone to surprise maneuvers and counterattacks. It is alarming enough that criminal hacker rings have, time and again, pilfered tens of millions of online users’ personal information: credit card data, Social Security numbers, and the like.
Far more concerning in the long term, however, is industrial-scale spying by agents of foreign states. And as de facto extensions of the American military, civilian contractors such as Lockheed Martin and Northrop Grumman — whose data security policies are not always on par with the military’s — are particularly juicy targets for state-sponsored hackers. It was not the military, but a private contractor, that was hacked in 2006 for intelligence on the F-35 Joint Strike Fighter, for example.
It is this contradiction between national security interests and for-profit business objectives that most worries Harris. The intelligence community has begun to view hacking not as a crime but an act of war. The FBI, for example, is “less concerned with taking hackers to court than in forecasting and deterring future attacks,” Harris warns.
This spells trouble for private companies and, by extension, their end users. Protecting consumer data — plugging vulnerabilities, scaring hackers away, and shoring up Internet defenses — is an unquestioned mandate of the private sector. But to American government spies, it is these very security flaws that enable their high-stakes digital combat efforts. And thus opens an enormous gulf between the intelligence and business communities at the very moment when ordinary citizens are increasingly vulnerable online.
Harris is mostly persuasive in vignettes that illustrate the precariousness of American cyber defense strategy. But for a book dedicated to the intricacies of digital weaponry, the author favors haphazard military analogies, leaving his technical chops in question. Thematically, the book meanders across related topics in no particular order. And an unstructured writing style leaves the reader to wonder, on occasion, where this is all heading.
On page 55, for example, Harris explains: “Any cyber strike has to be ordered by the president.” Just three pages later, however, he claims the exact opposite: “In a remarkable shift from the earlier days of cyber war, cyber attacks in battle no longer require the approval of the president in every instance.” Elsewhere, Harris heralds a secret National Security Agency (NSA) cyber surveillance program as “the key to winning the war in Iraq.” It hardly takes a peacenik to wonder how we all missed that memo. And in a retelling of the NSA’s SIGINT Enabling Project, Harris describes the agency’s penetration of Microsoft products without making clear whether the software company had granted access or simply been bypassed entirely.
Typical of the author’s style is the use of military metaphors to describe Internet operations. This is useful to a limited extent. But it becomes irritating as the lexicon of choice for describing the inner workings of a cyber campaign: “It was as if rather than launching a few ships against their targets, they had sent an armada,” Harris writes in one characteristic description of a distributed denial-of-service (DDoS) attack.
Perhaps most frustrating is the author’s futile attempt to reconcile his desire for a broad readership with his choice of a subject as inherently technical as cyber warfare. The result is a mélange of hacking anecdotes, recounted in virtually indistinguishable broad strokes, where nothing less than in-the-weeds, technical storytelling would suffice.
Introducing an NSA hacker unit known as the Transgression Branch, for example, Harris writes: “The branch watches a hacker break into another country’s computer system, then follows him inside . . . The Americans let their allies do the hard work and watched silently as they scooped up passwords and sensitive documents from the adversary’s system.” This excerpt offers virtually no clues as to what exactly took place. And yet the details of such operations are enormously important for understanding the breadth of the intelligence community’s efforts.
Anonymity, too, is widespread in @War, which is understandable in a book dealing with such a sensitive topic. Less forgivable is clunky, unnecessary dialogue, as when an anonymous source pontificates on the thought process of a careless Chinese hacker: “I suspect, as the system went down, the PLA hacker said something like, ‘Oops, my bad,’ in Chinese.” The attributed thought-bubbles are often no better. In one passage, Harris writes of Ronin Analytics founder Bob Stasio’s reaction when faced with corporate executives’ insouciance as to their cybersecurity: “He’d shake his head and think, You don’t see what I see.”
Notwithstanding his dire outlook on the American intelligence community’s long-term strategy, Harris appears to take its members at their word to a considerable extent. He cites, without qualification, a Daily Beast story from August 2013 detailing a major “conference call” of nearly two dozen al-Qaeda leaders that was allegedly intercepted by American intelligence officials.
But Harris fails to mention that this story was almost immediately challenged by multiple journalists who suspected either the original reporters, Eli Lake and Josh Rogin, or the U.S. government of getting the facts wrong.
Harris’ central thesis — that an unholy, unstable alliance between big business and government threatens the future of the Internet — is most concisely delivered in the final chapter: “The government has always had a monopoly on the use of force,” Harris writes. “And that’s where the military-Internet complex takes a screaming turn off the road of history.”
His concern is genuine, and slightly misplaced. In the wake of Edward Snowden’s revelations, it is the government’s enormous intrusion into all of our data that has proved most frightening, not its diminishing monopoly power vis-à-vis business in the arena of cyber-aggression. If, as Harris postulates, “anonymity and collective security may be incompatible in cyberspace,” the appropriate response is to prevent business and government from eliminating both simultaneously.
Jay Pinho is a freelance journalist based in Brooklyn, New York.