As the US government depicts the Defense Department as shrinking due to budgetary constraints, the Washington Post this morning announces “a major expansion of [the Pentagon's] cybersecurity force over the next several years, increasing its size more than fivefold.” Specifically, says the New York Times Monday, “the expansion would increase the Defense Department’s Cyber Command by more than 4,000 people, up from the current 900.” The Post describes this expansion as “part of an effort to turn an organization that has focused largely on defensive measures into the equivalent of an Internet-era fighting force.” This Cyber Command Unit operates under the command of Gen. Keith Alexander, who also happens to be the head of the National Security Agency, the highly secretive government network that spies on the communications of foreign nationals – and American citizens.
The Pentagon’s rhetorical justification for this expansion is deeply misleading. Beyond that, these activities pose a wide array of serious threats to internet freedom, privacy, and international law that, as usual, will be conducted with full-scale secrecy and with little to no oversight and accountability. And, as always, there is a small army of private-sector corporations who will benefit most from this expansion.
Disguising aggression as “defense”
Let’s begin with the way this so-called “cyber-security” expansion has been marketed. It is part of a sustained campaign which, quite typically, relies on blatant fear-mongering.
In March, 2010, the Washington Post published an amazing Op-Ed by Adm. Michael McConnell, Bush’s former Director of National Intelligence and a past and current executive with Booz Allen, a firm representing numerous corporate contractors which profit enormously each time the government expands its “cyber-security” activities. McConnell’s career over the last two decades – both at Booz, Allen and inside the government – has been devoted to accelerating the merger between the government and private sector in all intelligence, surveillance and national security matters (it was he who led the successful campaign to retroactively immunize the telecom giants for their participation in the illegal NSA domestic spying program). Privatizing government cyber-spying and cyber-warfare is his primary focus now.
McConnell’s Op-Ed was as alarmist and hysterical as possible. Claiming that “the United States is fighting a cyber-war today, and we are losing”, it warned that “chaos would result” from an enemy cyber-attack on US financial systems and that “our power grids, air and ground transportation, telecommunications, and water-filtration systems are in jeopardy as well.” Based on these threats, McConnell advocated that “we” – meaning “the government and the private sector” – “need to develop an early-warning system to monitor cyberspace” and that “we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment – who did it, from where, why and what was the result – more manageable.” As Wired’s Ryan Singel wrote: “He’s talking about changing the internet to make everything anyone does on the net traceable and geo-located so the National Security Agency can pinpoint users and their computers for retaliation.”
The same week the Post published McConnell’s extraordinary Op-Ed, the Obama White House issued its own fear-mongering decree on cyber-threats, depicting the US as a vulnerable victim to cyber-aggression. It began with this sentence: “President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter.” It announced that “the Executive Branch was directed to work closely with all key players in US cybersecurity, including state and local governments and the private sector” and to “strengthen public/private partnerships”, and specifically announced Obama’s intent to “to implement the recommendations of the Cyberspace Policy Review built on the Comprehensive National Cybersecurity Initiative (CNCI) launched by President George W. Bush.”
Since then, the fear-mongering rhetoric from government officials has relentlessly intensified, all devoted to scaring citizens into believing that the US is at serious risk of cataclysmic cyber-attacks from “aggressors”. This all culminated when Defense Secretary Leon Panetta, last October, warned of what he called a “cyber-Pearl Harbor”. This “would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability.” Identifying China, Iran, and terrorist groups, he outlined a parade of horribles scarier than anything since Condoleezza Rice’s 2002 Iraqi “mushroom cloud”:
“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches. They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
As usual, though, reality is exactly the opposite. This massive new expenditure of money is not primarily devoted to defending against cyber-aggressors. The US itself is the world’s leading cyber-aggressor. A major purpose of this expansion is to strengthen the US’s ability to destroy other nations with cyber-attacks. Indeed, even the Post report notes that a major component of this new expansion is to “conduct offensive computer operations against foreign adversaries”.
It is the US – not Iran, Russia or “terror” groups – which already is the first nation (in partnership with Israel) to aggressively deploy a highly sophisticated and extremely dangerous cyber-attack. Last June, the New York Times’ David Sanger reported what most of the world had already suspected: “From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons.” In fact, Obama “decided to accelerate the attacks . . . even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet.” According to the Sanger’s report, Obama himself understood the significance of the US decision to be the first to use serious and aggressive cyber-warfare:
“Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons – even under the most careful and limited circumstances – could enable other countries, terrorists or hackers to justify their own attacks.”
The US isn’t the vulnerable victim of cyber-attacks. It’s the leading perpetrator of those attacks. As Columbia Professor and cyber expert Misha Glenny wrote in the NYT last June: Obama’s cyber-attack on Iran “marked a significant and dangerous turning point in the gradual militarization of the Internet.”
Indeed, exactly as Obama knew would happen, revelations that it was the US which became the first country to use cyber-warfare against a sovereign country – just as it was the first to use the atomic bomb and then drones – would make it impossible for it to claim with any credibility (except among its own media and foreign policy community) that it was in a defensive posture when it came to cyber-warfare. As Professor Glenny wrote: “by introducing such pernicious viruses as Stuxnet and Flame, America has severely undermined its moral and political credibility.” That’s why, as the Post reported yesterday, the DOJ is engaged in such a frantic and invasive effort to root out Sanger’s source: because it reveals the obvious truth that the US is the leading aggressor in the world when it comes to cyber-weapons.
This significant expansion under the Orwellian rubric of “cyber-security” is thus a perfect microcosm of US military spending generally. It’s all justified under by the claim that the US must defend itself from threats from Bad, Aggressive Actors, when the reality is the exact opposite: the new program is devoted to ensuring that the US remains the primary offensive threat to the rest of the world. It’s the same way the US develops offensive biological weapons under the guise of developing defenses against such weapons (such as the 2001 anthrax that the US government itself says came from a US Army lab). It’s how the US government generally convinces its citizens that it is a peaceful victim of aggression by others when the reality is that the US builds more weapons, sells more arms and bombs more countries than virtually the rest of the world combined.
Threats to privacy and internet freedom
Beyond the aggressive threat to other nations posed by the Pentagon’s “cyber-security” programs, there is the profound threat to privacy, internet freedom, and the ability to communicate freely for US citizens and foreign nationals alike. The US government has long viewed these “cyber-security” programs as a means of monitoring and controlling the internet and disseminating propaganda. The fact that this is all being done under the auspices of the NSA and the Pentagon means, by definition, that there will be no transparency and no meaningful oversight.
Back in 2003, the Rumsfeld Pentagon prepared a secret report entitled “Information Operations (IO) Roadmap”, which laid the foundation for this new cyber-warfare expansion. The Pentagon’s self-described objective was “transforming IO into a core military competency on par with air, ground, maritime and special operations”. In other words, its key objective was to ensure military control over internet-based communications:
It further identified superiority in cyber-attack capabilities as a vital military goal in PSYOPs (Psychological Operations) and “information-centric fights”:
And it set forth the urgency of dominating the “IO battlespace” not only during wartime but also in peacetime:
As a 2006 BBC report on this Pentagon document noted: “Perhaps the most startling aspect of the roadmap is its acknowledgement that information put out as part of the military’s psychological operations, or Psyops, is finding its way onto the computer and television screens of ordinary Americans.” And while the report paid lip service to the need to create “boundaries” for these new IO military activities, “they don’t seem to explain how.” Regarding the report’s plan to “provide maximum control of the entire electromagnetic spectrum”, the BBC noted: “Consider that for a moment. The US military seeks the capability to knock out every telephone, every networked computer, every radar system on the planet.”