4 March 2016

Review: ‘Dark Territory’ Illuminates Cybersecurity’s Shadows


http://www.nytimes.com/2016/03/01/business/dealbook/book-review-dark-territory-illuminates-cybersecuritys-shadows.html?_r=0
By JONATHAN A. KNEE FEB. 29, 2016 
Fred Kaplan has written a consistently eye-opening history of our government’s efforts to effectively manage our national security in the face of the largely open global communications network established by the World Wide Web.
The great strengths of “Dark Territory: The Secret History of Cyber War” (Simon & Schuster) are the depth of its reporting and the breadth of its ambition. Mr. Kaplan understands that the line between cyber wars and conventional ones has become more apparent than real and does not shy away from examining the full implications for both. He also explores the substantive and political drivers of the turf wars among the multiple agencies and branches of government that have a dog in the fight.
Tackling a subject that, as the current controversy over Apple’s standoff with the Justice Department confirms, attracts fierce partisans, Mr. Kaplan manages to keep his head and let the breathtaking facts mostly speak for themselves.

The result is not just a page-turner but consistently surprising. Who knew that the 1983 movie “War Games” had such a significant impact on President Reagan and the ultimate direction of our national policy, or that a different movie, “Sneakers,” viewed a decade later by the National Security Agency’s director, would as well? And what were the odds that one of the screenwriters of both films lived a few blocks from the Air Force-funded RAND Corporation? Critical plot elements, it turns out, were contributed by one of the original programmers for the North American Aerospace Defense Command computer, who the screenwriters met through RAND. They were unaware that at the time the programmer still sat on the scientific advisory board of the National Security Agency.

Photo 




The 1983 movie “War Games” had a significant impact on President Reagan and the ultimate direction of America’s cybersecurity policy. Credit MGM/United Artists Entertainment 

The surprises and pleasures of “Dark Territory” are not limited to such coincidences of history, although there are plenty of them. A variety of unexpected colorful characters, like a young hacker named Mudge, end up playing a meaningful and constructive role in shaping the country’s approach to cyberthreats. The author never neglects to tie his compelling descriptions of the personalities and events to their overarching historical implications. One of the most important themes that emerges from Mr. Kaplan’s nuanced narrative is the extent to which defense and offense are very much two sides of the same coin. Mr. Kaplan examines what this fundamental premise suggests not only for law and policy but for the very organization of the government’s efforts to protect the nation.

The biggest surprise of “Dark Territory” is the identity of the most prominent domestic heroes and villains in the “secret history.”

According to Mr. Kaplan, George W. Bush’s new administration “threw out” a variety of Clinton cybersecurity initiatives and downgraded the entire effort in response to “the contempt they harbored for their predecessor.” These shortsighted parochial decisions at the expense of the national interest are precisely the kind that the public suspects the government routinely makes.

The real shocker of “Dark Territory” is how rare such behavior actually has been. In fact, Mr. Kaplan’s account presents not just well-meaning but effective government officials repeatedly averting disasters, remedying incursions and prosecuting successful attacks. Using a combination of technical and bureaucratic innovations, a succession of foresighted mid- and high-level officials have managed to do a remarkable job of protecting the nation while balancing the civil liberties of its citizens.

This is not to say that our leaders are perfect. But given the magnitude of the challenges and the complexities of the issues, “Dark Territory” is the rare tome that leaves the reader feeling generally good about their civilian and military leadership.

What’s more, although there is a fair share of infighting, the biggest practical obstacle to progress that emerges from these pages is not the government, but the business community. Time and again, “private companies didn’t want to spend the money on cyber security, and they resisted all regulations to make them do so.” While giving lip service to the importance of the issue, most “executives had calculated that it cost no more to clean up after a cyber attack than to prevent one in the first place.”

Mr. Kaplan concedes that eventually, when the magnitude of the threat became clear, “the big banks were exceptions to this pattern,” but he is justifiably scathing about the corporate sector’s cynical response to the government’s early warnings and the disclosure by Edward J. Snowden of their complicity.

In response to the outcry over the Snowden affair, President Obama did what many leaders before him had done: appoint a commission. In this case, that commission was widely anticipated to generate fireworks with a membership that included security hard-liners like the former counterterrorism czar Richard A. Clarke and civil liberties advocates like the constitutional law professor Geoffrey R. Stone. After closely examining the details of the programs revealed by the documents that Mr. Snowden pilfered, however, the commissioners quickly arrived at a consensus and happily shared writing responsibility for their final report. After its publication, at a speech delivered to the National Security Agency, Professor Stone admitted that “I found to my surprise that the N.S.A. deserves the respect and appreciation of the American people.”

If Mr. Kaplan is to be believed, the same cannot be said of the private sector. The current dispute between Apple and the government should be decided on its own merits. The history detailed in “Dark Territory,” however, suggests that when it comes to cybersecurity, claims made by corporations should be examined with particular skepticism.

Jonathan A. Knee is Professor of Professional Practice at Columbia Business School and a Senior Advisor at Evercore Partners.

No comments: