Mike McConnell, the director of national intelligence, had planned to take just an hour of the President’s time. McConnell had requested the meeting, which included the senior members of George W. Bush’s National Security Council and his White House security advisers. But in only 15 minutes, McConnell had gotten everything he came for.
The sales pitch had been easier than McConnell had anticipated. But it didn’t take much to convince Bush of what he already knew. Insurgents and Al-Qaeda fighters in Iraq were tearing into US troops with improvised roadside bombs. They’d coordinated their strikes over cell phones, then posted celebratory videos of their shock dramas on the Internet. Even a President who’d only used “the Google” to find an overhead photo of his Texas ranch understood that the Iraqi insurgency had a technical dimension.
To counter these enemies, Bush had ordered a 20,000-strong “surge” of troops. But McConnell proposed another angle, a way to attack the increasingly vicious network of roadside bombers without firing a bullet. He wanted to use the intelligence community’s expertise to take control of a communications network. He wanted to hack the insurgency.
The National Security Agency had, under McConnell’s tenure as director in the 1990s, established an “information warfare” unit that could break into adversary computer networks with weapons fashioned not of steel but of computer code. NSA—the largest American intelligence agency—was a massive digital eavesdropper, adept at plucking phone calls and other electronic communications off the global telecom network or out of the air as the signals bounced off satellites. The information-warfare unit would expand on those skills by cracking into computer systems—not just to spy but to play with an enemy’s mind, to corrupt and undermine its confidence in its own intelligence. Scrambling communications. Falsifying messages and coordinates.
Denial and deception were ancient techniques of war, and McConnell had helped package them into modern weapons. Now he wanted to unleash them in Iraq—in a cyberwar.
Bush quickly approved the operation, which required presidential authorization because cyberweapons had a way of getting out of hand. In the months before the 2003 invasion of Iraq, military planners had nixed a plan to knock out Saddam Hussein’s banking system with a computer virus because they feared it could infect the global banking system.
When the military and the intelligence community put the new plan into action, it was more focused. US forces sent messages that looked as if they’d come from one of the insurgents’ own but that actually led them into the fire of American soldiers. Being inside the enemy network afforded valuable tactical and strategic advantages, not the least of which was access to a virtual map of everyone in a bombing cell. The full force of American digital surveillance was brought to bear.
Other streams of intelligence—particularly from unmanned aerial drones and Iraqi informants—gave US troops and special-operations forces the richest trove of information they’d had in the history of the war. It was this electronic data, more than any troop surge, that Bush-administration officials later credited with turning the tide of the war.
McConnell had been prepared to take the full hour to explain cyberwarfare to the President. But now there he was in the Oval Office, surrounded by senior members of the Cabinet and the President’s national-security team, with 45 minutes left on the clock. Well, he thought, as long as we’re here.
There was something else McConnell wanted to tell the President: America’s vital systems of communication and industry—the same kinds of networks that America would eventually attack in Iraq—were wide open to an attack from America’s enemies.
Here, too, the former NSA director was a seasoned expert. Before returning to government, McConnell had run the intelligence division of Booz Allen Hamilton, a leading Beltway contractor stocked with former high-ranking officials. Cyberdefense was his pet project. McConnell found that the digital telecommunications networks proliferating across the globe were good targets for hackers, foreign governments, and potentially terrorists.
His Booz Allen team zeroed in on weaknesses in financial-services companies. Working with officials from the New York Stock Exchange, he developed a report about how hackers could break into major banks’ electronic accounting systems and steal or alter data. Such an assault could erode the system of trust and assurance upon which the US economy rested—banks unable to close transactions, clearinghouses unable to process trades.
McConnell had a rare grasp of the cyberthreat, against which the United States still hadn’t amassed its forces. He had risen to national prominence in the early 1990s as director of intelligence for the chairman of the Joint Chiefs of Staff, Colin Powell, during the Gulf War. McConnell, then a vice admiral, so firmly grasped the minutiae of troop movements and the concepts of broad military strategy that Powell put him in charge of daily press briefings. McConnell had to explain the war effort to the American public in a digestible format. Now, as the President’s top intelligence adviser, he could speak directly to the commander-in-chief.
McConnell decided to tell President Bush just how defenseless American banks, power grids, and other critical sectors that ran on the Internet really were. Everything that McConnell had just described about cyberwarfare—about what the United States could do in Iraq—others could do to the United States.
Bush looked incredulous. This could happen here? Phone systems were vulnerable? The President pointed to the secure phone on his desk and asked whether someone could electronically hack his way into it.