Pentagon's new massive expansion of 'cyber-security' unit is about
everything except defense - Cyber-threats are the new pretext to
justify expansion of power and profit for the public-private National
Security State
As the US government depicts the Defense Department as shrinking due
to budgetary constraints, the Washington Post this morning announces
"a major expansion of [the Pentagon's] cybersecurity force over the
next several years, increasing its size more than fivefold."
Specifically, says the New York Times this morning, "the expansion
would increase the Defense Department's Cyber Command by more than
4,000 people, up from the current 900." The Post describes this
expansion as "part of an effort to turn an organization that has
focused largely on defensive measures into the equivalent of an
Internet-era fighting force." This Cyber Command Unit operates under
the command of Gen. Keith Alexander, who also happens to be the head
of the National Security Agency, the highly secretive government
network that spies on the communications of foreign nationals - and
American citizens. The Pentagon's rhetorical justification for this
expansion is deeply misleading. Beyond that, these activities pose a
wide array of serious threats to internet freedom, privacy, and
international law that, as usual, will be conducted with full-scale
secrecy and with little to no oversight and accountability. And, as
always, there is a small army of private-sector corporations who will
benefit most from this expansion.
Let's begin with the way this so-called "cyber-security" expansion has
been marketed. It is part of a sustained campaign which, quite
typically, relies on blatant fear-mongering.
In March, 2010, the Washington Post published an amazing Op-Ed by Adm.
Michael McConnell, Bush's former Director of National Intelligence and
a past and current executive with Booz Allen, a firm representing
numerous corporate contractors which profit enormously each time the
government expands its "cyber-security" activities.
McConnell's career over the last two decades - both at Booz, Allen and
inside the government - has been devoted to accelerating the merger
between the government and private sector in all intelligence,
surveillance and national security matters (it was he who led the
successful campaign to retroactively immunize the telecom giants for
their participation in the illegal NSA domestic spying program).
Privatizing government cyber-spying and cyber-warfare is his primary
focus now.
McConnell's Op-Ed was as alarmist and hysterical as possible. Claiming
that "the United States is fighting a cyber-war today, and we are
losing", it warned that "chaos would result" from an enemy cyber-
attack on US financial systems and that "our power grids, air and
ground transportation, telecommunications, and water-filtration
systems are in jeopardy as well." Based on these threats, McConnell
advocated that "we" - meaning "the government and the private sector"
- "need to develop an early-warning system to monitor cyberspace" and
that "we need to reengineer the Internet to make attribution,
geolocation, intelligence analysis and impact assessment - who did it,
from where, why and what was the result - more manageable." As Wired's
Ryan Singel wrote: "He's talking about changing the internet to make
everything anyone does on the net traceable and geo-located so the
National Security Agency can pinpoint users and their computers for
retaliation."
The same week the Post published McConnell's extraordinary Op-Ed, the
Obama White House issued its own fear-mongering decree on cyber-
threats, depicting the US as a vulnerable victim to cyber-aggression.
It began with this sentence: "President Obama has identified
cybersecurity as one of the most serious economic and national
security challenges we face as a nation, but one that we as a
government or as a country are not adequately prepared to counter." It
announced that "the Executive Branch was directed to work closely with
all key players in US cybersecurity, including state and local
governments and the private sector" and to "strengthen public/private
partnerships", and specifically announced Obama's intent to "to
implement the recommendations of the Cyberspace Policy Review built on
the Comprehensive National Cybersecurity Initiative (CNCI) launched by
President George W. Bush."
Since then, the fear-mongering rhetoric from government officials has
relentlessly intensified, all devoted to scaring citizens into
believing that the US is at serious risk of cataclysmic cyber-attacks
from "aggressors". This all culminated when Defense Secretary Leon
Panetta, last October, warned of what he called a "cyber-Pearl
Harbor". This "would cause physical destruction and the loss of life,
an attack that would paralyze and shock the nation and create a
profound new sense of vulnerability." Identifying China, Iran, and
terrorist groups, he outlined a parade of horribles scarier than
anything since Condoleezza Rice's 2002 Iraqi "mushroom cloud":
"An aggressor nation or extremist group could use these kinds of cyber
tools to gain control of critical switches. They could derail
passenger trains, or even more dangerous, derail passenger trains
loaded with lethal chemicals. They could contaminate the water supply
in major cities, or shut down the power grid across large parts of the
country."
As usual, though, reality is exactly the opposite. This massive new
expenditure of money is not primarily devoted to defending against
cyber-aggressors. The US itself is the world's leading cyber-
aggressor. A major purpose of this expansion is to strengthen the US's
ability to destroy other nations with cyber-attacks. Indeed, even the
Post report notes that a major component of this new expansion is to
"conduct offensive computer operations against foreign adversaries".
It is the US - not Iran, Russia or "terror" groups - which already is
the first nation (in partnership with Israel) to aggressively deploy a
highly sophisticated and extremely dangerous cyber-attack. Last June,
the New York Times' David Sanger reported what most of the world had
already suspected: "From his first months in office, President Obama
secretly ordered increasingly sophisticated attacks on the computer
systems that run Iran's main nuclear enrichment facilities,
significantly expanding America's first sustained use of
cyberweapons." In fact, Obama "decided to accelerate the attacks . . .
even after an element of the program accidentally became public in the
summer of 2010 because of a programming error that allowed it to
escape Iran's Natanz plant and sent it around the world on the
Internet." According to the Sanger's report, Obama himself understood
the significance of the US decision to be the first to use serious and
aggressive cyber-warfare:
"Mr. Obama, according to participants in the many Situation Room
meetings on Olympic Games, was acutely aware that with every attack he
was pushing the United States into new territory, much as his
predecessors had with the first use of atomic weapons in the 1940s, of
intercontinental missiles in the 1950s and of drones in the past
decade. He repeatedly expressed concerns that any American
acknowledgment that it was using cyberweapons - even under the most
careful and limited circumstances - could enable other countries,
terrorists or hackers to justify their own attacks."
The US isn't the vulnerable victim of cyber-attacks. It's the leading
perpetrator of those attacks. As Columbia Professor and cyber expert
Misha Glenny wrote in the NYT last June: Obama's cyber-attack on Iran
"marked a significant and dangerous turning point in the gradual
militarization of the Internet."
Indeed, exactly as Obama knew would happen, revelations that it was
the US which became the first country to use cyber-warfare against a
sovereign country - just as it was the first to use the atomic bomb
and then drones - would make it impossible for it to claim with any
credibility (except among its own media and foreign policy community)
that it was in a defensive posture when it came to cyber-warfare. As
Professor Glenny wrote: "by introducing such pernicious viruses as
Stuxnet and Flame, America has severely undermined its moral and
political credibility." That's why, as the Post reported yesterday,
the DOJ is engaged in such a frantic and invasive effort to root out
Sanger's source: because it reveals the obvious truth that the US is
the leading aggressor in the world when it comes to cyber-weapons.
This significant expansion under the Orwellian rubric of "cyber-
security" is thus a perfect microcosm of US military spending
generally. It's all justified under by the claim that the US must
defend itself from threats from Bad, Aggressive Actors, when the
reality is the exact opposite: the new program is devoted to ensuring
that the US remains the primary offensive threat to the rest of the
world. It's the same way the US develops offensive biological weapons
under the guise of developing defenses against such weapons (such as
the 2001 anthrax that the US government itself says came from a US
Army lab). It's how the US government generally convinces its citizens
that it is a peaceful victim of aggression by others when the reality
is that the US builds more weapons, sells more arms and bombs more
countries than virtually the rest of the world combined.
Threats to privacy and internet freedom - Beyond the aggressive threat
to other nations posed by the Pentagon's "cyber-security" programs,
there is the profound threat to privacy, internet freedom, and the
ability to communicate freely for US citizens and foreign nationals
alike. The US government has long viewed these "cyber-security"
programs as a means of monitoring and controlling the internet and
disseminating propaganda. The fact that this is all being done under
the auspices of the NSA and the Pentagon means, by definition, that
there will be no transparency and no meaningful oversight.
Back in 2003, the Rumsfeld Pentagon prepared a secret report entitled
"Information Operations (IO) Roadmap", which laid the foundation for
this new cyber-warfare expansion. The Pentagon's self-described
objective was "transforming IO into a core military competency on par
with air, ground, maritime and special operations". In other words,
its key objective was to ensure military control over internet-based
communications:
As a 2006 BBC report on this Pentagon document noted: "Perhaps the
most startling aspect of the roadmap is its acknowledgement that
information put out as part of the military's psychological
operations, or Psyops, is finding its way onto the computer and
television screens of ordinary Americans." And while the report paid
lip service to the need to create "boundaries" for these new IO
military activities, "they don't seem to explain how." Regarding the
report's plan to "provide maximum control of the entire
electromagnetic spectrum", the BBC noted: "Consider that for a moment.
The US military seeks the capability to knock out every telephone,
every networked computer, every radar system on the planet."
Since then, there have been countless reports of the exploitation by
the US national security state to destroy privacy and undermine
internet freedom. In November, the LA Times described programs that
"teach students how to spy in cyberspace, the latest frontier in
espionage." They "also are taught to write computer viruses, hack
digital networks, crack passwords, plant listening devices and mine
data from broken cellphones and flash drives." The program, needless
to say, "has funneled most of its graduates to the CIA and the
Pentagon's National Security Agency, which conducts America's digital
spying. Other graduates have taken positions with the FBI, NASA and
the Department of Homeland Security."
n 2010, Lawrence E. Strickling, Assistant Secretary of Commerce for
Communications and Information, gave a speech explicitly announcing
that the US intends to abandon its policy of "leaving the Internet
alone". Noting that this "has been the nation's Internet policy since
the Internet was first commercialized in the mid-1990s", he decreed:
"This was the right policy for the United States in the early stages
of the Internet, and the right message to send to the rest of the
world. But that was then and this is now."
The documented power of the US government to monitor and surveil
internet communications is already unfathomably massive. Recall that
the Washington Post's 2010 "Top Secret America" series noted that:
"Every day, collection systems at the National Security Agency
intercept and store 1.7 billion e-mails, phone calls and other types
of communications." And the Obama administration has formally demanded
that it have access to any and all forms of internet communication. It
is hard to overstate the danger to privacy and internet freedom from a
massive expansion of the National Security State's efforts to exploit
and control the internet. As Wired's Singel wrote back in 2010: "Make
no mistake, the military industrial complex now has its eye on the
internet. Generals want to train crack squads of hackers and have wet
dreams of cyberwarfare. Never shy of extending its power, the military
industrial complex wants to turn the internet into yet another venue
for an arms race". Wildly exaggerated cyber-threats are the pretext
for this control, the "mushroom cloud" and the Tonkin Gulf fiction of
cyber-warfare. As Singel aptly put it: "the only war going on is one
for the soul of the internet." That's the vital context for
understanding this massive expansion of Pentagon and NSA consolidated
control over cyber programs.
Bonanza for private contractors - As always, it is not just political
power but also private-sector profit driving this expansion. As
military contracts for conventional war-fighting are modestly reduced,
something needs to replace it, and these large-scale "cyber-security"
contracts are more than adequate. Virtually every cyber-security
program from the government is carried out in conjunction with its
"private-sector partners", who receive large transfers of public funds
for this work.
Two weeks ago, Business Week reported that "Lockheed Martin Corp.,
AT&T Inc., and CenturyLink Inc. are the first companies to sign up for
a US program giving them classified information on cyber threats that
they can package as security services for sale to other companies."
This is part of a government effort "to create a market based on
classified US information about cyber threats." In May, it was
announced that "the Pentagon is expanding and making permanent a trial
program that teams the government with Internet service providers to
protect defense firms' computer networks against data theft by foreign
adversaries" - all as "part of a larger effort to broaden the sharing
of classified and unclassified cyberthreat data between the government
and industry."
Indeed, there is a large organization of defense and intelligence
contractors devoted to one goal: expanding the private-public merger
for national security and intelligence functions. This organization -
the Intelligence and National Security Alliance (INSA) - was formerly
headed by Adm. McConnell, and describes itself as a "collaboration by
leaders from throughout the US Intelligence Community" which "combines
the experience of senior leaders from government, the private sector,
and academia."
As I detailed back in 2010, one of its primary goals is to scare the
nation about supposed cyber-threats in order to justify massive new
expenditures for the private-sector intelligence industry on cyber-
security measures and vastly expanded control over the internet.
Indeed, in his 2010 Op-Ed, Adm. McConnell expressly acknowledged that
the growing privatization of internet cyber-security programs "will
muddy the waters between the traditional roles of the government and
the private sector." At the very same time McConnell published this
Op-
Ed, the INSA website featured a report entitled "Addressing Cyber
Security Through Public-Private Partnership." It featured a genuinely
creepy graphic showing the inter-connectedness between government
institutions (such as Congress and regulatory agencies), the
Surveillance State, private intelligence corporations, and the
Internet:
Private-sector profit is now inextricably linked with the fear-
mongering campaign over cyber-threats. At one INSA conference in 2009
- entitled "Cyber Deterrence Conference" - government officials and
intelligence industry executives gathered together to stress that
"government and private sector actors should emphasize collaboration
and partnership through the creation of a model that assigns specific
roles and responsibilities."
As intelligence contractor expert Tim Shorrock told Democracy Now when
McConnell - then at Booz Allen - was first nominated to be DNI: Well,
the NSA, the National Security Agency, is really sort of the lead
agency in terms of outsourcing . . . . Booz Allen is one of about, you
know, ten large corporations that play a very major role in American
intelligence. Every time you hear about intelligence watching North
Korea or tapping al-Qaeda phones, something like that, you can bet
that corporations like these are very heavily involved. And Booz Allen
is one of the largest of these contractors. I estimate that about 50%
of our $45 billion intelligence budget goes to private sector
contractors like Booz Allen.
This public-private merger for intelligence and surveillance functions
not only vests these industries with large-scale profits at public
expense, but also the accompanying power that was traditionally
reserved for government. And unlike government agencies, which are at
least subjected in theory to some minimal regulatory oversight, these
private-sector actors have virtually none, even as their surveillance
and intelligence functions rapidly increase.
What Dwight Eisenhower called the military-industrial complex has been
feeding itself on fear campaigns since it was born. A never-ending
carousel of Menacing Enemies - Communists, Terrorists, Latin American
Tyrants, Saddam's chemical weapons, Iranian mullahs - has sustained
it, and Cyber-Threats are but the latest. Like all of these wildly
exaggerated cartoon menaces, there is some degree of threat posed by
cyber-attacks. But, as Singel described, all of this can be managed
with greater security systems for public and private computer networks
- just as some modest security measures are sufficient to deal with
the terrorist threat.
This new massive expansion has little to do with any actual cyber-
threat - just as the invasion of Iraq and global assassination program
have little to do with actual terrorist threats. It is instead all
about strengthening the US's offensive cyber-war capabilities,
consolidating control over the internet, and ensuring further
transfers of massive public wealth to private industry continue
unabated. In other words, it perfectly follows the template used by
the public-private US National Security State over the last six
decades to entrench and enrich itself based on pure pretext.
