Readers of this blog know the topic of cyberwar reasonably well. The national mythology on it has been deadening and invariant for virtually two decades. Festung America has always been threatened with devastation from cyberspace.
Clever hackers, then terrorists, then armies of cybersoldiers based in all countries wishing ill of the US have been claimed to have the power to stop the electricity, to destroy the US economy by striking Wall Street, to poison water and create horrific accidents through the remote manipulation of industrial control systems.
Today authors Bill Blunden and Violet Cheung have produced something of a first on the subject, a comprehensive book on it that isn't like all previous works on the matter. The genre of cyberwar books can be explained in less than half a dozen words: Fictions passed off as non-fiction. Blunden and Cheung's new book, Behold a Pale Farce (TrineDay, trade paperback), strength is reality. That makes it rather unique in the field.
To appreciate what this means, first a little history. Keen observes of the subject realize the national mythology is, as mentioned, now about twenty years old.
To Illustrate, take this excerpt from as far back as 1998 (which I had something to do with) from Steven Aftergood's Secrecy Bulletin at the Federation of American Scientists:
[George Smith, author of the Crypt Newsletter] has written a useful corrective entitled "An Electronic Pearl Harbor? Not Likely" which appeared in the National Academy of Sciences journal Issues in Science and Technology (Fall 1998) ...
Some of the best-informed observers are quick to acknowledge that Smith's critique is on target.
"I certainly agree that the notion of an electronic Pearl Harbor specifically, and more generally of information warfare, has been hyped to the point of nausea," said the vice president of one intelligence contractor that has multi- billion dollar annual revenues from its work in information technology. "This is but the latest of many fads in 'the Community'," he told S&GB, "and like most of its predecessors, [it] has just enough substance to require that serious attention be paid, but not nearly as much substance as the Cassandras of the Community would have us believe."
About fifteen years and "digital Pearl Harbor," "digital 9/11," whatever the name for it was trending, has never happened. Even still, it has been declared, as this book chronicles, a number of times.
But in the same period the Cassandras won almost total victory. The mainstream news collapsed as an agency capable of even mildly critical examinations of the subject. The only people with any say, the only people published where large numbers of eyeballs would see them, were those who hyped always coming Cyber-Armageddon.
As a consequence, books on the broad subject of cyberwar have been, universally, crap. And the reason is simple: Publishers would not stomach critical examinations.
Blunden writes about this as it impacted the publication of Behold a Pale Farce:
"While I've read about many of the filtering mechanisms of the propaganda model and witnessed its operation from afar, I never thought that I'd encounter them directly. This changed in late 2011 when out of the blue, I received an e-mail from a senior editor at a well-known technical publisher ... Having viewed my slides on cyberwar from SFSU's National Cybersecurity Awareness Event the editor wanted to know if I was interested in authoring a book on the topic. Shortly after ... I signed a contract and feverishly began the process of putting material together.
"Four or five months later the editor ominously summoned your author and co-author to his office for a meeting. He announced that both he and the founder of the publishing house were very concerned about the tone of the book. The editor complained at length about the potential hazards of push back, particularly with regard to the coverage of former Director of National Intelligence Mike McConnell. I was sending a message that would directly challenge the narrative being spread by powerful interests ... He also protested rather loudly that there were some things he couldn't sell."
This is true. How do I know?
Full disclosure: Blunden and Cheung used me as a reference to their publisher. And I was subsequently contacted by them for my opinion on the potential for it.
I told the publisher exactly what I've said many times previously. To reiterate, cyberwar books have, generally but fairly speaking, all been rubbish, exercises in threat inflation and hyperbole for the sake of titillation, reputation and the pushing of the accepted national security narrative. Another way of putting it: They're p.r. servanting for the benefit of those on the receiving end of always increasing spending on cyberwar offense, cyberspying and aggressive militarized surveillance of the internet.
At one point I was informed via company e-mail about how one publisher wished to send an early copy of the book off to an employee of Science Applications International Corporation.
This was laughable, no way to do a book of any kind.
Science Applications (or SAIC, for short) is a very large and very secretive Pentagon contractor. Everywhere you find the US military or American spying agencies, you find SAIC.
However, one thing SAIC is not known for is book writing and editing. In fact, suggesting SAIC as an arbiter of a book such as Pale Farce was a smoke signal that a publisher wished it buried in a deep hole.
Now let's return again to 2010 and the character, Mike McConnell, former Director of National Intelligence and VP at Booz Allen Hamilton.
Why do I call him a character? Because that's what he was and is, a kind of slippery fellow who was one among a small number central to shaping public and policy-maker views on cyberwar through the news media and other high-profile publicity megaphones. I'll get to him a bit more further in.
Between 2009 and 2010 I tabulated the names of people and company hyping cyberwar in the mainstream press as well as the number of times they appeared.
Heres' the table from my blog post at that time:
1. Alan Paller, SANS -- 84
2. McAfee -- 80
3. James Lewis, CSIS -- 47
4. Booz Allen Hamilton -- 38
5. Symantec -- 31
6. Mike McConnell, Booz Allen -- 25
7. Paul Kurtz, Good Harbor -- 11
8. Richard Clarke, Good Harbor 4
In terms of security vendor businesses, the list condenses to a small number of players controlling the debate all through 2009: SANS, McAfee, and Booz Allen Hamilton, the latter which jumps to number three on the list with 63 hits in major stories if you add McConnell's total.
In 2010, McConnell was not only on
Here's McConnell's now infamous lead-in paragraph from the latter:
"The United States is fighting a cyber-war today, and we are losing. It's that simple. As the most wired nation on Earth, we offer the most targets of significance, yet our cyber-defenses are woefully lacking."
By June of that year McConnell, along with Jonathan Zittrain of Harvard, had been invited to a well-publicized debate over whether or not the threat of cyberwar had been exaggerated. Marc Rotenberg and Bruce Schneier were on the opposite, or affirmative side, that it was.
The debate was an (ahem) farce. McConnell and Zittrain were declared the winners by a substantial margin of audience vote. The threat of cyberwar was not exaggerated. It was a triumph for obeisance to argument from authority.
Here's a bit from the transcript, a part in which Schneier mentions McConnell's Post piece:
"So we're here today to debate the motion that the threat of cyberwar is grossly exaggerated. And ... in preparing, read a book full of articles and have some choice quotes. Mike McConnell said in an op-ed in the Washington Post in February of this year that the United States is fighting a cyberwar today and we're losing. So, cyberwar is going on right now in our country."
It was a humorous moment. The McConnell quote was accurate, the audience laughed.
But here's Mike McConnell, cyberwar exaggerator but very important person in the national security megaplex, a few minutes later:
"When Bruce spoke at the beginning he said, 'Mike McConnell said the US is fighting a cyberwar today, and we are losing.' That's not in fact exactly what I said. Wat I said is if we were in a cyberwar, we would lose. And I was making that statement somewhat metaphorically."
McConnell's lead paragraph in the Post, published just a few months earlier, again as a matter of fact was not a metaphor. It was quite succinct.
But you can't win a debate where one of the parties simply denies an accurate quote and gets audience points by insisting he said quite some other thing.
And that was the state of the narrative on cyberwar. The press died on the subject. Michael McConnell's threat exaggeration, and that of a few others with major positioning in the media, was what always carried the day.
What's changed? What makes Blunden and Cheung's Behold a Pale Farce the right book at just the right time?
Edward Snowden came along. Paradoxically, Snowden was employed by Mike McConnell and Booz Allen as a contractor for the National Security Agency during the big expansion of the American cyberwar machine that took place during the years of cyberwar hype.
Since Snowden, Mike McConnell has gone silent.
Behold a Pale Farce is a book not just of computer security vulnerabilities, misdeeds and astonishing exploits, but one also of the strategic national security industry environment in which they transpired.
It is a study in the US government's and arms contractors' employment of propaganda on the alleged threat of cyberwar until there was no longer a debate on the subject. The press became willing stenographers to power. And the power resided in the agencies and private sector businesses that built the American cybermilitary and cyberspying infrastructure, what Blunden and Cheung call "the Deep State." The result: Total escape from oversight. Until Snowden. Sort of.
Last week, two Pulitzers were handed out, one to the Washington Post and one to The Guardian, in the United Kingdom, for journalism deemed to be a great public service, a consequence of the Snowden papers liberated from the National Security Agency.
I say the Snowden affair and the steady release of NSA documents brought real change. But only "sort of" for Americans domestically.
Internationally, Snowden's materials utterly demolished the US national security propaganda campaign on China's much publicized cyber-stealing of America's economic future.
A week or so ago, for the New York Times, an Obama administration official, anonymously, was compelled to admit we no longer had any moral standing to argue from the high ground about it.
Michael McConnell is gone from newspapers. At some point he was probably made to squirm a bit while answering now classified questions about his firm's hiring and screening process for Edward Snowden.
Internationally, the electronic Pearl Harbor meme has been made absurd. You can't scream someone is planning to cyber- sneak attack the country when you're caught sneaking into everyone else's networks for spying (this was always obvious, of course, we're going to spy, everyone else does it!) and the writing and dissemination of software boobytraps.
Domestically, it's been another story. Despite disturbed noises in Congress and from the White House, there's been no change. There has been only theater, purely for public consumption.
Up until his retirement you could still find National Security Agency director Keith Alexander publicly dissembling and complaining that something needed to be done about Edward Snowden. Didn't you know, as 60 Minutes told us, that the NSA was saving us from the Somali pirates with people who could solve Rubik's cube puzzles in under a minute?
The authors of Pale Farce frame the span of manipulations well, using Edward Herman and Noam Chomsky's 1988 analysis, Manufacturing Consent: The Political Economy of the Mass Media as a guidepost. Orwell, on the perversion of language, comes in for a few mentions, too.
The authors point out, correctly, there's nothing new in what's happened. The power of money, political access and propaganda were used as they always have been, to subvert reasoned control and democratic values.
What's one of the more alarming results? The sad realization that the US has been instrumental in creating and accelerating a cyber-arms race, establishing a lucrative global and national market where our arms manufacturers are now happily engaged in producing software to destroy the privacy and civil liberties of ordinary citizens.
In addition, Farce provides a nicely detailed and richly footnoted chronology of most of the globally and nationally significant computer security failures and scandals of the past decade. These are woven into broad tapestries, discussions on global computer crime and the constant and inherent vulnerability and error -- via people, software and hardware -- in the networked world.
Summing up, if you're interested in a book on cyberwar, Blunden and Cheung's is the one to read.
Unlike the rest of our so-called "books" on cyberwar (take this best-selling example), Behold a Pale Farce: Cyberwar, Threat Inflation & the Malware Industrial Complex, won't badly date if another Edward Snowden comes along. It is a true chronicle, a slice, of our technological history.
There's also one last reason to get it. Another full disclosure [1]: I'm in it. Some of my best lines, too.
[1]. Example:
"Nobody in the great mass that is not the 1 percent or in the service of the same cares about attacks on the American financial system. They do, on the other hand, wish our financial system would stop attacking them." -- GS, page 224
Originally published on the author's blog here. His bio is here.
