Imagine it's the year 2022. Across the Pacific Ocean, a small country — an American ally — has provoked a big adversary nearby. Call them Red. Red's size and military capabilities are near those of the United States.
Red responds aggressively to its neighbor's provocation. Within days, the big adversary has crippled the smaller country's power grid, communications networks and other infrastructure through cyberwarfare. Then, Red launches a preemptive cyberattack against the small country's big ally: the United States.
If you were the U.S. military, how would you respond?
That was the scenario faced by a group of high-ranking officers huddled together at an Air Force base in Colorado for the 2010 Schriever Wargame.
"It was a really instructive and, I think, very scary war gaming exercise for people in the military," writer Shane Harris tells NPR's Arun Rath. "The adversary in this game really got the advantage very quickly and won pretty decisively, because the American side really hadn't developed a playbook for how you would go to war between two large militaries in cyberspace."
Harris recounts that 2010 Schriever Wargame in his new book, @War: The Rise of the Military-Internet Complex.
The book looks cyberspace as war's "fifth domain" (after land, sea, air and space). Harris covers topics like the NSA, the role of cyber warfare in the Iraq troop surge of 2007, China's "rampant" espionage on American corporations — and the U.S. government's strategy of playing the victim.
Harris tells Rath that after that alarming war game, the U.S. military's cyberforces became much more organized and sophisticated — but that China, the real-life country that parallels the imaginary Red, also is believed to have impressive capabilities.
Interview Highlights
On what Obama might have been told on his first day in office
He actually got a little bit of a taste of this on the campaign, because his campaign email system was hacked, presumably by spies in China.
When he comes in on the first day, what he's presented with is the knowledge that the computers that control portions of the electrical power grid in the United States have been probed by foreign intelligence agencies. He is told that espionage, particularly by China, against American corporations is rampant, and that billions of dollars in intellectual property and in trade secrets are being lost every year. And that basically, there is no really coherent organized system in the U.S. government for how we're going to defend the internet, how we're going to defend the cyberspace and all of the businesses and the people that depend on it.
What he decides to do very early on in the administration is to, in his words, start treating cyberspace as a national asset, a strategic asset, and protecting it as such.
On China's cyberwarfare capabilities
The thing that China has going for it that we do not have is people. The number of people within the People's Liberation Army, within the sort of intelligence apparatus of China, which is a very opaque system in its own right, is believed to be thousands of people, who are basically hired hackers who spend much of their day aggressively trying to penetrate the computer networks of U.S. corporations especially. China is sort of gathering information that they can then pass on to Chinese businesses and corporations that give them a leg up in negotiations and in the global marketplace. They're trying to advance their economy very quickly and stealing information to do it.
Less clear is how sophisticated their sort of military offensive apparatus is compared to ours. For instance, if China ever went to war with us in the South China Sea, let's say, how sophisticated and how good would their hackers be trying to break into our naval systems and confuse our ships? We know less about that but I think the conclusion we have to reach is that because they're having so many more people doing this than we do — I mean, we have a few thousand — that China is a really formidable force. And that makes a lot of sense that they would put so many resources in this. China will never be able to, at least in the near future, challenge us in a conventional military way. They can't go head-to-head with us on land or on the sea. Cyber is a place where they can gain an extraordinary advantage and do a lot of damage.
On the U.S. government positioning itself as a victim
The United States government loves to come out and talk about how relentlessly we're being hacked and how our intellectual property is being stolen from our businesses. And that's true.
But what that covers up is that we are also one of the most aggressive countries going out there breaking into other countries' systems and spying on them. And we are one of the few countries that we know of that has launched offensive operations in cyberspace. We have used computer viruses to break infrastructure, physical things that are connected to computer networks. Very few countries are known to have done that.
I think one of the reasons why U.S. officials have been keen on showing how we're victimized is because they believe that U.S. businesses have not done enough to secure their own computer networks. From the government's perspective, they can't go in and necessarily force those companies (at least not yet) to improve their defenses, so it's been sort of more of a strategic, rhetorical calculation on the part of the government to come out and say, "We're victimized, it's terrible, lots of information is being stolen, and the only way we can stop this is you corporations have to do better security and work with us and let us help you do that."
So there's a reason why the U.S. has tried to play that victim card so repeatedly: It's because they want to get results from private businesses.
Copyright 2023 NPR. To see more, visit https://www.npr.org.