Two other things in his illustrious career. He is the National Security columnist for slate and author of four books, most recently the insurgents, which i think he will tell us has at least more crossover with this new book than some people might necessarily imagine. Fred is a pulitzer prizewinning journalist back from his days in the the boston globe, and im very pleased to be able to host him here today. Just a word on format, shortly im going to ask fred to give a few minutes describing the book and telling us a little bit about whats in it, then im going to take the opportunity to have a conversation, dig into a little bit more of the detail and explore some of the themes and what we might conclude from that, and then i will open it up to the floor to give you the opportunity to ask fred some questions. Well all to wrap up at 1 45. Thatll actually give us plenty of time to get into some quite interesting conversation. So without more ado, fred. Ms. [applause] im just going to speak for a but minutes here. The subtitle of this book is the secret history of cyber war, and when i was working on it, i had the subtitle already worked out. I didnt know what the title was going to be for a while. Somebody said, well, how long of a history is this . Most people think did it start with stuxnet, the discovery of that 12storywide building on the outskirts of shanghai . No, in fact, it goes all the way back to the dawn of the internet itself. And in 1967 when the arpa net was about to go up, that was, you know, a network where all the contractors of the Defense Department would be able to, you know, talk with one another in their computer programs, there was a man named willis ware. He was a computer pioneer. He was the head of the Computer Department at the rand corporation, and he was also though few knew that at the time he was on the scientific also visely board of the nsa Advisory Board of the nsa. He wrote a secret paper, its been declassified, you can look it up, but he said hes the problem heres the problem once you create a Computer Network, once you have access from multiple unsecure locations, youre not going to be able to keep secrets anymore. And so when i was doing my research, i talked with this man named steve lieu kasich who was the Deputy Director of arpa, and i said, did you read wares paper . Oh, yeah, sure. What did you think of it . I took it to the guys on the team, and i got the story confirmed by a couple of guys on the team, and they said, oh, jesus, dont saddle us with a security requirement too. Look how hard it was to do this. Its like asking the Wright Brothers if their first plane has to fly 20 miles carrying 50 passengers. Just lets do this one step at a time. And besides, the russians arent going to be able to do this for decades. Well, it was decades, two and a half, three decades, but by that time whole systems and networks had grown up with no provision for security whatsoever. So i see this as kind of, you know, the bitten apple in the digital garden of eden, the situation created from the very warned about and created from the very beginning. Now, all of this was unnoticed until june of 1983 when Ronald Reagan watched the movie war games up at camp david. One of the guys who wrote it, not the one whos coming here tomorrow, his parents were in hollywood. They were hollywood producers, so they knew Ronald Reagan, so he got a copy of the film, and he watched it. The follow wednesday it was a saturday night. The following wednesday hes back in the white house, and theres a big meeting to discuss the mx missile, actually. Some of you might remember that. And be at one point everybodys there, his National Security adviser, some people on the hill. At one point he puts down the index cards, and he says has anybody seen this movie called war games . And nobody had seen it, it had just came out. He launches into this very lengthy plot description, and people are kind of looking around like wheres this going, and he turns to the chairman of the joint chiefs of staff and says, general, could Something Like this really happen . Could Somebody Just break into one of our most secure computers . Well, i will look into that, mr. President. And he comes back a week later, and he says, mr. President , the problem is much worse than you think. And so one year later there was a National Security decision directive signed by the president about telecommunications and computer security, first document of the sort. But it took a strange direction. It was basically written by the nsa. It was the only agency that knew anything about computers, and the way they wrote it, the nsa would control the standards for all computers in the United States; government, military, personal, business, everything. So there were some people on capitol hill who didnt go along with that. So they rewrote it so that, basically, the nsa would have security over dot. Mil, classified stuff, and the Commerce Department would have everything else. Well, of course, the Commerce Department didnt know anything, they have no ability to do this. The nsa had no interest in securing these chinas. They were channels. They were interested at that time purely in exploiting security gaps, not in filling them. So for about a decade, nothing was done about this problem. And i wont go any further. Its just supposed to be a little introduction. But the point is that these two incidents, you know, willis ware writing this paper, the dawn of the internet, and the extremely unlikely coincidence of Ronald Reagan watching war games and asking a question that had everybody in the room rolling their eyeballs like, oh, christ, wheres the old man going now, led to the systems, the programs and more than that, the issues, the policies and the controversies and the tensions that persist to this very day. One more little thing about the war games connection before i go back down and sit down and we have a conversation. This is something that i discovered almost by accident. It turned out that the two writers of war games, you probably have all i hope im assuming youre all seen or remember the movie. Basically, the kid played by Matthew Broderick hacks into the norad computer with manager called demon dialing. He hooks up a system that automatically dials the phone numbers, every phone number in the area code, and when a modem is reached, it records that number. So he breaks into the norad computer like this. He thinks that hes just latched on to some new online game x he almost starts world war iii. But the screen writers were puzzled. They said, is this really plausible . Could Somebody Just its got to be a closed system, right . Could somebody from the outside get into norads number . They lived in santa monica, and they called the rand corporation. Who can we talk to . Oh, youll want to talk to willis ware. He turned out to be a very nice guy, and they laid out the problem and he says, you know, i designed that computer, actually, i designed the software for that computer, and youre right, it is a closed system, but theres always some officer who wants to work from home on the weekend, so he leaves the port open. So, yeah, if somebody happened to dial that number, he could get in. And, you know, the thing is, the only secure computer is a computer that nobody can use. So thats sort of the lesson that weve all learned since, and now ill sit and have a conversation. Thank you very much, fred. One of those writers subsequently went on to write another movie called sneaker. Yeah, barry [inaudible] was the cowriter of that as well. And we will be talking to him on wednesday about what his next movie is about, so we can see where the direction is going. [laughter] but before we get there, youve written a history of cyber war. And traditionally when people write books about war, they write about battlefields and people tend to study those battles so that they can get a greater sense of how to fight battles in the future and appreciate strategy. Right. What, what do you think having done your research, written your book are the events between 1983 and now that the student of cyber war should look back on. , you know, instead of and, you know, instead of walking the battlefield of gettysburg sort of take his lessons to study for the future . Well, there are no battlefields to walk, unfortunately. But i guess a Pivotal Moment came in 1997. The new director of the nsa at the time, threestar air force general, had been commander of the Warfare Center in san antonio where they were doing a lot of things about what we would now call cybersecurity and cyber war. He couldnt get any of the other officers interested at all. You know, back then fighting wars was dropping bombs on people from the air force point of view. Computer nobody even knew how to use computers, you know . So he decided, he couldnt get anybody interested. He knew about vulnerabilities, so he got permission to dod a war game where to do a war game where 25 Red Team Members in the nsa would actually hack into all the networks of the Defense Department. Now, they had to go through a lot of lawyers to get this done, and one of the conditions they had to use commerciallyavailable equipment. They couldnt use their top secret stuff to mess with domestic networks. And so they did this, and they prepared for it for a few months, scoping out the networks, scoping out what they would do. The people who had been victimized were not to know about it. The only people who knew about it were the people actually doing it and the lawyers, like the attorney general and the secretary of defense. So they laid two weeks aside to do this. It turned out within four days they had hacked into all the Defense Department networks. Including the National Military command center which is, you know, how the president communicates and sends orders to the secretary of defense. All of it just mercilessly hacked, you know . Sometimes they would just leave a marker, you know, kilroy was here. Sometimes they would intercept messages, send back false messages, mess up orders. Peoples heads were being screwed with like, you know, whats going on here . I dont know whats happening. There was only one guy that was a marine out in the pacific who knew that something was going on. But, see, even if you knew what was going on, there were no protocols. What do you do about this . So he just unplugged the computer from the internet, which was the smart thing to do. Everybody else, so when the debrief happened and they go through, you know, heres what we found and here are some passwords we dug out of a dumpster here, and heres a tape recording where the guy called up the secretary and said im an i. T. Guy and need to change passwords, whats the password for everybody, and they told them and everything like that. And everybody was appalled, and that was when the deputy secretary of defense at the time said, okay, whos in charge . We need to fix this, whos in charge . And nobody was in charge. So, but then they started to set up some Warning Centers and some 24 7 watch centers, which was a good thing because within a few months, somebody starts hacking into the u. S. Military. So maybe it had been going on longer than that. But the big thing there was something called solar sunrise where some serious hacking turned out to be two kids in california. And some people, somebody said, oh, whoo, just two kids in california. But other people said, wait a minute, two kids in california can do this, what are the nationstates . A few months later they called it solar sunrise, then something happened which was called moonlight maze which was somebody not just breaking into defense networks, but persisting and kind of looking around for things. They were looking for particular things. And eventually, they traced that back to a, it was the russians. It was using a server of the Russian Academy [inaudible] so those were the two, and then the chinese started doing it, and then operations oh, by the way, one thing very interesting. Theres this war game could eligible receiver. When the nsa was inside the Defense Department networks, they noticed some french ips just kind of strolling around. So this is already really happening. In 1997. Okay . So, but then there were other things. There were some sort of prototype of war things. A very big deal was remember when clinton was planning to invade haiti because some warlords had taken over, and they were working up war plans, and one part of it was, well, how do we get into, how do we get into haiti had a very rudimentary air Defense System, but a lot of this was flying in people, you didnt want anybody getting shot down. And this is when this guy mini hand was in san antonio. One of his tech guys said, you know, boss, i found out that the haitian air Defense System is wired into the commercial telephone system, and i know how to make all the phones in haiti busy at the same time. So thats how they were going to deflect, you know, defeat the air Defense System. Okay. Years later yugoslavia, clintons war against milosevic remember the bombing went on for weeks and weeks, months and months. Well, there was a cyber element to this. And again it was phones, but computers were run by phones too. But they did some of the same things. They got into this serbian phone system, a cia guy went in, he put in a plant, and then the nsa was able to hone in on this plant. And they were, the air Defense System was wired through the phone system. So they were able to go in there and mess with their radars so that on the screen it would look like they were some planes in the northwest, but actually they were coming from the west, so they would aim at the wrong spot. They would send messages to milosevics cronies saying, you know, we know you own this copper plant. Were going to turn out the lights in the copper plant if you dont get rid of milosevic. And they said, oh, you know, forget about it. And they would turn out the lights in the copper, in the copper plant. And then theyd say, okay, if you keep this up, were going to bomb you tomorrow. So he thats how milosevic lost his cronies. They were threatened by what was called Information Warfare. So this was the first Information Warfare campaign. Some admiral gave a briefing, okay, this was both a success and a failure. We only used about onetenth of what we could have done, but it was very interesting. And then after that, you know, we know about some of the things, stuxnet, there were some things ill give one more, and then we should maybe move to a different when the israelis bombed the nascent syrian reactor which really was a nascent syrian reactor. They were helped by north korean scientists. What happened, a lot of people, even the syrians didnt acknowledge it because it meant that four israeli asset teams had to go about 150 miles inside of syrian territory without being detected even though they had just installed some new russian surfacetoair missiles and radar. Theyd rather even acknowledge it ever happened. What happened was they used a program that was developed by the air force here and implemented by something called unit 8200 which is the israeli nsa. It intercepted not the radar and not the radar screens, but a data link between the radar and the screens. So that the people looking at the screens saw nothing. The radar was protecting planes and, in fact, the people in the planes were hearing bing, bing, bing, bing, so it took a little nerve to continue. But they also had people that were able to intercept the signal off the monitor that the radar operators were looking at to make sure that this worked, to make sure that they really were seeing nothing. And they were seeing nothing. So these planes got in, dropped the bomb, destroyed the factory, and people were saying, well, our screens show nothing. So that kind of thing. I should do one more, and that is the iraq war. I wrote a book called the insurgents David Petraeus and the plot to change the american way of war where i accepted the idea this is the only thing in this book ill qualify or retract a little bit. You know, there was a big turn around in 2007. Basically, the surge and the change of strategy towards counterinsurgency. Well, theres one other thing, and that is the nsa got involved. The nsa actually sent over a twoyear period 6,000 analysts to iraq. 22 of them were killed. They basically captured the computers, they got into the systems, they got into the passwords, they got into the email connections, and they did things like they sent messages to other insurgents saying, okay, lets meet at such and such a place tomorrow at 4 00, and there would be these special Operations Forces waiting there to kill them. Or they would detect some drones, somebody planting a roadside bomb and then running off. Used to be you could follow them, but then you had to send the data back to washington, and it would take 16 hours. Within one minute they could target these guys. So within in 2007 through these techniques, they killed 4,000 insurgents which is one reason why things really kind of turned around. I remember the first person i asked about this, and he looked a little alarmed that i knew anything about it, he said, well, yeah. When the histories really get written about this, thisll be the equivalent of, you know, breaking the german submarine codes in world war ii which, of course, wasnt revealed for decades after. So this cyber has been a part of these operations and these plans and thinking for quite a long time. Just taking you back to moonlight maze, one of the anecdotes you tell, is the delegation that gets sent from moscow. Very warmly welcomed yeah. So they started, when they realized that this was russia, and, of course, this was yeltsin, postcold war. Theyre our friends. So