Did it start with the discovery of that 12story White Building on the outskirts of shanghai. No, in fact, it goes back all the way to the dawn of the internet itself. And in 1967 when the arpa net was about to go up, that was the precursor to the internet, that was, you know, a network where all the contractors at the Defense Department would be able to, you know, talk with one another in their computer programs. There was a man named willis ware. He was a computer pioneer. He was the head of the Computer Department at the rand corporation, and he was also on the Scientific Advisory board at the nsa. And he wrote a paper, it was secret at the time. Its been declassified, its a fascinating document. You can look it up. He said heres the thing, heres the problem. Once you create a Computer Network, once you have access from multiple, unsecured locations, youre going to create inherent vulnerabilities. Youre not going to be able to keep secrets anymore. And so when i was doing my research, i talked with this man, steve lieu kasich, who was the Deputy Director of arpa. I said, did you read willis wares paper . Oh, sure. What did you think of it . I took it to the guys on the team and got the story confirmed, and they read it and said, oh, jesus, dont saddle us with a security requirement too. I mean, look how hard it was to do this. Its like asking the Wright Brothers that their first plane has to fly 20 miles carrying 50 passengers. Just lets do this one step at a time. And besides, the russians arent going to be able to do this for decades. Well, it was decades, two and a half, three decades, but by that time whole systems and networks had grown up with no provisions for security whatsoever. So i see this as kind of, you know, the bitten apple in the digital garden of eden. The situation created warned about and created from the very beginning. Now, all of this was unnoticed until june of 1983 when Ronald Reagan watched the movie war games up at camp david. One of the guys who wrote it not the one whos coming here tomorrow, but the other writer his parents were in hollywood. They were hollywood producers, and so they knew Ronald Reagan. So he got a copy of the film. And he watched it. Its on a saturday night. The following wednesday he is back in the white house, and there was a big meeting to discuss the mx missile, actually. Some of you might remember that. And at one point everybodys there, his National Security adviser, some people on the hill. At one point he puts down his index cards, and he says has anybody seen this movie called war games . And nobody had seen it, it had just come out. He launches into this very lengthy plot description. And people are looking around, wheres this going . He says, general, could Something Like this really happen . Could Somebody Just break into one of our most secure computers . He said, well, ill look into that, mr. President. And he comes back a week later, and he says, mr. President , the problem is much worse than you think. And so one year later there was a National Security decision directive signed by the president about telecommunications and do you cr security. It was the first document of its sort. But it took a strange direction. It was basically written by the nsa, which was the only agency that knew anything about computers. And the way they wrote it, the nsa would control the standards for all computers in the United States. Government, military, personal, business, everything. There were some people on capitol hill who didnt go along with that. And so they rewrote it so that, basically, the nsa would have security over dot. Mil, classified stuff, and the Commerce Department would have everything else. Well, of course, the Commerce Department didnt know anything. They have no ability to do this. The nsa had no interest in securing these channels. They were interested at that time purely in exploiting security gaps, not in filling them. So for about a decade, nothing was done about this problem. And i wont go any further. This is just supposed to be a little introduction. But the point is these two incidents, you know, willis ware writing this paper, the dawn of the internet, and the extremely unlikely coincidence of Ronald Reagan watching war games and asking a question that had everybody in the room rolling their eyeballs like, oh, christ, wheres the old man going now, led to the systems, programs and, more than that, the issues, the policies and the controversies and the tensions that persist to this very day. One more little thing about the war games connection before i go back could down and sit downe have a conversation. This is something i discovered almost by accident i. Turned out that the two writers of war games, you probably have all im assuming that youve all seen or remember war games, but, basically, the kid played by Matthew Broderick gets into the norad computer by, he has something called demon dialing. This was before the age of the internet. He hooks up a system that automatically dials the phone numbers, and when a modem is reached, it records that number. So he breaks into the norad computer like this. He thinks hes just latched on to some new online game, and he almost starts world war iii. But the screen writers were puzzled. They said, god, is this really plausible . Could Somebody Just its got to be a closed system, right . Could somebody from the outside get into norads number . They live inside santa monica and said who can we talk to . They went in and talked to willis ware. Turned out to be a very nice guy. They laid out the problem, and he, you know, i designed the software and, youre right, it is a closed system, but theres always some officer who wants to work from home on the weekend, so he leaves a port so, yeah. If somebody happened to dial that number, he could get in. And he says, you know, the thing is the only secure computer is a computer that nobody can use. So thats sort of the lesson that weve all learned since. And now ill sit and have a conversation. Thank you very much, fred. The other, one of those writers subsequently went on to write another movie called sneakers. They both did. Larry lasko was the cowriter of that as well. We will be talking to him on wednesday so we can see what the direction is. [laughter] but before we get there, youve written a history of cyber war. And traditionally when people write books about war, they write about battlefields, and people tend to study those battles so that they can get a greater sense of how to fight battles in the future, to appreciate strategy. Right. What, what do you think having done your research, written your book are the events between 1983 and now that the student of cyber war should look back on and, you know, instead of walking the battlefield of gettysburg, sort of take as lessons to study for the future . Well, there are no battlefields to walk, unfortunately. I guess a Pivotal Moment came in 1997. There was, the director, the new director of the nsa at the time, a threestar air force general named ken minnehan, he had been commander of the air force war center in san antonio where they were doing a lot of things about cybersecurity and cyber war. He couldnt get any of the other officers interested at all. You know, back then fighting wars was dropping bombs on people from the air force point of view. Computer nobody even knew how to use computers, you know . So he decided couldnt get anybody interested, he knew about the vulnerabilities. So he got permission to do a war game where 25 Red Team Members in the nsa would actually hack into all the networks of the defense county. Now, they had to go through a lot of lawyers to get this done, and one of the conditions was they had to use commerciallyavailable equipment. They couldnt use their top secret signet stuff to mess with domestic networks. And so they did this. And they prepared for it for a few months scoping out the networks, scoping out what they would do. The people who had been victimized were not to know. The only people who knew about it were the people who actually knew about it and the lawyers, like the attorney general and the secretary of defense. So they laid two weeks aside to do this. It turned out within four days they had hacked into all the Defense Department networks including the National Military command center which is, you know, how the president communicates and sends orders to the secretary of defense. All of it, just mercilessly hacked, you know . Sometimes they would just leave a marker, you know, kilroy was here. Sometimes they would intercept messages, send back false messages, mess up orders. Peoples heads were being screwed with like, you know, whats going on here . I dont know whats happening. There was only one guy, there was a marine out in the pacific who knew that something was going on. But see there were no, even if you knew what was going on, there were no protocols. What do you do about this . So he just unplugged the computer from the internet and, which was the smart thing to do. Everybody else, so when the debrief happened and they go through, you know, heres what we found and here are some pass words we dug out of a dumpster here, and heres a tape recording where our guy called up the secretary and said im an i. T. Guy, i need to change passwords, whats the password for everybody, and they told them. And everything like that, and everybody was appalled. And that was when the deputy secretary of defense at the time said, okay, whos in charge . We need to fix this, whos in charge . And nobody was in charge. So, but then they started to set up some Warning Centers and some 24 7 watch centers which was a good thing because within a few months, somebody starts hacking into the u. S. Military systems. And maybe it had been going on longer than that. But the big thing was something called solar sunrise where some serious hacking, it turned out to be two kids in california. And some people, somebody said, oh, whew, just two kids in california. But other people said, wait a minute, two kids in california can to this, what are the nationstates . And a few months later they called solar sunrise, then something happened which was moonlight mayhem which was somebody not just breaking into defense networks, but persisting and kind of looking around for things. They were looking for particular things. And eventually they traced that back to a, there was the russians. It was using a server at the Russian Academy of sciences. And then the chinese started doing it, and then operations concern oh, by the way, one thing very interesting. There was this war game called eligible receiver. When the nsa was inside the Defense Department networks, they noticed some french ips strolling around. So this was already really happening in 1997, okay . So, but then there were other things. There was some sort of [inaudible] cyber war things, a very big deal. Remember when clinton was planning to invade haiti because some warlords had taken over, and they were working up war plans, and one part of it was, well, how do we get into, how do we get haiti had a very rudimentary air Defense System, but a lot of this was flying in people, you didnt want anybody shot down. And this was when this guy minnehan was in san antonio. One of his tech guys said, you know, boss, i found out that the haitian air Defense System is wired into the commercial telephone system, and i know how to make all the phones in haiti busy at the same time. So thats how they were going to deflect, you know, defeat the air Defense System. Okay. Years later use similar ya yugoslavia, clintons war against milosevic. Remember, the bombing went on for months and months. Well, there was a cyber element to this. And again it was phones, but at the time computer were run by phones too. They did some of the same things. They got into the serbian phone system. A cia guy went in and put in a plant, and then the nsa was a able to hone in on this plant. And the air Defense System was wired through the phone system. So they were able to go in there and mess with their radars so that on the screen it would look like there were some planes in the northwest but, actually, they were coming from the west. So they would aim at the wrong spot. They would send messages to milosevics cronies saying, you know, we know you own this copper plant. Were going to turn out the lights in the copper plant if you dont get rid of milosevic. And they said, oh, you know, forget about it. And they would turn out the lights in the copper, in the copper plant. And then, okay, if you keep this up, were going to bomb you tomorrow. So he thats how milosevic lost his cronies. They were threatened by what was called Information Warfare. So this was the first Information Warfare campaign. Some admiral gave a briefing afterwards, okay, this was both a success and a failure. We only used about onetenth of what we could have done, but it was very interesting. And then after that, you know, we know about some of the things, stuxnet, there were some things ill give one more, and then we should maybe move to a different sector. When the israelis bombed the nascent syrian reactor which really was a nascent syrian reactor being they were helped by north korean scientists, what happened, a lot of people even the syrians didnt acknowledge it because it meant the israelis had to go about 150 miles inside of syrian territory without being detected even though they had just installed some new russian surfacetoair missiles and radar. So theyd rather not even acknowledge that it happened. What happened was that they used the program that was developed by the air force here and implemented by something called unit 8200 which is the israeli nsa. It intercepted not the radar and not the radar screens, but a data link between the radar and screens. So that the people looking at the screens saw nothing. The radar was detecting planes and, in fact, the people in the airplanes or were hearing bing, bing, bing, bing, bing. So it took a little nerve to continue. But they also had people, they were able to intercept the signal off the monitor that the radar operators were looking at to make sure that this worked, to make sure that they really were seeing nothing. And they were seeing nothing. So these planes got in, dropped the bomb, destroyed the factory, and people were saying, well, how, what . Be our screens show nothing. So that kind of thing. Actually, i should do one more, and that is the iraq war. I wrote a book called the insurgents David Petraeus and the plot to change the american way of war, where i accepted the idea this is the only thing in this book that ill qualify or retract a little bit that, you know, there was a big turn around in 2007. Basically, the surge and the change of strategy towards counterinsurgency. Well, theres one other thing, and that is the nsa got involved. The nsa actually sent over a few year period 6,000 analysts to iraq. 22 of them were killed out on missions to capture insurgent computers. But they basically captured the computers, they got into the systems, they got into the passwords, they got into the email connections, and they did things like they sent messages to other insurgents saying, okay, lets meet at such and such a place tomorrow at 4 00. And there would be these special Operations Forces waiting there to kill them. Or they detect from drones somebody planting a roadside bomb. Used to be you could follow them and then you had to send the information back to washington, it would take 16 hours. Within one minute they could target these guys. So in 2007 through these techniques they killed 4,000 insurgents which is one reason why things really kind of turned around. I remember the first person i asked about this, and he looked a little alarmed that i knew anything about it, he said, well, yeah. When the histories really get written about this, thisll be the equivalent of, you know, breaking the german submarine codes in world war ii which, of course, budget revealed for decades wasnt revealed for decades after. So this cyber has been a part of these operations and these plans and thinking for quite a long time. Just taking you back to moonlight mayhem, one of the anecdotes you tell, the delegation gets to moscow. First day, very warmly welcomed. Yeah. They started, when they realized that this was russia and, of course, this was clinton yeltsin, postcold war. You know, were all friends. So they decide canned, you know, we should decided, you know, we should maybe send a delegation to moscow. Maybe they dont know this is going on, maybe its not the government. Well present as a criminal investigation for which we are seeking assistance from the russian federation. And there was a controversy whether to do this, but they said, yeah, lets do it. So they sent over this delegation. On the first day, you know, caviar, champagne, welcome our friends. And there was this one general in the military who was helping out. They brought over logs, and the guy brings out his own logs, and hes shocked. This is terrible these bastards in intelligence, this is awful. We will not stand for this were going to clean this up. So then they were going to be there for five or six days. The second day, you know, were going to have a sightseeing tour today. Were going to go around, so they did sightseeing, and then the third day they were going to do some more sightseeing, and then the fourth day, there was nothing. The fifth day, there was nothing. Well, can we talking to this guy . Hes busy now. There was so they left. The embassy is calling, the legal office saying we need to oh, yeah, we will send you a memo on this. Anyway, its over. What they realized when they got back is that this was a government program. This poor general who, god knows what happened to him for helping the United States