“Who else has the capability to attack us like this?” Holmes asked. “Friend, foe — let’s get it all on the table quickly. There can always be a rogue player in an agency friendly to us.”
As others responded with a dauntingly long list that included Taiwan, Iran, Australia, South Korea, India, Pakistan, Israel, and several NATO countries, Lana was struck by the underlying assumption of Holmes’s question: that the U.S. was so vulnerable to cyberattack that it was necessary to compile a lengthy list of suspects, some of which were two-bit players — at best — on the international scene.
But the success of the attack on the U.S. lay unquestionably, in Lana’s view, in the criminal lack of the country’s preparedness. There were several long-festering reasons for that vulnerability.
For starters, America was far more dependent upon privately owned computer systems than were any potential enemies. Those private U.S. networks held extensive control of vital national interests, everything from electric power to banks, pipelines to airlines, even the numerous private contractors that provided critical support services to the Department of Defense.
Washington had long expected those private concerns to protect their systems. Clearly, they had failed. But as former presidential adviser Richard A. Clarke had noted, telling those companies to protect themselves was like telling American corporations at the beginning of the nuclear age to buy their own bombs.
Clarke had long maintained that the political power of those private companies was so great that they routinely blocked the development or implementation of many government regulations that could have protected them — and the country — from a devastating cyberattack, like the one America had just suffered. Short-term profit concerns trumped long-term security demands with numbing regularity.
Most alarming to Lana was the unnerving understanding that even if the military’s own networks were secure — and recent history had demolished that delusion — the networks of its contractors had proved unreliable. The complicated case of Edward Snowden spoke clearly to that. The easy mining of those private networks placed an additional — and in her opinion, unwarranted — risk on the nation’s defenders.
The U.S. also suffered from an inverse relationship between its computer power and its vulnerability. A developing country, far less dependent on computers and the Internet, could launch a cyberattack on the U.S., knowing that it was risking far less in computer resources than its wealthy target. Ironically enough, that left the poorer country getting much more bang for the buck.
As discussion of both putative allies and known enemies trailed off, Holmes said he wanted to talk about rogue elements.
“The Internet is filled with them,” McGivern said. “It’s the Waziristan of cyberspace.”
Muslim terrorists were mentioned by name, their faces flashing on the same screen that had listed suspect nations earlier. Lana had been in enough of these sessions with Holmes to sense his impatience and know that he wanted to move the discussion along. What surprised her was the direction he took:
“What about our domestic enemies? The Ted Kaczynski Unabomber types?”
That brought James Restess to life. The analyst’s portfolio was exclusively U.S. extremists. Lana had heard him once say that as a nation we should all be glad that Kaczynski was born too early to have used the Internet for his madness.
Restess summarized his research, which included an ample number of profiles. He brought up the names of Islamic militants, some of whom were familiar to Lana, along with members of anarcho-primitivist groups espousing survivalist skills and supporting hackers who attacked corporations — oil, coal, gas companies — deemed enemies to environmental causes. But what shocked Lana was when Restess veered toward a much more mainstream suspect: Ruhi Mancur, the director of research at the Natural Resources Defense Council. She didn’t know Mancur, but NRDC? Christ, she donated money to them.
“Really?” Tenon said when Mancur’s face appeared, sounding as surprised as Lana felt.
“Yes, really,” Restess replied. The NSA analyst bore an uncanny physical resemblance to WikiLeaks founder Julian Assange, with whom he otherwise had nothing in common. “Mancur has been advocating increasingly militant positions over there”—meaning the NRDC—“and, I’m glad to say, meeting with considerable resistance from his colleagues. But he has sent his own money to groups engaged in illegal occupations of land slated for the latest pipeline the Canadians want for pumping their tar sands oil down from Alberta. And he’s been observed meeting with the more militant factions of the environmental movement. He also has close ties with his Saudi homeland and has traveled extensively in recent years in South Asia and the Middle East.”
“How close are those ties?” Holmes asked. “Because what you just said could apply to thousands of people like him. I’ll tell you, if we sweep him on the basis of that, we’ll be in big trouble, and we’ll deserve it.”
“How about an Al Qaeda cousin who’s clearly linked to terrorist attacks and to Mancur himself? Ruhi Mancur has traveled extensively in recent years to Saudi Arabia and other Middle Eastern countries, and we have it from reliable sources that he has met on a consistent basis with his worthless cousin.”
Restess sounded exercised, to Lana’s ears. And he wasn’t through yet:
“We’ve also unearthed emails that Ruhi Mancur sent to al-Awlaki praising the madman for his work.”
That left everyone at the table silent.
Holmes cleared his throat. “That does place him in a much stricter category. Bring us up to speed on your investigation.”
“Wait just a moment,” Wilkes said. “The Saudis would never countenance this kind of attack. U.S. oil imports from the kingdom are about to fall off a cliff.”
“I’m sure you’re right,” Restess said. “But I’m also sure I needn’t remind you that militant Islamists in Saudi Arabia have a history of taking actions highly embarrassing to the country’s leadership.”
“So what steps have you taken?” Holmes asked Restess.
“The attorney general has authorized close surveillance, and we expect FISA warrants shortly on fifteen of our domestic suspects, including Mancur.” A FISA, or Foreign Intelligence Surveillance Act, warrant permitted searches of the property of anyone in the U.S. linked to foreign spies, terrorists, or threats.
“It’s time to do more than surveil,” Holmes said decisively. “Let’s bring them in for some questioning. The country is in meltdown.”
Lana certainly understood the desire to grill Mancur.
Talk about hiding in plain sight.
CHAPTER 6
Lana left NSA headquarters with a clear assignment: Join Deputy Director Holmes’s team, which was tasked with identifying the unknown enemy.
“Then we’re going to crush them,” Holmes vowed.
Right now Lana had to rush back to Kressinger to arrange care for Emma. She also needed to find out how Jeff Jensen, her second in command at CyberFortress, was doing with his own battle against those APTs — the viruses that were almost certainly Chinese in origin.
“Yes, Lana,” Jeff said, picking up on Lana’s direct line.
“How’s it going?”
“I’ve corralled most of the troops, and I think we might have found the last of the viruses. But do you remember the code you wrote just before the first cyberattack?”
“Sure.” Tailor-made to stop a Chinese hacker who had singled them out on another matter.
“That might help us,” Jeff said, “in setting up our firewalls.” Software that Lana had written to analyze the data coming into CF to make sure it was actually welcome.