As Edward Snowden is holed up in the Moscow airport, the Justice Department is investigating the former second-highest ranking officer in the U.S. military of leaking classified information about Stuxnet to the press. Retired Marine Gen. James “Hoss” Cartwright reportedly received a target letter from the Justice Department saying he is under investigation. The action takes place in the middle of an anti-leak frenzy by the troubled Obama administration: Apart from the techie world of the Ed Snowden disclosures, the ongoing IRS, Guantanamo, and Benghazi investigations have bought both right-wing and left-wing ire aimed at the presidency. Eight other individuals have been charged by the Obama administration under the espionage act since 2004.
Cartwright, the former vice chairman of the Joint Chiefs of Staff, is being investigated for speaking to New York Times reporters about ongoing cyberattacks against Iran, which were given the code name “Olympic Games.” The General is one of member of a subculture of high-ranking military officials who regularly speak about cybersecurity and cyberwar. He is an intelligent and perceptive speaker.
Last October, I was lucky enough to take part in a Roundtable on Cyberwar and the Rule of Law at Penn Law where Cartwright gave the lunchtime keynote. The bulk of the 27 participants came from the military or legal communities; I was part of an outlier group that also included representatives of watchdog and activist organizations. Cartwright was one of two generals in attendance. While the exact contents of roundtable discussions were off-record, it was a fascinating look into how exactly the military talks about cyberwar.
There were no earth-shattering leaks coming out of the conference. But I got to learn a bit about how the military and legal communities view “cyberwar”--and what exactly is meant by that term.
Judging from what I heard at Penn Law, America's armed services are proud of the work they do on technology's cutting edge. But the idea of computer-based sabotage and digital information gathering is extremely new, and the military doctrine that accompanies it is still under development. The readings from the conference, which are publicly accessible, focus on issues of cyberwar's place in armed conflict, the offensive use of cyberweapons, issues of privacy, the place of contractors, and other topics. Given the news cycle over the past year, those were appropriate areas to discuss. How do you discuss cyberwar when no one can determine exactly what cyberwar is?
Cartwright joined the Center for Strategic and International Studies (CSIS) upon retirement from the military. Now many of his talks about cyberwar have been made public. One recurring theme in his talks is the weighing of offensive and defensive options in cyberwarfare and the idea that cyberwar tactics are still in their infancy. This also means the public is unaware of cyberwar's full potential--and that a catastrophic event such as a power grid takedown could change that.
In my conversations with military officials I have encountered a diversity of opinions. Some felt that the biggest priority for the United States is offensive cyberwar--building tools to cripple hostile powers that would save lives and reduce the need for conventional warfare. Others felt that the United States needs to up their defenses against computerized infiltrators--that security was being neglected and American pockets were being pickpocketed by economic and military challengers.
No matter what side they were on, I couldn't help but notice that members of the military, contractors, legislators, intelligence agencies, technology firms, journalists, and the general public all speak with different vocabularies from each other when talking about cyberwar. The same is true when it comes to early discussion of the Cartwright case. The big question is: Does disclosing broad overviews of cyberwar techniques help or harm its potency? Even if no one spoke with the New York Times's reporters, security researchers aren't idiots. System penetration and compromise leaves fingerprints. Leakers nor no leakers, the truth tends to get out.
[Image: U.S. Navy photo by Mass Communication Specialist 2nd Class Harry J. Rucker III]