In his latest book, Shane Harris highlights the good, the bad, and the ugly of the NSA.
The curtain of the NSA has been pulled back in Shane Harris’s recent book, @WAR: The Rise of the Military-Internet Complex, exposing the far-reaching power of the National Security Agency (NSA) and U.S. efforts to control cyberspace. The United States has spent billions of dollars to grow its cyber capabilities, both through the use of cyberattacks and surveillance. The agency’s power is so great that Harris even compares former director General Keith Alexander to the great and powerful Oz, stating that Alexander used overclassification to push forward the ever-growing agenda of the NSA. Harris brilliantly utilizes the familiar concept of a military-industrial complex to describe the emerging military-internet complex within the United States and show readers how the government has partnered with private sector firms to develop technology and techniques in cyberspace.
Harris highlights the growing role that the government plays in cyberspace, suggesting that the lack of public knowledge about the new arena may be a cause for concern. He discusses at length the history of how the NSA gained control in cyberspace, eventually becoming so powerful that it could conduct surveillance, develop offensive cyber capabilities, and even hold a pivotal role in setting technological standards. A key message throughout the book is ensuring that readers understand just how long the United States has been active in cyberspace and in developing an arsenal of cyberweapons. It started long before the NSA made headline news, and has grown as the U.S. military and intelligence agencies continue to develop new means for surveillance and weapons employment in cyber space.
Of more importance, Harris describes the role that the private sector plays in this cybersecurity complex. Many private companies work with the U.S. government to develop cyber tactics and strengthen their own cyber capabilities. There are some major similarities and duplication of effort between the behavior of private companies and the U.S. government in developing cyber capabilities and hoarding zero-day exploits. However, unlike the government, private companies lack the legal authority to respond to cyberattacks on their networks and conduct surveillance on their aggressors, shortcomings that cause serious tensions in the partnership between the government and private sector.
Despite its merits, @War should be read with caution. Harris does an excellent job telling the story of the NSA and its desire for cyber domination in both offensive and defensive cybersecurity; he masterfully educates readers about important topics of government surveillance. However, this book could definitely be used as a scare tactic, as those less familiar with the NSA, government surveillance programs, or the technology industry itself may take the book too seriously. His narrative, though, is very smooth and clear, allowing people of all expertise levels to read and understand the history and importance of the material.
The biggest disappointment is the final chapter of @War, wherein Harris writes that the “NSA is not the enemy” after spending the previous 200-plus pages describing how Americans need to be aware of what the NSA is doing and painting the NSA as the “bad guy.” After telling a great story about how the United States is not just the victim of cyberattacks, but an active participant in offensive cyber operations, Harris heads in the reverse direction, encouraging readers that despite all this the NSA really isn’t all bad—though he never really expands on the “good” part of NSA’s activities.
Furthermore, Harris should have defined cyberwarfare more explicitly during the prologue. Harris explains that it is an “amorphous term,” and defines cybersecurity broadly and unofficially as “the combination of spying and attack.” Debates and disagreements surrounding any formal definition of cybersecurity remain a crucial reason why so little has been accomplished in combating different types of cybercrime, espionage, and attacks, despite attempts through foreign policies, international norms, and other important pieces of legislation. Although Harris does make some suggestions, the final chapter lacked hard solutions, and the reader leaves less than convinced that the NSA can be tamed or that the United States will slow down its growing military-internet complex.
Instead, Harris suggests that citizens can expect to pay—greatly, and with our identities—to be part of a very protected cybercommunity. He also spends the last chapter asking a great number of questions, rather than answering any of the questions that surface throughout the book. Harris effectively articulates the problem, but concludes his book by backtracking on his original argument and on a note similar to many other books describing emerging security challenges: the military-internet complex is real and represents a big problem, but skeptics may be acting too late and there is little citizens can do now—so buckle down and hope for the best.
Megan Penn is a Master’s candidate at the George Washington University, Elliott School of International Affairs in Washington DC. She is in her final semester of the Security Policy Studies program, concentrating on Transnational Security Issues and Cyber Security Policy. Before moving to DC, Ms. Penn received a bilingual honors B.A. in International Affairs from Glendon College, York University in Toronto, Canada. Ms. Penn has published multiple pieces on cyber security issues, policy, and defense through Freedom Observatory, a Canadian online political journal. Currently, she works for the United Nations Association in Washington D.C.