by Richard Clarke and Robert Knake
Since he left the Bush White House—and railed against the way the administration handled the threat of terrorism and the invasion of Iraq—Richard Clarke has been sounding the alarm on cybersecurity. “Cyber 9/11” or “Cyber Pearl Harbor” are tossed around a lot among American cyberworriers, and Clarke says it may have already happened during the 2016 U.S. election. But the real granddaddy of all cyberdangers is a cyberconflict that spills into a shooting war. In this excerpt from their new book, The Fifth Domain, Clarke and former White House director of cybersecurity policy Robert Knake imagine what that kind of battle might look like—just a few months from right now. —The Ed.
Envision the near future. Perhaps the most likely international crisis that might erupt this year or next is a conflict between Iran and Israel. What follows is a scenario of how such a crisis could evolve and our assessment of how the U.S. military’s current cybercapabilities might perform.
•TEL AVIV, 10 NOVEMBER 2019
The air-raid sirens sounded at 0200. Israelis awoke and ran to bomb shelters throughout the country. The hundreds of rockets and missiles that hit the country were launched from hidden sites in both Lebanon and Syria. The strikes hit air bases, Ben Gurion Airport, the Defense Ministry complex in Tel Aviv, electric power stations, and the ports of Haifa and Ashdod. Although Israel’s antimissile defenses intercepted scores of incoming warheads, because of the high number of simultaneous attacks, many rockets and missiles got through to their targets. The damage was significant.
The attack launched by Iran and its allied militias in Lebanon and Syria was itself retaliation for a large-scale Israeli airstrike on pro-Iranian forces in Syria three days earlier. A second wave of rockets and missiles hit Israel at 0400. The Israeli Air Force reported to the defense minister that it was having difficulty launching fighters to hunt down the mobile missile launchers. Damage levels at some air bases were critical, with squadrons of F- 16s incapacitated. Drones launched from Lebanon and Syria had dived into Israeli missile defense radars, blinding some of the Arrow, Iron Dome, and Patriot antimissile batteries.
As dawn rose over Jerusalem, the Israeli prime minister called the U.S. president. Reluctantly, he asked for immediate U.S. assistance. Specifically, he asked for an airlift of critical weapons and key components to replace some of the inventory that had been destroyed. He also requested that U.S. Navy antimissile destroyers be deployed off Israel’s coast to augment the nation’s overwhelmed defenses, and U.S. F- 35 fighter-bombers be deployed for joint strikes on the mobile rocket and missile launchers. The president agreed immediately and directed the Pentagon to assist. He also ordered a cyberattack on the missile launchers and their command-and-control system, including mobile missile launchers in Iran that had not yet been used to attack Israel.
Within an hour of the prime minister’s call, two U.S. Navy Aegis destroyers near Spain swung about and moved at flank speed east through the Mediterranean. At Defense Logistics Agency (DLA) supply depots throughout the eastern seaboard of the United States, train cars were filled with pallets and prepared to move cargo to U.S. air bases. C- 17 aircraft were being readied for a massive airlift reminiscent of the U.S. operation to support Israel in the 1973 Arab-Israeli War. The long protective arm of the United States was once again getting ready to reach out to shield a beleaguered Israel that had surprisingly found itself overwhelmed.
WASHINGTON, 12 NOVEMBER 2019
The president was furious. His wrath was like an energy wave flowing down the videoconference line from the White House Situation Room to the Pentagon’s National Military Command Center. Rockets and missiles continued to pound Israel. The chairman of the joint chiefs of staff had just told the president over the video link that the two Aegis destroyers were still disabled, their propulsion systems off-line and damaged. Tugs were en route to tow them to port in Italy. Norfolk Southern Railroad derailments in Virginia and South Carolina were still preventing trains with critical cargoes from reaching air bases. Power blackouts in the mid-Atlantic states had plunged McGuire Air Force Base in New Jersey and Dover Air Force Base in Delaware into darkness. Backup generators at the bases did not work. The DLA reported that its attempts at mounting backup databases had failed, following the wiper attack on its inventory supply system.
A few U.S. Air Force F- 35s had landed in Israel, but on their first combat sorties from Ramat David Air Force Base, all four U.S. aircraft had sustained radar system failures and returned to base, landing amid a hail of incoming missiles. In Huntsville, Alabama, the Raytheon Corporation was assessing the damage from an explosion and fire that had engulfed its Patriot missile production line. It was unable to ship spare parts. On the offensive side, U.S. Cyber Command reported that it believed it could penetrate and disrupt the missile force in Iran in a week to 10 days. It had never studied how to penetrate the Iranian-controlled launchers in Syria and Lebanon. That would take longer.
It had been 55 critical hours since the president had ordered the Pentagon to help Israel, and almost no assistance had arrived. Turning red in the face and sputtering at the large flat screen showing the Pentagon leadership, the president demanded to know why.
From another screen on the wall of the Situation Room teleconference facility, the director of national intelligence spoke up, filling the silence coming from the Defense Department. “Sir, we assess that Iran has launched cyberattacks to degrade our operations in support of Israel.” Sitting next to the president in the Situation Room, the national security adviser mumbled, “No shit, Sherlock.”
“Well,” the president said, turning on his adviser, “what do you suggest we do now?”
“It’s very clear, Mr. President. Iran has stymied our assistance to Israel with cyberattacks. We must now escalate. Commence conventional attacks on Iran. B- 2 bombers and the aircraft carriers must strike them tonight.”
•Incredible fiction? We think not. We believe that were there a “kinetic,” or conventional, war today in which U.S. forces were opposed by Iran, Russia, China, or even to some extent North Korea, the Defense Department would be hampered in the execution of its operations and largely unable to conduct significant offensive cyberoperations against enemy military targets.
In this scenario, the United States faced off against Iran and lost, at least in the first round. In the real world, Iran does have significant offensive cybercapabilities. The barrier to entry to having a meaningful cyberwar offensive force is low. Countries that could never defeat the United States in a purely conventional military battle can pose significant asymmetric risks to us in cyberspace.
Excerpt from The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats by Richard A. Clarke and Robert K. Knake. Published by the Penguin Press.