America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare [Hardcover]

Joel Brenner (Author)

Book Description

Release date: September 29, 2011

A former top-level National Security Agency insider goes behind the headlines to explore America's next great battleground: digital security. An urgent wake-up call that identifies our foes; unveils their methods; and charts the dire consequences for government, business, and individuals.

Shortly after 9/11, Joel Brenner entered the inner sanctum of American espionage, first as the inspector general of the National Security Agency, then as the head of counterintelligence for the director of national intelligence. He saw at close range the battleground on which our adversaries are now attacking us-cyberspace. We are at the mercy of a new generation of spies who operate remotely from China, the Middle East, Russia, even France, among many other places. These operatives have already shown their ability to penetrate our power plants, steal our latest submarine technology, rob our banks, and invade the Pentagon's secret communications systems.

Incidents like the WikiLeaks posting of secret U.S. State Department cables hint at the urgency of this problem, but they hardly reveal its extent or its danger. Our government and corporations are a "glass house," all but transparent to our adversaries. Counterfeit computer chips have found their way into our fighter aircraft; the Chinese stole a new radar system that the navy spent billions to develop; our own soldiers used intentionally corrupted thumb drives to download classified intel from laptops in Iraq. And much more.

Dispatches from the corporate world are just as dire. In 2008, hackers lifted customer files from the Royal Bank of Scotland and used them to withdraw $9 million in half an hour from ATMs in the United States, Britain, and Canada. If that was a traditional heist, it would be counted as one of the largest in history. Worldwide, corporations lose on average $5 million worth of intellectual property apiece annually, and big companies lose many times that.

The structure and culture of the Internet favor spies over governments and corporations, and hackers over privacy, and we've done little to alter that balance. Brenner draws on his extraordinary background to show how to right this imbalance and bring to cyberspace the freedom, accountability, and security we expect elsewhere in our lives.

In America the Vulnerable, Brenner offers a chilling and revelatory appraisal of the new faces of war and espionage-virtual battles with dangerous implications for government, business, and all of us.

Editorial Reviews

Review

"Cybercrime, espionage, and warfare are among the great challenges of this century, but as Joel Brenner argues, we are woefully ill-prepared to meet them. Drawing on history, law, economics, common sense, and his rare experience in counterintelligence, Brenner deftly describes the problems and offers a series of very practical solutions. This book is both well written and convincing."

(-Joseph Nye, author of Soft Power and The Future of Power )

"If you have a responsibility for protecting intellectual property, trade secrets and other instruments of successful business; if you are responsible for protecting national information and technology interests then you have a responsibility to read this book. Bring a change of underwear."

(-Vint Cerf, chief Internet evangelist at Google )

"America the Vulnerable offers an expert's keen insight into the netherworld of cyberrisk. Rich in facts, stories, and analysis, the book is a clarion call for more effective cyberpolicies and practices in both the government and private sector. America should take heed."

(-Ambassador Henry A. Crumpton, author of The Art of Intelligence )

"Brenner takes us inside the daily battle in the world of cyber espionage, where China and others are stealing American corporations' 'secret sauce.' He shows us the on-going cyber war that the US is losing."

(-Richard Clarke, author of Cyber War and Against All Enemies )

"Joel Brenner is a quiet hero-a lawyer who, after 9/11, forsook a prosperous life to serve the United States on a different kind of front line: the world of intelligence. He has written a book about cyberspace that will inform his fellow citizens-and should trouble them deeply. Any reader, casually familiar with the hacking and computer mischief that one reads about daily, will nonetheless be appalled at what he learns here about the scope of cyberespionage, crime, and malicious action that has already been directed against private citizens, corporations, and the government. A lucid, scary, and very important book."

(-Eliot Cohen, author of Supreme Command and Conquered into Liberty )

"Joel Brenner's book should be front and center in the 2012 presidential race. Scarier than a Stephen King novel-only this is nonfiction!"

(-David Smick, author of the international bestseller The World Is Curved )

About the Author

Joel Brenner is a former senior counsel at the National Security Agency, where he advised on legal and policy issues relating to network security. Previously, he served as the national counterintelligence executive in the Office of the Director of National Intelligence and as NSA's inspector general. He is a graduate of the University of Wisconsin-Madison (B.A.), The London School of Economics (Ph.D.), and Harvard Law School (J.D.). Brenner currently practices law in Washington, D.C., specializing in cyber-security and related issues.

Product Details

• Hardcover: 320 pages
• Publisher: Penguin Press HC, The (September 29, 2011)
• Language: English
• ISBN-10: 159420313X
• ISBN-13: 978-1594203138
• Product Dimensions: 6.1 x 9.2 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 5.0 out of 5 stars  See all reviews (20 customer reviews)
• Amazon Best Sellers Rank: #94,747 in Books (See Top 100 in Books)
  • #84 in Books > Computers & Technology > Business & Management > Culture
  • #89 in Books > Computers & Technology > Business & Management > Privacy

More About the Author

Discover books, learn about writers, read author blogs, and more.

Most Helpful Customer Reviews

24 of 26 people found the following review helpful

5.0 out of 5 stars We Really Are Vulnerable - October 1, 2011

By Loyd E. Eskildson HALL OF FAME

Format:Hardcover

Author Joel Brenner was Inspector General of the National Security Agency after 9/11, then head of counter-intelligence for the director of National Intelligence. His book introduction does an excellent job summarizing recent intelligence thefts - the Chinese downloading up to 20 terabytes of information from DOD (equal to about one-fifth of all the data in the Library of Congress), Wiki-Leaks acquiring classified diplomatic cables, specifications for the avionics and armor on the president's helicopter ending up in Iran, theft of corporate technology and millions of consumer credit card information, and the details for a new silent submarine drive system and a new advanced radar system - each costing billions and requiring years to develop. Then there's vulnerability issues over our electric, pipeline, financial, air traffic-control, and telecommunications systems. Clearly the work of spies and thieves has become much easier and more efficient.

Yet, with all the thousands of reported Internet crimes in the U.S. reported every year, only 15 resulted in arrests or prosecutions in 2008, 19 in 2007. Botnets (linked computers taking directions from a hostile 'master') can shut down targeted systems (distributed-denial-of-service, aka 'DDOS'), and make identifying and blocking the perpetrators quite difficult when overseas computers are involved (as they usually are) - sometimes these overseas perpetrators are located in nations with no laws against cyber crimes, such as Africa or Latin America.

The FBI has estimated that China's PLA has 30,000 cyberspies, augmented by another 150,000 in the private sector. Russia has a similar situation.

Amazingly, the U.S. has a number of isolated (non-connected) classified computer systems that aren't connected - thus, users are forced to use thumb drives to transfer data from one system to another. Sometimes those drives are unknowingly loaded with malware, and given away or possibly loaded prior to sale. Another problem is that others (eg. some Afghan groups) have learned to download images in real-time from out satellites and UAVs.

Stuxnet was a complex computer virus that disabled about one-fifth of Iran's centrifuges, probably developed by the U.S. and Israel. Brenner elaborates on this because it illustrates what others could possibly do to the U.S. Then there was the complex and expensive electric generator (hard to replace) that was ruined in Idaho as a demonstration of what others could do while interfering with our electricity network. Brenner also reminds us that some foreign-made microchips sold to defense manufacturers have been infected with viruses that likely would allow them to be disabled upon command from a malicious source.

Brenner's book provides an excellent summary of a major problem. His recommendations, however, are less useful. For example, he suggests requiring that ISPs notify customers whose computer have been tied into botnets - Mark Bowden's 'Worm,' however, tells us that it is no longer possible to readily identify those infected with the Conficker worm virus. Thus, another Brenner recommendation, banning DOD contracting with companies that host botnets, seems problematic as well. On the other hand, his recommendations for timely patching, encryption of all valuable data (amazingly this often is not done), and conducting cooperative international research on improving Internet security (China is interested) are quite valid. But I'm also less than sympathetic to banks and credit card issuers not adopting Europe's more advanced anti-theft system that includes a chip on the cards - reportedly U.S. firms don't want to spend the money to upgrade their ATM and card-reader equipment.

I have one more point. The U.S. needs to recognize that asymmetric warfare, of which computer espionage is one dimension, has reduced our former advantage over others. Further, our economic weakness does not allow spending much more money on security. Accordingly, we need to scale back our military and State Department involvements to activities that are more economically and technologically supportable.

17 of 20 people found the following review helpful

5.0 out of 5 stars Must-read for digital and national security policymakers and practitioners October 23, 2011

By Richard Bejtlich

Format:Hardcover

America the Vulnerable (ATV) is one of the best "big picture" books I've read in a long while. The author is a former NSA senior counsel and inspector general, and was the National Counterintelligence Executive (NCIX). In these roles he could "watch the fireworks" (not his phrase, but one popular in the intel community) while the nation suffered massive data exfiltration to overseas adversaries. ATV explains the problem in terms suitable for those familiar with security issues and those learning about these challenges. By writing ATV, Joel Brenner accurately and succinctly frames the problems facing the US and the West in cyberspace.

In this review I'd like to highlight some of Mr Brenner's insights and commentary.

On pp 65-7 he discusses "China's Long View... China had the world's largest economy for eighteen of the past twenty centuries. The two exceptions were those of America's youth and rise to power.... Like India, China does not regard Western domination as normal, and it does not suffer from an inferiority complex. China's chief national strategic objectives are to lift its population out of poverty and reestablish its place in the international order."

On pp 68-71 he explains the problem with the binary thinking of Westerners regarding war. China does not see war as a binary issue, where one is either at peace OR at war. "This kind of ambiguity is difficult for Americans to digest. We are direct and aboveboard, and we like to think others are like us -- or would be if given half a chance... [W]e suffer from a Western misconception in our law, religion, and policy that 'peace' and 'war' are opposites that cannot occur at the same time... Many Americans cling to this view, even though war has not been declared on the planet since 1945, while there have been hundreds of organized, violent, and militarized struggles in the interim."

On pp 71-3 he reiterates my point that the consequences of digital assault from China are indeed new, as well as the assault itself. "Our companies are under constant, withering attack. After the Google heist, *companies* [all emphasis is original] started asking the government for help in defending themselves against *nations*. This was unprecedented. We are now in uncharted territory... the boundary between economic security and national security has completely disappeared... While the scope of and intensity of economic espionage have assumed startling proportions, the 'traditional' espionage assault on our national defense establishment dwarfs anything we have ever before experienced."

On pp 75-77 Mr Brenner describes instances of espionage and consequences. "[Chi Mak] is the first spy (that we know of) through whom we lost critical military secrets and who was not a government employee. He will not be the last. If further proof were required, the case thus illustrates how thoroughly the functional boundary between the private sector and the government has dissolved... In essence, the PRC is leveraging the Pentagon's R&D budget in support of its own war-making capability."

Mr Brenner focuses on Chinese espionage in ATV; the following from p 78 is a good summary: "In contrast to the Russians, who are highly professional, the PRC often enlists amateurs from among a huge pool of sympathizers."

In the middle of the book Mr Brenner concentrates on the China threat by correctly identifying that the Chinese do not want a shooting war with the US. Rather (quoting Chinese military thinkers on p 118) "the objective in warfare would not be killing or occupying territory, but rather paralyzing the enemy's military and financial computer networks and its telecommunications. How? By taking out the enemy's power system. Control, not bloodshed, would be the goal... [Continuing on pp 126-7,] The Prussian Carl von Clausewitz, and Mao after him, had called war 'politics by other means.' [Strategists] Qiao and Wang seemed to be saying the reverse: Politics -- and economics and communications and everything else -- was war by other means. And while Clausewitz had preached the doctrine of the decisive battle, Qiao and Wang said there would be no more decisive battles."

Ch 9, "Thinking About Intelligence," is one of my favorite chapters because Mr Brenner examines the role of information and intelligence agencies in the modern world. On p 196 he makes a fascinating point: "To understand the future of the private sector's role in intelligence, we don't need a crystal ball. We can just as well look backward as forward, because we are experiencing a return to a historical norm." He then argues that the private sector is developing intel capabilities rivaling the government, which was the case prior to the creation of national agencies in the 20th century. On p 209 he recommends the following: "[T]he best way to run an intelligence agency is to focus tightly on the parts of the business that are really secret and separate them from the rest. You spend more money on open-source collection and analysis, and let them happen in controlled but unclassified space. You beef up counterintelligence. And you pay much more attention to the electronic handling and dissemination of information."

In the final chapter he offers some recommendations for improvement. I liked this statement on p 216: "If you wait for the incoming danger to reach you, you won't be able to defend against it. CYBERCOM solves this problem by letting the general in charge of defending national security networks use offensive tools outside his networks in order to know what's coming. To be blunt, espionage is an essential aspect of defense. To know what's coming, we must be living inside our adversaries' networks before they launch attacks against us." Note that is the traditional role of espionage, a model which the Chinese shatter by *living inside our companies' networks, solely to steal our intellectual property*.

I only found one small typo on p 194: The Yom Kippur War happened in 1973, not 2003.

Overall, I really enjoyed ATV. While I don't think the suggestions for improvement in the last chapter are sufficient to mitigate the threat, several of them are a good start. I highly recommend reading ATV at your earliest opportunity!

7 of 7 people found the following review helpful

5.0 out of 5 stars Sobering and essential October 6, 2011

By Jeffrey Herf

Format:Hardcover

America the Vulnerable is that welcome and infrequent book by a very fine writer who also has the skills to operate successfully at the top levels of the United States government. Joel Brenner offers us an insider's grasp of the vulnerabilities that a system built for transparency has created when it has become indispensable for the functioning of the nation's security and economy. He is one former government official who makes his argument with literary grace, a lawyer's attention to detail and the big picture, sophistication about politics and economics as well as a bit of humor even when dealing with very serious matters. Mixing analysis of the way internet is built with fascinating anecdotes and examples, Brenner makes a compelling case about the vulnerabilities that the internet in its current form creates for American national security, our economy, physical and energy infrastructure, financial system and our own privacy. This is a book for anyone who uses the internet, not only for officials in government, business leaders and computer experts. It is a timely intervention that anticipates problems we are and will be facing. It should stimulate informed and much needed public discussion now and in years to come.