Authors: Fred Kaplan
The Russians, by now, had learned to encrypt their most vital command-control channels, but the NSA figured out how to break the codes, at least some of them. When cryptologists of whatever nationality coded a signal, they usually made a mistake here and there, leaving some passages in plain text. One way to break the code was to find the mistake, work backward to see how that passageâsay, an often-used greeting or routine military jargonâhad been encrypted in previous communiqués, then unravel the code from there.
Bobby Ray Inman had been director of naval intelligence before he took over the NSA in 1977, at the start of President Carter's term. Even back then, he and his aides had fiddled with encryption puzzles. Now with the NSA's vast secret budget at his disposal, Inman went at the task with full steam. In order to compare encrypted passages with mistakes in the clear, he needed machines that could store a lot of data and process it at high speed. For many years, the NSA had been building computersâvast corridors were filled with themâbut this new task exceeded their capacity. So, early on in his term as director, Inman started a program called the Bauded Signals Upgrade, which involved the first “supercomputer.” The machine cost more than a billion dollars, and its usefulness was short-lived: once the Soviets caught on that their codes had been broken, they would devise new ones, and the NSA code breakers would have to start over. But for a brief period of Russian obliviousness, the BSU helped break enough high-level codes that, combined with knowledge gained from other penetrations, the United States acquired an edgeâpotentially a decisive edgeâin the deadliest dimension of the Cold War competition.
Inman had a strong ally in the Pentagon's top scientist, William Perry. For a quarter century, Perry had immersed himself in precisely this way of thinking. After his Army service at the end of World War II, Perry earned advanced degrees in mathematics and took a job at Sylvania Labs, one of the many high-tech defense contractors sprouting up in Northern California, the area that would later be called Silicon Valley. While many of these firms were designing radar and weapons systems, Sylvania specialized in electronic
counter
measuresâdevices that jammed, diffracted, or disabled those systems. One of Perry's earliest projects involved intercepting the radio signals guiding a Soviet nuclear warhead as it plunged toward its target, then altering its trajectory, so the warhead swerved off course. Perry figured out a way to do this, but he told his bosses it wouldn't be of much use, since Soviet nuclear warheads were so powerfulâseveral
megatons of blast, to say nothing of thermal heat and radioactive falloutâthat millions of Americans would die anyway. (This experience led Perry, years later, to become an outspoken advocate of nuclear arms-reduction treaties.)
Still, Perry grasped a key point that most other weapons scientists of the day did not: that getting inside the enemy's communications could drastically alter the effect of a weaponâand maybe the outcome of a battle or a war.
Perry rose through the ranks of Sylvania, taking over as director in 1954, then ten years later he left to form his own company, Electromagnetic Systems Laboratory, or ESL, which did contract work almost exclusively for the NSA and CIA. By the time he joined the Pentagon in 1977, he was as familiar as anyone with the spy agencies' advances in signals intelligence; his company, after all, had built the hardware that made most of those advances possible.
It was Perry who placed these scattershot advances under a single rubric: “counter-C2 warfare,” the “C2” standing for “command and control.” The phrase derived from his longtime preoccupation with electronic countermeasures, for instance jamming an enemy jet's radar receiver. But while jammers gave jets a
tactical
edge, counter-C2 warfare was a
strategic
concept; its goal was to degrade an enemy commander's ability to wage war. The concept regarded communications linksâand the technology to intercept, disrupt, or sever themânot merely as a conveyor belt of warfare but as a decisive weapon in its own right.
When Jimmy Carter was briefed on these strategic breakthroughs, he seemed fascinated by the technology. When his successor, the Cold War hawk Ronald Reagan, heard the same briefing a year later, he evinced little interest in the technical details, but was riveted to the big picture: it meant that if war broke out between the superpowers, as many believed likely, the United States could win, maybe quickly and decisively.
In his second term as president, especially after the reformer Mikhail Gorbachev took over the Kremlin, Reagan rethought the implications of American superiority: he realized that his military's aggressive tactics and his own brazen rhetoric were making the Russians jumpy and the world more dangerous; so he softened his rhetoric, reached out to Gorbachev, and the two wound up signing a string of historic arms-reduction treaties that nearly brought the Soviet Unionâthe “evil empire,” as Reagan had once described itâinto the international order. But during his first term, Reagan pushed hard on his advantage, encouraging the NSA and other agencies to keep up the counter-C2 campaign.
Amid this pressure, the Russians didn't sit passive.
When they found out about the microwaves emanating from the U.S. embassy's tenth floor, they started beaming its windows with their own microwave generators, hoping to listen in on the American spies' conversations.
The Russians grew clever at the spy-counterspy game. At one point, officials learned that the KGB was somehow stealing secrets from the Moscow embassy. The NSA sent over an analyst named Charles Gandy to solve the mystery. Gandy had a knack for finding trapdoors and vulnerabilities in any piece of hardware. He soon found a device called the Gunman inside sixteen IBM Selectric typewriters, which were used by the secretaries of high-level embassy officials. The Gunman recorded every one of their keystrokes and transmitted the data to a receiver in a church across the street. (Subsequent probes revealed that an attractive Russian spy had lured an embassy guard to let her in.)
It soon became clear that the Russians were setting up microwave beams and listening stations all over Washington, D.C., and New York City. Senior Pentagon officialsâthose whose windows faced high buildings across the Potomac Riverâ
took to playing Muzak in their offices while at work, so that if a Russian spy was shooting
microwaves at those windows, it would clutter the ambient sound, drowning out their conversations.
Bobby Ray Inman had his aides assess the damage of this new form of spying. President Carter, a technically sophisticated engineer (he loved to examine the blueprints of the military's latest spy satellites), had been assured that his phone conversations, as well as those of the secretaries of state and defense, were carried on secure landlines. But NSA technicians traced those lines and discovered that, once the signal reached Maryland, it was shunted to microwave transmitters, which were vulnerable to interception. There was no evidence the Soviets
were
listening in, but there was no reason to think they weren't; they certainly
could
be, with little difficulty.
It took a while, but as more of these vulnerabilities were discovered, and as more evidence emerged that Soviet spies were exploiting them, a disturbing thought smacked a few analysts inside NSA:
Anything we're doing to them, they can do to us
.
This anxiety deepened as a growing number of corporations, public utilities, and government contractors started storing data and running operations on automated computersâespecially since some of them were commingling classified and unclassified data on the same machines, even the same software. Willis Ware's warnings of a dozen years earlier were proving alarmingly prophetic.
Not everyone in the NSA was troubled. There was widespread complacency about the Soviet Union: doubt, even derision at the idea, that a country so technologically backward could do the remarkable things that America's SIGINT crews were doing. More than that, to the extent computer hardware and software had security holes, the NSA's managers were reluctant to patch them. Much of this hardware and software was used (or copied) in countries worldwide, including the targets of NSA surveillance; if it could easily be hacked, so much the better for surveillance.
The NSA had two main directorates: Signals Intelligence and Information Security (later called Information Assurance). SIGINT was the active, glamorous side of the puzzle palace: engineers, cryptologists, and old-school spies, scooping up radio transmissions, tapping into circuits and cables, all aimed at intercepting and analyzing communications that affected national security. Information Security, or INFOSEC, tested the reliability and security of the hardware and software that the SIGINT teams used. But for much of the agency's history, the two sides had no direct contact. They weren't even housed in the same building. Most of the NSA, including the SIGINT Directorate, worked in the massive complex at Fort Meade, Maryland. INFOSEC was a twenty-minute drive away, in a drab brown brick building called FANEX, an annex to Friendship Airport, which later became known as BWI Marshall Airport. (Until 1968, INFOSEC had been still more remote, in a tucked-away buildingâwhich, many years later, became the Department of Homeland Security headquartersâon Nebraska Avenue, in Northwest Washington.) INFOSEC technicians had a maintenance function; they weren't integrated into operations at all. And the SIGINT teams did nothing
but
operations; they didn't share their talents or insights to help repair the flaws in the equipment they were monitoring.
These two entities began to join forces, just a little, toward the end of Carter's presidency. Pentagon officials, increasingly aware that the Soviets were penetrating their communications links, wanted INFOSEC to start testing hardware and software used not only by the NSA but by the Defense Department broadly. Inman set up a new organization, called the Computer Security Center, and asked his science and technology chief, George Cotter, to direct it. Cotter was one of the nation's top cryptologists; he'd been doing signals intelligence since the end of World War II and had worked for the NSA from its inception. Inman wanted the new center to start bringing
together the SIGINT operators and the INFOSEC technicians on joint projects. The cultures would remain distinct for years to come, but the walls began to give.
The order to create the Computer Security Center came from the ASD(C3I), the assistant secretary of defense for command, control, communications, and intelligenceâthe Pentagon's liaison with the NSA. When Reagan became president, his defense secretary, Caspar Weinberger, appointed Donald Latham to the position. Latham had worked SIGINT projects with George Cotter in the early to mid-1970s on the front lines of the Cold War: Latham as chief scientist of U.S. European Command, Cotter as deputy chief of NSA-Europe. They knew, as intimately as anyone, just how deeply both sidesâthe Soviets and the Americans (and some of their European allies, too)âwere getting inside each other's communications channels. After leaving NSA, Latham was named deputy chief of the Pentagon's Office of Microwave, Space and Mobile Systemsâand, from there, went on to work in senior engineering posts at Martin Marietta and RCA, where he remained immersed in these issues.
When General Jack Vessey came back from that White House meeting after Ronald Reagan had watched
WarGames
and asked his aides to find out whether someone could hack into the military's most sensitive computers, it was only natural that his staff would forward the question to Don Latham. It didn't take long for Latham to send back a response, the same response that Vessey would deliver to the president:
Yes, the problem is much worse than you think.
Latham was put in charge of working up, and eventually drafting, the presidential directive called NSDD-145. He knew the various ways that the NSAâand, among all federal agencies, only the NSAâcould not only hack but also secure telecommunications and computers. So in his draft, he put the NSA in charge of all their security.
The directive called for the creation of a National Telecommunications and Information Systems Security Committee “to consider technical matters” and “develop operating policies” for implementing the new policy. The committee's chairman would be the ASD(C3I)âthat is to say, the chairman would be Don Latham.
The directive also stated that residing within this committee would be a “permanent secretariat composed of personnel of the National Security Agency,” which “shall provide facilities and support as required.” There would also be a “National Manager for Telecommunications and Automated Information Systems Security,” who would “review and approve all standards, techniques, systems, and equipments.” The directive specified that this National Manager would be the NSA director.
It was an ambitious agenda, too ambitious for some. Congressman Jack Brooks, a Texas Democrat and Capitol Hill's leading civil-liberties advocate, wasn't about to let the NSAâwhich was limited, by charter, to surveillance of foreignersâplay any role in the daily lives of Americans. He wrote, and his fellow lawmakers passed, a bill that revised the president's directive and denied the agency any such power. Had Don Latham's language been left standing, the security standards and compliance of every computer in Americaâgovernment, business, and personalâwould have been placed under the tireless gaze of the NSA.
It wouldn't be the last time that the agency tried to assert this powerâor that someone else pushed back.
O
N
August 2, 1990, Saddam Hussein, the president of Iraq, ordered his army to invade Kuwait, the small country to the south. Three days later, President George H. W. Bush declared that this aggression “will not stand.” On January 17, 1991, after a massive mobilization, U.S. helicopters and combat planes fired the first shots of a month-long air campaign over Iraqâfollowed, on February 24, by a hundred-hour ground assault, involving more than a half million American troops enveloping and crushing the Iraqi army, pushing its scattered survivors back across the border.