How to Lose a Cyberwar
Why is America still letting online jihadists run amok?
The five young men detained in Pakistan this week — like a whole new generation of jihadis — appear to have made considerable use of the Internet in their alleged approach to al Qaeda. Their story points out that, more than eight years after 9/11, terrorist networks are still not only able to stay in touch via cyberspace, but that they are even extending their reach thanks to our giving them a free ride in the virtual domain.
U.S. President Barack Obama often speaks about his central strategic objective of denying al Qaeda its haven in Waziristan, but he says nary a word about taking away its "virtual haven" in cyberspace. This omission is more than his alone, as none of the key military, intelligence, and law-enforcement arms of the U.S. government have done much to curtail terrorist use of the Net.
Those who do try to keep an eye on terrorism in cyberspace often argue that they learn a lot about enemy networks by monitoring their narratives on jihadi websites. But if this made a real difference, we would have already won the war on terror.
Instead of thinking of cyberspace principally as a place to gather intelligence, we need to elevate it to the status of "battlespace." This means that we either want to exploit terrorists’ use of the Web and Net unbeknownst to them, or we want to drive them from it.
We need to think of gaining an information edge, like the one enjoyed by the Allies in World War II. In that conflict, the first high-performance computing capability was created, and broke German and Japanese codes, enabling a series of victories to be won — from the Mediterranean to Midway — long before Allied material advantages could be brought to bear.
A similar capability fielded today against al Qaeda would do much more than just catch confused young men on their journey to the jihad. It would also intercept the messages that guide the movement of terrorist money, identify existing cells and nodes and enable us to go after them in the physical world, and allow us to preempt new attacks.
The officials I try to lobby in favor of creating this new "Magic" (the American name for the World War II code-breaking capability) always argue that, once the enemy realizes we have this capability, they will go to ground and we will know even less about where they are and what they intend to do next.
I make two replies to this objection. The first is that neither the Germans nor the Japanese ever figured out that the Allies could break their codes. Indeed, they were convinced that they had high-level traitors within their own regimes.
My second reply is that, even if the enemy finds out that we’re on to them in cyberspace, all they can do is leave the virtual world. This would absolutely cripple a network spread out across more than 60 countries. And it would have a very chilling effect on potential recruits if they thought they might be under surveillance as soon as they started clicking. No more Sargodha Fives.
But, for all the benefits of striving for this information edge, there is one big difference from the situation during World War II: We need to develop more than just code-breaking capabilities. We must also focus on detection and tracking tools, and craft international agreements that allow us to move swiftly in hot pursuit among servers located across many different sovereignties.
The alternative to getting more aggressive about exploiting the terrorists in cyberspace, or driving them from it, is that the networks will continue to metastasize. The young men in Sargodha are not even the tip of the iceberg. If the al Qaeda narrative appeals to only 5 percent of the Muslim world — as many experts suggest — we’re still talking about a core constituency of some 70 million people.
But if wannabe jihadis are attracted to the 12th-century logic of al Qaeda, they still need 21st-century information technology to link up. The events in Sargodha, the other current case of David Headley in Chicago, and the earlier instance of Najibullah Zazi the Denver airport shuttle driver, all point to an emergent subculture — one that is increasingly enabled by and dependent upon cyberspace.
So let’s take advantage of this dependence. Now.