There’s a reason we believe the excuse that offense can keep us safe: Offense is a bloody masterpiece.
Starting in 2007, the United States, together with Israel, launched an attack on Iran’s Natanz nuclear facility that destroyed about a fifth of Iran’s centrifuges. That attack, called Stuxnet, spread using seven vulnerabilities, known as “zero days” in the industrial software of Microsoft and Siemens. (Only one has been revealed before, but has never been patched.) In a short time, Stuxnet has been a huge success. It set out Iran’s nuclear ambitions many years ago and prevented the Israelis from bombing Natanz and triggering World War III. In the long run, it showed allies and rivals what they were lacking and changed the order of the digital world.
In the decade that followed, an arms race was born.
NSA analysts left the agency to start cyber weapons factories, such as the Vulnerability Research Lab in Virginia, which sells click-and-shoot tools to U.S. agencies and co-workers. Our closest English-speaking Five Eyes. One contractor, Immunity Inc., founded by a former NSA analyst, has embarked on a more slippery slope. First, the staff said, the consultants trained by Immunity like Booz Allen, then the defense contractor Raytheon, then the Dutch and Norwegian governments. But soon the Turkish army came to fight it upside down.
Companies like CyberPoint have gone a step further, headquartered abroad, share tools and handicrafts, the UAE will eventually use its own people. In Europe, Pentagon spyware vendors, like the Hacking Team, started trading those same tools to Russia, then to Sudan, which used them to have a ruthless effect. .
As the market expands beyond the direct control of the NSA, the agency’s focus remains on crime. The NSA knew it was the flaws they were looking for and exploiting elsewhere that would one day strike the Americans. Its answer to this dilemma is to condense American exceptionalism into an acronym – NOBUS – which stands for “Nobody but Us”. If the agency finds a vulnerability they believe only they can exploit, it will hoard it.
This strategy is part of what General Paul Nakasone, the current head of NSA – and George Washington and Chinese strategist Sun Tzu before him – called “active defense”.
In modern warfare, “active defense” means hacking the enemy’s network. It is mutual destruction in the digital age: We infiltrated Russia’s troll network and its net like a show of force; Iran’s nuclear facilities, to take out its centrifuges; and Huawei’s source code, to infiltrate its customers in Iran, Syria and North Korea, to spy and set up an early warning system for the NSA, in theory, to counter attacks attack before they attack.