BLOG POST: Washington Post investigation reveals military digital complex

The militarisation of computer hacking is well underway...

So here's some food for thought: According to a report in the Washington Post, 22 US Government departments and 143 private companies are involved in top secret "cyber operations" programs.

The numbers were revealed as the paper published the results of a two-year investigation into the post 9-11 military industrial and intelligence complex in the United States. They seem to confirm the emergence of a "military digital complex".

More on that in a bit.

The investigation is said to have caused minor panic in the intelligence community in the United States, and you can see why. While the newspaper hasn't unveiled any secret information, per se, some of its revelations are staggering:

  • 854,000 Americans hold top secret security clearances.
  • As many agencies and contractors are involved in top secret cyber ops as are involved in top secret border control.
  • 1,271 Government organisations and 1,931 private companies work on intelligence, counter terrorism and homeland security related programs.

Cyber Operations, as defined by The Washington Post, encompasses "the fields of computer network attack, computer network exploitation, and computer network defence".

The category also includes "traditional electronic warfare" intended to knock out electronically dependent equipment. EMP anyone?

There's an interesting table here that shows where the money's going.

I discussed the emergence of "militarised hacking" nearly two years ago with Dan Geer, the Chief Information Security Officer of In-Q-Tel, a strange organisation that essentially acts as the CIA's private investment arm. I should stress here that Dan was not being interviewed as a representative of In-Q-Tel, just as an infosec luminary.

The topic of the interview was the emergence of the "military digital complex".

US President Dwight Eisenhower coined the term "military industrial complex" during his farewell address in 1961. His speech warned the United States was in danger of developing a war-dependent economy.

Could the same happen in the digital arena? I asked Geer in 2008 if we were seeing the emergence of a "military digital complex".

"There comes a point at which the legitimate questions of nation statehood, of sovereignty, also get confabulated with the interests of what had been an industrial world and is now a digital world," he answered.

"It should come as no surprise to us I think, that those who... profit from war in materiel and machinery will be supplanted in time by those who profit in war from digital goods."

Click here to listen to that interview.

What The Washington Post has done is as good as confirm the emergence of this military digital complex.

Increasingly I'm hearing of exploits, for example, being hoovered up by US intelligence agencies. People are disappearing into opaque organisations to do work they can't talk about.

What we're talking about here is the militarisation of computer hacking, something I find ironic given the counter-culture and rebellious roots of "the scene".

It's natural, I suppose, for a government to develop an offensive and defensive "cyber ops" capability.

But when does a ramp-up in capability turn into an arms race? How can we act surprised when we read reports of China building a cyber-army when the US Government has 165 separate entities working on cyber ops programs that are classified top secret?

On another note, how much money is going into the development of this sort of capability due to the inherent insecurity of civilian digital technology used in both commercial and industrial applications? Wouldn't we be better served by actually securing the world's civilian digital infrastructure? That way we wouldn't need an arms race.

It's my feeling that we should watch what the US Government does here with a keen eye. I fear a new arms race -- a digital arms race -- could be emerging. That's bad news for everyone -- it will hoover up talent and technology to the detriment of our industry, for starters.

We cannot compete with military budgets. Talented infosec researchers and developers will be sucked into the war machine instead of working on technologies that can benefit wider society.

Watch this space closely.