The release this month of Shane Harris’ @War: The Rise of the Military-Internet Complex was aptly timed.

Within the weeks surrounding its publication, there have been new revelations of cyber-espionage incidents, believed to have originated from the governments of China and Russia, against Western government agencies, industries and dissident groups. At the same time, national security officials in the UK made a public appeal to private Internet and telecommunications companies to assist western security agencies in waging the fight against ISIS. News reports also emerged questioning the business dealings of Gen. Keith Alexander, the former head of the U.S. National Security Agency (NSA) and a central figure in Harris’ book, and raised the specter of insider profiteering from the close cooperation between the NSA and the private-sector technology companies enlisted by the NSA during Alexander’s tenure. In addition, the U.S. Court of Appeals in DC heard oral arguments on the challenge to the constitutionality of the NSA’s bulk collection of phone metadata.

All of these issues are implicated by @War. Harris does a thorough job of describing in frightening detail the rise of cyber-threats to American governmental and private interests. At the same time, however, he gives equal treatment to how the response to these threats has resulted in a new “military-Internet complex,” very similar to the military-industrial complex that President Dwight Eisenhower warned of on his departure from office. Quoting in part Eisenhower’s words, Harris’ concern is “‘the acquisition of unwarranted influence’ … by an alliance of government and industry …. (which) portend(s) ‘grave implications’ if ‘the potential for the disastrous rise of misplaced power’ (is) not checked.’” In our rush to respond to what are undoubtedly very serious threats, Harris argues that we have allowed a single agency, the NSA, to make the rules up as it goes and to make vital decisions affecting privacy, cybersecurity and cyber warfare. The result that Harris describes is an unprecedented and potentially dangerous level of cooperation between our national security agencies and civilian technology companies that hold the keys to private communications and other data.

Harris sets the stage by recounting how the Defense Department and executives of defense contractors became alarmed upon discovering that some entity, apparently connected with the Chinese Government, was hacking the plans for the new $335 billion F-35 jet. The coordination between the U.S. government and the civilian contractors to identify the source of the hacking and prevent further intrusions was understandable but demonstrated what has become a tightening alliance between government and private industry that has blurred the distinction between government and civilian activity, and cybersecurity and cyber warfare.   

Harris then details the development of tools to detect, hack and ultimately misdirect opposition forces during the 2007 surge in Iraq. By using data obtained through the NSA’s SIGINT (Signals Intelligence) Section, U.S. forces were able to identify and pinpoint the locations of opposing forces, IED teams and even a maker of suicide bomb vests, apprehended while fitting an aspiring bomber. These tactics undoubtedly saved American lives and helped the surge to succeed. The episode also showed the powerful ways in which the government could go on the offensive and not simply defend against cyber-attacks. Harris shows how this capability would later prove to be troublesome when private companies were enlisted to cooperate in preparation for other potential cyber-attacks.

Another interesting aspect of @War is Harris’ telling of how the Obama administration came to publicly challenge China with respect to its cyber-espionage activities. Harris tells of two occasions in which first Google and second the security firm Mandiant chose to go public with detailed accusations of China’s cyber-spying, even though the administration had not yet been willing to do so. Once the private companies went public with the information, however, the administration used the occasions as the opportunity to publicly reprimand China and call on it to cease these activities.

In what seems to be a rather polarized debate over privacy and national security matters, Harris’ @War stands out as an even-handed and informative work. For the most part, Harris avoids taking sides, and his book is not a lecture about the primacy of privacy concerns. Indeed, he plainly states that the NSA is indispensable and is not the enemy, and the reader cannot help but be alarmed by the unceasing efforts of governmental and nongovernmental hackers against western military entities and key civilian industries. I doubt that those who have strong leanings one way or the other on national security versus privacy debates will change their minds. Harris brings the Edward Snowden revelations into the discussion where relevant but does not venture any personal judgments about him.

Those who are enmeshed in the business of cybersecurity may already be aware of many of the events Harris recounts, but Harris takes matters one step further and shows how private technology companies, vital industries and our national security apparatus have become deeply intertwined in combating both cyber-espionage and theft and creating offensive cyber capabilities. He describes the rapidly revolving door through which highly skilled computer professionals obtain training and security clearances in our national security agencies and then move to the private sector where they can double or triple their salaries doing essentially the same work while maintaining their close ties with the government.

Further, Harris is clearly troubled by certain tactics taken by the NSA, such as when it has become aware of vulnerabilities in particular software or systems. On occasion, the NSA has decided not to disclose those vulnerabilities or else it has encouraged businesses not to cure them in order to permit the NSA to better identify that adversary and determine its goals. Harris also describes the tactic of injecting malware into an adversary’s computers and servers overseas, and shows that this tactic may have unforeseen consequences.

Ultimately, Harris concludes that we should not allow one entity—namely, the NSA—to set the rules for cybersecurity on the fly, nor should we permit one agency to consolidate authority over military (cyber warfare), spying and the protection of domestic nonmilitary computer systems and infrastructure.