Cyber-intruder sparks massive federal response — and debate over dealing with threats

Agent.btz had spread widely among military computers around the world, especially in Iraq and Afghanistan, creating the potential for major losses of intelligence. Yet the ban generated backlash among officers in the field, many of whom relied on the drives to download combat imagery or share after-action reports.

The NSA and the military investigated for months how the infection occurred. They retrieved thousands of thumb drives, many of which were infected. Much energy was spent trying to find “Patient Zero,” officials said. “It turned out to be too complicated,” said one. “We could never bring it down to as clear as . . . ‘that’s the thumb drive.’ ”

The rate of new infections finally subsided in early 2009. Officials say no evidence emerged that Agent.btz succeeded in communicating with a master computer or in putting secret documents in enemy hands. The ban on thumb drives has been partially lifted because other security measures have been put in place.

‘A great catalyst’

Buckshot Yankee bolstered the argument for creating Cyber Command, a new unit designed to protect the military’s computer and communications systems. It gave NSA Director Alexander the platform to press the case, advocated by others, that the new command should be able to use the NSA’s capabilities to obtain foreign intelligence to defend the military’s systems.

“It was a great catalyst,” said Alexander, although the effort later faced questions about whether the head of the largest and most secretive intelligence agency should also lead the new organization.

The new organization, which has a staff of 750 and a budget of $155 million, brings together the Joint Task Force-Global Network Operations, which carried out the bulk of the cleanup work under Buckshot Yankee, and the Network Warfare unit, the military’s offensive cyber arm. It began full operations on Oct. 31, 2010, with Alexander as its head.

But the creation of Cyber Command did not resolve several key debates over the national response to cyberthreats. Agent.btz provoked renewed discussion among senior officials at the White House and key departments about how to best protect critical private-sector networks.

Some officials argued that the military was better equipped than the Department of Homeland Security to respond to a major destructive attack on a power grid or other critical system, but others disagreed.

“Cyber Command and [Strategic Command] were asking for way too much authority” by seeking permission to take “unilateral action . . . inside the United States,” said Gen. James E. Cartwright Jr., who retired as vice chairman of the Joint Chiefs in August.

Officials also debated how aggressive military commanders can be in defending their computer systems.

“You have the right of self-defense, but you don’t know how far you can carry it and under what circumstances, and in what places,” Cartwright said. “So for a commander who’s out there in a very ambiguous world looking for guidance, if somebody attacks them, are they supposed to run? Can they respond?”