That was when J. Michael McConnell, a senior vice president at Booz Allen and former director of national intelligence in the George W. Bush administration, learned that Qatar wanted U.S. personnel at the keyboards of its proposed cyber-center, potentially to carry out attacks on regional adversaries.
“Are we talking about actually conducting these operations?” McConnell asked, according to several people at the meeting. When someone said that was the idea, McConnell uttered two words: “Hold it.”
Calls were made to U.S. government officials and experts in the elite world of defense consulting. It became clear to McConnell that the notion of conducting attacks was a deal-killer.
“We can’t have Americans at the keyboard running offensive operations,” said McConnell, a retired admiral who also ran the top-secret National Security Agency, according to those present. “It could be interpreted as an act of war.”
The Qatar incident highlights the reality of a new arms race — the worldwide push to develop offensive and defensive cyber-capabilities. Like many other countries, Qatar wanted to improve its computer defenses in the face of a growing network warfare threat. And like others, Qatar turned to the United States, where technology firms are acknowledged leaders in the field of cyberwarfare and cyberdefense.
The potential worldwide market means that U.S. companies must walk a fine line between selling their products and staying within export controls that are struggling to keep pace with the rapid technological advances in the field.
After Booz Allen backed off, so did Qatar. But not for long, in the case of Qatar.
In August, a cyberattack shut down the Web site and some internal servers at RasGas, a major producer of liquid natural gas in Qatar. A similar attack destroyed computer data at Saudi Aramco, the Saudi national oil and natural gas operator and the world’s most valuable company. In both cases, the U.S. intelligence community has concluded Iran was the aggressor.
A senior Middle Eastern diplomat seconded that view, saying Saudi Arabia is convinced that Iran attacked Aramco “to send a message that we can hurt you.” But identifying the sources of cyberattacks is tricky, and some experts said they see no evidence that Iran was behind the episodes.
Iran understands the potential damage from a cyberattack. A virus called Stuxnet, attributed to Israel and the United States, disabled hundreds of centrifuges at its primary uranium enrichment plant in 2009 and 2010. Last year, Iran announced that it had started its own military cyber-unit, and Tehran has been blamed for several cyberattacks.