Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies
Friday, March 19, 2010
By early 2008, top U.S. military officials had become convinced that extremists planning attacks on American forces in Iraq were making use of a Web site set up by the Saudi government and the CIA to uncover terrorist plots in the kingdom.
"We knew we were going to be forced to shut this thing down," recalled one former civilian official, describing tense internal discussions in which military commanders argued that the site was putting Americans at risk. "CIA resented that," the former official said.
Elite U.S. military computer specialists, over the objections of the CIA, mounted a cyberattack that dismantled the online forum. Although some Saudi officials had been informed in advance about the Pentagon's plan, several key princes were "absolutely furious" at the loss of an intelligence-gathering tool, according to another former U.S. official.
Four former senior U.S. officials, speaking on the condition of anonymity to discuss classified operations, said the creation and shutting down of the site illustrate the need for clearer policies governing cyberwar. The use of computers to gather intelligence or to disrupt the enemy presents complex questions: When is a cyberattack outside the theater of war allowed? Is taking out an extremist Web site a covert operation or a traditional military activity? Should Congress be informed?
"The point of the story is it hasn't been sorted out yet in a way that all the persons involved in cyber-operations have a clear understanding of doctrine, legal authorities and policy, and a clear understanding of the distinction between what is considered intelligence activity and wartime [Defense Department] authority," said one former senior national security official.
CIA spokeswoman Marie Harf said, "It's sheer lunacy to suggest that any part of our government would do anything to facilitate the movement of foreign fighters to Iraq."
The Pentagon, the Justice Department and the National Security Agency, whose director oversaw the operation to take down the site, declined to comment for this story, as did officials at the Saudi Embassy in Washington.
Precedent before policy
The absence of clear guidelines for cyberwarfare is not new. The George W. Bush administration was compelled in its final years to refine doctrine as it executed operations. "Cyber was moving so fast that we were always in danger of building up precedent before we built up policy," said former CIA director Michael V. Hayden, without confirming or denying the existence of the site or its dismantling.
Lawyers at the Justice Department's Office of Legal Counsel are struggling to define the legal rules of the road for cyberwarriors, according to current and former officials.
The Saudi-CIA Web site was set up several years ago as a "honey pot," an online forum covertly monitored by intelligence agencies to identify attackers and gain information, according to three of the former officials. The site was a boon to Saudi intelligence operatives, who were able to round up some extremists before they could strike, the former officials said.
At the time, however, dozens of Saudi jihadists were entering Iraq each month to carry out attacks. U.S. military officials grew concerned that the site "was being used to pass operational information" among extremists, one former official said. The threat was so serious, former officials said, that Gen. Ray Odierno, the top U.S. military commander in Iraq, requested that the site be shut down.
The operation was debated by a task force on cyber-operations made up of representatives from the Defense and Justice departments, the CIA, the Office of the Director of National Intelligence, and the National Security Council. Lt. Gen. Keith B. Alexander, who directs the National Security Agency, made a presentation.