NSA cyber‑offensive doctrine and Snowden breach cited as potential catalyst for Russian/Chinese cyber successes

151 demonstrated the NSA had few, if any, fail-safe defenses against a would-be leakers of communication intelligence. In the new domain of cyber warfare, conventional defensive rules do not apply. “There are no rivers or hills up here. It’s all flat. All advantage goes to the attacker,” Michael Hayden said in an interview in 2015 with the publisher of the Wall Street Journal. His point was that since there are no defensive positions, cyber warfare must rely on an aggressive offensive. If fully successful such attacks would so deeply penetrate the defenses of an adversary intelligence organization that it could not mount any of its own unexpected cyber attacks Such offensive capabilities would make it difficult, if not impossible, for adversary services to recruit a spy in the NSA. .For example, the CIA penetration of the SVR in 2010 prevented it from using its the sleeper network against U.S. targets. “The best defense in this game may be an overwhelming offensive,” a former intelligence official said to me. “but that strategy only works if we can keep secret sensitive sources.” Central to this offensive strategy was the NSA’s National Threat Operations Center in Oahu, Hawaii. It employed threat analysts to surreptitiously monitor the secret activities of potential enemies, mainly China, Russia and North Korea. A large part of their job was to make transparent to the US the hostile activities of the Russian and Chinese services so that they posed little, if any, intelligence threat to America. This strategy worked so far as the NSA guarded itself but it also raised the issue, as the Roman Juvenal famously warned “Quis custodiet ipsos custodes?” Who will guard the guards themselves? Less than three years after the NSA had received the Poteyev warning, a 29-year old civilian trainee at the National Threat Operations Center, demonstrated its glaring vulnerability. Instead of guarding secrets, Snowden stole them. General Hayden described the Snowden breach as the “most serious hemorrhaging of American secrets in the history of American espionage. Among the documents taken in this security breach were lists of secret NSA sources in China and Russia. Despite all the measures the NSA had taken to protect its vital secrets, a lowly civilian employee had walked away with the keys to its kingdom In the hands of their intelligence services, these stolen lists had the potential to totally upend the NSA’s offensive strategy. Since Russia and China have an intelligence treaty for sharing such spoils between them when it is to their mutual advantage, it had to be assumed that if either country had acquired the secrets from Snowden, they would be shared between them altering the balance of power between the communication intelligence services of the US and its adversaries. Following the Snowden breach both China and Russia had immense successes d in breaking through the defenses of US government networks, including the breaches in 2014 and 2015 of U.S. personnel files and background checks. When I asked General Hayden in June 2015 if these successes were made easier by those documents compromised by Snowden, he replied, “Even though I cannot make a direct correlation here, unarguably our adversaries know far more about how we collect signals intelligence than they ever did before [Snowden].” HOUSE_OVERSIGHT_020303