- Home
- David Bruns
Rules of Engagement
Rules of Engagement Read online
Begin Reading
Table of Contents
About the Authors
Copyright Page
Thank you for buying this
St. Martin's Press ebook.
To receive special offers, bonus content,
and info on new releases and other great reads,
sign up for our newsletters.
Or visit us online at
us.macmillan.com/newslettersignup
For email updates on David Bruns, click here.
For email updates on J. R. Olson, click here.
The author and publisher have provided this ebook to you for your personal use only. You may not make this ebook publicly available in any way. Copyright infringement is against the law. If you believe the copy of this ebook you are reading infringes on the author’s copyright, please notify the publisher at: us.macmillanusa.com/piracy.
TO MELISSA AND CHRISTINE
THE AMERICANS
UNITED STATES NAVAL ACADEMY
Don Riley, Deputy J2, US Cyber Command; guest lecturer, Cyber Security Studies Program
Janet Everett, Midshipman First Class
Andrea “Dre” Ramirez, Midshipman Second Class
Michael Goodwin, Midshipman Fourth Class
Watson, Captain, USN; Commandant of Midshipmen
US INTELLIGENCE COMMUNITY
Elizabeth “Liz” Soroush, Assistant Director, FBI Counterterrorism Division; married to Brendan McHugh
Brendan McHugh, Captain, USN; head of the CIA Trident program
Rick Baxter, Deputy Director of National Intelligence
Judith Hellman, Director of National Intelligence
Sarah Jackson, Lieutenant, USN; US Cyber Command watch officer and midshipman liaison
Trafton, Admiral, USN; head of US Cyber Command
Martha Raddabat, CIA Senior Intelligence Service Officer; Brendan’s boss
Jenkins, Trident program watch supervisor
Tom Price, Brigadier General, USAF; J2 and Don’s boss
Roger Trask, Director, Central Intelligence Agency
US NAVY SEVENTH FLEET
Martin Cook, Vice Admiral; Commander
Bernard “Sauce” Benson, Captain; Chief of Staff to Commander
USS GERALD R. FORD, AIRCRAFT CARRIER
Manuel “Han” Manolo, Rear Admiral; Strike Group Commander
Diane “Ralph” Henderson, Captain; Air Wing Commander
Jim Gutterman, Captain; Commanding Officer
USS BLUE RIDGE, SEVENTH FLEET COMMAND SHIP
Weston Merville, Lieutenant Commander; IT Department Head and Systems Administrator
Jason Karrick, Commander; Executive Officer
Jurgens, Petty Officer First Class; IT Division
USS KEY WEST, LOS ANGELES-CLASS FAST ATTACK SUBMARINE
Langford, Commander; Commanding Officer
Gordon Cremer, Lieutenant Commander; Executive Officer
Dawkins, Lieutenant (j.g.); Junior Officer
Williams, Petty Officer Second Class; Radioman
SEAL TEAM
John “Winky” Winkler, Lieutenant Commander; Team Leader
Sidney, Winkler’s Belgian Malinois working dog
OTHER CHARACTERS
THE NORTH KOREANS
Pak Myung-rok, special projects officer to the Supreme Leader
Rafiq Roshed, a.k.a. Jung Chul, Covert Actions Division agent and international terrorist
Yun So-won, cyberwarfare specialist
Kim Jong-un, Supreme Leader of the Democratic People’s Republic of Korea
Kim Daiwoo, defector; former DPRK ambassador to the United Kingdom
Kong Sung-il, second deputy to the North Korean ambassador, based in Hong Kong
THE RUSSIANS
Borodin Gerasimov, Russian arms dealer
Alexi Aminev, head of the Far East Russian Bratva
THE CHINESE
Lieutenant Liu Wen, Chinese fighter pilot
Captain Sun, Commanding Officer, Chinese submarine Changzheng 5
Captain Li Sandai, Commanding Officer, Chinese frigate Yangcheng
Lieutenant Wei, officer of the deck, Yangcheng
Lieutenant Han Bingwen, 820th Brigade, Second Artillery Corps
THE JAPANESE
Captain Akihiko Amori, Commanding Officer, Japanese frigate Sawagiri
Admiral Hideki Tanaka, Commander, Japanese Maritime Self-Defense Force
MINOR CHARACTERS
Lieutenant Commander Jake “Tracker” Hanson, P-8 Poseidon pilot
Lieutenant Max “Taxi” Weber, P-8 Poseidon copilot
Richard “Dickie” Davis, private security contractor
Nigel Okumbe, private security contractor
Marco Gonzalez, CIA Chief of Station, Buenos Aires, Argentina
Admiral Tom Williams, Commander, US Pacific Fleet
Captain Bill “Handsome” Ransom, Air Wing Commander, USS Reagan
PROLOGUE
Allegheny Power and Light Operations Center Jamestown, Pennsylvania
The email arrived in his inbox just as Randy Waters was thinking about shutting down his computer for the day. He knew that most of the others in his office left their computers and monitors running all night, but for God’s sake, they worked for a power company. At least make an effort at conservation.
The email was from his mom. For your father’s birthday? the subject line read.
His heart went out to her. His father was in the hospital again. Pancreatic cancer, stage three. Dad wouldn’t be coming home, the doctors said.
His mother couldn’t drive on her own anymore. In fact, Randy was just about to pick her up to make their twice-daily visit to the hospital to see his father. During the day, while Randy worked, she surfed the internet, killing time. Based on the subject line of the email, it seemed the obsession of the day was what to get his eighty-four-year-old, terminally ill father for his birthday next week. All the poor man probably wanted was a shot at another birthday to spend with his wife of fifty-seven years.
Randy opened the email. There was a single line of text, I think he would like this, followed by a link. None of her usual “Dear Randall” or “Love, Mom.” His mother had never really mastered the informality of email. Normally her messages read like letters, complete with a salutation, an opening paragraph about the weather, then whatever she wanted to say, followed by a nice “Sincerely” to tie everything off with a neat bow.
Randy frowned. Maybe Mom needed to see someone, a therapist or something.
He clicked on the link without bothering to study it. His screen flashed to an Amazon page with a nice message saying they couldn’t find the article he was searching for.
Randy shook his head. Poor Mom. It seemed even a simple cut-and-paste task was beyond her now.
He shut down his computer and grabbed his jacket off the back of the door. By the time he reached the elevators, he’d forgotten all about Mom’s email.
* * *
Within a few milliseconds, the malware unleashed by Randy’s indiscriminate link-clicking had found its target, an open security flaw in the recently updated driver for the color printer in the copy room. Before Randy’s computer had shut down, the virus had infected every running computer networked to that color printer.
By the time Randy pushed the elevator call button, the malware was waiting on the desktop of the plant operations manager, Herman Moison.
At 6:45 P.M., just as he did every evening before going home, Moison logged in to the supervisory system for the power plant that loomed outside his office window. He studied the SCADA screen showing him the status and operating parameters of all twenty-six generators that fed electricity to the greater Midwest node of the national power grid.
Herman n
odded with satisfaction. He didn’t really understand all the numbers, but the red and green color-coding was very helpful. Green was good; red was bad. The electrons were going the right way, as his engineers liked to say. He noted that generator 24 was still down for maintenance.
Herman’s screen flickered. He cocked his head. Something seemed different on the display, but he couldn’t make out what it was. The red-green color-coding hadn’t changed, so he figured all was okay. It had been a long day. The engineers would call him if anything went wrong overnight.
Herman shut off his office lights as he left, leaving the room bathed in the glow of his computer screen.
* * *
The malware that entered the power plant Supervisory Control and Data Acquisition system executed the first part of its payload: It shifted the generator-numbering system by one digit. Any commands being sent to generator 1 would be executed on generator 2, and so on.
Dustin Taft, the incoming shift supervisor, settled into his chair with a fresh cup of coffee. The plant staff was on four twelve-hour days now, a concession made by the union in the last negotiation. It took a little getting used to, but he found he liked it. That regular three-day weekend was pretty sweet.
“Shift Supe,” one of his two operators called out. “Maintenance team requests permission to clear tags on gen twenty-four.”
Taft nodded. “Permission granted. We’ll test it after the dinnertime bump is over.” Power usage peaked by as much as twenty percent between the hours of five and ten in the evening. That was a lot of TVs being switched on. It was even worse in the summer, with all the air conditioners running.
Their customer, Midwest Power Distributors, had installed a complete smart-grid system last year, allowing real-time access to power-demand data across the entire system. The upgrade helped them shift loads faster, but the dinnertime bump was just the nature of the beast. When people demanded more power, Taft made more electrons. Simple supply and demand.
“Tags cleared, Supe,” the operator called. “Ready for testing whenever you are.”
“Acknowledged.” Taft watched his screen. “We’re going to need more juice here soon. Let’s bring gen twenty-three online.”
The operator, a local kid, ex-navy, repeated the order and punched a series of commands into his keyboard. “Bringing twenty-three online now.”
Taft sensed a dull thud under his feet, and the windows rattled. His monitor flashed red.
“What the hell happened?” Taft whirled in his seat. “What did you do?”
The operator’s face was bathed in the pulsing, bloodred glow of his own screen. “I—I don’t know … it just—”
Taft shifted his gaze to the security camera feed from the floor of the generator building. It took him a full second to realize that he was looking at the picture sideways. The camera must have been knocked off its mount.
Explosion. His mind rejected the idea. That was impossible in a modern power plant.…
Smoke or dust filled the screen with a mysterious swirling motion as if teasing him for the big reveal. He moved his face closer to the monitor, his nose almost touching, muttering to himself a steady mantra of no, no, no, no.…
A rip formed in the veil of dust, and Taft experienced a moment of light-headedness. The area that had once housed generator 24 was a smoking wreck of twisted metal and cracked foundation. Taft could see bodies on the floor, and one of the panels was on fire.
“You idiot, you tried to put gen twenty-four online!” Even as he shouted at the operator, Taft knew this didn’t make any sense. There were software interlocks to prevent this kind of accident. Was it possible they’d all failed at the same time?
“Don’t just sit there, dammit!” Taft bellowed, trying to keep the panic out of his voice. “Call an ambulance. We’ve got men hurt down there.” Dead, probably. A fifty-thousand-pound steel turbine shredding itself into deadly shrapnel … His brain balked at the thought of what that could do to the men—his friends—on the plant floor. His mind raced back to the pre-shift briefing—who was down there? He couldn’t even remember their names.
His training kicked in, finally. Taft snatched the phone from its cradle on his desk. With the whole plant down hard, Midwest Power needed to know they wouldn’t be back online anytime soon. His eyes found the clock on the wall. Four minutes had elapsed already. It was strange they hadn’t called him yet.
He started talking as soon as someone answered the phone. “This is Taft over at Allegheny. We’re down hard. Major accident, the whole plant will be offline for … I don’t know how long. I’ll let you know—”
“Look, Taft, we got bigger problems over here. The whole friggin’ East Coast is offline. When you’re operational, call us back.”
The line went dead.
CHAPTER 1
Grace Hopper Cyber Security Studies Center United States Naval Academy, Annapolis, Maryland One year later
“Thirty-six million people—including this institution—without power for nearly twelve hours. Forty-six traffic fatalities, twelve people dead in hospitals with inadequate backup power systems, and three men dead in an explosion at ground zero of the hack: Allegheny Power and Light.”
Don Riley paused, allowing his gaze to roam over the dozen uniformed midshipmen in his seminar class. He always included this incident in the syllabus, since they’d all lived through it or at least knew someone who had.
Nearly all the midshipmen were seniors—first-classmen, in Naval Academy parlance—except for two. Midshipman Second Class Andrea Ramirez’s dark eyes followed him like a hawk as he spoke. She seemed to be committing to memory not just his words but every move he made. Next to her sat a fourth-class midshipman—a freshman, or plebe as the upperclassmen called them.
To have a plebe in an advanced seminar broke every rule of Naval Academy etiquette, but Don had insisted. Midshipman Fourth Class Michael Goodwin was no ordinary plebe. He was Don’s special project.
The Academy, like every other institution of higher learning in America, had a well-established recruiting program for athletics. No one thought twice about spending money and resources to track down and lure the best possible athletic candidates to the academy. Don just applied the same recruiting logic to the Cyber Security Studies program. After all, that was why US Cyber Command lent him to the Academy as a guest lecturer: to get first crack at the new talent like Goodwin.
By any measure of intellect, Michael Goodwin was a prodigy. By any measure of societal norms, the fact that he was sitting in this classroom was a miracle.
Goodwin’s face was still as he watched Don, his dark skin smooth, his jaw relaxed, his eyes vacant as if he were daydreaming. Don had seen this look before on Goodwin. He wasn’t daydreaming, he was seeking inputs.
Don cleared his throat and continued. “The attack originated via an email to a midlevel employee in the admin department of Allegheny Power. The user clicked on a link which downloaded malware onto his computer. The malware used a security flaw in a print driver to infect any computer that was connected to that printer.”
There was a snort of disbelief from the back row. “Problem, Midshipman Powers?” Don asked a tall, whip-thin brunette sporting the rank of a company commander on her collar.
“It’s just amazing how stupid people can be, sir. I mean, who clicks on random links?”
Don pursed his lips. “Would it change your mind if I told you that this email was supposedly from the individual’s mother? Also, the subject line indicated that it was about his father, who happened to be in the hospital receiving treatment for advanced pancreatic cancer. Would that change your attitude, Ms. Powers?”
The midshipman dropped her gaze to her desk.
“Given this new information, what can we surmise about this attack, people?”
“That the employee was targeted,” said a voice.
“Exactly!” Don’s gaze sought the person who’d answered. A stocky young woman with dirty-blond hair. “Midshipman Everett, please elabora
te.”
“Well, the fact that it was from his mother and regarding his father indicates the attacker knew his subject. He probably hacked the mother’s email account to avoid the spam filters and wrote a subject line that would increase his chances of getting a click.”
“That’s exactly correct,” Don said. “This was not some random internet virus you pick up when you visit porn sites—which I know midshipmen never do.” He got a few laughs out of that line. “This was a very sophisticated spear-phishing operation, a targeted attack on a single individual. This person was surveilled, and his weaknesses exploited.
“But there’s another reason we study this cyberattack. The actual code itself was a masterpiece. A virus within a virus within a virus. The first layer exploited the security flaw in the printer driver to gain access to as many workstations as possible. Then it waited for someone to access the power plant SCADA system.” He paused. “By way of review, what does SCADA stand for, Mr. Nelson?” He called on a first-class midshipman in the second row who was nodding off. The young man’s head snapped up.
“Supervisory control and data acquisition system, sir,” the midshipman said in a near shout.
“Thank you for your enthusiasm, Mr. Nelson,” Don replied, smiling along with the laughter of the class. “If you’re feeling sleepy, perhaps you’d care to stand?”
The midshipman hoisted himself out of his seat, and Don continued. “The third layer of the virus was again targeted and clever. Instead of trying to crash the system, it changed just one parameter: the numbering system for the generators. When a technician tried to change an operating parameter on a generator using the SCADA system, he was actually sending the command to a different machine. When the control room thought they were bringing a spinning generator online, they were actually connecting a nonoperational unit to the power grid. What happens when you try to make a rotor go from zero to thirty-six hundred RPMs in a split second, Mr. Nelson?”
“Boom, sir?”