With the news that retired Gen. James Cartwright – until August 2011 the vice chairman of the Joint Chiefs of Staff – is under investigation for leaking to the news media details of a powerful US cyberweapon comes another pressing question: If he indeed did it, why would he?
Leaks are, after all, a tool that White House and Pentagon officials often use to help shape their political agendas, despite their public railings against them.
That’s why reporters, when officials offer them leaks, in turn tend to ask, What is the motivation for the leaker to share this information?
There has been some speculation, for example, that even the leak to NBC News, which broke the story Thursday night about the Justice Department’s investigation of Mr. Cartwright, was perhaps motivated by a desire to shift the conversation in America away from the embarrassing National Security Agency data provided by Edward Snowden.
Others have ventured that the Obama administration might be motivated to leak news of the investigation of Cartwright to serve as a warning to others who may be tempted to follow in the footsteps of Mr. Snowden.
It also serves to demonstrate that the White House won’t hesitate to go after even top-level officials who once served the purposes of the administration: During his tenure as the No. 2 officer at the Pentagon, Cartwright was considered a favorite of President Obama because of his willingness to back the White House in its reservations about a US troop "surge" in Afghanistan.
Cartwright has been served a “target letter” indicating that he is under investigation and could be charged with a federal crime, according to NBC News. Like Snowden and Pfc. Bradley Manning of WikiLeaks fame, Cartwright could be indicted under the Espionage Act. In the meantime, Cartwright has retained as his attorney Greg Craig – an interesting choice, analysts note, since Mr. Craig was also Mr. Obama’s top legal adviser until he left the White House staff in 2009.
So what would Cartwright’s motivation be for leaking information about the Stuxnet software worm, which was designed by US cyber specialists to cripple Iranian nuclear operations?
The retired general offered some clues in November 2011, in one of his first interviews after leaving the Pentagon. He was speaking about offensive cyber capabilities, which many senior US military officials had been reluctant to discuss in the past. Cartwright made it clear that he disagreed with this keep-it-quiet approach.
“You can’t have something that’s a secret be a deterrent. Because if you don’t know it’s there, it doesn’t scare you,” he told Reuters shortly after becoming a fellow at the Center for Strategic and International Studies (CSIS), where he still works.
It is particularly important to send a strong signal to adversaries that the Pentagon considers responding to cyberattacks a “right to self-defense,” he told the news service, “because otherwise everything is a free shot at us and there’s no penalty for it.”
Other cyber experts argue that the key to deterrence is establishing a credible threat of US cyberweapon capability without giving away too many details. Past hesitance to speak about offensive cyber capabilities has been due in large part to the fact that the Pentagon is anxious to protect what it calls “zero day exploits,” cyber parlance for the vulnerabilities that enemies do not yet know exist.
There is typically a tiny window in which cyber experts can exploit these zero day exploits before they are discovered.
Revelations about the Stuxnet worm, which were leaked to The New York Times, included details that the malware temporarily disabled some 1,000 centrifuges that Iran was using to enrich uranium, and that the US government worked with Israeli counterparts to plant it.
US lawmakers decried the leaks at the time, with some Republicans charging that the White House itself had provided the leaks to bolster Mr. Obama’s national security credentials during an election year.