None of this was new to me, but I let her go on rather than interrupt her train of thought, which I thought might only eat up more time.

“At any point, in any one of these layers, it’s possible to hack in, but it gets harder and harder the closer you move toward the top secret communication channels from the Non-classified Internet Protocol Router Network-”

“NIPRNET.”

“Yes. Then on to the Secret Internet Protocol Router Network, or SIPRNET, and then to JWICS. Especially if…” She swiped her finger across her data pad, erasing the lines that connected the military’s routers and their intranets of computers. “If the military were to find out about a threat, they’d sever the connection between the Cloud and their network.”

“That’s possible? I thought that was one of our biggest vulnerabilities, that our communication infrastructure was too dependent on the web?”

“Well,” she admitted, “it’s not easy, considering the whole purpose of the internet is interconnectivity. The very thing that makes the internet strong-decentralization-is the thing that makes it weak. But USCYBERCOM, the Navy’s 10th Fleet, the Army’s Cyber Command, and the 24th Air Force have been working on ways.”

I already knew that the United States Cyber Command, an attempt within Homeland Security to assess, forestall, and intercept cyber threats to the military and the US infrastructure, was a bureaucratic nightmare and still woefully inefficient, but I wasn’t sure about the military divisions she’d just listed. “Tell me about the 10th Fleet and the 24th.”

“Well, as you know, there are nearly three dozen cyrberwarfare agencies in the US government, but the Air Force’s 24th is probably the best, especially their Computer Emergency Response Team-AFCERT. They’re in another league using algorithms to analyze worldwide trending.”

“Trending?”

“The type and flow of information passing to and from servers worldwide. They work mainly in host-based intrusion prevention systems to locate and block malware or attempts to infiltrate military networks. Then they patch vulnerabilities for pilots and scour all air force networks for forward-facing internet presences.”

That was a mouthful.

“Hackers,” I said.

“Foreign ones. Yes. They also work in space-based comm systems, drones, full-spectrum network defense, and new architectures.”

“So does the 24th track domestic intrusion too?”

“Yes, as does the Navy’s 10th Fleet, USCYBERCOM, but if we’re talking more cybercrime than cyrberwarfare, then it’s me and Lacey. It all depends.”

“On what?”

“Whichever agency happens to stumble onto the threat.”

Her choice of the word stumble was not very reassuring.

“But getting back to your question-even if we cut the connection to the Cloud, we might still be in trouble.”

“How?”

“If the hackers had gotten in before, left malware or back doors that would allow them persistent access. Once you inject the bad code in there, you’re good to go.” She thought for a moment. “Also, it’s possible they could bypass the Cloud altogether and access JWICS physically at one of the computer stations around the world that’s already connected to it. Some sophisticated malware can hop file shares in virtual machines. Or you could’ve implanted a physical transmitting device into the computer, say, before it was shipped out to the military.”

“The more complex a system, the more vulnerable it is.”

“Sure. You can gain access through a Trojan, counter-encrypting, port knocking. Use a covert channel. There are a dozen ways.”

Perhaps what struck me the most was how unfazed she seemed by all this.

She downed some Vitamin Water, then her eyes ghosted toward the screen displaying the cell phone analysis. I could tell she didn’t want to drop that project in the middle, and she must have noticed something pertinent because she silently bowed out of our conversation and went back to work completing the cell trace. Thousands of lines of indecipherable code streamed down the screen beside her. She reminded me of a code reader from one of the Matrix movies.

“Let’s back up for a minute,” I said, “and say we’re trying to hack into that submarine, but that we had no access to the computers to physically plant a device before they were shipped out. Who could hack into JWICS?”

“Well, at least forty countries have military cyrberwarfare units.”

“Forty!”

“In the next three years that number is likely to double.”

“Doesn’t that worry you, Angela? Doesn’t any of this get to you?”

“Pat, this is my job. I deal with it every day. China has more honor students than we have students. Russia has four-year college degree programs on hacking. There are tens of millions of hacking attempts against the Department of Defense each week. It’s the reality of the world we live in, and we just have to work with what we have and stop whatever we can.”

I could see why she looked perpetually under the gun, and I empathized with her. “Sorry. So now, today, any ideas which countries have the technological savvy to get into JWICS?”

“Right now? Russia, Brazil, Israel, China-the US-North Korea. Maybe three or four others. Probably half a dozen citizen hacker groups in China could do it.” She hesitated for a moment, then added, “As well as a handful of individuals who could pull it off.”

I had a feeling she’d been a little uncomfortable noting that individuals could hack into JWICS because she knew I’d been friends with one of those people until last year, when I figured out he was involved in a biotech conspiracy. He’d been ready to kill Lien-hua, and when I stopped him, he was electrocuted and slipped into a coma. Terry had died not long after that, and even though he’d been a traitor and wanted to murder the woman I loved, he’d been my friend for a long time before all that, and his death had really bothered me. Actually, it still did.

“Once you pwn a system,” she said, drawing me out of my thoughts, “you’re home free.”

“Pwn? You mean control it? Compromise it?”

She nodded her approval that I was familiar with the hacker term. “Once you own the source code or the rootkit, you can download or destroy data, overload circuits, transfer funds…” As she typed at her keyboard and eyed the computer code flickering in front of her, she continued rattling off her list: “Turn off air traffic control communication, shut down safety valves at power plants, blow up refineries, reroute trains, take hospitals offline…” Then she added offhandedly, “Basically, take down a country.”

Wow. This was such an encouraging conversation.

Though I knew that Iraqi insurgents had hacked into our drones, the Chinese had gotten into our power grid, and at least one of the fatal airline crashes in the last few years was due to malware in the navigational system, I tried to reassure myself that Angela was almost certainly overstating things. “But aren’t there firewalls in JWICS? Antivirus programs? Encryption software? User authentication, that sort of thing, throughout the network?”

“Forging the response to the DNS server can get you past a firewall. A skilled hacker can crack an LM hash algorithm in seconds, even NTLM hashes can be cracked quickly with pre-computed cryptanalytic tables. Getting past authentication protocols takes a little longer, but we’re talking minutes not hours. Hacking 101: identify the system’s countermeasures, probe for vulnerabilities, access the system, crack the passwords, gain privileged access, hide, exploit, transmit.” She thought for a moment. “A morale computer would be a good attack vector on the sub.”

“No good. Crewmen on a nuclear sub wouldn’t be allowed to communicate with the outside world via the web because it might give away their location.”

“Good point.” She spoke softly as she scrolled through the lines of code on her right-hand screen. “Tell me more about this hypothetical question that isn’t hypothetical.”