Who Leaked the Stuxnet Virus Story?

Military analysis.
June 28 2013 5:28 PM

Who Leaked the Stuxnet Virus Story?

Why retired Gen. James Cartwright is facing allegations—and could be the first higher-up to go down.

Gen. James E. Cartwright
Gen. James E. Cartwright

Photo by Hyungwon Kang/Reuters

In one way, it’s a big surprise that the Justice Department is investigating retired Gen. James “Hoss” Cartwright for allegedly leaking classified information about the Stuxnet computer virus, which briefly disabled Iran’s nuclear program a few years back.

In another way, though, it’s not a surprise at all.

It’s surprising because four-star generals, active or retired, aren’t the usual targets of such probes. This is especially so of a general like Cartwright, who, from 2007–11, was vice chairman of the Joint Chiefs of Staff—the U.S. military’s second-highest-ranking officer—and who, in his final years, was known as “Obama’s favorite general.” Officers of this stature tend to build layers of insulation around themselves.

Advertisement

But Cartwright was unusual in that respect. As one former senior defense official described him, he was “a lone wolf.” He was very smart, a policy intellectual on the level of Gens. David Petraeus and James Mattis, but he had no protective layers, no inner circle of loyalists, and no talent (or desire) for building alliances with his fellow officers. To the contrary, he would often work up his own ideas, his own position papers, and brief them to his civilian superiors outside the military chain of command. As vice chairman, several officials say, he would sometimes brief Obama himself—the two had a similar style of crisp, analytical thinking—then come back to the Pentagon without telling his boss, the chairman, Adm. Mike Mullen, what he’d said.

The big rupture came in the fall of 2009, during the National Security Council meetings on how to proceed with the war in Afghanistan. President Obama kept asking the chiefs for more options on troop levels, something in between Vice President Joe Biden’s pitch for just 10,000 more troops and Gen. Stanley McChrystal’s recommendation of at least 40,000 more. Mullen never provided them. Cartwright wrote a paper, on his own, for what could be done with 20,000 more and 30,000 more. Mullen suppressed the study and chewed Cartwright out for doing it. In an end-run, Cartwright gave the study to one of Biden’s aides. Mullen and the other chiefs were furious.

Two things drove Cartwright to take that step. First, he was a straight shooter (he was nicknamed “Hoss,” after an honest character named Hoss Cartwright on the old TV show Bonanza). He thought the military should respond to a president’s request, and since nobody else was doing it, he did it himself. But most other generals in his position would first try to get other officers, or maybe the secretary of defense, to buy in. Cartwright, the lone wolf, didn’t do that.

As a result, whenever Cartwright got into trouble, there was nobody who felt compelled to stand up for him. Around the same time as the flap over Afghanistan policy, the military’s inspector general investigated Cartwright on charges of having an affair with a female subordinate. The IG report accused him of misconduct. The secretary of the Navy, a civilian, took no disciplinary action, but the report alienated Cartwright still further from his military colleagues, many of whom regard such behavior as a serious breach of the military code.

When Mullen prepared to step down as JCS chairman in 2011, rumors flew that Obama would appoint Cartwright as his successor. But several advisers, including Secretary of Defense Robert Gates, warned the president that Cartwright had no support from the other chiefs and no ability to craft consensus on military policy. Obama appointed Gen. Martin Dempsey to be chairman instead. Cartwright retired from the Marine Corps after a 40-year career.

Here’s the biggest problem now with being the lone wolf: If the Justice Department continues its probe and winds up indicting Cartwright for violating his security oath, it’s unlikely that any officers will leap to his defense in this crisis either. It’s a fair guess, in fact, that some of those officers may have pointed prosecutors in his direction.

No evidence of his possible guilt or innocence has been publicized (Cartwright’s lawyer issued a no-comment on the news reports), but the charge is not implausible. Cartwright was chief of U.S. Strategic Command, in Omaha, Neb., from 2004–07. (For the story of how a Marine general came to be head of StratCom—an unprecedented appointment, since StratCom deals mainly with the nuclear arsenal and the Marines have no nuclear weapons—click here.) At the time, the military’s main cyber-warfare unit was embedded in StratCom. (In 2009, an independent U.S. Cyber Command was created at Fort Meade, Md., alongside the National Security Agency.) Operation Olympic Games, aka Stuxnet, was created in 2006. Cartwright was involved in its creation and briefed the program to Presidents Bush and, later, Obama.

Details about Stuxnet were first revealed on June 1, 2012, in a New York Times story by David Sanger. Cartwright was one of the few officials involved in the program that Sanger identified by name. In a book that Sanger subsequently wrote, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, this intriguing passage appears on Page 269:

One of the creators of the government’s offensive cyber strategy, Gen. James Cartwright, makes a compelling case that the secrecy [of the cyber program] may be working against American interests. “You can’t have something that’s a secret be a deterrent,” he argued shortly after leaving his post as vice chairman of the Joint Chiefs of Staff. “Because if you don’t know it’s there, it doesn’t scare you.”