After 30 years in the CIA, former operations officer T. L. Williams retired to Florida's east coast and turned his hand to writing. His third timely military/spy thriller, Zero Day: China's Cyber Wars, posits a fictional case of online espionage in order to make some very real points about contemporary global cybercrime. He'll be appearing at Friends of the Library's Meet The Author Day at Barnes & Noble's N. Dale Mabry location on Saturday, Feb. 11.
What can you say about your former position and responsibilities with the CIA?
As long as it doesn’t violate something that’s classified, I can pretty much talk about anything. I can’t talk about operations specifically, but sort of general things about what an operations officer does. I lived in Asia for most of my career, so a lot of what I write is based in Asia.
And the CIA vetted Zero Day?
Right. It’s not just books, it could be an essay in the New York Times, could be anything. They have a publications review board, a whole office that does nothing but go through manuscripts that come pouring in.
I had to two previous books that were vetted fairly routinely, I think it was 30 days for each of those, and this one was almost two years. So they weren’t happy with what I’d written… In the end I made some modest changes, I was almost embarrassed for the CIA, they were so modest… at the end of the day, I think they just didn’t want the book published, and were trying to wait me out.
There are some pretty staggering figures in the book about Chinese hacking and cyber espionage — are these exaggerated for the sake of the story?
According to my research, those are pretty firm. You can read that online, those numbers hold. I was looking at something the other day, I was trying to look at trends in U.S.-China relations, ups and downs — it’s not a relationship that’s all bad or all good, but the comment made by a senior economist in, say the mid-to-late ‘90s, on hacking was that the effect of Chinese cyberhacking is the largest transfer of wealth in history. Try to get your arms around that. In other words, they’ve stolen so much economically relevant stuff from the U.S., intellectual property, that it’s the biggest theft ever.
Would you say that China is a bigger threat to American cybersecurity than Russia?
The Russians have shown their mettle in other areas recently. I think Putin has — I think he would like to get us out of eastern Europe, he has this grand design to go back to the Soviet era, I think. But certainly the Chinese have mastered the theft of U.S. intellectual property.
You hear these stories about government computer networks running Windows 98 without firewalls, and that for all its vast antiterrorist infrastructure, we have a serious lack of understanding about domestic security online. Would you say that’s true?
Yeah, absolutely. People are so vulnerable, even through these mundane phishing attempts, putting malware on your computer, whatever it is, a password snatcher, hunting for other content. But when we first stared using computers and the internet, everybody had a desktop. Now there are multiple devices everyone is walking around with. Smartphone, laptop, tablet, each wired up and each of those offers an opportunity for a sophisticated hacker. A lot of it is a garbage-can approach, suck up everything and figure out what’s useful. But sometimes it’s very precise. I went to a conference at MacDill last fall. And this guy told a story about an attack the Chinese had done from a building adjacent to the target building, which was a law office. They used a fob that was in a server in the adjacent building to leap over wirelessly into the other building and install malware on the servers. And they waited until the end of the month, when companies typically back up their systems, and stole everything and just shut them down. The speaker thought they represented a competing group that wanted to steal their business.
The thing that you have to do, I think, is, first of all, disconnect anything that doesn’t have to be connected to the internet that has personal or business information on it. Have it on a standalone system.
Do you think that’s more or less likely to change since the administration changeover, or does it really matter who’s in the White House?
I’m not sure it matters. If you look at, just going back to post-9/11, that’s when this really got the attention of the government, so George Bush created a Cyber Czar position, and he had a number of them. They’re supposed to be the big guys in the administration, and I’m not sure how political it is… the Obama administration came up with a bunch of initiatives, but they weren’t super effective. They passed the Cyber Security Act of 2015, which was supposed to make sharing information easier, but I think there’s really a fundamental distrust between the citizens of this country and the government when it comes to cyber security.
I think what we need to do is recapture, if we ever even had it, that sense that we’re in this together. We need to work with the government. I would like to see the government — I don’t want to handcuff law enforcement or intelligence, I want them to be able to do their jobs, but I think the process they use should be similar to the subpoena process they use for other kinds of searches. If you can make the case that something needs to happen really fast, then we need a way to do that. But being able to take all the metadata off your phone at any time and it just sits on a server someplace, I don’t agree with that.
As a writer, how conscious are you of balancing your message and your story?
It’s always a balance trying to keep the bigger narrative going, and not letting your main characters languish somewhere. You try to have these characters carry that water for your through their action. But yeah, that’s always a challenge.
Is it difficult to try not to use too much jargon or technical language?
No, I sometimes get comments from readers to that affect, that there were technical things that slowed them down a little, they had to stop reading and look it up. So it’s always a balance to keep the story moving along, but give it a feel for those elements you’re trying to stress.
I actually sort of dismiss some of those arguments. But what I really enjoy doing [as a counterpoint] is putting atmospherics in my books that have to do with the places I’ve lived. If I have my protagonist walking through a Chinese market, I like giving people a sense of what that feels like. And that does take some balance, because once you start going down some side lane you can lose the thread — I’ve gotta be careful about that.
At the end of the day, what do you hope readers take away from Zero Day?
On one hand, I think it’s kind of a fun read and I hope they enjoy the adventure of it, but on a sort of more serious note, I don’t hope they come away hating China or anything, but just with a greater awareness of what’s going on in the background, the potential risks, and the sense that maybe they need to tighten things up at home and in the workplace, and try to he safe on the cyber front.