Book Review: Cybersecurity and Cyberwar
Cybersecurity and Cyberwar: What Everyone Needs to Know
By P.W. Singer and Allan Friedman Oxford University Press, January 2014 (Brookings)
Much is written today about cybersecurity, cyberwarfare and cyberstrategy. Now a new compendium, written by two Brookings Institution academics, offers a serious and intelligent discussion of these overlapping themes and what they the mean to politics and defense discourse in the United States.
Cybersecurity and Cyberwar builds on Washington’s situational awareness in a dynamic factor of modern conflict and the dangers inherent in a politically decentralized global Internet. The authors give due regard to the positive results of global networks, but this book is more concerned with the risk of confrontation. It is a desktop reference on subjects as wide-ranging as how the Internet works, the Stuxnet worm, advanced persistent threats to critical infrastructure, global finance dependence on security systems and the undeclared cyberwar between the United States and China.
These are complex issues, and the book reflects some of the confusion displayed by the many actors in Washington and other capitals. How and where do the National Security Agency (NSA), the Department of Homeland Security and the Defense Department fit into the puzzle? Where does China’s penchant for Internet protocol theft become espionage worthy of a systematic response, which now ranges from a gentle diplomatic nudge to the discussion of powerful cyber and conventional weapons? As the authors say, the doctrine behind this thinking is going to take a long time to develop. We are in a time much like the early nuclear era of the 1950s and early 1960s before the Cuban Missile Crisis—thinking that we understood escalation issues, but now alarmed by some of the older writing and casual statements on the subject.
Perhaps accidentally, there also is an unveiling of dangerous conceits in the prevailing attitudes about cybersecurity and cyberconflict. These originate in the United States, but China is following quickly behind.
The first conceit is that this is a war of intellectual elites. The warriors are the NSA or Beijing Dept. 43952 gamers—both sides trained at Stanford, MIT, Carnegie Mellon and other prestigious institutions of learning. Or, they represent the global masterminds behind Google and Baidu or Amazon and Taobao that have their military counterparts in the various cyber commands vacuuming up post-bin Laden defense budgets.
According to these new combatants, the old strategies are discredited. Iraq and Afghanistan proved the futility of counterinsurgency. Drones are inexpensive. The next war is for brainiacs. Others need not apply.
Consequently a reluctance has emerged to give adequate weight to the continuing utility of kinetic weapons in cyber conflict. Yet, several attempts to tamper with the physical infrastructure of the Internet have taken place recently. Data flows across vulnerable geographic choke points, and one easily can devise an ugly scenario that brings large parts of the Internet down for significant periods. This is not a sexy subject—more Purdue than Princeton—but it is closer to the real world. More people can blow up network infrastructure than can build it.
Also within the book is the assumption that the main conflict is between the United States and China. This may be correct, but other possibilities exist. The book talks about Anonymous and international criminal gangs that have taken control of immense numbers of computers—creating botnets—primarily for commercial theft. But many other groups outside of the most known offenders would like to take a shot at the Internet precisely because it has been permitted by governments to take such an indispensable role in global communications and, in their view, contributing to the desecration of the environment and climate. A few smartly placed charges attacking intelligence gathering would be a reasonable place for them to start their efforts.
Despite its intentions to speak to a wide audience, Cybersecurity and Cyberwar is not an easy read. Nor should it be. The issues are complicated and deserve lengthy discussion. But it is worth the effort for a comprehensive overview of one of the most controversial subjects in international relations. The authors have separated the most important topics into digestible chapters and have offered an important contribution to the study of cyber issues in their many and diverse forms. An essential compendium on cyberstrategy, it likely will be updated frequently and will remain a valuable long-term resource.
Bob Fonow is the managing director of RGI Ltd., based in Northern Virginia and Beijing. Bobfonow@rgiltd.com.