Book Review: "Inside Cyber Warfare"

I recently read the book "Inside Cyber Warfare: Mapping The Cyber Underworld" by Jeffery Carr. Published in 2009, at roughly 318 pages, it's a pretty good buy for about $20. I'm not gonna lie, at first I was skeptical having read some of Mr. Carr's blog posts and tweets in the past. I hadn't read it prior because I just had the impression this book may be fairly "spookish", but after giving it a fair chance this book was surprisingly good and well tempered. The book covers a lot of great topics related to intelligence analysis and gives an excellent, but minified, history of publicly revealed government involvement in cyber security incidents. Overall, I give this book 6 stars and would recommend this book to security analysts who want to learn more about the history behind APT campaigns, especially those with an interest in intelligence analysis.  The following is a list of the chapters and each subsection, in my typical review fashion:

Chapter 1 Assessing the Problem
The Complex Domain of Cyberspace
Cyber Crime
Future Threats
The Conficker Worm: The Cyber Equivalent of an Extinction Event?
Africa: The Future Home of the World’s Largest Botnet?
The Way Forward

Chapter 2 The Rise of the Nonstate Hacker
The StopGeorgia.ru Project Forum
The Russian Information War
The Gaza Cyber War between Israeli and Arabic Hackers during Operation Cast Lead
Control the Voice of the Opposition by Controlling the Content in Cyberspace: Nigeria
Are Nonstate Hackers a Protected Asset?

Chapter 3 The Legal Status of Cyber Warfare
Nuclear Nonproliferation Treaties
The Antarctic Treaty System and Space Law
UNCLOS
MLAT
The Law of Armed Conflict
Is This an Act of Cyber Warfare?
Cyber: The Chaotic Domain

Chapter 4 Responding to International Cyber Attacks as Acts of War
The Legal Dilemma
The Law of War
Nonstate Actors and the Law of War
Analyzing Cyber Attacks under Jus ad Bellum
The Choice to Use Active Defenses
Conclusion

Chapter 5 The Intelligence Component to Cyber Warfare
The Korean DDoS Attacks (July 2009)
One Year After the RU-GE War, Social Networking Sites Fall to DDoS Attack
Ingushetia Conflict, August 2009
The Predictive Role of Intelligence

Chapter 6 Nonstate Hackers and the Social Web
Russia
China
The Middle East
Pakistani Hackers and Facebook
The Dark Side of Social Networks
TwitterGate: A Real-World Example of a Social Engineering Attack with Dire Consequences
Automating the Process

Chapter 7 Follow the Money
False Identities
Components of a Bulletproof Network
The Bulletproof Network of StopGeorgia.ru
SORM-2
The Kremlin and the Russian Internet
A Three-Tier Model of Command and Control

Chapter 8 Organized Crime in Cyberspace
A Subtle Threat
Russian Organized Crime and the Kremlin

Chapter 9 Investigating Attribution
Using Open Source Internet Data
Team Cymru and Its Darknet Report
Using WHOIS

Chapter 10 Weaponizing Malware
A New Threat Landscape

Chapter 11 The Role of Cyber in Military Doctrine
The Russian Federation
China Military Doctrine

Chapter 12 A Cyber Early Warning Model
The Challenge We Face

Chapter 13 Advice for Policymakers from the Field
When It Comes to Cyber Warfare: Shoot the Hostage
The United States Should Use Active Defenses to Defend Its Critical Information Systems
Scenarios and Options to Responding to Cyber Attacks
In Summary
Whole-of-Nation Cyber Security

Chapter 14 Conducting Operations in the Cyber-Space-Time Continuum
Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec Movement
Social Networks: The Geopolitical Strategy of Russian Investment in Social Media
Globalization: How Huawei Bypassed US Monitoring by Partnering with Symantec

Chapter 15 The Russian Federation: Information Warfare Framework
Russia: The Information Security State
Russian Ministry of Defense
Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)
Russian Federation Ministry of Communications and Mass Communications (Minsvyaz)
Further Research Areas

Chapter 16 Cyber Warfare Capabilities by Nation-State
Australia
Brazil
Canada
Czech Republic
Democratic People’s Republic of Korea
Estonia
European Union
France
Germany
India
Iran
Israel
Italy
Kenya
Myanmar
NATO
Netherlands
Nigeria
Pakistan
People’s Republic of China
Poland
Republic of Korea
Russian Federation
Singapore
South Africa
Sweden
Taiwan (Republic of China)
Turkey
United Kingdom

Chapter 17 US Department of Defense Cyber Command and Organizational Structure
Summary
Organization

Chapter 18 Active Defense for Cyber: A Legal Framework for Covert Countermeasures
Covert Action
Cyber Active Defense Under International Law
Cyber Active Defenses as Covert Action Under International Law
Cyber Attacks Under International Law: Nonstate Actors

As much as I loved all of the geopolitical and intel discussion throughout the book,  my favorite part is probably Carr's views on active defense vs passive defense, especially in regards to when it is acceptable to use active defense. I've written on active defense techniques a number of times in this blog and I really like how Carr lays out an ethical framework based on first attributing the attacker based on passive techniques before making the decision that active defenses are an adequate counter measure for the threat you are facing.  He essentially says that active defense should be reserved for advanced or nationstate attackers, laying out a framework for response to "cyber war" activities.

But don't take my word for it, there is also this excellent review, by a group who reviews many "Cyber War" type books. The reason I defer to them in this case is because even though I do a lot of book reviews, my reviews typically revolve around computer science / information security and their reviews seem to revolve more around intelligence analysis / cyber war theory. That said, I personally found the book to be very informative and complimentary to my existing computer science / information security background and enlightening from a geopolitical / intelligence analysis perspective.