Book Review: "Cyber War"
"Cyber War: The Next Threat to National Security and What to Do About It" by Richard A. Clarke and Robert Knake was published on August 5, 2011. It's an instrumental book in understanding the various perspectives and current domain of information security on the Internet. Both of these authors are also very important for understanding the context and credentials of the book, as both of these men have severed multiple terms in positions which directly influenced the White House's policy in the domain of cyber security. The book costs between $10 - $20 depending on the where you purchase it, which isn't bad for a 320 page book or 10 hr audio book. I listened to the book, which was long but always entertaining, giving me a higher-level look at many important events in the cyber security and general security domain over the last several decades. One of my main criticisms, is that the book seems to stem from conjecture and hyperbolic rhetoric based on several public incident disclosures, yet dosn't cite these events well, which may be subject to error or misinformation, especially in the context of war and information security operations. Despite that, the book makes an experienced note on the difficulty of attribution in cyber space. Overall, I give the book 7 out of 10 stars, because it's a good read with some great history and excellent policy suggestions, but falls short in its effort for alternative analysis and cited sources. I still think the book is timely and would suggest it to intelligence analysts, information security professionals, and those interested in Internet history. The book covers the actions of the US, Russia, China, hobbyist hackers, and even terrorist organizations and their various motivations and documented campaigns in the cyber domain over the last decade. The book also makes several distinctions, between cyber crime, hacktivist crime, espionage, and cyber war, an important part in framing the forthcoming conversations of motives, operations, repercussions and policy. The chapters of the book include:
Chapter 1: Trial Run
Chapter 2: Cyber Warriors
Chapter 3: The Battlespace
Chapter 4: The Defense Fails
Chapter 5: Toward a Defensive Strategy
Chapter 6: How Offensive?
Chapter 7: Cyber Peace
Chapter 8: The Agenda
The book has a fairly dramatic call to arms for nation states to bolster their cyber security capabilities, in both a defensive and offensive manner. It claims both cyber war and espionage are already vastly underway, with various parties planting anything from logic bombs to listening implants, in a new style of asymmetric domination, focusing on the high technology space and the cyber communications domain. However the book draws an important difference between espionage and cyber war, namely malicious intent in harming forms of critical infrastructure or control systems. Further, the book discuses the concepts of planting logic bombs or programming backdoors into systems for asymmetric use and how this can have an impact on diplomatic relations. Having been involved in the scene for many years I tend to agree with a lot of these claims, however I don't think it's as dramatic as stated, as the private sector arguably leads much of this research and has been diligent in trying to progress cyber security over the last decade. That all stated, the book is an alarming look at several nation state cyber operations and motives, including the Chinese 'Unrestricted Warfare' philosophy or the United States' philosophy of "Dominating Cyberspace". Finally, the book hypothesizes some amazing international agreements and policies for forward motions, drawing from lessons learned with nuclear policy, such as 'no first use'. There is another good review here or you can listen directly to Richard Clarke below: