Cybersecurity and Cyberwar

Read Cybersecurity and Cyberwar Online

Authors: Peter W. Singer Allan Friedman,Allan Friedman

BOOK: Cybersecurity and Cyberwar
9.88Mb size Format: txt, pdf, ePub

CYBERSECURITY AND CYBERWAR

WHAT EVERYONE NEEDS TO KNOW®

“In our digital age, the issues of cybersecurity are no longer just for the technology crowd; they matter to us all. Whether you work in business or politics, the military or the media—or are simply an ordinary citizen—this is an essential read.”

—Eric Schmidt, Executive Chairman, Google

“This is the most approachable and readable book ever written on the cyber world. The authors have distilled the key facts and policy, provided sensible recommendations, and opened the debate generally to any informed citizen: a singular achievement. A must read for practitioners and scholars alike.”

—Admiral James Stavridis, US Navy (Ret), former NATO Supreme Allied Commander

“In confronting the cybersecurity problem, it's important for all of us to become knowledgeable and involved. This book makes that possible—and also fascinating. It's everything you need to know about cybersecurity, wonderfully presented in a clear and smart way.”

—Walter Isaacson, author of
Steve Jobs

“If you read only one book about ‘all this cyberstuff,' make it this one. Singer and Friedman know how to make even the most complicated material accessible and even entertaining, while at the same time making a powerful case for why
all
of us need to know more and think harder about the (cyber)world we know live in.”

—Anne-Marie Slaughter, President, the New America Foundation

“Singer and Friedman blend a wonderfully easy to follow FAQ format with engaging prose, weaving explanations of the elements of cybersecurity with revealing anecdotes. From the fundamentals of Internet architecture to the topical intrigue of recent security leaks, this book provides an accessible and enjoyable analysis of the current cybersecurity landscape and what it could look like in the future.”

—Jonathan Zittrain, Professor of Law and Professor of Computer Science at Harvard University, and author of
The Future of the Internet—And How to Stop It

“Singer and Friedman do a highly credible job of documenting the present and likely future risky state of cyber-affairs. This is a clarion call.”

—Vint Cerf, “Father of the Internet,” Presidential Medal of Freedom winner

“I loved this book. Wow. Until I read this astonishing and important book, I didn't know how much I didn't know about the hidden world of cybersecurity and cyberwar. Singer and Friedman make comprehensible an impossibly complex subject, and expose the frightening truth of just how vulnerable we are. Understanding these often-invisible threats to our personal and national security is a necessary first step toward defending ourselves against them. This is an essential read.”

—Howard Gordon, Executive Producer of
24
and co-creator of
Homeland

CYBERSECURITY AND CYBERWAR

WHAT EVERYONE NEEDS TO KNOW
®

P. W. SINGER AND
ALLAN FRIEDMAN

Oxford University Press is a department of the University of Oxford.
It furthers the University's objective of excellence in research, scholarship,
and education by publishing worldwide.

Oxford New York
Auckland Cape Town Dar es Salaam Hong Kong Karachi
Kuala Lumpur Madrid Melbourne Mexico City Nairobi
New Delhi Shanghai Taipei Toronto

With offices in
Argentina Austria Brazil Chile Czech Republic France Greece
Guatemala Hungary Italy Japan Poland Portugal Singapore
South Korea Switzerland Thailand Turkey Ukraine Vietnam

Oxford is a registered trademark of Oxford University Press
in the UK and certain other countries.

“What Everyone Needs to Know” is a registered trademark of Oxford University Press.

Published in the United States of America by Oxford University Press
198 Madison Avenue, New York, NY 10016

© P. W. Singer and Allan Friedman 2014

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the prior permission in writing of Oxford University Press, or as expressly permitted by law, by license, or under terms agreed with the appropriate reproduction rights organization. Inquiries concerning reproduction outside the scope of the above should be sent to the Rights Department, Oxford University Press, at the address above.

You must not circulate this work in any other form
and you must impose this same condition on any acquirer.

Library of Congress Cataloging-in-Publication Data
Singer, P. W. (Peter Warren)
Cybersecurity and cyberwar : what everyone needs to know / Peter W. Singer,
Allan Friedman.
ISBN 978–0–19–991809–6 (hardback)—ISBN 978–0–19–991811–9 (paperback)
1. Computer security—United States 2. Computer networks—Security
measures—United States. 3. Cyberspace—Security measures—United States.
4. Cyberterrorism—United States—Prevention. 5. Information warfare—United
States—Prevention. I. Title.
QA76.9.A25S562 2014
005.8—dc23
2013028127

1 3 5 7 9 8 6 4 2
Printed in the United States of America
on acid-free paper

CONTENTS

INTRODUCTION

Why Write a Book about Cybersecurity and Cyberwar?

Why Is There a Cybersecurity Knowledge Gap, and Why Does It Matter?

How Did You Write the Book and What Do You Hope to Accomplish?

PART I HOW IT ALL WORKS

The World Wide What? Defining Cyberspace

Where Did This “Cyber Stuff” Come from Anyway? A Short History of the Internet

How Does the Internet Actually Work?

Who Runs It? Understanding Internet Governance

On the Internet, How Do They Know Whether You Are a Dog? Identity and Authentication

What Do We Mean by “Security” Anyway?

What Are the Threats?

One Phish, Two Phish, Red Phish, Cyber Phish: What Are Vulnerabilities?

How Do We Trust in Cyberspace?

Focus: What Happened in WikiLeaks?

What Is an Advanced Persistent Threat (APT)?

How Do We Keep the Bad Guys Out? The Basics of Computer Defense

Who Is the Weakest Link? Human Factors

PART II WHY IT MATTERS

What Is the Meaning of Cyberattack? The Importance of Terms and Frameworks

Whodunit? The Problem of Attribution

What Is Hactivism?

Focus: Who Is Anonymous?

The Crimes of Tomorrow, Today: What Is Cybercrime?

Shady RATs and Cyberspies: What Is Cyber Espionage?

How Afraid Should We Be of Cyberterrorism?

So How Do Terrorists Actually Use the Web?

What about Cyber Counterterrorism?

Security Risk or Human Right? Foreign Policy and the Internet

Focus: What Is Tor and Why Does Peeling Back the Onion Matter?

Who Are Patriotic Hackers?

Focus: What Was Stuxnet?

What Is the Hidden Lesson of Stuxnet? The Ethics of Cyberweapons

“Cyberwar, Ugh, What Are Zeros and Ones Good For?”: Defining Cyberwar

A War by Any Other Name? The Legal Side of Cyber Conflict

What Might a “Cyberwar” Actually Look Like? Computer Network Operations

Focus: What Is the US Military Approach to Cyberwar?

Focus: What Is the Chinese Approach to Cyberwar?

What about Deterrence in an Era of Cyberwar?

Why Is Threat Assessment So Hard in Cyberspace?

Does the Cybersecurity World Favor the Weak or the Strong?

Who Has the Advantage, the Offense or the Defense?

A New Kind of Arms Race: What Are the Dangers of Cyber Proliferation?

Are There Lessons from Past Arms Races?

Behind the Scenes: Is There a Cyber-Industrial Complex?

PART III WHAT CAN WE DO?

Don't Get Fooled: Why Can't We Just Build a New, More Secure Internet?

Rethink Security: What Is Resilience, and Why Is It Important?

Reframe the Problem (and the Solution): What Can We Learn from Public Health?

Learn from History: What Can (Real) Pirates Teach Us about Cybersecurity?

Protect World Wide Governance for the World Wide Web: What Is the Role of International Institutions?

“Graft” the Rule of Law: Do We Need a Cyberspace Treaty?

Understand the Limits of the State in Cyberspace: Why Can't the Government Handle It?

Rethink Government's Role: How Can We Better Organize for Cybersecurity?

Approach It as a Public-Private Problem: How Do We Better Coordinate Defense?

Exercise Is Good for You: How Can We Better Prepare for Cyber Incidents?

Build Cybersecurity Incentives: Why Should I Do What You Want?

Learn to Share: How Can We Better Collaborate on Information?

Demand Disclosure: What Is the Role of Transparency?

Get “Vigorous” about Responsibility: How Can We Create Accountability for Security?

Find the IT Crowd: How Do We Solve the Cyber People Problem?

Do Your Part: How Can I Protect Myself (and the Internet)?

CONCLUSIONS

Where Is Cybersecurity Headed Next?

What Do I Really Need to Know in the End?

ACKNOWLEDGMENTS

NOTES

GLOSSARY

INDEX

INTRODUCTION
Why Write a Book about Cybersecurity and Cyberwar?

“All this cyber stuff.”

The setting was a Washington, DC, conference room. The speaker was a senior leader of the US Department of Defense. The topic was why he thought cybersecurity and cyberwar was so important. And yet, when he could only describe the problem as “all this cyber stuff,” he unintentionally
convinced us to write this book
.

Both of us are in our thirties and yet still remember the first computers we used. For a five-year-old Allan, it was an early Apple Macintosh in his home in Pittsburgh. Its disk space was so limited that it could not even fit this book into its memory. For a seven-year-old Peter, it was a Commodore on display at a science museum in North Carolina. He took a class on how to “program,” learning an entire new language for the sole purpose of making one of the most important inventions in the history of mankind print out a smiley face. It spun out of a spool printer, replete with the perforated paper strips on the side.

Other books

Moth to the Flame by Sara Craven
Duty's End by Robin Cruddace
Julia's Chocolates by Cathy Lamb
The Shepherd of Weeds by Susannah Appelbaum
AHuntersDream by Viola Grace
Marrying Mr. Right by Cathy Tully
Reaper's Dark Kiss by Ryssa Edwards