Cybersecurity and Cyberwar: What Everyone Needs to Know

Image of Cybersecurity and Cyberwar: What Everyone Needs to Know®
Release Date: 
January 2, 2014
Oxford University Press, USA
Reviewed by: 

“. . . a thought-provoking and comprehensive book that is likely to withstand the test of time and become [a] classic . . .”

There can be little doubt that the Internet has changed most aspects of life in the 21st century. From social interaction and education to politics and business, it would be hard to imagine a world that is not connected by computers and online activity.

The Internet is also changing the meaning of security and warfare. No longer can we think of security just in terms of protecting against physical attacks by terrorists and criminals, or warfare in terms of military forces fighting each other on land, air, and sea.

Now computers play a key role—and therein lie the risks as P. W. Singer and Allan Friedman point out in their excellent and comprehensive book, Cybersecurity and Cyberwar: What Everyone Needs to Know. As the authors note, cybersecurity “connects areas that range from the security of your bank accounts and online identity to broader issues of who in which governments can access your personal secrets and even when and where your nation goes to war.”  

One only has to look at some recent events to see the problems that can arise from lax security in cyberspace. Approximately 40 million customers of Target stores had their credit and debit card information stolen by unknown hackers. Meanwhile, Edward Snowden, a contractor for the National Security Agency, was able to steal a large number of classified documents and release them to the media, causing political, diplomatic, and potentially national security problems for the U.S. government.

Singer and Friedman’s goal in their book is to demystify the world of cybersecurity, which indeed can be quite intimidating to most people. With such technical terms as “advanced persistent threat,” “botnet,” “doxing,” “phishing,” “typosquatting,” and countless others, it is no wonder that many people either turn a blind eye to the threat or simply give up trying to understand what it is all about. The authors therefore provide an excellent glossary to guide the reader through the myriad terms that populate the world of cyberspace. 

A central theme in Cybersecurity and Cyberwar is the important role the public can play in preventing cybercrimes and other criminal activity over the Internet. “The biggest change we can make at the individual level,” the authors write, “is to change our attitude toward security. The Internet is certainly not the scary, awful place it is often painted by too many cybersecurity reports. But nor is it an innocuous realm. Indeed, one study found that roughly two-thirds of cybercrime victims were simply unaware of the risks in the realm.”

Changing passwords regularly and making them a combination of random letters and numbers is a basic step that everyone with a computer could take. Avoiding common words or phrases would seem to be obvious; however, Singer and Friedman cite a security consultant who found the most popular password currently used to protect computers is “password” while the second most popular is “123456”!

There are many other simple measures the public can take to prevent cyberattacks, including keeping their “operating systems, browsers, and other critical software constantly up to date. The fact that security updates and patches are freely available from major companies makes it all the easier.”

Cyberattacks, of course, do not just affect those of us who use personal computers; it can also have implications for national security. Singer and Friedman therefore assess the threat of  “cyberwar” which is more complex to deal with than “traditional” war. At least in traditional wars, we usually know who our enemies are, what weapons they are using, and what types of actions we should take against them. Not so in this new world of cyberattacks.

As Singer and Friedman note, “cyberattacks employ different means. Instead of using kinetic force (a fist, a word, a bomb, etc.), they use digital means, a computer action of some sort. This is significant; a cyberattack is not constrained by the usual physics of traditional attacks. In cyberspace, an attack can literally move at the speed of light, unlimited by geography and the political boundaries. Being delinked from physics also means it can be in multiple places at the same time, meaning the same attack can hit multiple targets at once.”

Adding to the problem is that “cyberattacks are often more difficult to attribute to a particular actor, at least compared to a clear ‘smoking gun’ of a literally smoking gun.” Without knowing who initiated an attack, it becomes difficult to determine an appropriate response.

In addition, when potential attackers can act with confidence that they may never be identified, deterrence becomes quite ineffective. “The threat of counterstrike requires knowing who launched the initial attack,” Singer and Friedman write, “a difficult thing to prove in cyberspace, especially in a fast-moving crisis. Computer code does not have a return address, and sophisticated attackers have grown adept at hiding their tracks.”

The risk in writing any book on cybersecurity is that it can become obsolete very quickly. Technology is moving at such a rapid pace that concepts, terminology, and advice on how to deal with the world of cyberattacks can seem outdated in just a couple of years. Singer and Friedman, however, have produced a thought-provoking and comprehensive book that is likely to withstand the test of time and become one of the classic works on this important topic.