More Related Content
Similar to Cybersecurity and-cyberwar-singer-en-22186 (20)
More from Avirot Mitamura (20)
Cybersecurity and-cyberwar-singer-en-22186
- 1. To purchase personal subscriptions or corporate solutions, visit our website at www.getAbstract.com, send an email to info@getabstract.com, or call us at our US office (1-877-778-6627) or at our Swiss office
(+41-41-367-5151). getAbstract is an Internet-based knowledge rating service and publisher of book abstracts. getAbstract maintains complete editorial responsibility for all parts of this abstract. getAbstract
acknowledges the copyrights of authors and publishers. All rights reserved. No part of this abstract may be reproduced or transmitted in any form or by any means – electronic, photocopying or otherwise –
without prior written permission of getAbstract Ltd. (Switzerland).
1 of 5
Cybersecurity and Cyberwar
What Everyone Needs to Know
P.W. Singer and Allan Friedman
Oxford World’s Classics © 2014
306 pages
[@]
Rating
9 Applicability
8 Innovation
8 Style
9
Focus
Leadership & Management
Strategy
Sales & Marketing
Finance
Human Resources
IT, Production & Logistics
Career & Self-Development
Small Business
Economics & Politics
Industries
Global Business
Concepts & Trends
Take-Aways
• In 2010, the computer security firm McAfee found new malware every 15 minutes. By
2013, it found a new example each second.
• The Stuxnet worm provides a case study in bloodless cyberwarfare with no military or
civilian casualties.
• Stuxnet infiltrated Iran’s nuclear program through Iranian scientists’ flash drives and
laptops, and adjusted engineers’ equipment to self-sabotage.
• Civilians will suffer from cyberwar as combatants use civilian networks to wage war.
• Cyberwarriors can compromise an enemy’s defense networks.
• In a midnight raid in 2007, seven Israeli fighter jets bombed targets in Syria as the
Syrian air-defense network sat silent.
• This raid proved that a military could take control of an enemy’s systems and networks.
• Some believe the US military should launch a Cyber Command to focus on technology.
• Much of the discussion of cybersecurity policy involves classified information; civilian
political leaders have little opportunity to shape the debate.
• Cloud computing, mobile computing and big data will shape the future of cybersecurity.
This summary is restricted to the personal use of Avirot Liangsiri (cisdavir@th.ibm.com)
LoginContext[cu=1698525,asp=1320,subs=0,free=0,lo=en] 2015-01-25 20:15:54 CET
- 2. Cybersecurity and Cyberwar getAbstract © 2015 2 of 5
getabstract
Relevancegetabstract
getabstract
What You Will Learn
In this summary, you will learn:r1) How cyberwar evolved, 2) How three strategies might curtail cybercrime
and 3) How three trends will shape cybersecurity.
getabstract
Review
P.W. Singer and Allan Friedman of the Brookings Institution reveal the mysteries of botnets and shed light on the
murky areas of cyberwar and clandestine military operations. They detail fascinating episodes, such as the US-
Israeli Stuxnet attack on Iranian nuclear engineers, an infiltration so stealthy the engineers didn’t even know it
was happening. And, they tell businesses how to stay alert to their own security. Their other true accomplishment,
meanwhile, is maintaining a light, entertaining tone. getAbstract recommends their fascinating study to students,
coders, start-ups, historians, strategists, anyone in the military, and business owners and managers seeking insight
into the defining security frontier of our time.
getabstract
getabstract
Summarygetabstract
getabstract
getabstract
“Indeed, we are
so surrounded by
computers that we don’t
even think of them as
‘computers’ anymore.”
getabstract
getabstract
“To cause true
damage entails an
understanding of the
devices themselves:
how they run, their
engineering and their
underlying physics.”
getabstract
Malware Every Second
Cyberattacks and cyberterror are the dirty underbelly of cyberspace. In 2010, the McAfee
computer security firm found new malware every 15 minutes. By 2013, it found a new
example every second. The principles that make the Internet so powerful make it vulnerable
to security threats. The bigger a network, the more useful it is to businesses, consumers,
and anyone seeking a large audience or a broad market. Sadly, the bigger a network, also,
the less secure it becomes.
The fight against cybercrime can take some unexpected turns. Consider what happened
when the FBI nabbed Estonian hackers who created a virus that infected some 570,000
computers. The FBI considered shutting down the scammers’ network, but that would have
left hundreds of thousands of victims without Internet access. The FBI set up servers to
keep the victims’ computers running.
The Internet provides a low-cost venue for terrorists to reach the masses. For instance, al-
Qaeda recruited followers by disseminating videos of Osama bin Laden’s speeches. Often,
knowledgeable users can glean valuable tactical data, though sometimes that information
ends up in the wrong hands. In 2007, US soldiers uploaded photos of new helicopters that
had just arrived at their base in Iraq. Insurgents tapped into the “geotagging” feature of
the smartphone photos to pinpoint the aircrafts’ location and launched a mortar attack that
destroyed four of the helicopters.
Stuxnet
The Stuxnet attack unleashed by American and Israeli forces sabotaged Iran’s developing
nuclear weapons program. Stuxnet’s precision and success offers a case study in cyberwar.
The Stuxnet worm infiltrated Iran’s nuclear program through Iranian scientists’ flash drives
and laptops. Once inside the Iranian computers, Stuxnet sought a specific program in the
Siemens software. Unlike a missile attack, which would have created obvious damage,
Stuxnet’s effect was almost invisible. The worm made small changes in the pressure inside
Iranian centrifuges. The worm slowed and sped up rotors in the centrifuges, leaving them
This summary is restricted to the personal use of Avirot Liangsiri (cisdavir@th.ibm.com)
LoginContext[cu=1698525,asp=1320,subs=0,free=0,lo=en] 2015-01-25 20:15:54 CET
- 3. Cybersecurity and Cyberwar getAbstract © 2015 3 of 5
getabstract
“The Internet that
we’ve all grown to
love and now need is
increasingly becoming
a place of risk and
danger.”
getabstract
getabstract
“Cybersecurity is one
of those areas that
has been left to only
the most technically
inclined to worry their
uncombed heads over.”
getabstract
getabstract
“Cyberspace may
be global, but it is
not ‘stateless’ or a
‘global commons,’ both
terms frequently used
in government and
media.”
getabstract
getabstract
“The takeaway for
cybersecurity is that the
entire system is based
on trust.”
getabstract
unable to produce refined uranium fuel. The worm nudged centrifuge speeds past their
limits, causing them to break down.
From the standpoint of the American and Israeli saboteurs, the beauty of this onslaught
was that Iranian engineers had no idea they were under attack. The nature of Stuxnet led
them to believe that the sporadic problems with their equipment sprang from manufacturing
defects. The attack left engineers frustrated by their inability to create a nuclear weapon.
Stuxnet successfully stalled Iran’s nuclear program, and it showed how opponents can fight
a cyberwar. It points up the ethical advantages of cyberweapons. Air strikes against Iran’s
nuclear factory might have led to civilian casualties, collateral damage and, possibly, all-out
war. The Stuxnet worm damaged only the centrifuges. Many worms wreak hefty damage
on the computers they infect. But the Stuxnet’s designers created it to be harmless in nearly
every computer it invaded and to activate only when it found its specified software target.
In contrast, in 1981, Israeli forces attacked an Iraqi nuclear research site, dropping 32,000
pounds of bombs. The casualties included 11 soldiers and civilians. A worm-as-a-weapon
causes no human casualties at all. Stuxnet ushered in a new kind of international conflict
with less-overt violence and greater confusion over exactly who led the assault. That
confusion can be as powerful a weapon as the worm itself, now gone, since its creators
designed it to expire in 2012.
Cool War
Unlike the Cold War, cyberwar is fuzzy. The Cold War featured two superpowers pursuing
ideological goals. The Internet features millions of users going about their business and,
given the mass of their sheer number, providing cyberattackers with camouflage. Nations
can cyberseige their enemies constantly without ever firing a shot or engaging in open
hostilities. Russia unleashed a binge of cyberbullying against Estonia in 2007 and stymied
Estonia’s computer networks. Was this an act of aggression? NATO had no way to answer.
The Washington treaty creating NATO dates from 1949 and does not address how to
interpret virtual espionage that involves no armed conflict or physical contact.
Cyberwar will not be entirely bloodless. Consider Operation Orchard. In a midnight
raid in 2007, seven Israeli fighter jets flew into Syrian air space and dropped several
bombs while the Syrian air-defense network sat silent. The reason? Prior to the attack,
Israeli cyberwarriors hacked into the Syrian military’s computers. Able to see what the
Syrians were doing, the Israelis projected a fake image of Syrian skies onto the Syrian
defense systems during the raid. The Syrians never fired a shot, and Israel completed
Operation Orchard with no losses. Such cybersabotage is now rampant, as US and Chinese
spies constantly attempt to glean one another’s movement of weapons, resupply rates,
ship positions and troop schedules. Operation Orchard represents the holy grail of such
operations: It proved that a country’s military not only could spy on an enemy, but it could
also take control of the enemy’s systems and networks.
Collateral Damage
While cyberwar promises to reduce casualties, it would be foolish to think that any kind of
warfare will exact no collateral damage. Just as civilians account for 90% of the casualties
in hot wars, the same ratio is likely to play out in cyberwar. For instance, enemy combatants
might decide to attack the civilian networks that support military forces. In one war game
at the Pentagon, a make-believe enemy hacked the civilian logistics network that supplied
US soldiers. By deftly changing a few bar codes on shipping containers, the enemy made
sure that the US soldiers on the battlefield received a shipping container full of toilet paper
This summary is restricted to the personal use of Avirot Liangsiri (cisdavir@th.ibm.com)
LoginContext[cu=1698525,asp=1320,subs=0,free=0,lo=en] 2015-01-25 20:15:54 CET
- 4. Cybersecurity and Cyberwar getAbstract © 2015 4 of 5
getabstract
“By focusing on an
adversary’s information
systems, China
advances the idea
that cyberattacks turn
technical advantage
into a liability.”
getabstract
getabstract
“China isn’t just a
looming superpower;
it’s also home to the
world’s largest number
of Internet users.”
getabstract
getabstract
“As we use phones
and tablets more, the
security risks are also
going mobile.”
getabstract
getabstract
“As the cyberworld
has evolved, so too
has terrorist groups’
use of it, especially
in information
operations.”
getabstract
rather than weapons. This provides just one example of how an enemy could use a civilian
network to wage war. Among the obvious targets are ports, rail yards and arms factories that
civilian contractors run. Such trickery offers the advantage of hampering an enemy without
putting lives at risk. Civilian organizations typically have less-stringent cybersecurity than
military computer networks.
“Cyber Command”
As cyberwar becomes the strategy of the future, some at the Pentagon believe the US
military needs to launch its own Cyber Command that specializes in technical issues –
just as, for instance, the US Air Force focuses on airborne warfare. Just like troops who
consider land, air and sea as their specialized terrain, the troops in the Cyber Command
would patrol cyberspace as an “operational domain.” Proponents of this strategy note that
US soldiers train to wage the wars of the past, which victors won through a combination
of sharpshooting, sky diving, hand-to-hand combat, and leading soldiers into battle. The
US military doles out awards and decorations for yesterday’s combat skills – but, so far, it
doesn’t bestow medals or badges to cyberwarriors.
Gearing up to fight online is not a guarantee of success, of course. Just as US terror fighters
battle insurgents whose identities and whereabouts are not obvious, cyberfighters face
shadowy, stateless actors who take advantage of the Internet’s sprawling anonymity. They
might launch a cyberattack in hopes of sparking a military response. Some worry that the
doctrine of “equivalence” might mean that a virtual attack could elicit a deadly response
in the real world.
Another concern about readiness focuses on military strategy. The US Air Force’s budget
for cyberoffense is more than double its earmark for cyberdefense. This illustrates a
troubling trend: Creating a unit of secretive cyberspies who engage in glamorous-sounding
exploits is sexy, but that approach undersells the importance of defense. Protecting
cybernetworks and securing physical supply chains might be the best way to stabilize
a nation’s Internet operations. Disturbingly, much of the construction of cybersecurity
policy happens behind the cloak of classified discussion, giving civilian political leaders
little opportunity to shape the debate or even to learn which options the government
is considering.
China’s Cyberwarriors
The coming cool war invariably pits the United States against China. The Pentagon
considers China the biggest perpetrator of cyberattacks. Chinese officials counter that China
is not the aggressor but just another victim of stateless, lawless cybercriminals. They
point to the skyrocketing attacks on Chinese computers and the reality that the botnets
that hackers run have hijacked an estimated 10 million Chinese computers. The truth
in the US-versus-China story is more nuanced than either side admits. Cybercriminals
victimize Chinese computer users, but China’s cavalier attitude toward intellectual property
enables such attacks. Most computers in China run pirated software, which means Chinese
computer users cannot access regular security updates and patches that would protect them
from malware.
Attack on The New York Times
The discovery by The New York Times that a group of Chinese cyberwarriors engaged in
attacks on US companies debunked Chinese officials’ protestations. In 2013, the Second
Bureau of China’s Third Army – known as the “Comment Crew” or the “Shanghai Group”
– stole employee passwords to sneak into The New York Times’ computer networks. After
This summary is restricted to the personal use of Avirot Liangsiri (cisdavir@th.ibm.com)
LoginContext[cu=1698525,asp=1320,subs=0,free=0,lo=en] 2015-01-25 20:15:54 CET
- 5. Cybersecurity and Cyberwar getAbstract © 2015 5 of 5
getabstract
“Our most senior
leaders, now in their
60s and 70s, likely
did not even become
familiar with computers
until well into their
careers and many still
today have only the
most limited experience
with them.”
getabstract
getabstract
“Cyberspace is so
difficult to define...not
only in its expansive,
global nature, but also
in the fact that the
cyberspace of today is
almost unrecognizable
compared to its humble
beginnings.”
getabstract
getabstract
“Security costs money,
but it also costs
time, convenience,
capabilities, liberties,
and so on.”
getabstract
the paper discovered the breach, it reported that the Shanghai Group launched dozens of
cyberattacks. Coca-Cola, the Pentagon and the United Nations were among the targets. The
publicity embarrassed China, but the episode underscored a crucial precept of cyberwar: A
less technically advanced combatant can turn its enemy’s technical edge into a disadvantage
– or at least into an area for sabotage.
Cybercrime Deterrents
The Internet has become a dangerous place, but it doesn’t have to be. Several possible
deterrents to cybercrime include:
• Build a safe zone dubbed “.secure.” – Just as the Internet added an .xxx domain for
pornography, it could create an alternative zone only for sites that adhere to the highest
security standards. While imperfect, such a solution adds a layer of needed protection.
• Create a CDC for cyberviruses – In 1947, the US created the Centers for Disease
Control to track and contain public health threats. The CDC has proven effective at
alerting the public to contagions. It could serve as a model for a similar agency that would
keep tabs on threats from cyberspace and inform the populace.
• Crack down on cyberpirates – For centuries, pirates sailed the high seas, looking
for opportunities to plunder unsuspecting victims. Governments brought piracy under
control only by cracking down on the markets where they sold their loot. For instance,
governments targeted pirate havens such as Port Royal, Jamaica. Today’s cyberpirates
offer a similar challenge.
Trends of the Cyberfuture
Because technology changes so rapidly and unexpectedly, predicting the future is tricky.
Today’s state-of-the-art supercomputers quickly devolve into tomorrow’s obsolete piles
of metal and microchips. Still, these trends seem likely to influence cybersecurity in the
near future:
• “Cloud computing” – Data no longer live on your desktop computer or in your corporate
servers. Increasingly, businesses and government agencies upload their data to the cloud,
where companies such as Amazon and Google store information on their servers. In
theory, these cloud servers act as bank vaults: Instead of hiding your information where
it may not be secure, you pay experts with a vested interest in ensuring safety to hold
your data. Perhaps safer in some ways, cloud computing carries its own problems. Who
protects your information as it travels from you to the server and back?
• “Big data” – With computers playing such large roles in our lives, making sense of all the
data we create is a big business with Big Brother overtones. Netflix is famous for using
big data to recommend movies, with the downside that their recommendation algorithm
can divine a subscriber’s sexual identity, whether or not he or she has told the world.
• Mobile computing – As phones and tablets grow more powerful, so does the risk of
using them. By early 2013, criminals had designed some 350,000 versions of malware
to attack mobile devices. This cybersecurity niche didn’t even exist until recently. And,
as always, those looking to attack remain one step ahead of those defending.
getabstract
getabstract
About the Authorsgetabstract
getabstract
Peter Warren Singer directs the Brookings Institution’s Center for 21st Century Security and Intelligence.
Allan Friedman is research director of Brookings’ Center for Technology Innovation.
This summary is restricted to the personal use of Avirot Liangsiri (cisdavir@th.ibm.com)
LoginContext[cu=1698525,asp=1320,subs=0,free=0,lo=en] 2015-01-25 20:15:54 CET