If you’re looking for depictions of “cyber-Katrina” or “cyber-9/11”, this book isn’t for you. Richard Stiennon’s[1] new book “Surviving Cyberwar”[2] points out as early as in the introduction that it’s not trying to scare people with scenarios of “cybergeddon,” but rather to explore the evolution of networks and related technical threats. Mr. Stiennon avoids hypothetical situations and instead uses examples of cyber-threats taken from real events. Being only as detailed as needed, the book explores these events in addition to the current technical and political state of cyberwarfare. “Surviving Cyberwar” ends with a few chapters of Mr. Stiennon’s describing the specific command methodologies and strategies being employed around the world. He also provides a commentary on what steps should be taken to best mitigate the threats.
“Surviving Cyberwar” begins with a detailed look into the security breach at Sandia Research Labs in 2004, designated Titan Rain[3]. The cyber-espionage at Sandia is used as very understandable, clear message of how real the cyber-threats are. The book continues through a number of other chapters that help to provide context and explain the path cyberwarfare has been taking for the last 20 years. Mr. Stiennon touches on the Chinese strategy of “grab everything and sort it out later” as well as their history of publicly documented research on the topic of Information Warfare dating back to 1993. In less detail, the book examines countries like Israel, Pakistan, and North Korea. Israel is pointed out in particular as a highly advanced country, technologically, that is moving quickly forward into the cyber realm. Russia is often mentioned for its involvement in cybercrime; but aside from the events in Georgia, most of the explanations and situations of Russia’s involvement are vague.
Along with the historical background and a look into some of the players developing cyber capabilities, Mr. Stiennon also goes through a number of technical examples to provide another layer of understanding. These technical discussions rarely require a deep level of understanding into the implementation or underlying technology; yet they help to provide examples of what is actually possible. These examples also help to demonstrate how wide spread some of these issues are by looking at worms like SQL Slammer or trojans like gh0st RAT[4]. A recurring theme throughout the book is that “cyberwar is something that affects every organization” (p. 13) rather than just high-profile targets like the military, banks, or government agencies. In addition to technical descriptions of attacks, “Surviving Cyberwar” examines, again at a very high level, what is required to make a network secure by using principles like defense-in-depth.
After addressing where we’ve been in terms of cyberwar, Mr. Stiennon explores the current situation in cyberspace. He explains what a variety of nations are doing to prepare, both offensively and defensively, for future engagements. The book also goes into the structure and techniques required to properly handle large scale cyber events. “Surviving Cyberwar” spends a chapter on Estonia[5] and one on Georgia[6], detailing their specific cyber engagements they were involved with. Mr. Stiennon points out that Estonia’s response and the changes they made after being attacked are key items to understand defense. The events of both the offensive action against Georgia as well as the incident with the Georgian blogger a year later are chronicled in their own chapter as examples of “The first cyberwar.” (p. 95) The combination of a kinetic attack with tanks and soldiers and a cyber attack to influence communications proved to be highly effective. A year later, a Georgian blogger going by the name Cyxymu[7] speaking against Russia had his twitter, Facebook, blogger, and LiveJournal accounts targeted by a massive DDoS. The book points out the effectiveness of these types of attacks and that despite the investments made to build infrastructure capable of handling the user-load these sites see, some of the largest online communities were affected.
Mr. Stiennon closes the book by looking at cyberwar from an operational standpoint. He points out that the goal of cyberwar is “information dominance” (p. 116) such that it provides an advantage in controlling a situation. DDoS, communications tampering, and espionage, particularly focusing on compromising email servers, are all mentioned as being in the forefront of developments. In addition to the current cyber capabilities, “Surviving Cyberwar” points out a number of areas for future development. Mr. Stiennon suggests that there are four pillars of cyberwar: intelligence, technology, logistics, and command. Without good sources of information, an understanding of the underlying mechanics, a process for managing the requirements, and a structure to handle decision making and prioritization effectively operating in cyberspace is a difficult task. The book also compares what steps countries are taking to mitigate cyber-threats, focusing on America’s CYBERCOM and Estonia’s home guard, as well as looking into formal plans such as the CNCI[8]. The author points out that “CERTs, in practice, reflect the reality of how cyber emergencies are handled”(p. 139), referring to the communications channels and group effort that they generally rely on. Mr. Stiennon describes a number of ways that countries (or organizations for that matter) can strengthen their position. A few that I particularly liked were:
- Creation of hardened, stand-by networks to be used in times of crisis or need
- Data protection through the use of heavily restricted/controlled access, accountability, and real repercussions (such as losing funding)
- Being transparent about initiatives and strategies, avoiding the idea of security through obscurity
In addition to the suggestions of what to do, the author voices an opinion in the negative. He points out the current trend of reduced privacy by saying “spying on your citizens to discover terrorist plots can do more harm than good.” (p. 149)
Without the usual fear mongering the media is accustom to, “Surviving Cyberwar” dissects the very real issue of cyber-threats and cyberwar. Cyberwar has been going on for nearly 20 years; and we’ve yet to see anything close to the disaster scenarios usually described. Throughout the book Mr. Stiennon emphasizes that cyberwar is something that affects everyone, rather than just governments and large organizations. He continues to point out that “the argument of not being a target for attackers is an oft-repeated refrain that is heard at each step of the escalation of cyber threats.” (p. 13) Along side the author’s presentation of the current situation in cyberspace, he very clearly addresses a number of methods to help mitigate new (and old) cyber-threats from both a technical and logistical point of view. “Surviving Cyberwar” was excellently written and an interesting read. For those looking for a high-level understanding of the concepts involved in operating securely in cyberspace, I’d highly recommend this book.
References:
[1] http://www.it-harvest.com/bio_stiennon.html
[2] http://www.amazon.com/Surviving-Cyberwar-Richard-Stiennon/dp/1605906883
[3] https://secure.wikimedia.org/…/Titan_Rain
[4] https://secure.wikimedia.org/…/GhostNet
[5] https://secure.wikimedia.org/…/2007_cyberattacks_on_Estonia
[6] https://secure.wikimedia.org/…/Cyberattacks_during_the_2008_South_Ossetia_war
[7] https://secure.wikimedia.org/wikipedia/en/wiki/Cyxymu
[8] http://www.whitehouse.gov/…/comprehensive-national-cybersecurity-initiative
