What do you think?
Rate this book
Cyber War Will Not Take Place [Dec 01, 2013] Rid, Thomas
BRAND NEW ,EXCELENT AND RELIABLE SERVICE!
300 pages, Hardcover
First published January 1, 2013
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 22 of 22 reviews
January 11, 2015
Dr. Rid's book is a breath - nay, a desperate gasp - of fresh air in an overwhelming sea of blather from self-professed experts who all too often lack expertise in warfare and strategy, information security, or both.
I hold a master's degree in Strategy, and have worked in information ("cyber") security for a number of years. I first heard Dr. Rid interviewed for King's College London's War Studies Podcast, had been eager to read his book, and finally invested the time to do. I was not disappointed. His arguments are many and varied, but from my perspective they boiled down to two main concepts. First: the definitions of war and warfare defined by Carl von Clausewitz are still the best framework for understanding either concept, and because "cyberwar"/information security lacks a number of key commonalities with either, the resulting martial language used to discuss the security of information technology is imprecise and counter-productive. Second: "cyber security" is more productively considered through the conceptual frameworks of sabotage, espionage, and subversion than through the conceptual frameworks of war and warfare in which it is commonly discussed.
At no point does Dr. Rid argue against the dangers posed by vulnerabilities in international data networks - in fact, his case studies and observations make precisely the opposite case. However, he very adeptly disassembles the common martial rhetoric used to discuss the topic, and provides cogent arguments, observations, and case studies to wrap it all up. The book will be more accessible to those who are familiar with either military topics, information security, or both, but Dr. Rid does a reasonably good job of staying out of the realm of technobabble in order to make the book comprehensible to most readers.
If there's one flaw to Dr. Rid's argument, it may be a lack of imagination: it's dangerous to presume what technology will or won't be able to do in ten, fifteen, twenty, fifty years. However, even this criticism is muted by his careful discussion of what is or isn't likely to happen, rather than what will absolutely happen; and his skepticism is still more credible than many of the alarmist predictions from others. Given the continuing debate over the attribution of the recent Sony hack, Dr. Rid's book (and particularly its penultimate chapter) seem prescient.
For anyone interested in the future of warfare, or in information security, Dr. Rid's book is a must-read.
I hold a master's degree in Strategy, and have worked in information ("cyber") security for a number of years. I first heard Dr. Rid interviewed for King's College London's War Studies Podcast, had been eager to read his book, and finally invested the time to do. I was not disappointed. His arguments are many and varied, but from my perspective they boiled down to two main concepts. First: the definitions of war and warfare defined by Carl von Clausewitz are still the best framework for understanding either concept, and because "cyberwar"/information security lacks a number of key commonalities with either, the resulting martial language used to discuss the security of information technology is imprecise and counter-productive. Second: "cyber security" is more productively considered through the conceptual frameworks of sabotage, espionage, and subversion than through the conceptual frameworks of war and warfare in which it is commonly discussed.
At no point does Dr. Rid argue against the dangers posed by vulnerabilities in international data networks - in fact, his case studies and observations make precisely the opposite case. However, he very adeptly disassembles the common martial rhetoric used to discuss the topic, and provides cogent arguments, observations, and case studies to wrap it all up. The book will be more accessible to those who are familiar with either military topics, information security, or both, but Dr. Rid does a reasonably good job of staying out of the realm of technobabble in order to make the book comprehensible to most readers.
If there's one flaw to Dr. Rid's argument, it may be a lack of imagination: it's dangerous to presume what technology will or won't be able to do in ten, fifteen, twenty, fifty years. However, even this criticism is muted by his careful discussion of what is or isn't likely to happen, rather than what will absolutely happen; and his skepticism is still more credible than many of the alarmist predictions from others. Given the continuing debate over the attribution of the recent Sony hack, Dr. Rid's book (and particularly its penultimate chapter) seem prescient.
For anyone interested in the future of warfare, or in information security, Dr. Rid's book is a must-read.
July 27, 2017
Right on the heels of Rise of the Machines: The Lost History of Cybernetics, I decided to read the book Thomas Rid actually released first: Cyber War Will Not Take Place. I know, I know, it’s a back-asswards way of approaching something but by the time I remembered I actually had the first book, I was already partway through the second and I wasn’t prepared to switch at that point.
In saying that, both of these books can be read stand-alone; like a lot of non-fiction, this isn’t a series as such. And to be honest, I actually felt better-prepared for this book having already read about the history of cybernetics, and in fact some of the history of the modern Internet and what we now call cyberspace.
This is a really, really good book. I don’t necessarily agree with the title (and thus the overall argument, awkwardly), but this book is incredibly well-research, very well-articulated, and something I now consider a primary reference text for my thesis. Now, how did I get to that conclusion when I don’t even agree with the primary argument of the book? Quite simply, because the information that this book offers and the analysis that Rid has performed is impeccable. This is scholarship of the best kind, because it is easy to digest, makes perfect sense and educates you with every line.
The book is structured by concept rather than timeline, which is different to Rise of the Machines. However, given the topics that this book deals with that makes perfect sense, and was an excellent decision on the author’s part. Nothing can ruin good research quite so spectacularly as atrocious structure and presentation.
There are eight chapters of this book, presented in the following order:
What is cyber war?
Violence
Cyber Weapons
Sabotage
Espionage
Subversion
Attribution
Beyond Cyber War
There is a logical and coherent structure here, easing the reader into the cyber warfare discussion by introducing the key concepts at play in the cyberspace debate, before breaking down what we have actually seen of ‘cyber war’: cyber sabotage, cyber espionage, and cyber subversion. Devoting a chapter to the attribution problem was an excellent decision, because it really is (in my opinion) one of the thorniest of problems in most debates over the relative security or insecurity of cyberspace: whodunnit? In this I agree with Rid, attribution might not actually be quite as difficult to pinpoint as is generally thought, but it is very much a political problem as to whether you’re going to openly accuse someone of being the guilty party.
Completely outside of whether you are involved in the academic fields that have an interest in cyberspace, this is a really good book if you’re intrigued by just what is meant by cyberspace and cyber warfare. If you’re wondering what all the politicians and military leaders and activists and hacktivists are cracking on about, this is a good book to start with. If you are involved in the academic OR practical fields with an interest or stake in cyberspace, you 100% need to read this book, and read it properly. You don’t need to agree with all the points made in a book to acknowledge that it has a high degree of utility and relevance in a given field.
This is relevant, and useful. Five star read, people.
In saying that, both of these books can be read stand-alone; like a lot of non-fiction, this isn’t a series as such. And to be honest, I actually felt better-prepared for this book having already read about the history of cybernetics, and in fact some of the history of the modern Internet and what we now call cyberspace.
This is a really, really good book. I don’t necessarily agree with the title (and thus the overall argument, awkwardly), but this book is incredibly well-research, very well-articulated, and something I now consider a primary reference text for my thesis. Now, how did I get to that conclusion when I don’t even agree with the primary argument of the book? Quite simply, because the information that this book offers and the analysis that Rid has performed is impeccable. This is scholarship of the best kind, because it is easy to digest, makes perfect sense and educates you with every line.
The book is structured by concept rather than timeline, which is different to Rise of the Machines. However, given the topics that this book deals with that makes perfect sense, and was an excellent decision on the author’s part. Nothing can ruin good research quite so spectacularly as atrocious structure and presentation.
There are eight chapters of this book, presented in the following order:
What is cyber war?
Violence
Cyber Weapons
Sabotage
Espionage
Subversion
Attribution
Beyond Cyber War
There is a logical and coherent structure here, easing the reader into the cyber warfare discussion by introducing the key concepts at play in the cyberspace debate, before breaking down what we have actually seen of ‘cyber war’: cyber sabotage, cyber espionage, and cyber subversion. Devoting a chapter to the attribution problem was an excellent decision, because it really is (in my opinion) one of the thorniest of problems in most debates over the relative security or insecurity of cyberspace: whodunnit? In this I agree with Rid, attribution might not actually be quite as difficult to pinpoint as is generally thought, but it is very much a political problem as to whether you’re going to openly accuse someone of being the guilty party.
Completely outside of whether you are involved in the academic fields that have an interest in cyberspace, this is a really good book if you’re intrigued by just what is meant by cyberspace and cyber warfare. If you’re wondering what all the politicians and military leaders and activists and hacktivists are cracking on about, this is a good book to start with. If you are involved in the academic OR practical fields with an interest or stake in cyberspace, you 100% need to read this book, and read it properly. You don’t need to agree with all the points made in a book to acknowledge that it has a high degree of utility and relevance in a given field.
This is relevant, and useful. Five star read, people.
Read
February 11, 2019First published in 2013 and thus slightly dated, at least when it comes to the referred examples, Thomas Rid's book has stood the test of time and is an intelligent discussion on what cyber war really is and how little it has to do with war.
November 27, 2022
I was just looking over a book that someone sent me as a result of liking my review for another book. As I look back, it one was on my "Greatest Hits." It was about Thomas Rid's book "Cyber War Will Not Take Place."
************************
The upshot: Save your money.
At the outset, this author seems to have at least two major problems in his reasoning.
1. He chooses a definition of war (it must involve violence, it must be political, and it must be instrumental) and then concludes that whatever does not fit onto that definition does not constitute war. It's like he never stops to consider that, in light of new technology the definition of war could (and should) be expanded.
2. He gives a lot of anecdotal examples from history and shows where they were ultimately of little consequence. And therefore he arrives at the conclusion (not too lightly) that future attacks will be equally benign (or will not be able to wreak the destruction that many people fear). But to follow that reasoning to its logical conclusion, one could conclude that because the last attack where people fired muskets (and didn't kill that many people) meant that guns would never get to the level of destruction of an AK-47.
The book is written such that any of the chapters can be read stand-alone. And so I'll go through the book and make some statements chapter by chapter.
Chapter 1 (Definitions). This is where Rid lays out the definition. Again, war must be political, instrumental, and violent. The author then goes on to make the case that since not many people have been killed by electronic warfare, that it is not the same thing as hand to hand warfare or nuclear devices. The problem is that words are not our masters. They are our servants. If we follow this author's line of reasoning to its logical conclusion we could say something like: "So and so said that a legal system should have impartial jurists and be predictable. A country/ territory that does not have predictability and impartial jurists does not have a legal system." Yet that would not explain the Chinese legal system (which is unpredictable and the concept of "impartial jurist" does not exist-- at least not in the Western sense) and that is not to say that there *is* no legal system in China. There's just one that does not fit onto So and So's definition of what is a legal system. The author then goes into a few anecdotal examples. But these are irrelevant. If you have had 100 electronic ("cyber") attacks and they caused limited damage, you can say absolutely nothing (!) about the 101st.
Chapter 2 (Violence). More semantics. More pressing of the Clausewitz definition. Based on the Clausewitz definition, wars must be violent (and violence must have an emotional impact). Electronic attacks are not violent, nor are they the same thing as a bullet or an explosive device. And so they therefore don't qualify as war. There is some interesting discussion about the instrumental role of violence in establishing the power of the state and maintenance of trust. (And so if violence is not directed toward establishing the role of the state and maintenance of trust relationships, then it is not instrumental.) It's a very long argument, but ultimately it's sophistry. One could say that erosion of trust (by repeated cyber attacks) destroys so much economic activity. And if you pick a certain value per life, then that is the same thing as killing actual civilians. And in that case, then it is instrumental (destroying the government of the enemy) and does count as "war."
Chapter 3 (Weapons). Here we get part of a helpful distinction between generic and low potential tools vs. specific and high potential weaponry. But before the chapter if finished, he gets into more casuistry. Weapons are meant to hurt people/ things. But DDoS attacks don't actually harm anyone. The damage that they cause is second-order, and so they don't fit onto the definition of "weapons" (which, are meant for direct use in this case).
Chapter 4 (Sabotage). There is some discussion of attacks on things like the attacks on Saudi Aramco. He says that they interrupted operations for less than a day. But it is fallacious to conclude that just because something happened one way one time that it might not be worse the second time. The author expands this foolish line of reasoning for *several* pages.
Chapter 5 (Espionage). Here the author makes the distinction between Human Intelligence and Signal Intelligence. Apparently economic espionage can be damaging, but it is not all that damaging for things that have process knowledge (just because you have recipe for bread doesn't mean that you know how to make it *well*.) As with all the other chapters, he builds his argument by anecdote-- and then assumes that absence of evidence is evidence of absence (so, if you can't prove beyond a shadow of a doubt that Chinese espionage didn't cause the collapse of a company then that is enough to rule out electronic espionage as anything significant).
Chapter 6 (Subversion). I am not sure what his point is here. And I didn't have the patience to fish for it (through the long discussion about what does subversion mean). Some part of it seems to be an argument that was repeated before by Evgeny Morozov in The Net Delusion: The Dark Side of Internet Freedom. Basically, he says that: 1. Movements that are not made by flesh and blood people might not have the same "stickiness" as movements that are based online, and; 2. As larger numbers of people get together the focus of the group becomes more vague. (This could account for why the Occupy Wall Street Movement had such a hard time articulating a message-- or even finding one for that matter.)
Chapter 7 (Attribution). Now the book gets really silly. He goes over some cases where attribution was difficult (as we suspect that it might be given the nature of the tools). And even though the author has mentioned that circumstantial evidence would not hold up in court (such as the fact that in one case all the attacks happened between 9am and 5pm Beijing time and were traceable to the Shanghai Pudong District)....how this is relevant, I'm totally unsure.
Chapter 8 (Conclusions). There is some interesting discussion about the use of metaphors (1. didactic devices; 2. creative devices; 3. testing devices). And he seems to conclude that the advantage is on the side of the defenders. Given how shakily reasoned this book has heretofore been, I am tempted to conclude the exact opposite of what he says. Finally, there is a bit of discussion on the *ethics* of cyber attacks. And this strange, because: 1. The author has just gotten finished telling us that electronic warfare is not the same as physical warfare; 2. Don't let your metaphors take you too far. But then he turns around and does *just that* by imagining that conventions can be made to which countries will agree to adhere-- even though patriot hackers are not government officials and hence not bound by war conventions. And even though attribution is difficult (gist of the last chapter)-- how can someone be called to account for something that no one can prove that they did? And even though some people don't have any ethical superstructure to appeal to (China). Rid suggests that more needs to be done on defense than offense (the US government concentrates on offense). But then, who knows what they are doing? (He admits that most of this work is stamped "secret.")
Verdict: This book is worth the time if you want to sit and pick apart the arguments (I *love* tearing things apart). But as an investigation into the subject, it's not all that great. The reasoning is just too strained and sloppy. In any case, anyone who wants to tear apart strange arguments can just pick up a copy of the New York Times for less than a couple of bucks. I can't see investing the $12 for this book if I had the chance to do it all over again. It doesn't really settle the case for me any better than when I started the book.
************************
The upshot: Save your money.
At the outset, this author seems to have at least two major problems in his reasoning.
1. He chooses a definition of war (it must involve violence, it must be political, and it must be instrumental) and then concludes that whatever does not fit onto that definition does not constitute war. It's like he never stops to consider that, in light of new technology the definition of war could (and should) be expanded.
2. He gives a lot of anecdotal examples from history and shows where they were ultimately of little consequence. And therefore he arrives at the conclusion (not too lightly) that future attacks will be equally benign (or will not be able to wreak the destruction that many people fear). But to follow that reasoning to its logical conclusion, one could conclude that because the last attack where people fired muskets (and didn't kill that many people) meant that guns would never get to the level of destruction of an AK-47.
The book is written such that any of the chapters can be read stand-alone. And so I'll go through the book and make some statements chapter by chapter.
Chapter 1 (Definitions). This is where Rid lays out the definition. Again, war must be political, instrumental, and violent. The author then goes on to make the case that since not many people have been killed by electronic warfare, that it is not the same thing as hand to hand warfare or nuclear devices. The problem is that words are not our masters. They are our servants. If we follow this author's line of reasoning to its logical conclusion we could say something like: "So and so said that a legal system should have impartial jurists and be predictable. A country/ territory that does not have predictability and impartial jurists does not have a legal system." Yet that would not explain the Chinese legal system (which is unpredictable and the concept of "impartial jurist" does not exist-- at least not in the Western sense) and that is not to say that there *is* no legal system in China. There's just one that does not fit onto So and So's definition of what is a legal system. The author then goes into a few anecdotal examples. But these are irrelevant. If you have had 100 electronic ("cyber") attacks and they caused limited damage, you can say absolutely nothing (!) about the 101st.
Chapter 2 (Violence). More semantics. More pressing of the Clausewitz definition. Based on the Clausewitz definition, wars must be violent (and violence must have an emotional impact). Electronic attacks are not violent, nor are they the same thing as a bullet or an explosive device. And so they therefore don't qualify as war. There is some interesting discussion about the instrumental role of violence in establishing the power of the state and maintenance of trust. (And so if violence is not directed toward establishing the role of the state and maintenance of trust relationships, then it is not instrumental.) It's a very long argument, but ultimately it's sophistry. One could say that erosion of trust (by repeated cyber attacks) destroys so much economic activity. And if you pick a certain value per life, then that is the same thing as killing actual civilians. And in that case, then it is instrumental (destroying the government of the enemy) and does count as "war."
Chapter 3 (Weapons). Here we get part of a helpful distinction between generic and low potential tools vs. specific and high potential weaponry. But before the chapter if finished, he gets into more casuistry. Weapons are meant to hurt people/ things. But DDoS attacks don't actually harm anyone. The damage that they cause is second-order, and so they don't fit onto the definition of "weapons" (which, are meant for direct use in this case).
Chapter 4 (Sabotage). There is some discussion of attacks on things like the attacks on Saudi Aramco. He says that they interrupted operations for less than a day. But it is fallacious to conclude that just because something happened one way one time that it might not be worse the second time. The author expands this foolish line of reasoning for *several* pages.
Chapter 5 (Espionage). Here the author makes the distinction between Human Intelligence and Signal Intelligence. Apparently economic espionage can be damaging, but it is not all that damaging for things that have process knowledge (just because you have recipe for bread doesn't mean that you know how to make it *well*.) As with all the other chapters, he builds his argument by anecdote-- and then assumes that absence of evidence is evidence of absence (so, if you can't prove beyond a shadow of a doubt that Chinese espionage didn't cause the collapse of a company then that is enough to rule out electronic espionage as anything significant).
Chapter 6 (Subversion). I am not sure what his point is here. And I didn't have the patience to fish for it (through the long discussion about what does subversion mean). Some part of it seems to be an argument that was repeated before by Evgeny Morozov in The Net Delusion: The Dark Side of Internet Freedom. Basically, he says that: 1. Movements that are not made by flesh and blood people might not have the same "stickiness" as movements that are based online, and; 2. As larger numbers of people get together the focus of the group becomes more vague. (This could account for why the Occupy Wall Street Movement had such a hard time articulating a message-- or even finding one for that matter.)
Chapter 7 (Attribution). Now the book gets really silly. He goes over some cases where attribution was difficult (as we suspect that it might be given the nature of the tools). And even though the author has mentioned that circumstantial evidence would not hold up in court (such as the fact that in one case all the attacks happened between 9am and 5pm Beijing time and were traceable to the Shanghai Pudong District)....how this is relevant, I'm totally unsure.
Chapter 8 (Conclusions). There is some interesting discussion about the use of metaphors (1. didactic devices; 2. creative devices; 3. testing devices). And he seems to conclude that the advantage is on the side of the defenders. Given how shakily reasoned this book has heretofore been, I am tempted to conclude the exact opposite of what he says. Finally, there is a bit of discussion on the *ethics* of cyber attacks. And this strange, because: 1. The author has just gotten finished telling us that electronic warfare is not the same as physical warfare; 2. Don't let your metaphors take you too far. But then he turns around and does *just that* by imagining that conventions can be made to which countries will agree to adhere-- even though patriot hackers are not government officials and hence not bound by war conventions. And even though attribution is difficult (gist of the last chapter)-- how can someone be called to account for something that no one can prove that they did? And even though some people don't have any ethical superstructure to appeal to (China). Rid suggests that more needs to be done on defense than offense (the US government concentrates on offense). But then, who knows what they are doing? (He admits that most of this work is stamped "secret.")
Verdict: This book is worth the time if you want to sit and pick apart the arguments (I *love* tearing things apart). But as an investigation into the subject, it's not all that great. The reasoning is just too strained and sloppy. In any case, anyone who wants to tear apart strange arguments can just pick up a copy of the New York Times for less than a couple of bucks. I can't see investing the $12 for this book if I had the chance to do it all over again. It doesn't really settle the case for me any better than when I started the book.
September 9, 2016
This book is extremely well written, well researched and explains issues in an easy to read and comprehend manner. Furthermore, the author is careful to not jump to conclusions and expresses when evidence of cyber 'attacks' is circumstantial (and if so, what evidence there is to support or negate such claims.) This approach is refreshing, given how common it is for cyber war discussions to jump to conclusions.
Overall, it presents a well-examined exploration of issues surrounding cyber war when it is defined by Clausewitzian conditions.
Overall, it presents a well-examined exploration of issues surrounding cyber war when it is defined by Clausewitzian conditions.
January 13, 2014
What this book does is to define some terms, tell some stories, and say mostly nothing.
April 4, 2021
In this book author gives a very interesting premise - cyber war will not take place because there is no such thing as cyber war.
Book explains in a very precise way how cyber warfare, no matter how crazed (and yes, truly crazed, bombastic and ever on the lookout for sensations and half truths) media and politicians want it to be seen differently, is not warfare in the way we understand it, is not warfare at all but a tool. And again not a tool in Clausewitz's sense (continuation of policy by other means) but support tool, yet another venue for supporting the conventional means of warfare in the same way GPS, communication and recon satellites are supporting tools.
Going very slowly and thoroughly through historical examples (from 1980's to modern times - of course 2016 gets mention here) author describes that cyber warfare actions can never be seen as standard violent actions of opposing armed forces because it is in one way either highly specialized and precise tool for support (Stuxnet and APT for example) and in other so dispersed and decentralized that it can motivate people to join a virtual movement but also leave it as soon as they get bored (social oriented software and systems) that it cannot survive on its own. It needs to be used as part of the whole and it cannot survive on its own to achieve any goal.
In other words if cyber warfare ever achieves its goal then it will not be an action triggered by the moment (like assassination of Hapsburg monarch in the Balkans or mishap in firing of nuclear weapons) but precisely launched attack on the very much studied and observed target, for months if not years. There will be no excuse for this offense, no I/we did not know. And this is why it will never be triggered because to trigger it means painting huge bulls-eye on ones country to be ripped apart by other parties. And all for the dubiously effective attack on infrastructure (that is continuously covered by government services). This is what makes the situation highly unlikely (if not completely impossible).
And this is where reality clashes with fiction (yeah, Swordfish is not the way hacking is done, although I liked the entry test :)), fiction that is so liked by people looking for sensations and bombastic titles - to get more funding or get more blog/news media readers.
Even when used for sabotage and subversion cyber warfare tools are only as good as other parts of the operation. From insertion to exfiltration.
Excellent book that explains how computer network warfare (sounds much boring than cyber warfare right?) can be dangerous in many ways - especially in wrong attribution of the events and inability to discern criminal from state sponsored actions. It is a tool used by shadow agencies in false flag and proper assaults but either as a scalpel cut or as a support tool in a greater operation (to shutdown radar networks i.e.). We are still far away from Gibson's matrix or Cyberpunk future - which is good, because those book need to be considered a warning not something to yearn for (unless we as a society truly are sick in our collective mind).
I found it very interesting that fear rising in the West from the East seem to be caused by the knowledge coming from western lead operation. It is same as fear of the spy that causes him to see spies all around him, because he knows what can happen and what can be done (i.e. take 2016 and very sophisticated Arab spring - in general they are the same, executed using same tools and network media for pushing ones ideas). Don't get me wrong, East is more than willing to submit these types of operations (and they do it as APT operation shows) but this looks like a closed circuit, without end and with so many contradictions it is unbelievable (i.e. I would like current politicians to finally come to terms with N. Korea - is it backward, starving nation with large peasant army and almost no hi tech, or SPECTRE-like construct that is so capable to conduct cyber warfare operations and endanger highly sophisticated West?).
And this is where additional danger lies - there are so many half-truths, exaggerations for this new vector of attack that you can say almost everything and get away with it. You can present your enemy to be this great great threat in this aspect and nobody will ask for any more details because this boogey-man-warfare is THE threat, our wise official say.
Hopefully this book will put things in proper context because it needs to be done to prevent unnecessary conflicts between nations.
Highly recommended.
Book explains in a very precise way how cyber warfare, no matter how crazed (and yes, truly crazed, bombastic and ever on the lookout for sensations and half truths) media and politicians want it to be seen differently, is not warfare in the way we understand it, is not warfare at all but a tool. And again not a tool in Clausewitz's sense (continuation of policy by other means) but support tool, yet another venue for supporting the conventional means of warfare in the same way GPS, communication and recon satellites are supporting tools.
Going very slowly and thoroughly through historical examples (from 1980's to modern times - of course 2016 gets mention here) author describes that cyber warfare actions can never be seen as standard violent actions of opposing armed forces because it is in one way either highly specialized and precise tool for support (Stuxnet and APT for example) and in other so dispersed and decentralized that it can motivate people to join a virtual movement but also leave it as soon as they get bored (social oriented software and systems) that it cannot survive on its own. It needs to be used as part of the whole and it cannot survive on its own to achieve any goal.
In other words if cyber warfare ever achieves its goal then it will not be an action triggered by the moment (like assassination of Hapsburg monarch in the Balkans or mishap in firing of nuclear weapons) but precisely launched attack on the very much studied and observed target, for months if not years. There will be no excuse for this offense, no I/we did not know. And this is why it will never be triggered because to trigger it means painting huge bulls-eye on ones country to be ripped apart by other parties. And all for the dubiously effective attack on infrastructure (that is continuously covered by government services). This is what makes the situation highly unlikely (if not completely impossible).
And this is where reality clashes with fiction (yeah, Swordfish is not the way hacking is done, although I liked the entry test :)), fiction that is so liked by people looking for sensations and bombastic titles - to get more funding or get more blog/news media readers.
Even when used for sabotage and subversion cyber warfare tools are only as good as other parts of the operation. From insertion to exfiltration.
Excellent book that explains how computer network warfare (sounds much boring than cyber warfare right?) can be dangerous in many ways - especially in wrong attribution of the events and inability to discern criminal from state sponsored actions. It is a tool used by shadow agencies in false flag and proper assaults but either as a scalpel cut or as a support tool in a greater operation (to shutdown radar networks i.e.). We are still far away from Gibson's matrix or Cyberpunk future - which is good, because those book need to be considered a warning not something to yearn for (unless we as a society truly are sick in our collective mind).
I found it very interesting that fear rising in the West from the East seem to be caused by the knowledge coming from western lead operation. It is same as fear of the spy that causes him to see spies all around him, because he knows what can happen and what can be done (i.e. take 2016 and very sophisticated Arab spring - in general they are the same, executed using same tools and network media for pushing ones ideas). Don't get me wrong, East is more than willing to submit these types of operations (and they do it as APT operation shows) but this looks like a closed circuit, without end and with so many contradictions it is unbelievable (i.e. I would like current politicians to finally come to terms with N. Korea - is it backward, starving nation with large peasant army and almost no hi tech, or SPECTRE-like construct that is so capable to conduct cyber warfare operations and endanger highly sophisticated West?).
And this is where additional danger lies - there are so many half-truths, exaggerations for this new vector of attack that you can say almost everything and get away with it. You can present your enemy to be this great great threat in this aspect and nobody will ask for any more details because this boogey-man-warfare is THE threat, our wise official say.
Hopefully this book will put things in proper context because it needs to be done to prevent unnecessary conflicts between nations.
Highly recommended.
July 6, 2019
Rid makes a specific point and he makes it well. Talk of cyber war is simply scare mongering. Cyber operations are almost definitionally non-violent, and states increasingly using them is a net positive as compared to traditional methods of achieving the same aims. He breaks the effects down into espionage, subversion and sabotage. Cyber espionage means less reliance on putting human sources in danger. Cyber subversion I didn't follow too closely. Cyber sabotage seems synonymous with destroying industrial control systems in his view.
Cyber operations are less symbolic, less emotional, less destructive but can be more targeted meaning cyber operations can undermine trust in a specific functions of a Government. Whereas traditional violence tends to sow distrust by directly challenging their monopoly on violence.
It is a fantastic book but his main argument--that cyber operations are less violent and less damaging than traditional operations--suggests states should switch to cyber operaitons. However, there is no analytical framework to answer when cyber operations go too far. I feel like this results from not considering how harm arises from cyber operations in enough detail. I didn't see privacy mentioned once.
Cyber operations are less symbolic, less emotional, less destructive but can be more targeted meaning cyber operations can undermine trust in a specific functions of a Government. Whereas traditional violence tends to sow distrust by directly challenging their monopoly on violence.
It is a fantastic book but his main argument--that cyber operations are less violent and less damaging than traditional operations--suggests states should switch to cyber operaitons. However, there is no analytical framework to answer when cyber operations go too far. I feel like this results from not considering how harm arises from cyber operations in enough detail. I didn't see privacy mentioned once.
Read
April 1, 2018provocative scholarly work but ultimately underwhelming. The author says, "Cyber war will not take place," and you are reassured and hopeful that this means current cyber issues like Russia's infiltration of the elections and social media are not realistic to happen. But then apparently after this provocative title should be a small starred asterisk where the author follows with the following caveat to his thesis: cyber war will not happen because for him cyber war is narrowly defined and does not cover cyber attacks that aim for sabotage, espionage, or subversion. This means he cannot reassure against the current cyber events that we are actually worrying about, because he just excludes them from his definition. This definition even disregards attacks like Stuxnet from the US govt to Iran's. I wish he picked a more conservative title then. Nevertheless you can learn some things from the book's chapters of careful definitions, like definitions of war, classes of weapons.
September 16, 2013
I write reviews of books for several publications and blogs--mainly literary ones--but also have been involved in software design and information security issues. Therefore, I was very interested in this book when it came out and had to read it. I feel my background as both a reviewer and someone who knows about the nuances of computer security allows for me to write a pretty informed yet unbiased review. Professor Rid is simply wrong in his views overall and has a vested interest in making his case that cyber-war is not war at all: his book is based on that very thesis and he'd not have a book in hand had he not had this unique take on the matter. If he'd gone with the majority of his field, he'd just have another book (of quite many) saying that cyber-war is a valid concern as others have named it such. So it was in his interests to march in the other direction to stand out from the crowd. He wrote an editorial for Slate where he made, in a nutshell, the same claims he makes at length in his book, and I made these same comments in response to that article.
It is possible that some people--especially in the contractor circles--are ramping up the threat of cyber-war to the level of an unseen monster the likes of which we never will see, that much is true, but that doesn't mitigate the very real concern of cyber-war as a threat. Professor Rid's claim that cyber-war is spying by another name is false: it's much more than spying, and it's not limited in scope except to the arena that war is fought in, which is one that is in full or part based in computer information systems. The 1997 RAND publication "In Athena's Camp" lays out an encompassing picture of the many faces of possible cyber-war, and those situations have of course only expanded in type and form since 1997. I highly recommend that as the book to start with on the topic.
The following is illustrative of why cyber-war is real, and troublesome:
The real crux of it could be a combined attack with ground operatives and external attacks. In example, the enemy sends in commandos to damage essential switchgear and get into physical systems, meanwhile a coordinated attack is mounted from afar. I worked on an IT project for a research center on a rather small scale where we tried this: first, we tried a conventional "hacking" attack of black-hat guys trying to hack our systems and our white-hat guys protecting them. That was easy to stop. The white-hat team won. But when we added "crooks" breaking into the facility and messing with physical systems inside, it all became bedlam. Nothing was designed to prevent this. We lost power, then switched to back-up generators to find the (very good) "attack team" had disabled the generators. Everything done on the institutional level was done with cyber-security in mind as isolated from physical concerns.
Now, not all institutions are like that, no. Nor would an attack on vital national resources be so easy, but it is how this could happen. And if it was done by an enemy nation or terrorist group it would be war. Professor Rid cages his view in terms of "this is how cyber-war differs"". Ok, fine, but let's get real: the information and infrastructural systems of our nation are both the most enticing and easier of things to attack for an enemy and where real damage can be done. If terrorists crippled three power plants, took the regional grid offline, took out five telephony central offices all around a major US city you'd have utter chaos akin to a major hurricane or other disaster. We have designed robust systems at great cost since the onset of the Cold War to ensure our nation's command and control can be continued if an enemy attacks via nuclear or other means that would cripple our infrastructure. We are fighting that fight today in a digital domain, and despite 9/11 and the security frenzy that followed, some of our national command and control systems still are pretty much at the Cold War level. It's taken a very long time to make everything go digital and we're still unprepared in some areas. We saw, on a moderate scale, what happens when we lack critical infrastructure due to acute damage with Hurricane Katrina: hospitals with no power, communications that were unstable at best. Those same circumstances could be brought about via a cyber-centric attack and would indeed be real warfare. Bringing commercial activities to a halt for 24 hours in a major metro region alone could do horrible economic damage. Even an example such as that New Orleans hospital that lost power is illustrative: who on earth left the only generators in a hospital that was in a floor zone in the basement? Who failed to put some generators at a location in higher ground? Every error that has lead to any form of serious disaster at any nuclear power plant the world over has been due mainly to human error or the poor response of human operators to a situation. That's SL-1 to TMI to Windscale to TEPCO's misdeeds in Japan. Such errors could be pushed along by a combination of cyber and other terrorism. There are ample threats, and frankly, we're only now starting to really meet all those threats.
And that's why cyber-war professionals do call it "cyber-war"; that's why we have people like Rear Admiral Gretchen S. Herbert and why her title is Commander, Cyber Forces. If this book has any real value, it is in tempering the debate over cyber-war, and reducing the loud cry of doom that is also out there. There are, yes, people who make the cyber-threat seem larger than it may be, but Professor Rid goes wildly in the other direction here.
It is possible that some people--especially in the contractor circles--are ramping up the threat of cyber-war to the level of an unseen monster the likes of which we never will see, that much is true, but that doesn't mitigate the very real concern of cyber-war as a threat. Professor Rid's claim that cyber-war is spying by another name is false: it's much more than spying, and it's not limited in scope except to the arena that war is fought in, which is one that is in full or part based in computer information systems. The 1997 RAND publication "In Athena's Camp" lays out an encompassing picture of the many faces of possible cyber-war, and those situations have of course only expanded in type and form since 1997. I highly recommend that as the book to start with on the topic.
The following is illustrative of why cyber-war is real, and troublesome:
The real crux of it could be a combined attack with ground operatives and external attacks. In example, the enemy sends in commandos to damage essential switchgear and get into physical systems, meanwhile a coordinated attack is mounted from afar. I worked on an IT project for a research center on a rather small scale where we tried this: first, we tried a conventional "hacking" attack of black-hat guys trying to hack our systems and our white-hat guys protecting them. That was easy to stop. The white-hat team won. But when we added "crooks" breaking into the facility and messing with physical systems inside, it all became bedlam. Nothing was designed to prevent this. We lost power, then switched to back-up generators to find the (very good) "attack team" had disabled the generators. Everything done on the institutional level was done with cyber-security in mind as isolated from physical concerns.
Now, not all institutions are like that, no. Nor would an attack on vital national resources be so easy, but it is how this could happen. And if it was done by an enemy nation or terrorist group it would be war. Professor Rid cages his view in terms of "this is how cyber-war differs"". Ok, fine, but let's get real: the information and infrastructural systems of our nation are both the most enticing and easier of things to attack for an enemy and where real damage can be done. If terrorists crippled three power plants, took the regional grid offline, took out five telephony central offices all around a major US city you'd have utter chaos akin to a major hurricane or other disaster. We have designed robust systems at great cost since the onset of the Cold War to ensure our nation's command and control can be continued if an enemy attacks via nuclear or other means that would cripple our infrastructure. We are fighting that fight today in a digital domain, and despite 9/11 and the security frenzy that followed, some of our national command and control systems still are pretty much at the Cold War level. It's taken a very long time to make everything go digital and we're still unprepared in some areas. We saw, on a moderate scale, what happens when we lack critical infrastructure due to acute damage with Hurricane Katrina: hospitals with no power, communications that were unstable at best. Those same circumstances could be brought about via a cyber-centric attack and would indeed be real warfare. Bringing commercial activities to a halt for 24 hours in a major metro region alone could do horrible economic damage. Even an example such as that New Orleans hospital that lost power is illustrative: who on earth left the only generators in a hospital that was in a floor zone in the basement? Who failed to put some generators at a location in higher ground? Every error that has lead to any form of serious disaster at any nuclear power plant the world over has been due mainly to human error or the poor response of human operators to a situation. That's SL-1 to TMI to Windscale to TEPCO's misdeeds in Japan. Such errors could be pushed along by a combination of cyber and other terrorism. There are ample threats, and frankly, we're only now starting to really meet all those threats.
And that's why cyber-war professionals do call it "cyber-war"; that's why we have people like Rear Admiral Gretchen S. Herbert and why her title is Commander, Cyber Forces. If this book has any real value, it is in tempering the debate over cyber-war, and reducing the loud cry of doom that is also out there. There are, yes, people who make the cyber-threat seem larger than it may be, but Professor Rid goes wildly in the other direction here.
December 2, 2017
Despite the slightly click-baity title, this is an excellent and accessible book by one of the leading scholars in the field. Whether you believe that the various cyber-related attacks on the West by foreign powers, such as Russia, DPRK and China are acts of 'warfare', or not (and Rid says no, because there is no actual violence, which is a defining characteristic of 'war' in the traditional sense), they are clearly acts of aggression and are going on all the time - the most famous of which was, of course, the (US) Stuxnet attack on the Iranian nuclear programme.
May 22, 2019
I loved this book. In one way, Rid succinctly lays out an argument I have been trying to make for years, yet he does it so much more clearly and well researched then I ever could have. There is no doubt that "cyber" is a type of tool, which occasionally is even a weapon and this book outlines exactly when that is, why it is and tries to help us understand what that means as we move forward.
Every war has a "cyber" component, but cyber does not a war make.
Every war has a "cyber" component, but cyber does not a war make.
December 18, 2020
As someone who uses the book for lecturing & teaching purposes, I believe the following article by John Stone - Cyber War Will Take Place! (https://www.tandfonline.com/doi/abs/1...) provides a very interesting, yet opposing perspective.
July 4, 2015
An interesting take on the past and possible future of cyber attacks, meant as a rebuttal to the currently superficial discussion on cyber security by state officials and media.
It starts with the title's thesis (you can't have "cyber war" when you see "war" according to Von Clausewitz' definitions), but goes further than that by splitting up "cyber attacks" into sub-groups like "subversion", "espionage" etc., and shows how these have changed due to the nature of the Internet and how the future may look like. There's lots of interesting thoughts here I'll have to digest (e.g., there's a possibility that cyber attacks are "anti-violence", in that you can now reach your goals without having to physically harm people; there probably won't be a "cyber 9/11" since to be efficient in your attacks, you need to a ton of money, knowledge, and people [whoever made Stuxnet probably had enough money to build a working replica of the target factory], etc.)
As a bonus it contains one of the best write-ups of Stuxnet I've read.
Recommended for: Those interested in the intersection of the Internet and politics
It starts with the title's thesis (you can't have "cyber war" when you see "war" according to Von Clausewitz' definitions), but goes further than that by splitting up "cyber attacks" into sub-groups like "subversion", "espionage" etc., and shows how these have changed due to the nature of the Internet and how the future may look like. There's lots of interesting thoughts here I'll have to digest (e.g., there's a possibility that cyber attacks are "anti-violence", in that you can now reach your goals without having to physically harm people; there probably won't be a "cyber 9/11" since to be efficient in your attacks, you need to a ton of money, knowledge, and people [whoever made Stuxnet probably had enough money to build a working replica of the target factory], etc.)
As a bonus it contains one of the best write-ups of Stuxnet I've read.
Recommended for: Those interested in the intersection of the Internet and politics
March 25, 2014
Places cyber "war" in context of its intent -- to accomplish political ends. Rid first explains why he believes cyber effects do not constitute "war" in a theoretical sense, and uses traditional definitions of war (violence) to support his position. The strength of this book is the focus on "subversion," and how cyberspace makes subversion a more complex means to undermine the trust citizens have in the established government / constitutional order. Rid's framework and methodology have many similarities to Irregular Warfare, and merits comparison.
Enjoyable book -- provides necessary (and realistic) perspective on cyber war. The main weakness is in Rid's premise that cyber effects will not cross into the directly-violent. This is a dangerous premise given the vulnerabilities of open networks and their interconnectivity with basic, national life support systems.
Enjoyable book -- provides necessary (and realistic) perspective on cyber war. The main weakness is in Rid's premise that cyber effects will not cross into the directly-violent. This is a dangerous premise given the vulnerabilities of open networks and their interconnectivity with basic, national life support systems.
September 3, 2023
This books is incredibly boring and focused on semantics to the point I could summarise the idea in one sentence and keep wondering how the author managed to write so many pages on the topic. The author comes across as very conservative (not politically, but philosophically) and one of those people who believe that things must be set in stone for humanity at this point, because they can't fathom something that's outside of their grasp could take place. Little did I know before starting the book, the author is in fact unsurprisingly German. The chapter on subversion raised some hope the overall shape of the book would improve, but it got boring again right after. How can one make cyber crime sound boring!?
March 6, 2016
It was great to read good argumentation, why there haven't been any cyber war yet and why it's a good chance that there won't be any. The author uses von Clausewitz's definition of war, which says that war is violent, goal-driven and has political attribution. The author analyze most best-known examples of cyber-assisted crime, sabotage, espionage and subversion. There's also great discussion about cyber wepons. The author doesn't underestimate the cyber threat - it's just not so obvious as you would think - the cyber war is unlikely, though.
July 7, 2013
An excellent read for the layman wanting to know the strategic implications of the new digital world. Very up to date (includes references from early 2013) and clean, crisp prose. Makes a strong case for caution about the significance of cyber crimes and attacks, though his conflation of 'force' with 'violence' sidelines some of the larger implications. The chapter on subversion is also a bit out of place, but the rest of the book flows very well. Recommended. Blessedly short too.
October 28, 2013
Very informative and thorough analysis of the subject manner. Recommended.
March 1, 2015
Interesting perspective on the cyber war topic.
Also, nice and short.
Also, nice and short.
March 16, 2017
Great insides!
February 3, 2014
Good arguments, interesting concepts, but rather densely written.
Displaying 1 - 22 of 22 reviews