What do you think?
Rate this book
Cyberwar: The Next Threat to National Security & What to Do About It
An essential, eye-opening book about cyberterrorism, cyber war, and the next great threat to our national security.
“Cyber War may be the most important book about national security policy in the last several years.” –Slate
Former presidential advisor and counter-terrorism expert Richard A. Clarke sounds a timely and chilling warning about America’s vulnerability in a terrifying new international conflict. Cyber War is a powerful book about technology, government, and military strategy; about criminals, spies, soldiers, and hackers. It explains clearly and convincingly what cyber war is, and how vulnerable we are as a nation and as individuals to the vast and looming web of cyber criminals.
Every concerned American should read this startling and explosive book that offers an insider’s view of White House ‘Situation Room’ operations and carries the reader to the frontlines of our cyber defense. Cyber War exposes a virulent threat to our nation’s security.
“Cyber War may be the most important book about national security policy in the last several years.” –Slate
Former presidential advisor and counter-terrorism expert Richard A. Clarke sounds a timely and chilling warning about America’s vulnerability in a terrifying new international conflict. Cyber War is a powerful book about technology, government, and military strategy; about criminals, spies, soldiers, and hackers. It explains clearly and convincingly what cyber war is, and how vulnerable we are as a nation and as individuals to the vast and looming web of cyber criminals.
Every concerned American should read this startling and explosive book that offers an insider’s view of White House ‘Situation Room’ operations and carries the reader to the frontlines of our cyber defense. Cyber War exposes a virulent threat to our nation’s security.
312 pages, Kindle Edition
First published April 20, 2010
385 people are currently reading
3484 people want to read
About the author
Richard A. Clarke
30 books234 followersLibrarian Note: There is more than one author by this name in the Goodreads database.
Richard Alan Clarke was a U.S. government employee for 30 years, 1973–2003. He worked for the State Department during the presidency of Ronald Reagan. In 1992, President George H.W. Bush appointed him to chair the Counter-terrorism Security Group and to a seat on the United States National Security Council. President Bill Clinton retained Clarke and in 1998 promoted him to be the National Coordinator for Security, Infrastructure Protection, and Counter-terrorism, the chief counter-terrorism adviser on the National Security Council. Under President George W. Bush, Clarke initially continued in the same position, but the position was no longer given cabinet-level access. He later became the Special Advisor to the President on cybersecurity, before leaving the Bush Administration in 2003.
Clarke came to widespread public attention for his role as counter-terrorism czar in the Clinton and Bush Administrations in March 2004, when he appeared on the 60 Minutes television news magazine, released his memoir about his service in government, Against All Enemies, and testified before the 9/11 Commission. In all three instances, Clarke was sharply critical of the Bush Administration's attitude toward counter-terrorism before the 9/11 terrorist attacks, and of the decision to go to war with Iraq. Following Clarke's strong criticisms of the Bush Administration, Bush administration officials and other Republicans attempted to discredit him or rebut his criticisms, making Clarke a controversial figure.
Richard Alan Clarke was a U.S. government employee for 30 years, 1973–2003. He worked for the State Department during the presidency of Ronald Reagan. In 1992, President George H.W. Bush appointed him to chair the Counter-terrorism Security Group and to a seat on the United States National Security Council. President Bill Clinton retained Clarke and in 1998 promoted him to be the National Coordinator for Security, Infrastructure Protection, and Counter-terrorism, the chief counter-terrorism adviser on the National Security Council. Under President George W. Bush, Clarke initially continued in the same position, but the position was no longer given cabinet-level access. He later became the Special Advisor to the President on cybersecurity, before leaving the Bush Administration in 2003.
Clarke came to widespread public attention for his role as counter-terrorism czar in the Clinton and Bush Administrations in March 2004, when he appeared on the 60 Minutes television news magazine, released his memoir about his service in government, Against All Enemies, and testified before the 9/11 Commission. In all three instances, Clarke was sharply critical of the Bush Administration's attitude toward counter-terrorism before the 9/11 terrorist attacks, and of the decision to go to war with Iraq. Following Clarke's strong criticisms of the Bush Administration, Bush administration officials and other Republicans attempted to discredit him or rebut his criticisms, making Clarke a controversial figure.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 229 reviews
June 4, 2022
Richard Clarke remains one of the most compelling writers about matters of national security and he is in top form here. He and co-author, Knake, point out how the United States is at risk, from whom, and what we should be doing to make ourselves more secure.
Richard A. Clarke - image from the PRH Speakers Bureau
The authors offer a nice intro to how the internet works, pointing out where along that road vulnerabilities lie, noting soft spots that are inherent in the DNA of the web.
Perhaps most alarming is that the nation lacks a comprehensive plan of defense. Where there are defensive strategies, they pertain to defending military and government targets, while ignoring the need to defend infrastructure like railroads, electrical grids, the telephone system, private pillars of our economy like the banking, food and retail industries. Sorry guys. You’re on your own.
Robert Knake - image from Global Resilience Institute
Clarke proposes a defense triad. First screening of all traffic on backbone pipes. He claims that software is currently available that can do this without impacting throughput. Second, a secure power grid is crucial, and would include means by which the grid would be disconnected from internet access, and finally, a robust defense of military cyber-communications. He espouses a firm statement by POTUS that cyber-attacks would be considered the equivalent of kinetic attacks and would be subject to kinetic as well as cyber responses.
In order to protect the nation from cyber attacks, it will surely be necessary for there to be some sort of monitoring of the traffic entering the backbone internet ISPs. This raises serious privacy concerns, as we know from persistent experience that those with the power to spy will undoubtedly use it for dark purposes. Yet the solution he proposes puts private entities in that driver’s seat. The notion is that if we can remove the government from a direct role in monitoring internet traffic, privacy will be assured. It is shocking that he does not seem to realize that people are at least as concerned about the misuse of private communications by corporate agents. Substituting Big Comm of Big Tech for Big Brother is not much of an improvement, particularly when much of the cyber war we are experiencing these days is being waged by domestic actors, with or without input from foreign countries.
Cyber War is not the first time that Clarke has been dashing about with his hair on fire. He has been right before. Hopefully, someone in a position to act will show up with a bucket of water in the form of taking seriously the concerns Clarke raises.
=============================EXTRA STUFF
It is definitely worth checking our the much more recent work by Dr. Bilyana Lily regarding Russia’s use of cyber-war in many theaters, including the USA, Russian Information Warfare.
10/18/11 - A New York Times article on how the US considered using cyberwar against Libya offers evidence that total iWar is getting closer.
07/26/12 - In Rise Is Seen in Cyberattacks Targeting U.S. Infrastructure, New York Times writers DAVID E. SANGER and ERIC SCHMITT report on how our top cyber-warrior may be justified in becoming our top cyber-worrier.
1/9/13 - New York Times - Bank Hacks Were Work of Iranians, Officials Say
3/9/17 - A RAND research report looks at how long vulnerabilities to hacks last (surprisingly long) and how quickly weaknesses are exploited (pretty quickly). It includes fascinating information on nations stockpiling exploits (hacks) the way they maintain weapons of mass destruction, and raises questions about when governments should release vulnerability information to companies, and when they should hold onto the intel. It is about 100 pps, and can be read on-line, downloaded for free or, if you prefer, you can order a printed copy. Real deal material. - Zero Days, Thousands of Nights - by Lillian Ablon, Timothy Bogart
3/17/17 - Yet another way to weaponize the internet. Some dirtbag decided to use the internet to assault a writer whose positions he opposes, by triggering a grand mal seizure. What a guy! Cecilia Kangmarch wrote the piece, which appeared in the NY Times - A Tweet to Kurt Eichenwald, a Strobe and a Seizure. Now, an Arrest.
7/6/17 - NY Times - Hackers are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say - by Nicole Perlroth
The Wolf Creek Nuclear power plant in Kansas in 2000. The corporation that runs the plant was targeted by hackers. Credit David Eulitt/Capital Journal, via Associated Press
Image was taken from the NY Times article
8/22/18 - Wired - The Untold Story of NotPetya, the Most Devastating Cyberattack in History - by Andy Greenberg
Yeah, I had not heard of this either. The story is frightening, considering how our current president seems uninterested in doing anything to interfere with Russian cyber-war activities. Must-read for anyone interested in cyber warfare.
2/18/19 - NY Times - Lest you think our other foreign cyber-foes are asleep at the wheel - Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies - by Nicole Perlroth
5/26/19 - NY Times - In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc - By Nicole Perlroth and Scott Shane - Digital danger continues to cause damage in the USA. Whatever is being done on a national level to protect our residents, businesses, non-profits, and government digital operations, it is pretty clear that more is needed. How about major investment in programming education instead of another useless F-35?
6/4/22 - AP - Deadly secret: Electronic warfare shapes Russia-Ukraine war - by Oleksandr Stashevskyi and Frank Bajak - This is not exactly Cyber War in the narrower sense that Clarke, and Bilyana Lily have laid out, but looks at an area where electronics intersects with kinetic military warfare.
Richard A. Clarke - image from the PRH Speakers Bureau
The authors offer a nice intro to how the internet works, pointing out where along that road vulnerabilities lie, noting soft spots that are inherent in the DNA of the web.
Perhaps most alarming is that the nation lacks a comprehensive plan of defense. Where there are defensive strategies, they pertain to defending military and government targets, while ignoring the need to defend infrastructure like railroads, electrical grids, the telephone system, private pillars of our economy like the banking, food and retail industries. Sorry guys. You’re on your own.
Robert Knake - image from Global Resilience Institute
Clarke proposes a defense triad. First screening of all traffic on backbone pipes. He claims that software is currently available that can do this without impacting throughput. Second, a secure power grid is crucial, and would include means by which the grid would be disconnected from internet access, and finally, a robust defense of military cyber-communications. He espouses a firm statement by POTUS that cyber-attacks would be considered the equivalent of kinetic attacks and would be subject to kinetic as well as cyber responses.
In order to protect the nation from cyber attacks, it will surely be necessary for there to be some sort of monitoring of the traffic entering the backbone internet ISPs. This raises serious privacy concerns, as we know from persistent experience that those with the power to spy will undoubtedly use it for dark purposes. Yet the solution he proposes puts private entities in that driver’s seat. The notion is that if we can remove the government from a direct role in monitoring internet traffic, privacy will be assured. It is shocking that he does not seem to realize that people are at least as concerned about the misuse of private communications by corporate agents. Substituting Big Comm of Big Tech for Big Brother is not much of an improvement, particularly when much of the cyber war we are experiencing these days is being waged by domestic actors, with or without input from foreign countries.
Cyber War is not the first time that Clarke has been dashing about with his hair on fire. He has been right before. Hopefully, someone in a position to act will show up with a bucket of water in the form of taking seriously the concerns Clarke raises.
=============================EXTRA STUFF
It is definitely worth checking our the much more recent work by Dr. Bilyana Lily regarding Russia’s use of cyber-war in many theaters, including the USA, Russian Information Warfare.
10/18/11 - A New York Times article on how the US considered using cyberwar against Libya offers evidence that total iWar is getting closer.
07/26/12 - In Rise Is Seen in Cyberattacks Targeting U.S. Infrastructure, New York Times writers DAVID E. SANGER and ERIC SCHMITT report on how our top cyber-warrior may be justified in becoming our top cyber-worrier.
1/9/13 - New York Times - Bank Hacks Were Work of Iranians, Officials Say
3/9/17 - A RAND research report looks at how long vulnerabilities to hacks last (surprisingly long) and how quickly weaknesses are exploited (pretty quickly). It includes fascinating information on nations stockpiling exploits (hacks) the way they maintain weapons of mass destruction, and raises questions about when governments should release vulnerability information to companies, and when they should hold onto the intel. It is about 100 pps, and can be read on-line, downloaded for free or, if you prefer, you can order a printed copy. Real deal material. - Zero Days, Thousands of Nights - by Lillian Ablon, Timothy Bogart
3/17/17 - Yet another way to weaponize the internet. Some dirtbag decided to use the internet to assault a writer whose positions he opposes, by triggering a grand mal seizure. What a guy! Cecilia Kangmarch wrote the piece, which appeared in the NY Times - A Tweet to Kurt Eichenwald, a Strobe and a Seizure. Now, an Arrest.
7/6/17 - NY Times - Hackers are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say - by Nicole Perlroth
The Wolf Creek Nuclear power plant in Kansas in 2000. The corporation that runs the plant was targeted by hackers. Credit David Eulitt/Capital Journal, via Associated Press
Image was taken from the NY Times article
8/22/18 - Wired - The Untold Story of NotPetya, the Most Devastating Cyberattack in History - by Andy Greenberg
Yeah, I had not heard of this either. The story is frightening, considering how our current president seems uninterested in doing anything to interfere with Russian cyber-war activities. Must-read for anyone interested in cyber warfare.
2/18/19 - NY Times - Lest you think our other foreign cyber-foes are asleep at the wheel - Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies - by Nicole Perlroth
5/26/19 - NY Times - In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc - By Nicole Perlroth and Scott Shane - Digital danger continues to cause damage in the USA. Whatever is being done on a national level to protect our residents, businesses, non-profits, and government digital operations, it is pretty clear that more is needed. How about major investment in programming education instead of another useless F-35?
6/4/22 - AP - Deadly secret: Electronic warfare shapes Russia-Ukraine war - by Oleksandr Stashevskyi and Frank Bajak - This is not exactly Cyber War in the narrower sense that Clarke, and Bilyana Lily have laid out, but looks at an area where electronics intersects with kinetic military warfare.
December 10, 2010
Clarke's book is a somewhat decent read. At nearly 300 pages, it could easily have been condensed to approximately 200 pages if the redundant and cyclic references were removed. The repeated references do assist Clarke in making his over-arching point of the weaknesses in the digital infrastructure of the United States -- but this also served to make me feel like I was being beaten repeatedly over the head with the same statements. Further hurting Clarke was a lack of technical explanation for some of these points, which brought to mind the thought of "just because you repeat it often enough will not make it true". Despite these short-comings, the book does present some of the legislative and governmental problems in dealing with the uncharted and complicated world of "cyber-space". Clarke's critique of governmental platitudes and lackluster understanding of how connected civilian, government and military infrastructures are to today's internet are eye-opening. Overall, the book is an excellent introduction to the concepts of digital warfare, but is extremely light-weight in regards to any technical approach of the topic. Clarke is extremely knowledgeable of how to navigate through the legislative waters in regards to the topic though - which is easily the prime strength of the material throughout.
August 15, 2013
I'm getting close to the half-way point in this book and am feeling a lot like some of the other reviewers. This book probably could have been condensed to 200 pages, or maybe even 150. Between his repetitive nature and his unnecessary reminders of his personal political leanings, this book would have been much better. I even caught a few sentences where he mentioned trying to gain more funding for himself....huh. Something felt off about the way he described this section.
And when you continue to repeat the same things in a book, I start to lose interest. And I shouldn't. This is a book that is in my current field of study.
As much as something definitely does need to be done to secure our virtual infrastructure, I don't necessarily agree that getting the government completely involved will do the trick, as this seems to be the answer for many who don't want to sit down to think of a better strategy.
Right now, I'm not sure if I feel like reading the rest of the book, which is disappointing as I was initially very interested in reading this. I find myself scanning through some of the pages now, as I feel like I've already read this part. I may quit this book for now...maybe come back. I don't know. Feeling pretty impartial about it.
And when you continue to repeat the same things in a book, I start to lose interest. And I shouldn't. This is a book that is in my current field of study.
As much as something definitely does need to be done to secure our virtual infrastructure, I don't necessarily agree that getting the government completely involved will do the trick, as this seems to be the answer for many who don't want to sit down to think of a better strategy.
Right now, I'm not sure if I feel like reading the rest of the book, which is disappointing as I was initially very interested in reading this. I find myself scanning through some of the pages now, as I feel like I've already read this part. I may quit this book for now...maybe come back. I don't know. Feeling pretty impartial about it.
May 20, 2018
Minimal substance. This could have been 20 pages long with the same amount of information. It must have taken a tremendous amount of effort to page-stuff this piece of crap to the distance of a mere 300 pages. I expected more from someone with Clarke's experience.
March 17, 2011
(3.5) Too thin on the current state of cyber war, but a great look forward
I felt it a fairly superficial treatment of the capabilities and threat out there. Also would have loved anecdotes from cyberespionage and cyberterrorism past. I guess he's taking care not to reveal too much about what the US and other nations can do and have done, in the interest of national security. So I guess I understand that. But still, the first 3/4 of the book were pretty light treatment and listening to the author on Fresh Air made them redundant.
However, the look to the future and suggestions for US policy and diplomacy are concrete, specific, and actually leave some room for optimism. I do appreciate that he employs his own lesson learned not to ever raise a problem without possible solutions. I do hope our current and future presidents take heed.
I felt it a fairly superficial treatment of the capabilities and threat out there. Also would have loved anecdotes from cyberespionage and cyberterrorism past. I guess he's taking care not to reveal too much about what the US and other nations can do and have done, in the interest of national security. So I guess I understand that. But still, the first 3/4 of the book were pretty light treatment and listening to the author on Fresh Air made them redundant.
However, the look to the future and suggestions for US policy and diplomacy are concrete, specific, and actually leave some room for optimism. I do appreciate that he employs his own lesson learned not to ever raise a problem without possible solutions. I do hope our current and future presidents take heed.
April 12, 2010
A first-read win.
There probably isn't anything new for anyone with an adequate knowledge of the internet in this detailed but overwrought book on the possibilities of cyberwar. Like his previous book, the most interesting information comes from his personal experiences in advising presidents on this topic. He really doesn't like George W. Bush but his cynicism that Obama, or any president for that matter, is ready to address the threat is evident. There is much detail on what constitutes cyber terrorism, how it works, and what nations are ready to take advantage of it. However, I found the book too dry and repetitive to really enjoy.
There probably isn't anything new for anyone with an adequate knowledge of the internet in this detailed but overwrought book on the possibilities of cyberwar. Like his previous book, the most interesting information comes from his personal experiences in advising presidents on this topic. He really doesn't like George W. Bush but his cynicism that Obama, or any president for that matter, is ready to address the threat is evident. There is much detail on what constitutes cyber terrorism, how it works, and what nations are ready to take advantage of it. However, I found the book too dry and repetitive to really enjoy.
May 26, 2012
I decided to do some reading about cyber warfare after I had written 160,000 words of a draft novel and realized that one of my main characters was a hacker and I knew nothing about either hacking or any concepts of cyber war. So being a good wannabe writer, I did some searching, found a book on the subject and did my homework.
Noted policy wonk, counter-terrorism expert, noted detractor of Bush The Younger Richard Clarke joins forces with a younger hipper colleague Robert K Knake to deliver a slim, readable volume that pretty much encompasses everything you ever wanted to know about cyber warfare but were afraid to ask- and manages to do so without boring you to death. The first and most interesting way they manage to do this is with real world examples of how cyberwarfare has already been used. It's very 'inside baseball' and very cool. Case in point: right off the bat they lead with Israel's raid into Syria in 2007. The media reported it as a strike on a possible nuclear facility- what they didn't report was how it was that Israel penetrated into Syria so deeply- through the use of cyber warfare, according to Clarke.
(Personally, although Clarke has several decades of Washington experience with this stuff which makes him a credible and most likely knowledgable source, I tend to take stories about Israeli military operations with a grain of salt- not because I don't believe them, but because I doubt anyone actually knows the ENTIRE truth about them.)
What I was startled to remember were Russia's attacks against Estonia (in 2007) and their use of cyber warfare during the brief war with Georgia in 2008. Of course, I remember hearing about the latter- everybody does. I think the war in Georgia got it's fifteen minutes of fame during the 2008 Presidential Campaign as Americans everywhere breathed a sigh of relief when they realized Senator McCain was talking about Tblisi and not Atlanta. What I didn't realize was how Russia integrated cyber tactics in with their military operations, hackers effectively crippling Georgia's banking industry and governmental websites- that meant that Georgia's ability to communicate with it's military forces not to mention the outside world was severely compromised.
The attacks against Estonia were somewhat more subtle. When Estonians began to object to the presence of a large bronze statue commemorating the Soviet forces that fought there in World War II (to the Estonians it brought up less pleasant memories. Like the decades of Russian occupation) what Moscow insisted on calling 'patriotic' Russian Hackers went after Estonia's banking industry and websites a plenty, essentially shutting the country down. (I wonder how many equally patriotic hackers find themselves running afoul of Putin's new goons?)
All in all, the first half of the book contained quite a few 'Whoa, I didn't know that' moments which I enjoy immensely. Knowledge being power and all that jazz. The second half of the book threatened on more than one occasion to dip down into the realm of the dry, dusty and policy wonkish but Clarke keeps the readers' head well above water, pointing out that we have serious vunerabilities in our infrastructure that other countries (like North Korea or China) do not- so that if it came to an out and out fight, we might be kind of screwed. Banking, utilities, maybe (although I hope not) even air traffic control could all be easily attacked and severely damaged if someone wanted to- and with things like logic bombs, botnets or malware all too easily planted we could be a ticking time bomb right now and not even know it.
It's a powerful wake-up call for the American people and for our policymakers. They're a pretty sorry bunch of people right now but maybe some of them will stop promoting things like SOPA or PIPA and actually start contributing useful ways to deal with this issue- because Clarke has one thing dead to rights: this is going to be a HUGE issue. And we need to start planning for it- right now.
OVERALL: Awesome little read. Informative, lively and hums right along without drowning the reader in policy minutia. Provides a good wake-up call for policymakers. Will they listen? The sad part is, given how wonderfully Washington is working right now, probably not.
Noted policy wonk, counter-terrorism expert, noted detractor of Bush The Younger Richard Clarke joins forces with a younger hipper colleague Robert K Knake to deliver a slim, readable volume that pretty much encompasses everything you ever wanted to know about cyber warfare but were afraid to ask- and manages to do so without boring you to death. The first and most interesting way they manage to do this is with real world examples of how cyberwarfare has already been used. It's very 'inside baseball' and very cool. Case in point: right off the bat they lead with Israel's raid into Syria in 2007. The media reported it as a strike on a possible nuclear facility- what they didn't report was how it was that Israel penetrated into Syria so deeply- through the use of cyber warfare, according to Clarke.
(Personally, although Clarke has several decades of Washington experience with this stuff which makes him a credible and most likely knowledgable source, I tend to take stories about Israeli military operations with a grain of salt- not because I don't believe them, but because I doubt anyone actually knows the ENTIRE truth about them.)
What I was startled to remember were Russia's attacks against Estonia (in 2007) and their use of cyber warfare during the brief war with Georgia in 2008. Of course, I remember hearing about the latter- everybody does. I think the war in Georgia got it's fifteen minutes of fame during the 2008 Presidential Campaign as Americans everywhere breathed a sigh of relief when they realized Senator McCain was talking about Tblisi and not Atlanta. What I didn't realize was how Russia integrated cyber tactics in with their military operations, hackers effectively crippling Georgia's banking industry and governmental websites- that meant that Georgia's ability to communicate with it's military forces not to mention the outside world was severely compromised.
The attacks against Estonia were somewhat more subtle. When Estonians began to object to the presence of a large bronze statue commemorating the Soviet forces that fought there in World War II (to the Estonians it brought up less pleasant memories. Like the decades of Russian occupation) what Moscow insisted on calling 'patriotic' Russian Hackers went after Estonia's banking industry and websites a plenty, essentially shutting the country down. (I wonder how many equally patriotic hackers find themselves running afoul of Putin's new goons?)
All in all, the first half of the book contained quite a few 'Whoa, I didn't know that' moments which I enjoy immensely. Knowledge being power and all that jazz. The second half of the book threatened on more than one occasion to dip down into the realm of the dry, dusty and policy wonkish but Clarke keeps the readers' head well above water, pointing out that we have serious vunerabilities in our infrastructure that other countries (like North Korea or China) do not- so that if it came to an out and out fight, we might be kind of screwed. Banking, utilities, maybe (although I hope not) even air traffic control could all be easily attacked and severely damaged if someone wanted to- and with things like logic bombs, botnets or malware all too easily planted we could be a ticking time bomb right now and not even know it.
It's a powerful wake-up call for the American people and for our policymakers. They're a pretty sorry bunch of people right now but maybe some of them will stop promoting things like SOPA or PIPA and actually start contributing useful ways to deal with this issue- because Clarke has one thing dead to rights: this is going to be a HUGE issue. And we need to start planning for it- right now.
OVERALL: Awesome little read. Informative, lively and hums right along without drowning the reader in policy minutia. Provides a good wake-up call for policymakers. Will they listen? The sad part is, given how wonderfully Washington is working right now, probably not.
February 21, 2013
Infuriating and alarming, more so than ever in light of recent (early 2013) news about the Chinese government's hacking into the computer networks of major western media organizations, defense contractors, military organizations, and infrastructure controls; our own cyber-attacks on the Iranian nuke program are also worrisome, although they may have been the least of the available evils and better than either letting Iran develop nuclear weapons or watching Israel start a war to prevent it, because Iran could strike back and we have no defensive capabilities to match our power to attack online.
I haven't worked in IT for some time but spent a lot of my time in the U.S. military in that field, and this makes perfect sense. Reading Clarke's account of having tried and failed to get three successive U.S. presidents to take this threat seriously is maddening. This is where our government should have been focusing all the attention and effort it put into attacking and occupying Iraq. It sounds as if Obama might finally be paying attention, as of this week; we'll see whether that lasts, or leads to solutions.
Richard Clarke refers to having been trained to always offer proposed solutions when he brought problems to the attention of his leaders. I was trained the same way, so that rings true. He did and was given the brush-off. This book was his way, finally, in 2010, of taking his case directly to the American public - you know, just us folks who will pay the price for the laziness, ignorance, and negligence of our leaders in both parties in government and business. An important book and one every voter should read and start bugging his/her elected public servants about.
I haven't worked in IT for some time but spent a lot of my time in the U.S. military in that field, and this makes perfect sense. Reading Clarke's account of having tried and failed to get three successive U.S. presidents to take this threat seriously is maddening. This is where our government should have been focusing all the attention and effort it put into attacking and occupying Iraq. It sounds as if Obama might finally be paying attention, as of this week; we'll see whether that lasts, or leads to solutions.
Richard Clarke refers to having been trained to always offer proposed solutions when he brought problems to the attention of his leaders. I was trained the same way, so that rings true. He did and was given the brush-off. This book was his way, finally, in 2010, of taking his case directly to the American public - you know, just us folks who will pay the price for the laziness, ignorance, and negligence of our leaders in both parties in government and business. An important book and one every voter should read and start bugging his/her elected public servants about.
July 23, 2016
Book does a good analysis of a new age of warfare where secrets can be stolen and significant damage to a country's infrastructure just by accessing computers. It identifies sectors which required significant cyber defence upgrades namely power, major ISPs and the military. Scary. What was disappointing was the proposed solutions which emphasized inter-state agreements - at the same time acknowledging that the US cannot put in those controls advocated! Also, the current threat comes from non-state actors which would not be deterred from the Mutually Assured Destruction policy that prevailed during the Cold War - the same people who would take advantage of the asymmetric nature of cyber warfare esp against developed nations who are much more dependent on such networks. Why would they have qualms about shutting down the financial sector just to make a point?
June 19, 2017
Clarke, former presidential advisor with a background in nuclear war explains the dangers of cyber attack and what the US as a country should be doing.
Why I started this book: It's on the professional reading list and my library had an audio copy.
Why I finished it: Books like this have an obvious shelf-life and at 5 years, this is past it. Not only has the terminology moved on from cyber war to cyber attack, Clarke repeats himself endlessly. Seriously this book could should have been cut by 1/4 with a good editor. The most interesting point was an assessment of Russian hacking skills and willingness to use them; that tidbit didn't feel dated at all.
Why I started this book: It's on the professional reading list and my library had an audio copy.
Why I finished it: Books like this have an obvious shelf-life and at 5 years, this is past it. Not only has the terminology moved on from cyber war to cyber attack, Clarke repeats himself endlessly. Seriously this book could should have been cut by 1/4 with a good editor. The most interesting point was an assessment of Russian hacking skills and willingness to use them; that tidbit didn't feel dated at all.
May 21, 2020
For anyone who has ever served in the military, supports the Department of Defense, or is working in the field of information security, this is a really great addition to your professional development library.
It starts off a bit slow and I began to question if I wanted to continue and it seemed just like "another cyber security book" that spits out and regurgitates the same material like all the others. However, once you get over the 15-20% mark, it starts to pick up and actually turn into a very well written and attention grabbing book.
This actually made me feel inspired and ultimately I feel a very motivating book for anyone who is in the cybersecurity profession.
I was leaning towards a 3, but considering this is a technical/cyber security book that was actually pretty engaging and enjoyable to go through (as opposed to let's say, a CISSP study guide). Also the bonus material included of little snippets of information security/cyber war history sprinkled throughout the book were really great too. With all that said, had to bump this up to a 4.
I would certainly recommend this book to anyone in the cyber security field who is in the mood for something like this.
It starts off a bit slow and I began to question if I wanted to continue and it seemed just like "another cyber security book" that spits out and regurgitates the same material like all the others. However, once you get over the 15-20% mark, it starts to pick up and actually turn into a very well written and attention grabbing book.
This actually made me feel inspired and ultimately I feel a very motivating book for anyone who is in the cybersecurity profession.
I was leaning towards a 3, but considering this is a technical/cyber security book that was actually pretty engaging and enjoyable to go through (as opposed to let's say, a CISSP study guide). Also the bonus material included of little snippets of information security/cyber war history sprinkled throughout the book were really great too. With all that said, had to bump this up to a 4.
I would certainly recommend this book to anyone in the cyber security field who is in the mood for something like this.
April 25, 2022
Seemed a little elementary and dated, but there were some good nuggets of info in there about policy steps we should take to help counter the threat of cyber war.
July 18, 2019
Dense and authoritative
I think if I were in charge of subverting an enemy's software capabilities I would use hardware, that is to say, missiles. I would find out where the servers are, where the routers are, where the computers are and I would blow them up. And as for defense against attack I would have a non-cyber backup plan, something like low tech wireless communication.
But guess what? I would fail. The crazy thing is that we have become so dependent on cyberspace that enemies can plant "logic bombs" in our systems that can't be detected until they go off. The irony of cyberspace is what Clarke calls "asymmetrical vulnerability," which means that the more advanced nation, the nation that has the smartest cyber tools, is the one that is most vulnerable to attack. Al Qaeda thinks this is yummy.
However it is likely that the real cyber war is being and will be fought between China and the US, with Russia, Iran and North Korea as key players. Clarke actually ranks North Korea has having the most "overall cyber war strength" with Russia second, China third, Iran fourth, and the US fifth. (See Chapter Four "The Defense Fails," near the end of that chapter.) Clarke comments: "Being a wired nation is generally a good thing, but not when you are measuring its ability to withstand cyber war."
As in all other wars one of the dangers that Clarke points to is an escalation from a cyber war into a shooting war. He notes that logic bombs placed in our electric grid can be as destabilizing as if secret agents had strapped explosives to transmission towers, transformers, and generators. These cyber weapons "are harder to detect; and with a few keystrokes, one disgruntled or rogue cyber warrior might be able to let slip the dogs of war with escalating results, the limits of which we cannot know."
You can't go home again, it is said, and you can't put the genie back in the bottle. We have become critically dependent upon the technology of cyberspace. Think how annoyed you are when the lights go out, or you are disconnected to the Internet, or your cable TV goes out. Now imagine the situation of a general in charge of the logistics of--not sending missiles--no, simply getting the message out to where the troops are to be at what time. If his communications network breaks down the battle is lost and possibly worse. (Presumably missile launches are protected from even the wildest dreams of hackers.) Consequently every communicative device, computer, server, router, or software program is a potential target. For a modern nation to be completely protected from cyber attack would require a kind of draconian control of all of cyberspace, the kind of control that dictatorial governments are better at than democratic ones.
The really scary part of this book for me is just this: the fear of losing a cyber war or losing a shooting war because of cyber attacks furthers the irresistible movement toward totalitarianism for large nation states.
In the final chapter, Clarke has a six step agenda detailing how to avert a cyber war. The first step is to initiate a broad public dialogue about cyber war. Clarke recalls Herman Kahn's book on thermonuclear war, Thinking about the Unthinkable (1962) as contributing to "a robust public dialogue about" nuclear war and presumably helping to prevent it. Step two is a defense triad to "defend enough" of our cyber structure "to make an enemy think twice before launching a cyber war against us." Step three is to reduce the level of cyber criminality that is presently plaguing the Internet. Those people could become cyber warriors for hire. Step four is a Cyber War Limitation Treaty equivalent to the Strategic Arms Limitation Treaty. Step five is research and development of more secure systems. Step six is presidential involvement.
The book is dense, authoritative and, despite Clarke's six-step program, scary.
--Dennis Littrell, author of “The World Is Not as We Think It Is”
I think if I were in charge of subverting an enemy's software capabilities I would use hardware, that is to say, missiles. I would find out where the servers are, where the routers are, where the computers are and I would blow them up. And as for defense against attack I would have a non-cyber backup plan, something like low tech wireless communication.
But guess what? I would fail. The crazy thing is that we have become so dependent on cyberspace that enemies can plant "logic bombs" in our systems that can't be detected until they go off. The irony of cyberspace is what Clarke calls "asymmetrical vulnerability," which means that the more advanced nation, the nation that has the smartest cyber tools, is the one that is most vulnerable to attack. Al Qaeda thinks this is yummy.
However it is likely that the real cyber war is being and will be fought between China and the US, with Russia, Iran and North Korea as key players. Clarke actually ranks North Korea has having the most "overall cyber war strength" with Russia second, China third, Iran fourth, and the US fifth. (See Chapter Four "The Defense Fails," near the end of that chapter.) Clarke comments: "Being a wired nation is generally a good thing, but not when you are measuring its ability to withstand cyber war."
As in all other wars one of the dangers that Clarke points to is an escalation from a cyber war into a shooting war. He notes that logic bombs placed in our electric grid can be as destabilizing as if secret agents had strapped explosives to transmission towers, transformers, and generators. These cyber weapons "are harder to detect; and with a few keystrokes, one disgruntled or rogue cyber warrior might be able to let slip the dogs of war with escalating results, the limits of which we cannot know."
You can't go home again, it is said, and you can't put the genie back in the bottle. We have become critically dependent upon the technology of cyberspace. Think how annoyed you are when the lights go out, or you are disconnected to the Internet, or your cable TV goes out. Now imagine the situation of a general in charge of the logistics of--not sending missiles--no, simply getting the message out to where the troops are to be at what time. If his communications network breaks down the battle is lost and possibly worse. (Presumably missile launches are protected from even the wildest dreams of hackers.) Consequently every communicative device, computer, server, router, or software program is a potential target. For a modern nation to be completely protected from cyber attack would require a kind of draconian control of all of cyberspace, the kind of control that dictatorial governments are better at than democratic ones.
The really scary part of this book for me is just this: the fear of losing a cyber war or losing a shooting war because of cyber attacks furthers the irresistible movement toward totalitarianism for large nation states.
In the final chapter, Clarke has a six step agenda detailing how to avert a cyber war. The first step is to initiate a broad public dialogue about cyber war. Clarke recalls Herman Kahn's book on thermonuclear war, Thinking about the Unthinkable (1962) as contributing to "a robust public dialogue about" nuclear war and presumably helping to prevent it. Step two is a defense triad to "defend enough" of our cyber structure "to make an enemy think twice before launching a cyber war against us." Step three is to reduce the level of cyber criminality that is presently plaguing the Internet. Those people could become cyber warriors for hire. Step four is a Cyber War Limitation Treaty equivalent to the Strategic Arms Limitation Treaty. Step five is research and development of more secure systems. Step six is presidential involvement.
The book is dense, authoritative and, despite Clarke's six-step program, scary.
--Dennis Littrell, author of “The World Is Not as We Think It Is”
January 24, 2012
I recently reviewed America The Vulnerable which explained how exposed we are as individuals, corporations, and a country to cyber crime, cyber espionage (both state and corporate), and cyber attacks. Of all the cyber threats we face as individuals and a nation, the least likely is an all out cyber war. But just because it’s less likely that doesn’t mean the threat isn’t real. Especially since cyber warfare has been in use since the 1990′s. We used cyber weapons openly in the gulf war in 2003, knocking out Iraqi air defenses. Israel used them to own Syria’s air defenses when bombing their clandestine nuclear site in 2007. Russia used them against Estonia in 2008 and Georgia in 2009 on a variety of targets, bringing many critical systems to a halt. In 2010, somebody, most likely the US or Israel, developed the Stuxnet worm to sabotage the uranium enrichment facility at Natanz in Iran. China has already conducted trial runs of cyber attacks on the US and has planted logic bombs and trap doors to activate in the future.
In Cyber War, Richard Clarke shares his insights into what cyber war is, how cyber weapons work, and how vulnerable we are as a nation. He discusses the cyber warriors (hackers) we now employ in the US military, and how a cyber war is like and unlike other wars. In the second half of the book, he discusses the factors that have created our current vulnerability, how to set up a defense, and what we need to think about when conducting a cyber war.
And Clarke knows his stuff. He worked for the State Department during the presidency of Ronald Reagan. In 1992, President George H.W. Bush appointed him to chair the Counter-terrorism Security Group and to a seat on the United States National Security Council. President Bill Clinton retained Clarke and in 1998 promoted him to be the national coordinator for security, infrastructure protection, and counterterrorism, the chief counterterrorism adviser on the National Security Council. President George W. Bush kept him in the same position and later made him special adviser to the president on cyber security.
The thing I liked most about the book is that in addition to describing cool cyber war weapons, threats, and incidents, Clarke examines answers to many critical questions. For example, how can we set up a defense without the government becoming a 1984 nightmare? Would arms agreements work in cyber space? (No.) How do you prevent a cyber war from turning into a kinetic (guns and troops) war? How do you attack your enemy when it’s sometimes hard to know who launched the attack in the first place? He discusses these and many more questions.
The book does have one fault. Clarke has an obvious axe to grind with the Bush administration, and can’t help but make snide and irritating comments whenever he brings them up. The good news is that those spots are few and far between. If you want an excellent introduction into how cyber weapons are used and will likely be used in the future, you’ll want to read this book.
In Cyber War, Richard Clarke shares his insights into what cyber war is, how cyber weapons work, and how vulnerable we are as a nation. He discusses the cyber warriors (hackers) we now employ in the US military, and how a cyber war is like and unlike other wars. In the second half of the book, he discusses the factors that have created our current vulnerability, how to set up a defense, and what we need to think about when conducting a cyber war.
And Clarke knows his stuff. He worked for the State Department during the presidency of Ronald Reagan. In 1992, President George H.W. Bush appointed him to chair the Counter-terrorism Security Group and to a seat on the United States National Security Council. President Bill Clinton retained Clarke and in 1998 promoted him to be the national coordinator for security, infrastructure protection, and counterterrorism, the chief counterterrorism adviser on the National Security Council. President George W. Bush kept him in the same position and later made him special adviser to the president on cyber security.
The thing I liked most about the book is that in addition to describing cool cyber war weapons, threats, and incidents, Clarke examines answers to many critical questions. For example, how can we set up a defense without the government becoming a 1984 nightmare? Would arms agreements work in cyber space? (No.) How do you prevent a cyber war from turning into a kinetic (guns and troops) war? How do you attack your enemy when it’s sometimes hard to know who launched the attack in the first place? He discusses these and many more questions.
The book does have one fault. Clarke has an obvious axe to grind with the Bush administration, and can’t help but make snide and irritating comments whenever he brings them up. The good news is that those spots are few and far between. If you want an excellent introduction into how cyber weapons are used and will likely be used in the future, you’ll want to read this book.
March 22, 2014
Fiction being sold as non-fiction. Much of history of how cyberwarfare supported conventional war is embellished, and the credibility of the current threat is overstated -- perhaps all to support the author's argument. I'm all for a better means of defense, as well as an effective way to hold other cyber networks at risk, but the available accesses and intelligence are not available, as well as the ability to control collateral damage and cross-border effects. Additionally, there remains no way to assess cyber effects, so it is a high-risk option that once used, might not be able to be used again.
Some great ideas, including the realist framework of a cyber deterrent; however, weak in holding states accountable for cyber crime conducted from within their borders. The author seems unaware of the complexity of closed and open networks, how much intelligence is required to conduct intentional harm via cyber, and how cyberspace is designed depending on the region and gateway placement. Additionally, admission of vulnerability is a risk of its own, and the complexity of commerce and government affects cyberwarfare. This book's realist focus avoids some of these challenges.
One strength of this book is the author's recognition of the Internet's vulnerabilities. The five major ones he discusses are excellent places to begin the discussion of flexible, in-depth cyber defense. More focus should be placed on defense, security, and personnel reliability (how about PRP for TS-SCI) until more resources can be placed on intelligence and assessing useful measures of effectiveness.
This is a fun book to read for brainstorming purposes, but it should not be considered a representation of reality as it stands today.
Some great ideas, including the realist framework of a cyber deterrent; however, weak in holding states accountable for cyber crime conducted from within their borders. The author seems unaware of the complexity of closed and open networks, how much intelligence is required to conduct intentional harm via cyber, and how cyberspace is designed depending on the region and gateway placement. Additionally, admission of vulnerability is a risk of its own, and the complexity of commerce and government affects cyberwarfare. This book's realist focus avoids some of these challenges.
One strength of this book is the author's recognition of the Internet's vulnerabilities. The five major ones he discusses are excellent places to begin the discussion of flexible, in-depth cyber defense. More focus should be placed on defense, security, and personnel reliability (how about PRP for TS-SCI) until more resources can be placed on intelligence and assessing useful measures of effectiveness.
This is a fun book to read for brainstorming purposes, but it should not be considered a representation of reality as it stands today.
November 26, 2015
The title, and the phrase "cyber war", which has been over-hyped of late, might seem over-wrought -- but for the author, and for the compelling case he makes. This is a field in which an entire industry has had to come into being to stop the avalanche of hacks, worms, viruses, botnets and trojan horses that bedevil the Internet every day. It turns out that the potential for a much greater, overwhelming hit is far greater. The cyber-invasions of Estonia and Georgia are already a matter of record. Mr. Clarke walks us through a number of different scenarios and different dark alleys of the Internet -- and if even one of these scenarios comes true, it will be bad.
He also makes the point that our defenses are weak: at best, he says, Dept of Defense might protect the dot-mil sites, Homeland Security might protect the dot-gov sites. Apparently our utility systems, our communications, our transportation networks, our banks -- to name a few -- are wide open but for private net-security software and personnel. It's as if, during the Cold War, he asserts, that private industry would have had to provide its own Nike batteries against Soviet attack.
He also makes the point, the important point, that even absent a catastrophic attack, our intellectual properties are in peril and that may quietly produce, over years rather than milliseconds, our decline. A creeping cyber-espionage, a quiet theft of our trade secrets, research and patents, may, he says, be just as destructive in the long run.
This is an important book, among few in this subject area, that deserves pondering. Even if it merely sparks a national discussion, even if only a small portion of this threat, as he describes it, turns out to be potent, then this work will have been a boon.
Highly recommend.
He also makes the point that our defenses are weak: at best, he says, Dept of Defense might protect the dot-mil sites, Homeland Security might protect the dot-gov sites. Apparently our utility systems, our communications, our transportation networks, our banks -- to name a few -- are wide open but for private net-security software and personnel. It's as if, during the Cold War, he asserts, that private industry would have had to provide its own Nike batteries against Soviet attack.
He also makes the point, the important point, that even absent a catastrophic attack, our intellectual properties are in peril and that may quietly produce, over years rather than milliseconds, our decline. A creeping cyber-espionage, a quiet theft of our trade secrets, research and patents, may, he says, be just as destructive in the long run.
This is an important book, among few in this subject area, that deserves pondering. Even if it merely sparks a national discussion, even if only a small portion of this threat, as he describes it, turns out to be potent, then this work will have been a boon.
Highly recommend.
May 17, 2012
Clarke knows what he's talking about, is perhaps the most influential expert in government on this topic. The parallels he draws with nuclear arms control, in which he participated, are fascinating and compelling. Making the world safe for free information exchange will require an international effort of similar scope and difficulty.
If you think the private sector and the marketplace will somehow take care of these problems while we sleep, you are dreaming.
If you think the private sector and the marketplace will somehow take care of these problems while we sleep, you are dreaming.
June 3, 2016
My Blog (Terebrate) review of this book: http://bit.ly/V1Sv6Y
Executive Summary:
I recommend this book. It is essential to the cyber warrior who needs to understand the historical context around the evolution of defending any nation in cyber space. For international policy makers, it is a good place to start for a real discussion about substantive policies that the international community should consider. For the commercial security folks, read this book if you want insight into how government policy makers frame the problem and what they would want to implement if they could. Even if you do not agree with the policies, you will understand what they want. Clarke and Kane discusses the nature of cyber warfare, cyber espionage, cyber crime and cyber terrorism and provide specific examples of cyber warfare and cyber espionage.
Review:
Since 2009, a plethora of books have hit the market that discuss the issue of cyber warfare. Here are just a few:
Apr 2009: Cyberpower and National Security (National Defense University) by Franklin D. Kramer, Stuart H. Starr and Larry Wentz
Nov, 2009: Cyberdeterrence and Cyberwar by Martin C. Libicki
Jan, 2010: Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
Apr, 2010: Cyber War: The Next Threat to National Security and What to Do About It by Richard A. Clarke and Robert Knake
Jul, 2010: Surviving Cyberwar by Richard Stiennon
Jun, 2011: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by Jason Andress and Steve Winterfeld
Sep, 2011: America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare by Joel Brenner
I have read two (Winterfeld’s and now Clarke’s) and I am working my way down the list, but I wanted to read this one sooner than later because of Clarke’s background. Before he retired from government service, he served three different US Presidents: the Special Assistant to the President for Global Affairs, the National Coordinator for Security and Counterterrorism and the Special Advisor to the President for Cyber Security [1]. Besides, I just finished reading his novel “Breakpoint,” about a significant cyber threat to the US and thought he got most of the technical stuff right [2]. I figured he might have something smart to say about Cyber War.
Clarke and Kane published this in April 2010, just months short of when the public became aware of STUXNET [3]. Some of the things he suggests for ways forward suffer because of that game changing event, but for the most part, I like what he brings to the table. But because of his background, this book is about policy and not really about how a nation might deploy assets in a cyber war. Specifically, it is about what the US should consider adopting going forward when considering the implications of an all-out cyber war.
He starts with a history of cyber events to demonstrate why we need the policy. He covers the usual suspects and adds one or two for which I had not previously heard:
(1997) CND: Eligible Receiver: US Red Team exercise that showed how vulnerable the DOD is to cyber attack [4].
(1998) Espionage: Moonlight Maze: Massive government and government-contractor data exfiltration traced back to a Russian mainframe; attribution: likely Russian government [5][6].
(1999) Warfare: “Unrestricted Warfare” Book by Chinese military leaders that crystalizes China’s thoughts on asymmetric warfare [7].
(2003) Espionage: Titan Rain: Widespread compromise and data exfiltration of US government and US-government-contractor systems; attribution: likely Chinese government [8].
(2003) Warfare: US Compromise of Iraq Email System prior to launch of 2d Iraq War [9].
(2007) Warfare: DDOS attack against Estonia; attribution: likely Russian government [7].
(2007) Warfare: US-Israeli DOS attack against Syrian Air Defense Systems [10].
(2008) Warfare: DDOS attack against Georgia; attribution: likely Russian government [7].
(2009) Warfare: DDOS attack against US and South Korean targets; attribution: likely North Korean government [11].
Notice that some of these events are not really about cyber warfare at all. Two are strictly cyber espionage related (Moonlight Maze and Titan Rain). One is purely Computer Network Defense (Eligible Receiver). Some (Estonia and Georgia) just barely meet Clarke’s cyber warfare definition:
“[T]he term “cyber war” … refers to actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”
But all of these events have shaped Clarke’s thoughts on what to do about cyber warfare. “Eligible Receiver” proved that DOD networks are vulnerable. Even after a decade, you could make the case that DOD networks are as porous today as they were back in 1997 [12][13]. “Moonlight Maze” was the proverbial wakeup call though. A year before the Chinese figured out what Asymmetry is, somebody from Russia broke into a large number of government systems and stole truckloads of data. I believe this is the first documented public cyber espionage case. A year later, the Chinese crystalized their thoughts about how useful asymmetry might be in a coming conflict with the US.
The Chinese watched how successful the Americans were in the first Iraq war but also how dependent on technology the US Army was in its efforts. Chinese military leaders believed that a nation that was not as strong militarily (China) could leverage an existing asymmetry by concentrating on defeating the technology first and not the tanks, air craft carriers and fighter jets that they were no match for. According to dictionary.com, Asymmetry means a “Disproportion between two or more like parts [14].” Clarke says that when a nation sits on the high end of that equation (the US for example), they have a high degree of “cyber dependence.” In other words, that nation depends greatly on cyber for it to function. If that is out of balance, an asymmetric advantage develops and cyber defense is more important than cyber offense.
The Chinese wanted to take advantage of that and published their first thoughts about the idea in that “Unrestricted Warfare” book. Four years later, “Titan Rain” proved again how weak the DOD networks were and how successful the Chinese had been in pursuing their asymmetric vision.
From there, Clarke describes examples of how various nation states have experimented with Cyber Warfare in the past: US, Russia, Israel and North Korea. With this history lesson complete, Clarke makes the case that the US defenses against these kinds of attacks are weak, both for government networks and for commercial networks, and spends the rest of the book talking about what should be done about it.
Clarke’s bottom line is that, painful as it might be, the US will require sweeping new laws, regulations and policy in order to protect the nation from this threat. He points out that Cyber Command is responsible for defending the DOD networks and that the Department of Homeland Security is responsible for protecting the non-DOD government networks. Nobody is responsible for protecting the commercial side. That seems short sighted when you lay it out like that, but in truth, the commercial side really wants no part of US government help when it comes to defending their own networks. Let’s face it, the government’s track record is not that good. About the only thing the commercial side wants from the government is their intelligence feed. This stand-off between the US government and the commercial sector has been going on for well over a decade. Clarke’s point is that enough is enough. Tough decisions are required. He proposes the Defense Triad Strategy:
1: Secure the US Backbone
2: Secure the US Power Grid
3: Install security best practices on all government networks (NIPRNET /SIPRNET /JWICS)
I totally agree with the first one. Today, the US internet is a conglomeration of commercial ISPs who interconnect with each other as the business need demands. Their connections to each other and to the rest of the world are based on business decisions. While all of the big ones cooperate with each other and with the US government, their first priority is to make money. If a large scale attack on the financial system, for example, is launched from a foreign adversary, the US government has no first hand means to monitor the situation. They have to depend on the generosity of the commercial sector to share information. Today, most of these commercial companies willingly share with the government, but the system is inefficient and will likely not prevent the first wave of attacks. Clarke’s point is that somebody from the government should be monitoring the US cyber perimeter. Privacy advocates will scream and detractors will point out that it is equally possible to launch an attack against the food system from within the US as it is from a foreign country. Clarke acknowledges those issues but advocates that just because they will be controversial does not mean we should not address them.
For Clarke’s second point, I was a little skeptical at first. Why single out power as the first priority among 18 different critical infrastructure sectors such as banking, and food. After a little thought though, it is clear that power is the lynchpin for the entire shooting match. The reason the US is cyber dependent is because it has reliable power distributed across the entire nation. Take that out and the rest of the 18 critical infrastructure sectors come tumbling down after it.
For his last point, it is a little sad that we have to say this. The US Government should install basic best practice security measures (like need-to-know network segmentation, file encryption, and host-based intrusion detection technology) across all of its networks. The fact that the government has not done this is a little scary, but it is my experience that this is not an act of incompetence. It really comes down to cost. The US government networks are some of the largest in the world. To install all of that technology on every laptop and computer on three different networks is not cheap. In a world of limited resources, when you compare the tradeoff between buying file encryption software to, say, buying body armor for deployed soldiers, file encryption is going to lose every time.
Clarke realizes that it is unlikely that any US leader will be able to push through these radical ideas from the start. In order to get there, he proposes six paths that the international community should work in parallel:
1: Broad public dialog about cyber war
2: Create the Defensive Triad
3: International cooperation on Cyber Crime
4: Cyber Arms Reduction beginning
5: R&D for more secure networks
6: President is required to make decision on Computer Network Attack (CNA)
Number three is a no-brainer. Why does the world tolerate things like spamming organizations and botnets? In my naive fantasy world, I can see world leaders, perhaps sitting around the negotiating table at the UN, deciding that these kinds of things will not exist and whenever one is discovered, every nation pitches in to dismantle them. OK, so this might not be realistic, but I think there is a lot more common ground here then there is disagreement.
For cyber arms reduction, Clarke comes from the nuclear world and it makes sense that he would try to apply the successes that world has achieved in the cyber space arena. I am not quite sure what would come of those discussions especially since the US has decided that Computer Network Attack (See Stuxnet [3]) is a viable middle ground to influencing nations in the middle east as compared to deploying troops or dropping bombs, but perhaps the international community can agree on big ticket items like not attacking each other’s power grids. But, by all means, let’s bring the leaders to the table and see what comes of it.
For number three (Cyber arms reduction) and number four (presidential decision making), this is where Clarke did not benefit from knowing about Stuxnet prior to publishing his book. For the attacks against the Iranian uranium enrichment facility, President Bush moved the operation under Title 50 authority; the intelligence channels. Using something called Presidential Findings, the US President is authorized to approve covert missions. These cyber operations fall loosely into the same legal category as drone operations in the Middle East and the assassination of Osama Bin Laden in Pakistan. A Presidential Finding is a written description of a covert action that must be shared with the appropriate intelligence committees in Congress. They describe influence actions against political, economic or military objectives [15]. The good news is that one of the six parallel paths on Clarke’s list is already done.
I have one side note to discuss before I finish this review. Clarke describes how the US Air Force, Navy and Army have progressed in the cyber arena since “Moonlight Maze.” He was not kind to the US Army: "If the Army sounds like the least organized of the services to fight cyber war, that is because it is." Some of you may know that my last job in Army was running the Army Computer Emergency Response Center (ACERT) right around the Titan Rain timeframe. My job was to coordinate actions across the cyber spectrum: Defense, Exploitation and Attack. When I was there, we were breaking new ground trying to figure out how to operate in this new space. General Alexander, now the NSA Director and the commander of Cyber Command, was my senior rater. Some of the things he is doing at the national level at Cyber Command, he experimented first as the INSCOM Commander in charge of the ACERT. I admit that hearing that the Army has fallen so far behind the other services in this arena stings a bit. To be fair though, the Army has been fighting two land wars in the Middle East for the past decade. Their leadership may have had one or two other pressing issues to worry about then developing their cyber capability.
I recommend this book. At the very least, an open and frank discussion of Clarke’s six parallel paths between international government leaders and commercial business leaders would not be a bad thing. Nothing can happen if we do not put everything on the table and discuss it. We can use Clarke’s book to get the conversation started.
Sources:
[1] “Bio: Richard A. Clarke,” Cyber War by Richard A. Clarke and Robert K. Knake, Last Visited: 1 January 2013
http://www.richardaclarke.net/bio.php
[2] “Book Review: “Breakpoint (2007)” by Richard Clarke,” By Rick Howard, Terebrate, 1 Jan 2013, Last Visited 21 January 2013
http://terebrate.blogspot.com/2013/01...
[3] “A Declaration of Cyber-War” by Michael Gross, Vanity Fair, April 2011, Last visited 20 January
http://www.vanityfair.com/culture/fea...
[4] “Cyberwar Timeline,” By Mark Clayton, The Christian Science Monitor, 7 March 2011, Last Visited 19 January 2013
http://www.csmonitor.com/USA/2011/030...
[5] “Cyberattack [Moonlight Maze] Reveals Cracks in U.S. Defense,” By Elinor Abreu, PCWworld, 9 May 2001, Last Visited 20 January 2013
http://www.pcworld.com/article/49563/...
[6] “Cyberwar [Timeline],” By Frontline, 24 April 2003, Last Visited 20 January 2013
http://www.pbs.org/wgbh/pages/frontli...
[7] “Establishing a Cyber Warfare Doctrine,” By Adrew Colarik and Lech Janczewski, Journal of Strategic Security, Volume 5, Issue 1, pg 31-48, 2012, Last Visited 19 January 2013
http://scholarcommons.usf.edu/cgi/vie...
[8] “Inside the Chinese Hack Attack [Titan Rain],” By Nathan Thornburgh, Time Magazine, 25 August 2005, Last Visited 20 January 2013
http://www.time.com/time/nation/artic...
[9] Note: I could find no other sources corroborating this fact
[10] “Israeli sky-hack switched off Syrian radars countrywide Backdoors penetrated without violence.” By Lewis Page, The Register, 22 November 2007
http://www.theregister.co.uk/2007/11/...
[11] “North Korea launched cyber attacks, says south,” By Associated Press, theGuardian, 11 July 2009
http://www.guardian.co.uk/world/2009/...
[12] “Computer Spies Breach Fighter-Jet Project [F-35],” By Siobahn Gorman, The Wall Street Journal, 21 April 2009, Last Visited 20 January 2013
http://www.darkreading.com/security/n...
[13] “Chinese Hackers Stole Plans for America's New Joint Strike Fighter Plane [F-35], Says Investigations Subcommittee Chair,” By Christopher Groins and Pete Winn, The Wall Street Journal, 25 April 2012, Last Visited 20 January 2013
http://cnsnews.com/news/article/chine...
[14] “Asymmetry,” By Dictionary.com, Last Viewed January 2013
http://dictionary.reference.com/brows...
[15] Note: I got this information from an interview I conducted with a military lawyer in the fall of 2012. That lawyer wishes to be an anonymous source.
Executive Summary:
I recommend this book. It is essential to the cyber warrior who needs to understand the historical context around the evolution of defending any nation in cyber space. For international policy makers, it is a good place to start for a real discussion about substantive policies that the international community should consider. For the commercial security folks, read this book if you want insight into how government policy makers frame the problem and what they would want to implement if they could. Even if you do not agree with the policies, you will understand what they want. Clarke and Kane discusses the nature of cyber warfare, cyber espionage, cyber crime and cyber terrorism and provide specific examples of cyber warfare and cyber espionage.
Review:
Since 2009, a plethora of books have hit the market that discuss the issue of cyber warfare. Here are just a few:
Apr 2009: Cyberpower and National Security (National Defense University) by Franklin D. Kramer, Stuart H. Starr and Larry Wentz
Nov, 2009: Cyberdeterrence and Cyberwar by Martin C. Libicki
Jan, 2010: Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
Apr, 2010: Cyber War: The Next Threat to National Security and What to Do About It by Richard A. Clarke and Robert Knake
Jul, 2010: Surviving Cyberwar by Richard Stiennon
Jun, 2011: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by Jason Andress and Steve Winterfeld
Sep, 2011: America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare by Joel Brenner
I have read two (Winterfeld’s and now Clarke’s) and I am working my way down the list, but I wanted to read this one sooner than later because of Clarke’s background. Before he retired from government service, he served three different US Presidents: the Special Assistant to the President for Global Affairs, the National Coordinator for Security and Counterterrorism and the Special Advisor to the President for Cyber Security [1]. Besides, I just finished reading his novel “Breakpoint,” about a significant cyber threat to the US and thought he got most of the technical stuff right [2]. I figured he might have something smart to say about Cyber War.
Clarke and Kane published this in April 2010, just months short of when the public became aware of STUXNET [3]. Some of the things he suggests for ways forward suffer because of that game changing event, but for the most part, I like what he brings to the table. But because of his background, this book is about policy and not really about how a nation might deploy assets in a cyber war. Specifically, it is about what the US should consider adopting going forward when considering the implications of an all-out cyber war.
He starts with a history of cyber events to demonstrate why we need the policy. He covers the usual suspects and adds one or two for which I had not previously heard:
(1997) CND: Eligible Receiver: US Red Team exercise that showed how vulnerable the DOD is to cyber attack [4].
(1998) Espionage: Moonlight Maze: Massive government and government-contractor data exfiltration traced back to a Russian mainframe; attribution: likely Russian government [5][6].
(1999) Warfare: “Unrestricted Warfare” Book by Chinese military leaders that crystalizes China’s thoughts on asymmetric warfare [7].
(2003) Espionage: Titan Rain: Widespread compromise and data exfiltration of US government and US-government-contractor systems; attribution: likely Chinese government [8].
(2003) Warfare: US Compromise of Iraq Email System prior to launch of 2d Iraq War [9].
(2007) Warfare: DDOS attack against Estonia; attribution: likely Russian government [7].
(2007) Warfare: US-Israeli DOS attack against Syrian Air Defense Systems [10].
(2008) Warfare: DDOS attack against Georgia; attribution: likely Russian government [7].
(2009) Warfare: DDOS attack against US and South Korean targets; attribution: likely North Korean government [11].
Notice that some of these events are not really about cyber warfare at all. Two are strictly cyber espionage related (Moonlight Maze and Titan Rain). One is purely Computer Network Defense (Eligible Receiver). Some (Estonia and Georgia) just barely meet Clarke’s cyber warfare definition:
“[T]he term “cyber war” … refers to actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”
But all of these events have shaped Clarke’s thoughts on what to do about cyber warfare. “Eligible Receiver” proved that DOD networks are vulnerable. Even after a decade, you could make the case that DOD networks are as porous today as they were back in 1997 [12][13]. “Moonlight Maze” was the proverbial wakeup call though. A year before the Chinese figured out what Asymmetry is, somebody from Russia broke into a large number of government systems and stole truckloads of data. I believe this is the first documented public cyber espionage case. A year later, the Chinese crystalized their thoughts about how useful asymmetry might be in a coming conflict with the US.
The Chinese watched how successful the Americans were in the first Iraq war but also how dependent on technology the US Army was in its efforts. Chinese military leaders believed that a nation that was not as strong militarily (China) could leverage an existing asymmetry by concentrating on defeating the technology first and not the tanks, air craft carriers and fighter jets that they were no match for. According to dictionary.com, Asymmetry means a “Disproportion between two or more like parts [14].” Clarke says that when a nation sits on the high end of that equation (the US for example), they have a high degree of “cyber dependence.” In other words, that nation depends greatly on cyber for it to function. If that is out of balance, an asymmetric advantage develops and cyber defense is more important than cyber offense.
The Chinese wanted to take advantage of that and published their first thoughts about the idea in that “Unrestricted Warfare” book. Four years later, “Titan Rain” proved again how weak the DOD networks were and how successful the Chinese had been in pursuing their asymmetric vision.
From there, Clarke describes examples of how various nation states have experimented with Cyber Warfare in the past: US, Russia, Israel and North Korea. With this history lesson complete, Clarke makes the case that the US defenses against these kinds of attacks are weak, both for government networks and for commercial networks, and spends the rest of the book talking about what should be done about it.
Clarke’s bottom line is that, painful as it might be, the US will require sweeping new laws, regulations and policy in order to protect the nation from this threat. He points out that Cyber Command is responsible for defending the DOD networks and that the Department of Homeland Security is responsible for protecting the non-DOD government networks. Nobody is responsible for protecting the commercial side. That seems short sighted when you lay it out like that, but in truth, the commercial side really wants no part of US government help when it comes to defending their own networks. Let’s face it, the government’s track record is not that good. About the only thing the commercial side wants from the government is their intelligence feed. This stand-off between the US government and the commercial sector has been going on for well over a decade. Clarke’s point is that enough is enough. Tough decisions are required. He proposes the Defense Triad Strategy:
1: Secure the US Backbone
2: Secure the US Power Grid
3: Install security best practices on all government networks (NIPRNET /SIPRNET /JWICS)
I totally agree with the first one. Today, the US internet is a conglomeration of commercial ISPs who interconnect with each other as the business need demands. Their connections to each other and to the rest of the world are based on business decisions. While all of the big ones cooperate with each other and with the US government, their first priority is to make money. If a large scale attack on the financial system, for example, is launched from a foreign adversary, the US government has no first hand means to monitor the situation. They have to depend on the generosity of the commercial sector to share information. Today, most of these commercial companies willingly share with the government, but the system is inefficient and will likely not prevent the first wave of attacks. Clarke’s point is that somebody from the government should be monitoring the US cyber perimeter. Privacy advocates will scream and detractors will point out that it is equally possible to launch an attack against the food system from within the US as it is from a foreign country. Clarke acknowledges those issues but advocates that just because they will be controversial does not mean we should not address them.
For Clarke’s second point, I was a little skeptical at first. Why single out power as the first priority among 18 different critical infrastructure sectors such as banking, and food. After a little thought though, it is clear that power is the lynchpin for the entire shooting match. The reason the US is cyber dependent is because it has reliable power distributed across the entire nation. Take that out and the rest of the 18 critical infrastructure sectors come tumbling down after it.
For his last point, it is a little sad that we have to say this. The US Government should install basic best practice security measures (like need-to-know network segmentation, file encryption, and host-based intrusion detection technology) across all of its networks. The fact that the government has not done this is a little scary, but it is my experience that this is not an act of incompetence. It really comes down to cost. The US government networks are some of the largest in the world. To install all of that technology on every laptop and computer on three different networks is not cheap. In a world of limited resources, when you compare the tradeoff between buying file encryption software to, say, buying body armor for deployed soldiers, file encryption is going to lose every time.
Clarke realizes that it is unlikely that any US leader will be able to push through these radical ideas from the start. In order to get there, he proposes six paths that the international community should work in parallel:
1: Broad public dialog about cyber war
2: Create the Defensive Triad
3: International cooperation on Cyber Crime
4: Cyber Arms Reduction beginning
5: R&D for more secure networks
6: President is required to make decision on Computer Network Attack (CNA)
Number three is a no-brainer. Why does the world tolerate things like spamming organizations and botnets? In my naive fantasy world, I can see world leaders, perhaps sitting around the negotiating table at the UN, deciding that these kinds of things will not exist and whenever one is discovered, every nation pitches in to dismantle them. OK, so this might not be realistic, but I think there is a lot more common ground here then there is disagreement.
For cyber arms reduction, Clarke comes from the nuclear world and it makes sense that he would try to apply the successes that world has achieved in the cyber space arena. I am not quite sure what would come of those discussions especially since the US has decided that Computer Network Attack (See Stuxnet [3]) is a viable middle ground to influencing nations in the middle east as compared to deploying troops or dropping bombs, but perhaps the international community can agree on big ticket items like not attacking each other’s power grids. But, by all means, let’s bring the leaders to the table and see what comes of it.
For number three (Cyber arms reduction) and number four (presidential decision making), this is where Clarke did not benefit from knowing about Stuxnet prior to publishing his book. For the attacks against the Iranian uranium enrichment facility, President Bush moved the operation under Title 50 authority; the intelligence channels. Using something called Presidential Findings, the US President is authorized to approve covert missions. These cyber operations fall loosely into the same legal category as drone operations in the Middle East and the assassination of Osama Bin Laden in Pakistan. A Presidential Finding is a written description of a covert action that must be shared with the appropriate intelligence committees in Congress. They describe influence actions against political, economic or military objectives [15]. The good news is that one of the six parallel paths on Clarke’s list is already done.
I have one side note to discuss before I finish this review. Clarke describes how the US Air Force, Navy and Army have progressed in the cyber arena since “Moonlight Maze.” He was not kind to the US Army: "If the Army sounds like the least organized of the services to fight cyber war, that is because it is." Some of you may know that my last job in Army was running the Army Computer Emergency Response Center (ACERT) right around the Titan Rain timeframe. My job was to coordinate actions across the cyber spectrum: Defense, Exploitation and Attack. When I was there, we were breaking new ground trying to figure out how to operate in this new space. General Alexander, now the NSA Director and the commander of Cyber Command, was my senior rater. Some of the things he is doing at the national level at Cyber Command, he experimented first as the INSCOM Commander in charge of the ACERT. I admit that hearing that the Army has fallen so far behind the other services in this arena stings a bit. To be fair though, the Army has been fighting two land wars in the Middle East for the past decade. Their leadership may have had one or two other pressing issues to worry about then developing their cyber capability.
I recommend this book. At the very least, an open and frank discussion of Clarke’s six parallel paths between international government leaders and commercial business leaders would not be a bad thing. Nothing can happen if we do not put everything on the table and discuss it. We can use Clarke’s book to get the conversation started.
Sources:
[1] “Bio: Richard A. Clarke,” Cyber War by Richard A. Clarke and Robert K. Knake, Last Visited: 1 January 2013
http://www.richardaclarke.net/bio.php
[2] “Book Review: “Breakpoint (2007)” by Richard Clarke,” By Rick Howard, Terebrate, 1 Jan 2013, Last Visited 21 January 2013
http://terebrate.blogspot.com/2013/01...
[3] “A Declaration of Cyber-War” by Michael Gross, Vanity Fair, April 2011, Last visited 20 January
http://www.vanityfair.com/culture/fea...
[4] “Cyberwar Timeline,” By Mark Clayton, The Christian Science Monitor, 7 March 2011, Last Visited 19 January 2013
http://www.csmonitor.com/USA/2011/030...
[5] “Cyberattack [Moonlight Maze] Reveals Cracks in U.S. Defense,” By Elinor Abreu, PCWworld, 9 May 2001, Last Visited 20 January 2013
http://www.pcworld.com/article/49563/...
[6] “Cyberwar [Timeline],” By Frontline, 24 April 2003, Last Visited 20 January 2013
http://www.pbs.org/wgbh/pages/frontli...
[7] “Establishing a Cyber Warfare Doctrine,” By Adrew Colarik and Lech Janczewski, Journal of Strategic Security, Volume 5, Issue 1, pg 31-48, 2012, Last Visited 19 January 2013
http://scholarcommons.usf.edu/cgi/vie...
[8] “Inside the Chinese Hack Attack [Titan Rain],” By Nathan Thornburgh, Time Magazine, 25 August 2005, Last Visited 20 January 2013
http://www.time.com/time/nation/artic...
[9] Note: I could find no other sources corroborating this fact
[10] “Israeli sky-hack switched off Syrian radars countrywide Backdoors penetrated without violence.” By Lewis Page, The Register, 22 November 2007
http://www.theregister.co.uk/2007/11/...
[11] “North Korea launched cyber attacks, says south,” By Associated Press, theGuardian, 11 July 2009
http://www.guardian.co.uk/world/2009/...
[12] “Computer Spies Breach Fighter-Jet Project [F-35],” By Siobahn Gorman, The Wall Street Journal, 21 April 2009, Last Visited 20 January 2013
http://www.darkreading.com/security/n...
[13] “Chinese Hackers Stole Plans for America's New Joint Strike Fighter Plane [F-35], Says Investigations Subcommittee Chair,” By Christopher Groins and Pete Winn, The Wall Street Journal, 25 April 2012, Last Visited 20 January 2013
http://cnsnews.com/news/article/chine...
[14] “Asymmetry,” By Dictionary.com, Last Viewed January 2013
http://dictionary.reference.com/brows...
[15] Note: I got this information from an interview I conducted with a military lawyer in the fall of 2012. That lawyer wishes to be an anonymous source.
August 29, 2017
Cyberwar is terrific book despite its age, and that says a lot.
Clarke forms a fantastic (both literally and figuratively) narrative that's gripping throughout the first half of the book, but slowly fades towards the second, as it becomes inundated with redundancies.
The book is beginning to show its age, too. With the advent of newer books, movies, and podcasts such as "Countdown to Zero Day", and "Malicious Life", Cyberwar, first published 8 years ago and probably written well in advance, might be better thought of as a book about the history of cyber security than its current state.
Regardless it's an amazing intro to the earlier days of cyber security, and a highly recommended read.
-----
Richard A. Clarke's Cyberwar, though nearly a decade old, paints an accurate and exciting picture of the modern cyberwar. It is one of those rare examples of "the truth is stranger (and much more exciting) than fiction. while it only glimpses at the back-end of the cyber conflict, positioned between the early 90's and late 2000's, its author does well to leverage his insight and access to suck the reader into the dark hallways of the CIA, NSA, and other, equally powerful agencies in many different countries.
This clandestine feel gives the book an air secrecy, and brings the reader in on the secret. This is one of the greatest achievements of Cyberwar. It shines brightest when it invites the reader to attend secret meetings, fills them in on top-secret briefings, and generally digs deeper into the subject.
Throughout the book's first half, it is gripping and informative. Somewhere near the halfway point, though, the book becomes more and more ingested with unnecessary (perhaps by today's standard) illustration of the cyberwar, its possible outcomes, and potential uses. We live now in an age where we've seen so many of these use cases in action, and then much worse ones. This was perhaps necessary 10 years ago, when the mere idea of a war waged on computer networks was ludicrous. Nowadays, however, it lacks any substantial benefit.
That is not to say it is a bad book, quite the opposite, it is well written and alluring. And certainly, during the time it was published it might have been groundbreaking. Unfortunately, much has changed since, and in "cyber years" a decade is close to a millenia. What was once farfetched, is now mundane. What once was unimaginable, is now banal.
Try to imagine, then, what today's "cyberwar" stories may be.
That said, Cyberwar remains a unique book, one that introduces the reader well to the world of cyberwarfare. However, for those truly interested, this cannot be the last stop, I would recommend further digging into the topic.
Clarke forms a fantastic (both literally and figuratively) narrative that's gripping throughout the first half of the book, but slowly fades towards the second, as it becomes inundated with redundancies.
The book is beginning to show its age, too. With the advent of newer books, movies, and podcasts such as "Countdown to Zero Day", and "Malicious Life", Cyberwar, first published 8 years ago and probably written well in advance, might be better thought of as a book about the history of cyber security than its current state.
Regardless it's an amazing intro to the earlier days of cyber security, and a highly recommended read.
-----
Richard A. Clarke's Cyberwar, though nearly a decade old, paints an accurate and exciting picture of the modern cyberwar. It is one of those rare examples of "the truth is stranger (and much more exciting) than fiction. while it only glimpses at the back-end of the cyber conflict, positioned between the early 90's and late 2000's, its author does well to leverage his insight and access to suck the reader into the dark hallways of the CIA, NSA, and other, equally powerful agencies in many different countries.
This clandestine feel gives the book an air secrecy, and brings the reader in on the secret. This is one of the greatest achievements of Cyberwar. It shines brightest when it invites the reader to attend secret meetings, fills them in on top-secret briefings, and generally digs deeper into the subject.
Throughout the book's first half, it is gripping and informative. Somewhere near the halfway point, though, the book becomes more and more ingested with unnecessary (perhaps by today's standard) illustration of the cyberwar, its possible outcomes, and potential uses. We live now in an age where we've seen so many of these use cases in action, and then much worse ones. This was perhaps necessary 10 years ago, when the mere idea of a war waged on computer networks was ludicrous. Nowadays, however, it lacks any substantial benefit.
That is not to say it is a bad book, quite the opposite, it is well written and alluring. And certainly, during the time it was published it might have been groundbreaking. Unfortunately, much has changed since, and in "cyber years" a decade is close to a millenia. What was once farfetched, is now mundane. What once was unimaginable, is now banal.
Try to imagine, then, what today's "cyberwar" stories may be.
That said, Cyberwar remains a unique book, one that introduces the reader well to the world of cyberwarfare. However, for those truly interested, this cannot be the last stop, I would recommend further digging into the topic.
August 10, 2021
4 stars out of 5
Overall:
Cyber War by Richard Clarke was one of the books I read about this topic, and as such, I thought overall it was a pretty good read in terms of the subject matter. The latter half of the book was a little boring because it rehashed the same arguments, but it was a good introduction to the concept from a legislative and governmental viewpoint.
Clarity and Effectiveness of Argument:
Clarke's argument essentially was that the US government is in no shape or form protecting the critical civilian infrastructure (e.g. the electricity grid, water supplies, etc.) from cyber attacks. The US government is attempting to protect the Defense Force and Pentagon's networks through an air gap and other means, but that too could be attacked through cyberspace in a variety of ways (e.g. like what Stuxnet did to Iran's centrifuges).
In response to this problem, at the end of the book, Clarke presents his own version of strategies to mitigate the threat of cyber attacks against critical civilian infrastructure. This seems to be a policy push from someone with little power to enact the said strategies, however. So it would be interesting to see if any of the strategies that Clarke has proposed would actually make it through the political process in Washington. There are many actors outside the government who would reject the proposals that Clarke has put forward - the main one would be privacy and the rejection of big government.
There was some history of cyber attacks in the book and the problems with the openness of the Internet which was interesting to read but could have been integrated into the latter half of the book to make his arguments more concise.
What I liked about Clarke's Cyberwar:
- Clarke's Cyberwar provided a general framework for understanding what cyber war is and the kinds of cyberattacks that have happened in the past which was good for providing general understanding of the concepts involved
- Clarke provided a lot of information about the problems of the Internet in terms of its openness and protocols which provided would-be cybercriminals and cyberattackers easy prey to jump on.
- Compared to other books on the same topic, Clarke provides a good legal and regulatory perspective on what the problems are in attempting to protect the critical infrastructure in the US. He also utilises a framework that compares different nations' offensive and defensive cyber capabilities, which shows why other nations have an advantage over the US in terms of the cost/benefit analysis of cyberwar.
- Clarke provided some strategies which could solve the problem of protecting the US's critical civilian infrastructure from cyberattacks, but it is unsure whether or not they could actually be implemented through the political process in the US.
What I didn't like about Clarke's Cyberwar:
- The latter half of the book seemed to go over a variety of things that were already talked about. There was a little bit of repetition which I skimmed over.
- Only general metaphors (e.g. logic bomb) were used, instead of the real technicalities of how cyberattacks could have and were conducted. There were few technical specifics about what cyber-attacks actually consist of.
Who would I recommend it to?
I would recommend Clarke's Cyberwar to people who wanted a general overview of the legislative framework and political strategies that could be implemented to protect the US's critical civilian infrastructure.
I would also recommend it to people who wanted a general overview of the concept of cyberwar and the problems in the US in going about to protect their critical infrastructure from cyberwar.
My other book reviews can be found at: www.flyintobooks.com
Overall:
Cyber War by Richard Clarke was one of the books I read about this topic, and as such, I thought overall it was a pretty good read in terms of the subject matter. The latter half of the book was a little boring because it rehashed the same arguments, but it was a good introduction to the concept from a legislative and governmental viewpoint.
Clarity and Effectiveness of Argument:
Clarke's argument essentially was that the US government is in no shape or form protecting the critical civilian infrastructure (e.g. the electricity grid, water supplies, etc.) from cyber attacks. The US government is attempting to protect the Defense Force and Pentagon's networks through an air gap and other means, but that too could be attacked through cyberspace in a variety of ways (e.g. like what Stuxnet did to Iran's centrifuges).
In response to this problem, at the end of the book, Clarke presents his own version of strategies to mitigate the threat of cyber attacks against critical civilian infrastructure. This seems to be a policy push from someone with little power to enact the said strategies, however. So it would be interesting to see if any of the strategies that Clarke has proposed would actually make it through the political process in Washington. There are many actors outside the government who would reject the proposals that Clarke has put forward - the main one would be privacy and the rejection of big government.
There was some history of cyber attacks in the book and the problems with the openness of the Internet which was interesting to read but could have been integrated into the latter half of the book to make his arguments more concise.
What I liked about Clarke's Cyberwar:
- Clarke's Cyberwar provided a general framework for understanding what cyber war is and the kinds of cyberattacks that have happened in the past which was good for providing general understanding of the concepts involved
- Clarke provided a lot of information about the problems of the Internet in terms of its openness and protocols which provided would-be cybercriminals and cyberattackers easy prey to jump on.
- Compared to other books on the same topic, Clarke provides a good legal and regulatory perspective on what the problems are in attempting to protect the critical infrastructure in the US. He also utilises a framework that compares different nations' offensive and defensive cyber capabilities, which shows why other nations have an advantage over the US in terms of the cost/benefit analysis of cyberwar.
- Clarke provided some strategies which could solve the problem of protecting the US's critical civilian infrastructure from cyberattacks, but it is unsure whether or not they could actually be implemented through the political process in the US.
What I didn't like about Clarke's Cyberwar:
- The latter half of the book seemed to go over a variety of things that were already talked about. There was a little bit of repetition which I skimmed over.
- Only general metaphors (e.g. logic bomb) were used, instead of the real technicalities of how cyberattacks could have and were conducted. There were few technical specifics about what cyber-attacks actually consist of.
Who would I recommend it to?
I would recommend Clarke's Cyberwar to people who wanted a general overview of the legislative framework and political strategies that could be implemented to protect the US's critical civilian infrastructure.
I would also recommend it to people who wanted a general overview of the concept of cyberwar and the problems in the US in going about to protect their critical infrastructure from cyberwar.
My other book reviews can be found at: www.flyintobooks.com
August 12, 2013
WARNING: The country which invented the Internet is presently the most vulnerable to an attack from it.
In the 1970’s, the US Defense Department’s Advanced Research Project Agency (DARPA) laid the groundwork for the Internet. This communications system, initially developed by the military, has over the past 40 years become used by industry, commerce, social networks- almost every aspect of contemporary life. Richard A. Clarke’s Cyber War: The Next Threat to National Security and What to Do About It is a wake-up call written from a White House insider, illustrating what would happen if a foreign power used the Internet against the US. Specifically: crashing the national power grid, SCADA systems (controls for utilities, generators, transformers, pumps, and similar systems), air traffic control, financial databases, and many other components of critical infrastructure which are currently accessible through the Internet and are alarmingly poorly defended.
More than forty nations control dedicated teams of cyber warriors, preparing methods of attack. Cyberspace has become a “battlespace.” While the US has the world’s best internet-based attack capabilities, other nations have superior defenses for their infrastructure. Clarke demonstrates how weapons systems and also the civilian computer networks that manage communications, transport, banking, utilities, can be (and have been- lots of real-world examples) damaged or controlled from a remote location anywhere in the world. Every year additional nations ramp up their cyberwar units- the US, Russia, China, France, North Korea. The world has gone all Die Hard 4.
Cyberwar was initially published in 2010, with this paperback edition released in 2012 with a new appendix about the Stuxnet worm- a real-life proven instance of how the US and Israeli cyberwar units wrote a malicious program to sabotage Iran’s nuclear program. His information is good and corresponds to reading I have done on it as a Computer Information Systems Security Professional. A good start towards more comprehensive details on Stuxnet can be found on Symantec's site. Also see their article on the Stuxnet 0.5: The Missing Link.
This book is certain to be updated with another “told you so!” appendix, as another of Clarke’s major reported real-world cyber attacks has been verified: the People’s Republic of China’s systematic theft of terabytes of R & D data from US military contractors and other companies. (They also hacked into Obama’s campaign computers when he was running for president in 2008, stealing draft policy documents.) In a damningly conclusive report released in February 2013, a computer incident and response company called Mandiant supplied proof that the intrusions and exfiltrations from their customers were state-sponsored hacking from the PRC. Specifically, they tracked a group of thieves they knew as “APT (Advanced Persistent Threat) 1” back to Shanghai and determined it was the 2nd Bureau of the People’s Liberation Army (PLA) GSD 3rd Department, commonly known as Unit 61398. That report is highly recommended reading.
Though written for a popular audience rather than a technical one, Cyber War provides accurate detail. Clarke points out that many unexpected devices are connected to the Internet- everything from elevators to photocopiers to valves at power plants. These are intended to “phone home” for maintenance reasons and to avail of software updates, but this connection can be exploited for other purposes.
Rather than just sound the alarm, Cyberwar proposes a Defensive Triad to improve the US’s posture. This book is a call upon Obama to improve security on the national Internet backbone, secure the controls for the national power grids, and vigorously pursue security upgrades for Defense IT systems. It is a message that should be heard by government, industry, and all people depending on the Internet today- which is just about everyone. No surprise that Cyberwar was a big seller.
The book is also filled with Clarke’s insider observations and insights. For example, George Bush I had an ulterior motive for destroying Saddam Hussein’s military might in 1991. The Iraqi army- fourth largest in the world- was equipped with Soviet-designed weaponry. Blasting that to shit (partly through the use of emerging smart technologies) was intended as a demonstration to the Chinese and other nations reliant upon those same types of tanks and guns. The new F-117 Stealth fighter-bombers were used in the 1989 invasion of Panama “because the Pentagon wanted to show off its new weapon to deter others.” (page 194)
George W. Bush was a president who comes off poorly in Cyberwar. Clarke freely admits that NSA under Bush and Cheney routinely performed illegal surveillance and other actions. He reports that Donald Rumsfeld and other Bush Administration officials advocated invading Iraq because Afghanistan did not have enough targets to bomb. George W. Bush was a president who would rush through decisions without giving the matter thought, one who left regulatory commissions vacant so that government security decisions were not enforced, a president who violated the Convention Against Torture and “never saw a covert-action proposal he didn’t like.” (page 114) When considering what actions that nation should take, Bush would defer to the CEOs of companies that had made large political donations to his election committees. True, there were moves to protect the government’s networks on Bush’s watch (Comprehensive National Cybersecurity Initiative and National Security Presidential Decision 54) but crucial time was lost as other nations took greater measures in the emerging field of computer security.
A final note: Clarke confirms (page 93) the CIA’s 1982 sabotage of the Soviet Urengoy–Surgut–Chelyabinsk natural gas pipeline. The KGB had been stealing Western technology: the CIA learned of this and introduced a flaw into automated pump and valve controls. The explosion was the world’s largest non-nuclear explosion- over three kilotons. This explosion occurred in a unpopulated area and so no casualties occurred. This early example of successful SCADA system sabotage demonstrates the potential of what could occur today if nations do not secure their systems correctly. CybrWar is real, with real-world consequences. Successful attacks have been occurring for decades, and will continue throughout this century.
In the 1970’s, the US Defense Department’s Advanced Research Project Agency (DARPA) laid the groundwork for the Internet. This communications system, initially developed by the military, has over the past 40 years become used by industry, commerce, social networks- almost every aspect of contemporary life. Richard A. Clarke’s Cyber War: The Next Threat to National Security and What to Do About It is a wake-up call written from a White House insider, illustrating what would happen if a foreign power used the Internet against the US. Specifically: crashing the national power grid, SCADA systems (controls for utilities, generators, transformers, pumps, and similar systems), air traffic control, financial databases, and many other components of critical infrastructure which are currently accessible through the Internet and are alarmingly poorly defended.
More than forty nations control dedicated teams of cyber warriors, preparing methods of attack. Cyberspace has become a “battlespace.” While the US has the world’s best internet-based attack capabilities, other nations have superior defenses for their infrastructure. Clarke demonstrates how weapons systems and also the civilian computer networks that manage communications, transport, banking, utilities, can be (and have been- lots of real-world examples) damaged or controlled from a remote location anywhere in the world. Every year additional nations ramp up their cyberwar units- the US, Russia, China, France, North Korea. The world has gone all Die Hard 4.
Cyberwar was initially published in 2010, with this paperback edition released in 2012 with a new appendix about the Stuxnet worm- a real-life proven instance of how the US and Israeli cyberwar units wrote a malicious program to sabotage Iran’s nuclear program. His information is good and corresponds to reading I have done on it as a Computer Information Systems Security Professional. A good start towards more comprehensive details on Stuxnet can be found on Symantec's site. Also see their article on the Stuxnet 0.5: The Missing Link.
This book is certain to be updated with another “told you so!” appendix, as another of Clarke’s major reported real-world cyber attacks has been verified: the People’s Republic of China’s systematic theft of terabytes of R & D data from US military contractors and other companies. (They also hacked into Obama’s campaign computers when he was running for president in 2008, stealing draft policy documents.) In a damningly conclusive report released in February 2013, a computer incident and response company called Mandiant supplied proof that the intrusions and exfiltrations from their customers were state-sponsored hacking from the PRC. Specifically, they tracked a group of thieves they knew as “APT (Advanced Persistent Threat) 1” back to Shanghai and determined it was the 2nd Bureau of the People’s Liberation Army (PLA) GSD 3rd Department, commonly known as Unit 61398. That report is highly recommended reading.
Though written for a popular audience rather than a technical one, Cyber War provides accurate detail. Clarke points out that many unexpected devices are connected to the Internet- everything from elevators to photocopiers to valves at power plants. These are intended to “phone home” for maintenance reasons and to avail of software updates, but this connection can be exploited for other purposes.
Rather than just sound the alarm, Cyberwar proposes a Defensive Triad to improve the US’s posture. This book is a call upon Obama to improve security on the national Internet backbone, secure the controls for the national power grids, and vigorously pursue security upgrades for Defense IT systems. It is a message that should be heard by government, industry, and all people depending on the Internet today- which is just about everyone. No surprise that Cyberwar was a big seller.
The book is also filled with Clarke’s insider observations and insights. For example, George Bush I had an ulterior motive for destroying Saddam Hussein’s military might in 1991. The Iraqi army- fourth largest in the world- was equipped with Soviet-designed weaponry. Blasting that to shit (partly through the use of emerging smart technologies) was intended as a demonstration to the Chinese and other nations reliant upon those same types of tanks and guns. The new F-117 Stealth fighter-bombers were used in the 1989 invasion of Panama “because the Pentagon wanted to show off its new weapon to deter others.” (page 194)
George W. Bush was a president who comes off poorly in Cyberwar. Clarke freely admits that NSA under Bush and Cheney routinely performed illegal surveillance and other actions. He reports that Donald Rumsfeld and other Bush Administration officials advocated invading Iraq because Afghanistan did not have enough targets to bomb. George W. Bush was a president who would rush through decisions without giving the matter thought, one who left regulatory commissions vacant so that government security decisions were not enforced, a president who violated the Convention Against Torture and “never saw a covert-action proposal he didn’t like.” (page 114) When considering what actions that nation should take, Bush would defer to the CEOs of companies that had made large political donations to his election committees. True, there were moves to protect the government’s networks on Bush’s watch (Comprehensive National Cybersecurity Initiative and National Security Presidential Decision 54) but crucial time was lost as other nations took greater measures in the emerging field of computer security.
A final note: Clarke confirms (page 93) the CIA’s 1982 sabotage of the Soviet Urengoy–Surgut–Chelyabinsk natural gas pipeline. The KGB had been stealing Western technology: the CIA learned of this and introduced a flaw into automated pump and valve controls. The explosion was the world’s largest non-nuclear explosion- over three kilotons. This explosion occurred in a unpopulated area and so no casualties occurred. This early example of successful SCADA system sabotage demonstrates the potential of what could occur today if nations do not secure their systems correctly. CybrWar is real, with real-world consequences. Successful attacks have been occurring for decades, and will continue throughout this century.
June 13, 2018
I gave this three stars because I love the topic, but not so much the author. I listed strengths and weaknesses (my opinion) of the book.
Strengths: For being written in 2010, the book was probably ahead of it's time, and is relevant today. It detailed our domestic vulnerability to cyber attacks and raised serious concerns about our ability to function (emergency services and military readiness) should the "unthinkable" happen. Since the "unthinkable" continues to happen from a domestic terrorism standpoint, we should probably do something to prepare for this (smart people of the government unite!). Given his place in government and how tight-lipped people normally are in those positions, I'm inclined to think the scenario/possibilities are much worse than he let on in the text. I like that he gave examples of previous attacks, or "trial runs."
Weaknesses: Clarke seems full of himself and comes across as arrogant sometimes (or a know-it-all) in the text. The book was really, really, really long for the material it contained. The 290 pages could have been edited to about 150, my opinion. After page 106 the tone changed from informative to partisan, which was disappointing. I'm all for assigning blame where it belongs but he came across as petulant. The text went off on tangents that made me want to skip ahead. There were no references to specific studies or an index on where some of his information was obtained. Although he may be the most qualified person (given his experience) to speak on this subject, it would have been nice to verify his sources. He referenced the movie Live Free or Die Hard (2007), which was exactly what I pictured while reading the text. I also think the movie was more entertaining than reading this book, and took less time out of my day...
Strengths: For being written in 2010, the book was probably ahead of it's time, and is relevant today. It detailed our domestic vulnerability to cyber attacks and raised serious concerns about our ability to function (emergency services and military readiness) should the "unthinkable" happen. Since the "unthinkable" continues to happen from a domestic terrorism standpoint, we should probably do something to prepare for this (smart people of the government unite!). Given his place in government and how tight-lipped people normally are in those positions, I'm inclined to think the scenario/possibilities are much worse than he let on in the text. I like that he gave examples of previous attacks, or "trial runs."
Weaknesses: Clarke seems full of himself and comes across as arrogant sometimes (or a know-it-all) in the text. The book was really, really, really long for the material it contained. The 290 pages could have been edited to about 150, my opinion. After page 106 the tone changed from informative to partisan, which was disappointing. I'm all for assigning blame where it belongs but he came across as petulant. The text went off on tangents that made me want to skip ahead. There were no references to specific studies or an index on where some of his information was obtained. Although he may be the most qualified person (given his experience) to speak on this subject, it would have been nice to verify his sources. He referenced the movie Live Free or Die Hard (2007), which was exactly what I pictured while reading the text. I also think the movie was more entertaining than reading this book, and took less time out of my day...
August 25, 2023
Ahead of it’s Time
Richard Clarke’s book on cyber war was perhaps written a few years too early. In fact, the book was written as an early warning about the emerging threat of cyber-terrorism to our infrastructure and inter-connected world.
He is, without doubt, a recognized expert in the field having worked as a counter-terrorism expert for many years - so his warnings should not be marginalized. In fact, he describes some of the early, low level DDOS (deliberate denial of service) attacks perpetrated by Russia and other rogue nations. Just as the advent of tanks and airplanes changed the waging of wars one hundred years ago, so too is the technology revolution impacting the way in which wars will be fought in the future.
One could put this down to the musings of a technocrat theorizing about what could happen; however recent events (Sony email hack, Democratic party email hack) have put a harsh spotlight on how anonymous nation states can wreak havoc on an enemy. The threat has emerged and it will grow. The next war will be fought in the data center!
The book attempts to walk a delicate path between being a readable text for the everyman, who needs to become more aware of the threats that cyber warfare can pose; and a technical treatise on its history and the policy prescriptions that must be addressed if we are to prevent some future tragedy. It’s a hard balance to find - I think the authors erred on the side of the everyman. Not necessarily a bad thing, but the reader should be mindful of the authors’ objectives. I suspect this will not be the last book to hit our shelves on this subject.
Richard Clarke’s book on cyber war was perhaps written a few years too early. In fact, the book was written as an early warning about the emerging threat of cyber-terrorism to our infrastructure and inter-connected world.
He is, without doubt, a recognized expert in the field having worked as a counter-terrorism expert for many years - so his warnings should not be marginalized. In fact, he describes some of the early, low level DDOS (deliberate denial of service) attacks perpetrated by Russia and other rogue nations. Just as the advent of tanks and airplanes changed the waging of wars one hundred years ago, so too is the technology revolution impacting the way in which wars will be fought in the future.
One could put this down to the musings of a technocrat theorizing about what could happen; however recent events (Sony email hack, Democratic party email hack) have put a harsh spotlight on how anonymous nation states can wreak havoc on an enemy. The threat has emerged and it will grow. The next war will be fought in the data center!
The book attempts to walk a delicate path between being a readable text for the everyman, who needs to become more aware of the threats that cyber warfare can pose; and a technical treatise on its history and the policy prescriptions that must be addressed if we are to prevent some future tragedy. It’s a hard balance to find - I think the authors erred on the side of the everyman. Not necessarily a bad thing, but the reader should be mindful of the authors’ objectives. I suspect this will not be the last book to hit our shelves on this subject.
March 30, 2018
Con las acusaciones de los EE.UU respecto a las intrusiones de Rusia en los servidores del Partido Demócrata, leer este libro viene que ni pintado. Aunque se escribió en 2010 la mayor parte de lo que describe sigue de actualidad ya que todavía no se ha solucionado. Su principal autor (Richard Clarke) sabe de lo que habla: trabajó en temas de defensa desde principios de la década de los 70 del siglo pasado y llegó a ser jefe antiterrorista de la Casa Blanca con Bill Clinton y George Bush (fue especialmente crítico con la invasión de Irak y con la gestión de Condoleeza Rice).
En "Cyber War") Clarke explica que los EE.UU no están preparados para la guerra cibernética, porque aunque su capacidad ofensiva es impresionante, su capacidad defensiva es menor que la de potenciales enemigos como Rusia, China y Corea del Norte. ¿Por qué? Por varias razones: 1) El ejército de los EE.UU, (con su estrategia "net-centric") depende más de sus sistemas electrónicos que sus oponentes. 2) No existe un control sobre la infraestructura de telecomunicaciones, y 3) Las infraestructuras civiles de los EE.UU. (sobre todo la red eléctrica) son especialmente vulnerables (Clarke afirma que ya están implantadas varias "bombas lógicas" en la red de alta tensión), ya que no hay una regulación que obligue a las compañías eléctricas a mejorar su seguridad.
Un libro muy recomendable para aquell@s que estén interesad@s en temas de defensa y geopolítica.
En "Cyber War") Clarke explica que los EE.UU no están preparados para la guerra cibernética, porque aunque su capacidad ofensiva es impresionante, su capacidad defensiva es menor que la de potenciales enemigos como Rusia, China y Corea del Norte. ¿Por qué? Por varias razones: 1) El ejército de los EE.UU, (con su estrategia "net-centric") depende más de sus sistemas electrónicos que sus oponentes. 2) No existe un control sobre la infraestructura de telecomunicaciones, y 3) Las infraestructuras civiles de los EE.UU. (sobre todo la red eléctrica) son especialmente vulnerables (Clarke afirma que ya están implantadas varias "bombas lógicas" en la red de alta tensión), ya que no hay una regulación que obligue a las compañías eléctricas a mejorar su seguridad.
Un libro muy recomendable para aquell@s que estén interesad@s en temas de defensa y geopolítica.
November 2, 2018
Cyber war takes many forms – Bot computers to crash websites for instance. US Air Force & Navy have taken the potential for cyber war seriously for many years. The Army is somewhat behind. However, all effort in the potential of cyber war has been focused on offense. Because of the nature of cyber warfare and the speed at which it can be implemented, the most important thing to win is a strong defense. It seems that anything that is connected to the internet is vulnerable to cyber-attack.
I found the information presented in the book to be particularly scary. Clarke breaks down all the various ways that hackers can get into utility systems, transportation management, electrical systems, banking, and others. These targets are not military, but they would be the first hit. With systems necessary for civilian life disabled, the impact on the military is tremendous.
Clarke also goes through step by step activities the US should be doing to protect the country in the future. Many we are already well into, but still, the defensive actions are weak.
This was an informative book.
Started; 2018.09.26 - Finished; 2018.10.07
I found the information presented in the book to be particularly scary. Clarke breaks down all the various ways that hackers can get into utility systems, transportation management, electrical systems, banking, and others. These targets are not military, but they would be the first hit. With systems necessary for civilian life disabled, the impact on the military is tremendous.
Clarke also goes through step by step activities the US should be doing to protect the country in the future. Many we are already well into, but still, the defensive actions are weak.
This was an informative book.
Started; 2018.09.26 - Finished; 2018.10.07
September 9, 2017
A good overview of potentially the greatest threat to nation states today, one that is often ignored and relegated to the domain of science-fiction. Covered both the challenges and also the politics around it with the viewpoint of USA. The book isn't technical in nature but provides an intro to computer networks and the vulnerable points. One thing that stood out, especially in context of North Korea, is how being a technologically backward country may actually be an advantage when it comes to Cyber War, for with a relatively small investment such a state can develop weapons that may devastate a technologically superior and more integrated nation without it providing sufficiently juicy targets. The author made several comparisons to nuclear deterrence and why Cyber War is more dangerous because by its nature it doesn't capture the public imagination the same way as mushroom clouds do, but in effect can be equally devastating. It sure is going to be a struggle to gain attention from policy makers, or will be need a cyber pearl harbour before policy makers take it seriously?
March 17, 2018
Many have said that this book written in 2010 by Richard Clarke was ahead of it's time. I have to disagree. By the time this book was written there had already been cyber attacks such as Israel on Syria who was allowing North Korea to build a nuclear plant in it's country. There had also been smaller attacks on various countries by other "wired" countries. This book does cite another book that was written in 1999, 'Unrestricted Warfare', which truly was ahead of it's time. In comparing the two books I would have to say that 'Unrestricted Warfare' gives a much better picture of what can happen during a cyber attack. 'Cyber War' is very informative and, with all that we are seeing in our country at this time with hacking, it is an important book for our times. Clarke doesn't overload the reader with a lot of technical jargon and has some first hand experience since he worked for four Presidents. One thing that stands out in both books is that our country can be shut down without a shot being fired and that we need to get ahead of the curve if we want to survive.
August 14, 2018
I was looking for information on the cyber war. Because I've read Richard Clarke before I chose this book even though it is dated, 2010. It provides technical explanations, historical events and analysis. Look over the glossary terms to determine if you will understand this book.
I have a small background in computer science so while understanding the subject I admit fatigue a little past half way through.
Clarke provides solutions for the problems outlined but they are not easy nor cheap.
The simplest seems separate intrANet disconnected from internet. I have worked in this manner it is difficult. His other suggestion that like nuclear weapons, too devasting to use, maybe all will settle for gathering info vs sabotage of banking or power grid for example.
This is tough, lets make sure we have elected officials that have the ability and desire to protect our nations critical information.
I have a small background in computer science so while understanding the subject I admit fatigue a little past half way through.
Clarke provides solutions for the problems outlined but they are not easy nor cheap.
The simplest seems separate intrANet disconnected from internet. I have worked in this manner it is difficult. His other suggestion that like nuclear weapons, too devasting to use, maybe all will settle for gathering info vs sabotage of banking or power grid for example.
This is tough, lets make sure we have elected officials that have the ability and desire to protect our nations critical information.
August 24, 2017
This book provides a very nice introduction to cyber warfare. The US is considered the best at this type of warfare but unfortunately it is by far the most vulnerable. Any device that is tied to the web is subject to attack. This is the "internet of things" (IoT) As US manufacturers get more and more devices on the net this vulnerability increases. Many power grids in the US are on the net controlling computer access to them is not only the ability to shut them down but also the ability to destroy them. This is the same for oil refineries, office printers, air traffic control systems and many automobiles. The effects of cyber warfare can be devastating. The book was a quick read that was informative and enjoyable.
April 3, 2024
Cyberwar: The Next Threat to National Security and What to Do About It by Richard Clarke and Robert Knake is a good book that is more than a little marred by the passage of time. Back when this book was written, cybersecurity and cyberwar was an emerging field of study. Now, it is mature. This book reads like a call to action and awareness, but most of what it raises is old hat or outdated at this point. More recent books will say more and be less speculative. Still, worth a read and a look, if only to see how things have evolved over time.
Displaying 1 - 30 of 229 reviews