cybersecurity and-cyberwar-singer-en-22186

To purchase personal subscriptions or corporate solutions, visit our website at www.getAbstract.com, send an email to [email protected], or call us at our US office (1-877-778-6627) or at our Swiss office(+41-41-367-5151). getAbstract is an Internet-based knowledge rating service and publisher of book abstracts. getAbstract maintains complete editorial responsibility for all parts of this abstract. getAbstractacknowledges the copyrights of authors and publishers. All rights reserved. No part of this abstract may be reproduced or transmitted in any form or by any means – electronic, photocopying or otherwise –without prior written permission of getAbstract Ltd. (Switzerland).

1 of 5

Cybersecurity and CyberwarWhat Everyone Needs to Know P.W. Singer and Allan FriedmanOxford World’s Classics © 2014306 pages[@]

Rating9 Applicability

8 Innovation

8 Style9

FocusLeadership & Management

Strategy

Sales & Marketing

Finance

Human Resources

IT, Production & Logistics

Career & Self-Development

Small Business

Economics & Politics

Industries

Global Business

Concepts & Trends

Take-Aways• In 2010, the computer security firm McAfee found new malware every 15 minutes. By

2013, it found a new example each second.

• The Stuxnet worm provides a case study in bloodless cyberwarfare with no military orcivilian casualties.

• Stuxnet infiltrated Iran’s nuclear program through Iranian scientists’ flash drives andlaptops, and adjusted engineers’ equipment to self-sabotage.

• Civilians will suffer from cyberwar as combatants use civilian networks to wage war.

• Cyberwarriors can compromise an enemy’s defense networks.

• In a midnight raid in 2007, seven Israeli fighter jets bombed targets in Syria as theSyrian air-defense network sat silent.

• This raid proved that a military could take control of an enemy’s systems and networks.

• Some believe the US military should launch a Cyber Command to focus on technology.

• Much of the discussion of cybersecurity policy involves classified information; civilianpolitical leaders have little opportunity to shape the debate.

• Cloud computing, mobile computing and big data will shape the future of cybersecurity.

This summary is restricted to the personal use of Avirot Liangsiri ([email protected])

LoginContext[cu=1698525,asp=1320,subs=0,free=0,lo=en] 2015-01-25 20:15:54 CET

Cybersecurity and Cyberwar getAbstract © 2015 2 of 5

getabstract

Relevancegetabstract

getabstractWhat You Will LearnIn this summary, you will learn:r1) How cyberwar evolved, 2) How three strategies might curtail cybercrimeand 3) How three trends will shape cybersecurity.

getabstractReviewP.W. Singer and Allan Friedman of the Brookings Institution reveal the mysteries of botnets and shed light on themurky areas of cyberwar and clandestine military operations. They detail fascinating episodes, such as the US-Israeli Stuxnet attack on Iranian nuclear engineers, an infiltration so stealthy the engineers didn’t even know itwas happening. And, they tell businesses how to stay alert to their own security. Their other true accomplishment,meanwhile, is maintaining a light, entertaining tone. getAbstract recommends their fascinating study to students,coders, start-ups, historians, strategists, anyone in the military, and business owners and managers seeking insightinto the defining security frontier of our time.

getabstractgetabstract

Summarygetabstract

getabstract

getabstract“Indeed, we areso surrounded bycomputers that we don’teven think of them as‘computers’ anymore.”

getabstract

getabstract“To cause truedamage entails anunderstanding of thedevices themselves:how they run, theirengineering and theirunderlying physics.”

getabstract

Malware Every SecondCyberattacks and cyberterror are the dirty underbelly of cyberspace. In 2010, the McAfeecomputer security firm found new malware every 15 minutes. By 2013, it found a newexample every second. The principles that make the Internet so powerful make it vulnerableto security threats. The bigger a network, the more useful it is to businesses, consumers,and anyone seeking a large audience or a broad market. Sadly, the bigger a network, also,the less secure it becomes.

The fight against cybercrime can take some unexpected turns. Consider what happenedwhen the FBI nabbed Estonian hackers who created a virus that infected some 570,000computers. The FBI considered shutting down the scammers’ network, but that would haveleft hundreds of thousands of victims without Internet access. The FBI set up servers tokeep the victims’ computers running.

The Internet provides a low-cost venue for terrorists to reach the masses. For instance, al-Qaeda recruited followers by disseminating videos of Osama bin Laden’s speeches. Often,knowledgeable users can glean valuable tactical data, though sometimes that informationends up in the wrong hands. In 2007, US soldiers uploaded photos of new helicopters thathad just arrived at their base in Iraq. Insurgents tapped into the “geotagging” feature ofthe smartphone photos to pinpoint the aircrafts’ location and launched a mortar attack thatdestroyed four of the helicopters.

StuxnetThe Stuxnet attack unleashed by American and Israeli forces sabotaged Iran’s developingnuclear weapons program. Stuxnet’s precision and success offers a case study in cyberwar.The Stuxnet worm infiltrated Iran’s nuclear program through Iranian scientists’ flash drivesand laptops. Once inside the Iranian computers, Stuxnet sought a specific program in theSiemens software. Unlike a missile attack, which would have created obvious damage,Stuxnet’s effect was almost invisible. The worm made small changes in the pressure insideIranian centrifuges. The worm slowed and sped up rotors in the centrifuges, leaving them




getabstract“The Internet thatwe’ve all grown tolove and now need isincreasingly becominga place of risk anddanger.”

getabstract

getabstract“Cybersecurity is oneof those areas thathas been left to onlythe most technicallyinclined to worry theiruncombed heads over.”

getabstract

getabstract“Cyberspace maybe global, but it isnot ‘stateless’ or a‘global commons,’ bothterms frequently usedin government andmedia.”

getabstract

getabstract“The takeaway forcybersecurity is that theentire system is basedon trust.”

getabstract

unable to produce refined uranium fuel. The worm nudged centrifuge speeds past theirlimits, causing them to break down.

From the standpoint of the American and Israeli saboteurs, the beauty of this onslaughtwas that Iranian engineers had no idea they were under attack. The nature of Stuxnet ledthem to believe that the sporadic problems with their equipment sprang from manufacturingdefects. The attack left engineers frustrated by their inability to create a nuclear weapon.Stuxnet successfully stalled Iran’s nuclear program, and it showed how opponents can fighta cyberwar. It points up the ethical advantages of cyberweapons. Air strikes against Iran’snuclear factory might have led to civilian casualties, collateral damage and, possibly, all-outwar. The Stuxnet worm damaged only the centrifuges. Many worms wreak hefty damageon the computers they infect. But the Stuxnet’s designers created it to be harmless in nearlyevery computer it invaded and to activate only when it found its specified software target.

In contrast, in 1981, Israeli forces attacked an Iraqi nuclear research site, dropping 32,000pounds of bombs. The casualties included 11 soldiers and civilians. A worm-as-a-weaponcauses no human casualties at all. Stuxnet ushered in a new kind of international conflictwith less-overt violence and greater confusion over exactly who led the assault. Thatconfusion can be as powerful a weapon as the worm itself, now gone, since its creatorsdesigned it to expire in 2012.

Cool WarUnlike the Cold War, cyberwar is fuzzy. The Cold War featured two superpowers pursuingideological goals. The Internet features millions of users going about their business and,given the mass of their sheer number, providing cyberattackers with camouflage. Nationscan cyberseige their enemies constantly without ever firing a shot or engaging in openhostilities. Russia unleashed a binge of cyberbullying against Estonia in 2007 and stymiedEstonia’s computer networks. Was this an act of aggression? NATO had no way to answer.The Washington treaty creating NATO dates from 1949 and does not address how tointerpret virtual espionage that involves no armed conflict or physical contact.

Cyberwar will not be entirely bloodless. Consider Operation Orchard. In a midnightraid in 2007, seven Israeli fighter jets flew into Syrian air space and dropped severalbombs while the Syrian air-defense network sat silent. The reason? Prior to the attack,Israeli cyberwarriors hacked into the Syrian military’s computers. Able to see what theSyrians were doing, the Israelis projected a fake image of Syrian skies onto the Syriandefense systems during the raid. The Syrians never fired a shot, and Israel completedOperation Orchard with no losses. Such cybersabotage is now rampant, as US and Chinesespies constantly attempt to glean one another’s movement of weapons, resupply rates,ship positions and troop schedules. Operation Orchard represents the holy grail of suchoperations: It proved that a country’s military not only could spy on an enemy, but it couldalso take control of the enemy’s systems and networks.

Collateral DamageWhile cyberwar promises to reduce casualties, it would be foolish to think that any kind ofwarfare will exact no collateral damage. Just as civilians account for 90% of the casualtiesin hot wars, the same ratio is likely to play out in cyberwar. For instance, enemy combatantsmight decide to attack the civilian networks that support military forces. In one war gameat the Pentagon, a make-believe enemy hacked the civilian logistics network that suppliedUS soldiers. By deftly changing a few bar codes on shipping containers, the enemy madesure that the US soldiers on the battlefield received a shipping container full of toilet paper




getabstract“By focusing on anadversary’s informationsystems, Chinaadvances the ideathat cyberattacks turntechnical advantageinto a liability.”

getabstract

getabstract“China isn’t just alooming superpower;it’s also home to theworld’s largest numberof Internet users.”

getabstract

getabstract“As we use phonesand tablets more, thesecurity risks are alsogoing mobile.”

getabstract

getabstract“As the cyberworldhas evolved, so toohas terrorist groups’use of it, especiallyin informationoperations.”

getabstract

rather than weapons. This provides just one example of how an enemy could use a civiliannetwork to wage war. Among the obvious targets are ports, rail yards and arms factories thatcivilian contractors run. Such trickery offers the advantage of hampering an enemy withoutputting lives at risk. Civilian organizations typically have less-stringent cybersecurity thanmilitary computer networks.

“Cyber Command”As cyberwar becomes the strategy of the future, some at the Pentagon believe the USmilitary needs to launch its own Cyber Command that specializes in technical issues –just as, for instance, the US Air Force focuses on airborne warfare. Just like troops whoconsider land, air and sea as their specialized terrain, the troops in the Cyber Commandwould patrol cyberspace as an “operational domain.” Proponents of this strategy note thatUS soldiers train to wage the wars of the past, which victors won through a combinationof sharpshooting, sky diving, hand-to-hand combat, and leading soldiers into battle. TheUS military doles out awards and decorations for yesterday’s combat skills – but, so far, itdoesn’t bestow medals or badges to cyberwarriors.

Gearing up to fight online is not a guarantee of success, of course. Just as US terror fightersbattle insurgents whose identities and whereabouts are not obvious, cyberfighters faceshadowy, stateless actors who take advantage of the Internet’s sprawling anonymity. Theymight launch a cyberattack in hopes of sparking a military response. Some worry that thedoctrine of “equivalence” might mean that a virtual attack could elicit a deadly responsein the real world.

Another concern about readiness focuses on military strategy. The US Air Force’s budgetfor cyberoffense is more than double its earmark for cyberdefense. This illustrates atroubling trend: Creating a unit of secretive cyberspies who engage in glamorous-soundingexploits is sexy, but that approach undersells the importance of defense. Protectingcybernetworks and securing physical supply chains might be the best way to stabilizea nation’s Internet operations. Disturbingly, much of the construction of cybersecuritypolicy happens behind the cloak of classified discussion, giving civilian political leaderslittle opportunity to shape the debate or even to learn which options the governmentis considering.

China’s CyberwarriorsThe coming cool war invariably pits the United States against China. The Pentagonconsiders China the biggest perpetrator of cyberattacks. Chinese officials counter that Chinais not the aggressor but just another victim of stateless, lawless cybercriminals. Theypoint to the skyrocketing attacks on Chinese computers and the reality that the botnetsthat hackers run have hijacked an estimated 10 million Chinese computers. The truthin the US-versus-China story is more nuanced than either side admits. Cybercriminalsvictimize Chinese computer users, but China’s cavalier attitude toward intellectual propertyenables such attacks. Most computers in China run pirated software, which means Chinesecomputer users cannot access regular security updates and patches that would protect themfrom malware.

Attack on The New York TimesThe discovery by The New York Times that a group of Chinese cyberwarriors engaged inattacks on US companies debunked Chinese officials’ protestations. In 2013, the SecondBureau of China’s Third Army – known as the “Comment Crew” or the “Shanghai Group”– stole employee passwords to sneak into The New York Times’ computer networks. After




getabstract“Our most seniorleaders, now in their60s and 70s, likelydid not even becomefamiliar with computersuntil well into theircareers and many stilltoday have only themost limited experiencewith them.”

getabstract

getabstract“Cyberspace is sodifficult to define...notonly in its expansive,global nature, but alsoin the fact that thecyberspace of today isalmost unrecognizablecompared to its humblebeginnings.”

getabstract

getabstract“Security costs money,but it also coststime, convenience,capabilities, liberties,and so on.”

getabstract

the paper discovered the breach, it reported that the Shanghai Group launched dozens ofcyberattacks. Coca-Cola, the Pentagon and the United Nations were among the targets. Thepublicity embarrassed China, but the episode underscored a crucial precept of cyberwar: Aless technically advanced combatant can turn its enemy’s technical edge into a disadvantage– or at least into an area for sabotage.

Cybercrime DeterrentsThe Internet has become a dangerous place, but it doesn’t have to be. Several possibledeterrents to cybercrime include:

• Build a safe zone dubbed “.secure.” – Just as the Internet added an .xxx domain forpornography, it could create an alternative zone only for sites that adhere to the highestsecurity standards. While imperfect, such a solution adds a layer of needed protection.

• Create a CDC for cyberviruses – In 1947, the US created the Centers for DiseaseControl to track and contain public health threats. The CDC has proven effective atalerting the public to contagions. It could serve as a model for a similar agency that wouldkeep tabs on threats from cyberspace and inform the populace.

• Crack down on cyberpirates – For centuries, pirates sailed the high seas, lookingfor opportunities to plunder unsuspecting victims. Governments brought piracy undercontrol only by cracking down on the markets where they sold their loot. For instance,governments targeted pirate havens such as Port Royal, Jamaica. Today’s cyberpiratesoffer a similar challenge.

Trends of the CyberfutureBecause technology changes so rapidly and unexpectedly, predicting the future is tricky.Today’s state-of-the-art supercomputers quickly devolve into tomorrow’s obsolete pilesof metal and microchips. Still, these trends seem likely to influence cybersecurity in thenear future:

• “Cloud computing” – Data no longer live on your desktop computer or in your corporateservers. Increasingly, businesses and government agencies upload their data to the cloud,where companies such as Amazon and Google store information on their servers. Intheory, these cloud servers act as bank vaults: Instead of hiding your information whereit may not be secure, you pay experts with a vested interest in ensuring safety to holdyour data. Perhaps safer in some ways, cloud computing carries its own problems. Whoprotects your information as it travels from you to the server and back?

• “Big data” – With computers playing such large roles in our lives, making sense of all thedata we create is a big business with Big Brother overtones. Netflix is famous for usingbig data to recommend movies, with the downside that their recommendation algorithmcan divine a subscriber’s sexual identity, whether or not he or she has told the world.

• Mobile computing – As phones and tablets grow more powerful, so does the risk ofusing them. By early 2013, criminals had designed some 350,000 versions of malwareto attack mobile devices. This cybersecurity niche didn’t even exist until recently. And,as always, those looking to attack remain one step ahead of those defending.

getabstractgetabstract

About the Authorsgetabstract

getabstractPeter Warren Singer directs the Brookings Institution’s Center for 21st Century Security and Intelligence.Allan Friedman is research director of Brookings’ Center for Technology Innovation.

