Sunday, March 24, 2013

Book Review: “Inside Cyber Warfare: Mapping the Cyber Underworld (2009, 2010)” by Jeffrey Carr

Executive Summary:

I recommend this book for Cyber Security historians and cyber warfare lawyers. It is a bit disorganized and much broader then the title implies. I valued the sections on the importance open source cyber intelligence, the legal issues involved to conduct Cyber Warfare operations and the detailed discussion around Russia’s attacks on Estonia, Georgia and Kyrgyzstan. The details around North Korea’s attacks on South Korea and the US are also very good. But, if you are looking to understand the idea of Cyber War more thoroughly, this is not the book.

Review:

This is a third Cyber Warfare book that I have read since starting the blog back in December of last year (2012). Like I said in my review of Clarke’s book [1], a gaggle of books have hit the market that discuss the issue of cyber warfare in the last four years. Here are just a few:

  • Apr 2009: Cyberpower and National Security (National Defense University) by Franklin D. Kramer, Stuart H. Starr and Larry Wentz
  • Nov, 2009: Cyberdeterrence and Cyberwar by Martin C. Libicki
  • Jan, 2010: Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
  • Apr, 2010: Cyber War: The Next Threat to National Security and What to Do About It by Richard A. Clarke and Robert Knake
  • Jul, 2010: Surviving Cyberwar by Richard Stiennon
  • Jun, 2011: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by Jason Andress and Steve Winterfeld
  • Sep, 2011: America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare by Joel Brenner

I have read three (Clarke’s [1], Winterfeld’s [2], and now Carr’s). Carr’s is by far the weakest of the lot that I have read. Don’t get me wrong, there is some good stuff in here, but in my mind, the book has two major faults that I see. First, it feels like it was written by committee. Carr’s name is on the title but he has adroitly pulled in some deep thinkers to write some of the chapters for him.
  • LT Cdr Matt Sklerov; a Military Lawyer who wrote his Master’s thesis on Cyber Warfare law (Chapters 4 and 13) [3][21].
  • Project Grey Goose Investigators; Open Source Intelligence investigation on the Russia – Georgia Cyber Wars (Chapter 5) [4][22].
  • Ned Moran; a Shadow Server alumnus and Georgetown Adjunct professor (Chapter 12) [5].
  • Alexander Klimburg – an Austrian Institute for International Affairs Fellow (Chapter13) [6].
  • Catherine Lotrionte, Visiting Law Professor at Georgetown University (Chapter 18) [7].
This is not a bad approach, but these kinds of books are a hodgepodge of writing styles and ideas. I have been involved in a lot of these writing projects in my own career – some successes but many spectacular failures - and in order for it to work, the primary editor has to work hard to tell a coherent story. In my opinion, Carr falls short in that goal.

Second, the Book title is misleading. It says it is about Cyber War but Carr covers way more than the Cyber Warfare topic. In the preface, Carr says that, 
“International acts of cyber conflict (commonly but inaccurately referred to as cyber warfare) are intricately enmeshed with cyber crime, cyber security, cyber terrorism and cyber espionage.” 
I fundamentally disagree with this notion. Hactivism is not warfare. Crime is not warfare. Espionage is not warfare. Terrorism is not warfare. These are all very different things and require nuanced and apportioned thinking to deal with them.

Carr points out that it is likely that a couple of governments have coopted some of their local hackers involved in cyber crime and cyber hactivism to participate in Cyber Warfare (Russia) and Cyber Espionage (China) activities. He also observes that the tools used by these actors in all four activities are similar in nature. But then he implies that because both of those things are likely to be true, then that ties all four motivations (cyber crime, cyber security, cyber terrorism and cyber espionage) into a tangled Gordian knot. I do not think this is true. Cyber Crime is enmeshed with Cyber War in the same way that other kinds of violent crime are enmeshed with regular war because both activities use guns. It is just not that entangled. Or if it is, Carr does not make the case for it.

This all goes to the notion of defining the problem space. What exactly is Cyber War? The security community has been debating this topic for over a decade and nobody can agree. The three books I have read so far on the subject have wide ranging definitions. In the Winterfeld / Andress book, the authors review many of the published definitions but throw their hands up in frustration and refuse to define it themselves. Carr defines it as this:
“Cyber Warfare is the art and science of fighting without fighting; of defeating an opponent without spilling their blood”

I do not like this one. This implies that anybody can conduct war: hactivists, commercial entities, non-state actors. Those guys can do damage for sure, but what they are doing is not warfare. I think Carr’s definition is too broad.

In Clarke’s book, he says it is this:
“[T]he term “cyber war” … refers to actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”

I think this is pretty close for two reasons. First, Clark insists that nation states pursue cyber war activities and nobody else. This is important when countries deal with the legal authorities they need to conduct such operations. I am pretty sure that the Cyber Criminals, Hactivists and Terrorists of the world are not running their plans through their legal department before they execute them. But a nation state must if it wants to interact on the global stage. In David Sanger’s book “Confront and Conceal: Obama’s Secret Wars and Surprising Use of Military Power” published last summer [8], Sanger describes President Bush’s decision to move Operation Olympic Games (STUXNET) away from military channels and into the intelligence channels. President Bush made that decision because he did not have the authority to use military forces against a nation that the US was not officially at war with. But, he did have the authority through the intelligence arm in the same way he has the authority to conduct drone strikes in foreign lands and to assassinate Osama Bin Laden in Pakistan.

Second, Clark says that Cyber War activities must cause some sort of physical damage. I think that is dead-on because it separates propaganda activities (web defacements), espionage activities (document exfiltration) and criminal activities (credit card number theft) out of the warfare category. The only weakness in Clarke’s definition is that it says nothing about why a nation state would want to do such a thing. I would tweak it a bit to say this:
Cyber Warfare involves one or more nation states using cyber weapons to destroy each other’s national treasure to achieve some political purpose.

There must be some political goal in mind for any cyber activities that rise to the level of warfare. As Carl von Clausewitz said in his book, ”On War:”
“[…] war is simply the continuation of policy by other means [9].”

Thus it is true for cyber war also. But as Winterfeld and Andress would likely point out, there are probably many issues with my definition too. I do think that Carr’s definition is too broad and because of this, his book is much broader than the topic of Cyber Warfare. There are things that I did like though and the book is worth the read for them. As long as the reader understands where Carr is coming from, there are things to learn here.

He makes a good case for the power of Open Source Cyber Intelligence; a subject that is near and dear to my heart (I was the iDefense Intelligence Director for many years and later the GM. Open Source Intelligence is what we did [10]). Carr has a nice overview of Russia’s Cyber Warfare Capabilities. Sklerov’s chapter on the legalities of warfare and cyber warfare are probably worth the price of admission alone although you can just download his thesis and read it or yourself [3]. His discussion of the two key legal principals of war
“Jus ad bellum: governs the transition from peace to war”
“Jus in bello: governs the use of force during war”

and how they might apply in cyber space is fascinating.

Carr recaps Estonia [11][12][13] and Georgia [13], the examples that many experts roll out when they are looking to describe cyber warfare. He also includes the North Korea DDOS attacks against South Korea and the US as a potential example [14].

With Carr’s book (and the other two I have read these past few months), I am starting to collect a pretty good timeline of Cyber Warfare milestones:

Open Source Cyber Warfare milestones:

  • (1999): “Unrestricted Warfare” Book by Chinese military leaders that crystalizes China’s thoughts on asymmetric warfare [15].
  • (2003): US Compromises Iraq Email System prior to launch of 2d Iraq War [1].
  • (2007): Industrial strength generator destroyed by Malcode in a Lab; US contractor proves cyber destruction is possible [16].
  • (2007): DDOS attack against Estonia; attribution: likely Russian government [11][12][13] .
  • (2007): US-Israeli DOS attack against Syrian Air Defense Systems [17][18].
  • (2008): DDOS attack against Georgia; attribution: likely Russian government [13].
  • (2009): DDOS attack against US-South Korea; attribution: likely North Korean government [14].
  • (2009): DDOS attack against Kyrgyzstan; attribution: likely Russian government [19]
  • (2010): Sabotage attack (Stuxnet) against Iran; attribution: likely US-Israeli governments [8][20].

When you look at that list, what jumps out at me is that the US, Russia and Israel are all over it. China normally gets all of the headlines because of that country’s Cyber Espionage activities and Carr highlights those in the book too. But there is a good reason he spends so much time on Russia’s capabilities in this book. Russia has been active in the Cyber Warfare space since 2007.

Conclusion

In short, Carr’s book is worth the read although it is a bit disorganized and much broader then the title implies. I valued the sections on the importance open source cyber intelligence, the legal issues involved to conduct Cyber Warfare operations and the detailed discussion around Russia’s attacks on Estonia, Georgia and Kyrgyzstan. The details around North Korea’s attacks on South Korea and US are also very good. It is a must-read for Cyber Security historians and I would recommend it to cyber security lawyers for Sklerov’s legal chapters. But, if you are looking to understand the idea of Cyber War more thoroughly, this is not the book.

Note: 

Inside Cyber Warfare: Mapping the Cyber Underworld is a Cybersecurity Canon Candidate. Please visit the official page sponsored by Palo Alto Networks to read all the books from the Canon project.




Sources:

[1] “Book Review: “Cyber Warfare: The Next Threat to National Security and What to Do about It (2010)” by Richard Clarke and Robert Knake,” By Rick Howard, Terebrate, 21 January 2013, Last Visited 16 March 2013
http://terebrate.blogspot.com/2013/01/book-review-cyber-warfare-next-threat.html

[2] “Book Review: “Cyber Warfare: Techniques, Tactics and Tools for the Security Practitioners" (2011)” by Jason Andress and Steve Winterfeld,” By Rick Howard, Terebrate, 26 January 2013, Last Visited 24 March 2013
http://terebrate.blogspot.com/2013/01/book-review-cyber-warfare-techniques.html

[3] “SOLVING THE DILEMMA OF STATE RESPONSES TO CYBERATTACKS: A JUSTIFICATION FOR THE USE OF ACTIVE DEFENSES AGAINST STATES WHO NEGLECT THEIR DUTY TO PREVENT,” By Lieutenant Matthew J. Sklerov, The Judge Advocate General's School, United States Army, April 2009, Last Visited 23 March 2013
http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA517821

[4] “Project Grey Goose Phase II Report: The Evolving State of Cyber Warfare.” By greylogic, Project Grey Goose, 20 March 2009, Last Visited 23 March 2013
http://www.scribd.com/doc/13442963/Project-Grey-Goose-Phase-II-Report

[5] “Ned Moran.” @moranned, Twitter, Last Visited 23 March 2013
https://twitter.com/Moranned

[6] “Cyberpower and National Cyber Security in International Relations,” By Alexander Klimburg, Watson Institute, March 20 2013, Last Visited 23 March 2013
http://www.watsoninstitute.org/events_detail.cfm?id=2038

[7] “Catherine B Lotrionte,” Georgetown University, Last Visited 23 March 2013
http://explore.georgetown.edu/people/lotrionc/?PageTemplateID=156

[8] “Confront and Conceal: Obama’s Secret Wars and Surprising Use of Military Power,” by David Sanger, Crown Publishing, June 5 2012.
http://www.amazon.com/Confront-Conceal-Obamas-Surprising-American/dp/0307718026/ref=sr_1_1?s=books&ie=UTF8&qid=1349666510&sr=1-1&keywords=confront+and+conceal

[9] “On War,” by Carl Von Clausewitz, Edited and Translated by Michael Howard and Peter Paret, Princeton University Press, 1976.
http://www.amazon.com/On-War-ebook/dp/B005R9EB68/ref=sr_1_1_title_1_kin?s=books&ie=UTF8&qid=1364127008&sr=1-1&keywords=on+war

[10] “iDefense Security Intelligence Services,” Verisign, Last Visited 23 March 2013
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/index.xhtml?loc=en_US

[11] “Cyberwar Timeline,” By Mark Clayton, The Christian Science Monitor, 7 March 2011, Last Visited 19 January 2013
http://www.csmonitor.com/USA/2011/0307/Cyberwar-timeline

[12] “Massive DDoS attacks target Estonia; Russia accused,” By Nate Anderson, Ars Technica, May 2007, Last Visited 16 March 2013
http://arstechnica.com/security/2007/05/massive-ddos-attacks-target-estonia-russia-accused/

[13] “Establishing a Cyber Warfare Doctrine,” By Adrew Colarik and Lech Janczewski, Journal of Strategic Security, Volume 5, Issue 1, pg 31-48, 2012, Last Visited 19 January 2013
http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1123&context=jss

[14] “North Korea launched cyber attacks, says south,” By Associated Press, theGuardian, 11 July 2009
http://www.guardian.co.uk/world/2009/jul/11/south-korea-blames-north-korea-cyber-attacks

[15] “Unrestricted Warfare,” By Qiao Liang and Wang Xiangsui, published 22 August 2002 by Pan American Publishing Company
http://www.amazon.com/Unrestricted-Warfare-Chinas-Destroy-America/dp/0971680728/ref=sr_1_1?ie=UTF8&qid=1363481144&sr=8-1&keywords=Unrestricted+Warfare

[16] “Staged Cyber Attack Reveals Vulnerability in Power Grid,” By CNN, YouTube, September 2007, Last Visited 16 March 2013
http://www.youtube.com/watch?v=fJyWngDco3g

[17] “Israeli sky-hack switched off Syrian radars countrywide Backdoors penetrated without violence.” By Lewis Page, The Register, 22 November 2007
http://www.theregister.co.uk/2007/11/22/israel_air_raid_syria_hack_network_vuln_intrusion/

[18] “Israeli sky-hack switched off Syrian radars countrywide Backdoors penetrated without violence.” By Lewis Page, The Register, 22 November 2007
http://www.theregister.co.uk/2007/11/22/israel_air_raid_syria_hack_network_vuln_intrusion/

[19] “DDoS attack boots Kyrgyzstan from net: Russian bears blamed,” By Dan Gooden, The Register, January 2009, Last Visited 23 March 2013
http://www.theregister.co.uk/2009/01/28/kyrgyzstan_knocked_offline/

[20] “A Declaration of Cyber-War” by Michael Gross, Vanity Fair, April 2011, Last visited 20 January
http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104

[21] “Video: Lt.Cmdr. Matthew Sklerov.” By Lewis Page, Joint Hometown News Service, 7 November 2011, Last Visited 23 March 2013
http://www.dvidshub.net/video/211141/ltcmdr-matthew-sklerov#.UU2UqxesiSo

[22] “Ex-CIA tracker now targeting poachers with Project Grey Goose.” By Ken Dilanian, The Los Angeles Times, 16 May 2012, Last Visited 23 March 2013
http://articles.latimes.com/2012/may/16/news/la-pn-excia-tracker-now-targeting-poachers-with-project-grey-goose-20120516

No comments:

Post a Comment