It’s funny I’ve started reading this book shortly before Google announced it withdraws from China because of a cyber attack. Well, this book is about this new theater of operations and explains what everyone should be ready for.
Content and opinions
Warfare is gouverned by international laws. You can’t attack another country (unless you’re the USA…) without some solid arguments. The issue arises here, as a cyber attack is not something we are used to see, and thus there are several interpretations on this topic.
Jeffrey Carr tries to clear the picture by stating what is a cyber attack and how a state can be found responsible for a cyber attack. Indeed, this is a difficult topic as a lot of attacks are made by “simple” hackers that are not officially employed by a state (kind of mercenaries). The fourth whapter is written by an invited guest and describes how a cyber attack may be responded to. It is a complicated legal issue under international laws, but the author is also very clear in his demonstration.
After the legal part, Jeffrey Carr tackles the general topic of intelligence. Attacks may focus on retrieving information (social intelligence or data) or disconnecting websites. I was amazed to see that there were attacks on some websites so that people couldn’t get information from rebels to some states, and that those attacks were made by the before-mentioned states. I thought that hackers were mainly outlaws, but it seems that states rely on hackers when rebels rely more on open information (I’m thinking about the Iran situation).
A lot of time must be spend on finding who launched the attack. How is it possible to launch an attack without being indentified is an issue tackled by several chapters. It seems that a lot of people on the Internet do not ware about accurate information, and this disables the capacity of investigators to find their quarry. It’s also surprising to see the difference between the reality and the movies/TV series where a hacker can find the attacker in less than a minute…
The last chapters are dedicated to using malwares for an attack (retrieving information or setting up a DDOS attack), the military doctrine of China and Russia, how can cyber attack be detected (in a state versus state situation) and general advice for cyber defense.
I have to say that I’m worried when I hear some of France MP saying that all DNS are under US management (which is obviously wrong) and that France should nationalize the Internet: how could we prepare for cyber warfare with this kind of MP??
Although only China, Russia and the USA positions are tackled, I think Europe has even greater problems than the US. The picture given by the book may be grim, but at least it clearly states the challenges we have to face now. I think it is also a corner stone for developing our (meaning your country’s) cyber doctrine. So if you think that Google versus China is not something to be worried about, read it, and if you know that is a symptom of a dangerous disease, read it also.
Here is an interview of Jeffrey Carr that I found also interesting.