Author: Jeffrey Carr
Publisher: O'Reilly, 2010
Aimed at: General readers
Pros: Interesting insights and discussion
Cons: A lot of padding and management-speak
Reviewed by: Alex Armstrong
Cyber Warfare - it sounds intriguing and serious at the same time. The big problem with reviewing any book on the subject is that the author can claim anything is true and unless the reviewer is an undercover expert there is no way of knowing if it is correct or just speculation. I'm not an expert in the subject and I suspect there are few who are - and they probably don't talk about it much let alone review books. In this issue credibility is all and all I can say is that this book reads like a credible account of cyber warfare.
The premise is that nations, groups and individuals make use of the Internet as a way of attacking political opponents. They target propaganda web sites and departmental sites. They either disrupt the functioning of the sites with denial of service DOS attacks or attempt to hijack the site an replace the content with their own propaganda.
The book is an interesting introduction to the topic and it contains lots of details about incidents that you might have heard about on the news media. There isn't much in the way of technical information provided, but if you already know about the technology the details are fairly easy to fill in. Most of the time the exploits are very crude: simple co-operation between like-minded people to co-ordinate a DOS attack on a site; or using known vulnerabilities to attack unpatched sites using standard tools. What is more of an eye opener is that we tend to think of security as being about stopping data theft or basic criminal activity, not politically motivated hacking. From the practitioner's point of view this doesn't really open up any new lines of attack what it does is to make sites that would otherwise seem not worth worrying about into prime targets for political protest. It widens the scope of the security threat.
The big problem with the book is that it reads like a collection of essays. There is a lot of repetition and it's not an easy read. Chapter 1 begins by assessing the problem. Chapter 2 deals with the rise of the non-state hacker and it details a few reasonably well known example - the StopGeorgia campaign, the Gaza attack on Israel and so on. Chapter 3 is on the legal status of cyber warfare, which for most technically-minded readers will be only of passing interest, as is Chapter 4 on responding to international cyber attacks - law, politics and management waffle.
From here the book becomes more interesting to the general reader with coverage of the role of intelligence, non-state hackers and the social web and the task of hiding what is going on in the plain sight of the web. Chapter 8 deals with organised crime, which isn't quite on topic but there is a murky mixture of motives here.
From this point the book runs out of steam, moving back to politics and management. Chapter 11 is about the role of cyber in military doctrine, Chapter 12 on early warning systems and Chapter 13 is advice for policy makers.
This is a very thin book and I have to admit that I skipped a lot of the material that was simply about policy, law or management. Other readers may find it all fascinating, but if you are interested in the technical and general nature of the threat my guess is that you will skim read them as well.
Even so, from a non-specialist's point of view, I have to say that there were large chunks of the book that were interesting and informative but an extended article on the subject would have achieved just as much. If you want to read the book simply for fun then be warned there is a lot of fairly tedious content padding out the interesting bits.
Recommended but with big caution signs...