Review: Cybersecurity and Cyberwar: What Everyone Needs to Know. By P.W. Singer and Allan Friedman. Oxford University Press; 1 edition (January 3, 2014) U$ 15.37 (paperback, amazon.com)
New communication technologies erode hierarchies, collapse time and distance, and empower networks. That will have a massive impact on international relations, and cybersecurity will be a key element of foreign policy making in the coming decades. Issues that define cybersecurity today — such as incident response, the problem of attribution, overlapping investigative and legal authorities, public-private partnerships, and the necessity of international cooperation — are much-discussed in Foreign Ministries across the world.
Indeed, few topics matter more for international affairs today than cybersecurity, and we can safely assume that its importance will grow by the day, as Russian interference in last year’s US presidential elections, the NSA affair, WikiLeaks and so on attest. Anyone starting their PhD in international relations these days should consider focusing on the topic, for those knowledgeable on the subject are scarce and in high demand — in government, the private sector, and academia.
Policy makers are faced with unprecedented questions in the realm of cybersecurity on a constant basis. What kind of cyberattack constitutes an act of war? Can the US government force Facebook to hand over conversation between two terrorist suspects? What should global internet governance look like? Does cyber deterrence work?
All that occurs in a context that is obvious but often overlooked: Virtually all key decision-makers today are so-called “digital immigrants” (as opposed to “digital natives” who grew up with computers), and many policy makers have very little understanding of the digital world. The United States 45th President, for example, does not use a computer. Until very recently, only one US Supreme Court Justice used e-mail. The consequences are severe: between 2002 and 2014, no substantive cybersecurity legislation was passed in the United States. The lack of even the most basic security precautions taken by the Democratic National Committee, which made hacking e-mail accounts very simple, shows that even top decision makers in the United States are woefully unprepared for the new challenges in the realm of cybersecurity. The German defense ministry has just stepped up its electronic warfare capabilities with the creation of a new 13,500-strong cyber unit, to be operational in 2017, as fears grow that Russia will seek to influence the German elections.
Most countries struggle to adapt. Recently, an excel file containing several passwords to the Brazilian government’s social media accounts was accidentally posted online. Rather than using encryption software that automatically changes the password on a daily basis, the President’s Facebook account’s password was ”planaltodotemer2016″, accompanied by the note “NEVER CHANGE THIS PASSWORD”, thus violating even the most basic safety rules.
While all this used to matter mostly for communications, the cyber realm is now intimately integrated with modern societies’ critical infrastructure, ranging from agriculture and food distribution to banking, health care, transportation, water, and power. An attack on these systems could have devastating effect and lead to a collapse potentially worse than after a conventional military attack.
Discussing these issues in an accessible way, P.W. Singer and Allan Friedman have written an ideal introductory guide that provides non-specialists with a general understanding of the most pressing issues in the cyber realm. Experts will squirm at the mere thought of compressing so many complex issues into a mere 320 pages, which forces the authors to discuss things like WikiLeaks in a few pages. And yet, going into more detail would make the topic too dense for most readers. Even Singer’s and Friedman’s feels at times a bit technical, but they do a great job of making it as easily digestible as possible. The book focuses on issues such as hactivism (which includes the Anonymous network), “patriotic hackers” (which gained notoriety after Russian hackers attacked Estonian government servers), and Stuxnet, an US virus that destroyed Iranian military installations, thus delaying Tehran’s efforts to enrich uranium. The authors describe Stuxnet as a ‘game changer’ in cyberwar since it was designed to cause physical damage. It infected not just targets in Iran but thousands of computers across the world that had nothing to do with Iran or nuclear research (even though these computers remained unharmed). Many lawyers see this facet of cyber weapons as proof of their inherent violation of “prevailing codes of international laws of conflict, as they go beyond just the original target and deliberately target civilian personnel and infrastructure.” Above all, however it may have opened a Pandora’s box, as several governments around the world are likely to be working on similar viruses.
What is striking about Cybersecurity and Cyberwar is that the number of countries that appear in the authors’ case studies and examples is relatively small. Russia, China, Israel, Iran and the United States play an important role, while entire regions (such as Latin America and Africa) do not appear at all. That is bound to change soon. Brazil and Nigeria, for example, have extremely high indices of online fraud and are seeking to enhance their capabilities in the cyber realm. Still, the cybersecurity will probably matter most for US-Russian and Sino-US relations in the coming years. The NSA and China’s PLA are today perhaps the most sophisticated institutions whose experts are bound to clash as Donald Trump seeks to rekindle the bilateral relationship. Just as many US military cyber facilities are cooperating with the NSA and civilian research programs, the PLA also draws from the wider cyber expertise resident in its eight-million-strong people’s militia, supplementing official forces with a “patriotic hacker” program.
The book’s final pages are particularly interesting for International Relations scholars, explaining why threat assessment in cyberspace is so difficult, whether cyberwar capabilities helps diffuse or equalize power, what a cyber arms race may look like, and which role international institutions can play in promoting rules and norms in cyberspace. The book also contains helpful guidance regarding what the authors believe are the key trends that will shape the debate in the coming years — cloud computing, big data, the mobile revolution, de-Westernization and the ‘internet of things’. All in all, this makes Cybersecurity and Cyberwar: What Everyone Needs to Know an ideal place to start studying this fascinating topic.
Read also:
Book review: “The future of Power” by Joseph Nye Jr.
What Brazil Can Learn From the Terrorist Threat to the Rio Olympics
Can Brazil assume leadership in the debate about internet governance?