Cyber war. The next threat to national security and what to do about it, by Richard Clarke and Robert Knake. (Harper Collins Publishers, 2010)
Let’s strike the word “war” from the title. It’s undoubtedly good for selling numbers, but also sounds like science fiction. If this puts off people it’s aimed at from reading this book, it would be a shame. This book poses threats and vulnerabilities from and to cyber space to decision makers, cyber security officers, law enforcers, military, governments, industry and finally the public at large. What Clarke does, is give everyone a choice: do you want to be more cyber secure or run the risk of being vulnerable? He boots it with a possible plan to go.
Imagine Holland grinding to a halt
As a joke I always tell people to imagine all the bridges in the Netherlands (we have a lot of water(ways) so a lot of bridges) to simultaneously open without warning. Cars would drive into the water and each other, trains may derail and dive head first, destroying the bridge along the way, blocking water ways for ships, the roads for cars and killing thousands. All this from a cleverly installed piece of software, that also happens to make closing the bridges through the network impossible. Could this happen? If I can imagine it, I’d say most likely.
Hacks and espionage
Cyber war gives many of these examples and a few that actually have happened or are installed, so in place, to happen. All the cyber espionage and hacking into government and commercial sites reported on in the news papers (and this blog) recently prove this. The discussion whether a major cyber incident will ever happen or not, to me is moot. It could happen, so who wants to run the risk of it ever happening if one could prevent it?
If Clarke tries to teach us something it is that governments together with industry need to move. He does this convincingly and in great detail. At the same time it is the pitfall of this book also. He seems over eager, drives the points home too hard, almost begging for those responsible to do something. This stands him at risk of being dismissed as a zealot. Well, in my opinion it would be a risk to do so.
The threats are very real
The threats are out there and are very real as a lot of people notice to their disadvantage every day, after being phished, when they find malware on their computer, when a company is hacked or ddossed and asked for some protection money, security spent by companies’ abuse desks and CSIRTs, etc.
A compromised computer is a potential offensive weapon in the hands of …. Well, of whom really? A government? A kid in his parents attic, playing with software programs? Terrorists who found the exploit in critical infrastructure put there by someone else? ???
Potential offensive weapons
I repeat it for emphases: a compromised computer is a potential offensive weapon. What is the standard response to offensive weapons within a country that are not in the hands of its own military? Does a government send the local constable to look into it? This is what happens, if it happens at all, where bots are concerned. The local ISP is expected to clean its customers’ computers.
Possible steps forward
Cyber war is a courageous book. It tells the story that most people do not want to hear. It’s difficult, it’s cyber, it’s cross border, it’s owned by others. Everything government’s are not very well equipped to deal with. The book also gives a very comprehensive overview of steps governments and industry can take to protect themselves better. Some are achievable, some will be very hard going and tough negotiating. It is clear that those in office, whether public or private, face some tough choices. But we can always wait closing the well till after the calf drowned, can’t we? The choice is yours, but after this book no one can say, I didn’t know.
Wout de Natris, De Natris Consult
Leiderdorp, 12 March 2011