Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld

Cyber warefare is real. With all the news articles about China hacking into American companies, India breaking into the US Government, Wikileaks, data breaches, cyber-attacks, Pentagon elevation that cyber-attacks could be regarded as an act of war, etc., I thought I had better educate myself and make the leap from identity theft protector to cyber warrior.

For me, the best way to educate myself on critical events in my industry is to start reading some of the latest books on the market. “Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners” by Jason Andress and Steve Winterfeld is one such book that I  am studying. It promises that “the concepts discussed in this book will give those involved in information security at all levels  a better idea of how cyber conflicts are carried out now, how they will change in the future and how to detect and defend against espionage, hacktivism, insider threats and non-state actors like organized criminals and terrorists”.

Even though I am very much a online security professional, I wanted to approach this topic from a layman’s perspective and help develop some strategies that even the small business owner or individual can easily understand and deploy to protect their data.

I will be doing a series of posts that highlights some lessons and thoughts I learned in each of the different chapters of this book and bring out some key points the authors are making. I will not be doing a Cliff Notes version of the book but rather give enough insight to encourage you to also want to read the book and learn how to protect your online presence.

In the Foreword a shocking statement caught my eye that scared the holy pajesus out of me. It needs to be the default text message whenever you start up any computer.

“Identity theft is so commonplace it is no longer [considered] newsworthy. There is just so much stolen data, [that] the criminals have not yet figured out how to use it all. But they will.” – Stephen Northcutt, President, The SANS Technology Institute.

Chapter 1: What is Cyber Warfare?

Being that the title of the book is Cyber Warfare, it would seem that a standard, acceptable definition would be offered. However, that is not the case. It seems that trying to come up with a definition for Cyber Warfare is more difficult than imagined because there are no recognized definitions for “cyberspace” or “warfare”. This conundrum makes me want to paraphrase Supreme Court Justice Potter Stewart’s original quote on pornography and adjust it for this topic: “I may not know how to define Cyber Warfare; and perhaps I never will, but I know it when I see it.”

How I see it, “Cyberspace” is the theater of computer instructions (code) and information (data). “Warfare” is the strategies and tactics of one side using all available resources to achieve power and financial wealth while the other side uses all their available resources to protect their existing power and financial wealth. Cyber warfare is the control of both code and data to achieve/defend power and financial wealth.

The authors presented a very informative strategy and power comparison section between physical versus virtual fronts and how they relate to the Principles of War, the DIME factors and the types of national power. The conclusion I drew was that century old strategies still need to be kept in place; the weapons themselves will not be “Weapons of Mass Destruction”, but rather “Weapons of Mass Disruption” to the civilian population, and that safeguards could morph into monitor and control.

Presidents Bush and Obama both announced initiatives, directives, reports and czars. However, very little headway has been made, especially when the evening news reports another government agency hacked using malware infused emails, the release of confidential documents, the hacking of government smartcards, security protocols released and so on.  And while there may not be an actual Declaration of Cyber War there certainly been enough probes, skirmishes and terrorists activities to elevate a cyber DEFCON level to 3.

This first chapter set up some good ground rules and understanding of the political problems from first defining cyber warfare to managing it. It also raised questions in my mind on whether a cyber-attack on the private versus public sectors can also constitute as an act of war. How does one deal with Weapons of Mass Disruption when imposed by a government onto its own people?  If a citizen within a country attacks another country, how will both countries treat the incident? Is Cyber warfare the government’s excuse to implement a National ID? While these questions might be disturbing, I am excited to read this book and find out if these concerns are addressed.

Be sure to visit again to see what I learn.