Inside Cyber Warfare [Englisch] [Taschenbuch]

I bought this book trying to further my understanding of Cyber Warfare and how it has become integral force multiplier/enabler in today's digital battlefield. Unfortunately, I quickly realized that this book was basically a regurgitation of what is available on the Internet with a little "googling". The book itself is tiresome to read and feels like you are just trying to weed through so much "chaff" as you attempt to find something compelling to take away. Granted, I think if you have done no initial reading on the subject and it is totally new to you- this book may be a good primer. Seriously though, if you are a student that wants to gain a better understanding of how cyberspace plays a role in a geo-political strategic context- this is not the book for you. If Jeffrey Carr is an expert in Cyber Warfare- he needs to way up the ante on another book and make it more than just a conglomeration of articles that are pretty much freely available on the Internet.

At the time of this writing, one of the biggest stories in the media is that Google and several other large technology companies were attacked by Chinese hackers. Although this seems to have caught almost everyone by surprise, it's no surprise to those of us in the trenches, responding to these types of incidents every day. "Inside Cyber Warfare: Mapping the Cyber Underworld" is by far the best available guide to this highly sophisticated threatscape.

The book's author is Jeffrey Carr, author of the well-known IntelFusion blog ([...]) and founder of Project Grey Goose, both of which provide high quality intelligence analyses on a number of cyberwar-related topics. The book reviews, organizes and expands upon many issues already covered on his blog, but does so in a way that actually adds value. This isn't a retread of old postings; it's an entirely new creation.

I used the term "intelligence analysis", and that's really what this book is: one big dossier on the means, motives, opportunities and identities of some of the major players in the cyber warfare arena. Specifically, this book's focus is on nation-states with known cyberwar capabilities, such as China, Russia and the United States. However, there is also some limited coverage both of other countries (e.g., North Korea) and other actors, such as organized crime.

The first couple of chapters begin by providing some basic background on cyberwar, defining terms, citing recent examples (such as the Russian attacks on Georgian websites in 2008) and discussing the transition from direct action by states to state-sponsored third party actors. This last concept is perhaps the most critical one in the entire book: states rarely do their own dirty work anymore. They tend to work through third parties, which is much less risky because it offers them plausible deniability. This is a major feature of today's cyberwar, and the book does an excellent job explaining why this happens and what the ramifications are for the victims of these attacks. This is a critical theme that carries through much of the rest of the book.

Chapters 3 and 4 focus more on the legalities of cyber warfare, definitions and relevant treaties. In fact, Chapter 4 (Responding to International Cyber Attacks as Acts of War) is one of the standout sections of the book. Written by guest author Lt. Cdr. Matthew Sklerov, USN, this chapter draws on numerous examples of case law and legal opinions to make a compelling case that the best defense against a cyberwar is to actively identify the aggressor and to attack them right back. Readers conditioned to think of legal arguments as dry and boring are in for a real treat, as this is quite a fascinating read.

The next several chapters establish a framework for performing intelligence investigations into the sources and motives behind cyber attacks, then explore several fruitful mechanisms for performing this research, such as by performing reconnaissance on relevant hacker forums, building social network graphs and the ever-popular "follow the money" approach. In doing so, Carr often shows how these mechanisms are really double-edged swords, providing as much or more benefit to the adversary as to the investigator. You can find some of this material elsewhere (Hacking: The Next Generation (Animal Guide) has quite a lot to say about social networks, for example), but in context with the rest of the book, these chapters still work quite well.

Finally, the last few chapters explore the role of cyberwar at the national level. Carr discusses and gives examples of relevant military doctrine from Russia, China and the US, showing how each nation views the key questions from different perspectives. Chapter 13 (Advice for Policy Makers from the Field) is particularly interesting, as three prominent experts each tackle one controversial cyberwar issue and give advice directly to policy makers, using this book as a sort of open letter.

"Inside Cyber Warfare: Mapping the Cyber Underworld" is the best book I've seen for those of us charged with defending against the highest-end threats to information security. It provides a comprehensive intelligence briefing on actors, capabilities, motivations and possible responses to acts of cyberwar. I highly recommend this for government, military and corporate readers who are responsible for either securing their own networks or for setting security policy. The threat is real, and these groups are active. Inside Cyber Warfare is the guide you need to help you understand the context in which your organization operates on the modern battlefield.

I found this book to be very disappointing in many regards. I expect a certain degree of quality in O'Reilly books and this one did not meet it. It's a thin book, and although there is some interesting content, enough to pass a couple of hours of late-night reading, the level of writing is about that of a mediocre Wikipedia article. The style is more appropriate for a blog or uneven journalistic account than a published book. Typos, very obvious ones, abounded throughout the text. The price is exorbitant for such a shallow pass at the subject.

I did not find it to be an intellectually stimulating work, and its best value was in directing me to other resources referenced by the work.

My guess is that the publisher wanted to capitalize off a cool subject, but this fails to attack the subject in any significant way.