What do you think?
Rate this book
Cyber Warfare, Techniques, Tatics and Tools for Security Practitioners
"Cyber Warfare" explores the battlefields, participants and the tools and techniques used during today's digital conflicts. The concepts discussed in this book will give those involved in information security at all levels a better idea of how cyber conflicts are carried out now, how they will change in the future and how to detect and defend against espionage, hacktivism, insider threats and non-state actors like organized criminals and terrorists. Every one of our systems is under attack from multiple vectors-our defenses must be ready all the time and our alert systems must detect the threats every time.
Provides concrete examples and real-world guidance on how to identify and defend your network against malicious attacks
Dives deeply into relevant technical and factual information from an insider's point of view
Details the ethics, laws and consequences of cyber war and how computer criminal law may change as a result
289 pages, Paperback
First published June 1, 2011
13 people are currently reading
153 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
April 5, 2015
Book Review at my Terebrate Blog http://bit.ly/V8ozIg
Executive Summary:
“Cyber Warfare: Techniques, Tactics and Tools for the Security Practitioners” is a consolidation of the current thinking around the topic of cyber warfare; not the way you hear about in the media where everything is a war of some kind (War on drugs, War on Terrorism, etc) but a discussion about what it means to conduct warfare via cyberspace. This is a tough topic because there are so many opinions about what Cyber Warfare is that you could literally spend an entire book just covering the definitions. The authors deftly avoid that trap and manage to provide a coherent line of thinking around Computer Network Operations even when these kinds of activities bump up against other cyber space dangers like Cyber Crime, Cyber Hactavism, Cyber Espionage and Cyber Terrorism. This is a primer; a one stop shop to get you up to speed on the topic if you are new to it or a refresher even if you have been enmeshed in it for years.
Full Disclosure: One of the authors, Steve Winterfeld, used to work for me when he and I were both in the US Army wrestling with all of these ideas right after 9/11. I ran the Army Computer Emergency Response Team (ACERT) and Steve ran the Army’s Southern Regional CERT (RCERT South). He and I have been friends ever since and he even quoted me in one of the back chapters.
Note: I published this review on Slashdot back in 2011, but since I am working my way through a slate of books about cyber warfare, I thought it would be appropriate to include it here also.
Review:
The authors, Steve Winterfield and Jason Andress, cover everything you will want to consider when thinking about how to use cyberspace to conduct warfare operations. Although the content has been around for a while, it is striking how little the main concepts have changed in the past decade. In a world where new innovations completely alter the popular culture every eighteen months, the idea that Cyber Warfare’s operational principals remain static year after year is counter-intuitive. After reading through the various issues within though, you begin to understand the glacial pace. These difficult concepts spawn intractable problems and the authors do a good job of explaining them.
I do have a slight issue with the subtitle though: “Techniques, Tactics and Tools for the Security Practitioners.” The way I read this book, the general purpose Security Practitioner will not find this book very useful except as background information. Aside from the chapters on Logical Weapons, Social Networking and Computer Network Defense, most of the material has to do with how a nation state, mostly the US, prepares to fight in cyber space. There is overlap for the general purpose security practitioner, but this material is covered in more detail in other books.
The book is illustrated. Some of the graphics are right out of military manuals and have that PowerPoint Ranger [1] look about them. Some are screenshots of the various tools presented. Others are pictures of different equipment. One graphic stood out for me in the Cyberspace Challenges chapter (14). The graphic in question is a neat Venn Diagram that encapsulates all of the Cyber Warfare issues mentioned in the book, categorizes the complexity of each issue and shows where they overlap in terms of Policy, Processes, Organization, Tech, People and Skills. My only ding on the diagram is that in the same chapter, the authors discuss how much each issue might cost to overcome. It would have been very easy to represent that information on the Venn diagram and make it more complete.
One last observation about the graphics that I really liked is the author’s use of “Tip” and “Note” boxes throughout the book. Scattered throughout the chapters are grayed-out text boxes that talk about some technology or procedure that is related to the chapter information but not directly. For example, in the Social Engineering chapter (7), the authors placed a “Note” describing the various Phishing forms. You do not need the information to understand the chapter but having it nearby provides the reader with a nice example to solidify the main arguments. The book is full of these examples.
The first three chapters are my favorites. Winterfield and Andress do a good job of wrapping their heads around entangled concepts like the definition of cyber warfare, the look of a cyber battle space and the current doctrine’s ideas about cyber warfare from the perspective of various nations. It is fascinating. They frustratingly never define what cyber warfare is. Unlike Clarke and Knake in “Cyber Warfare: The Next Threat to National Security and What to Do about It [2],” where the authors give a straight forward definition,
“[T]he term “cyber war” … refers to actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”
Winterfeld and Andress describe the plethora of definitions around the community and decide that one more would just confuse the matter.
In the middle of the book, the authors take on the task of describing the Computer Network Operations (CNO) Spectrum; a spectrum that ranges from the very passive form of Computer Network Defense (CND) through the more active forms of Computer Network Exploitation (CNE) and Computer Network Attack (CNA). It is indeed a spectrum too because the delineation between where CND, CNE and CNA start and stop is not always clean and precise. There is overlap. And somewhere along that same spectrum is where law enforcement organizations and counter-intelligence groups operate. You can get lost fairly quickly without a guide and the authors provide that function admirably. The only thing missing from these chapters is a nice diagram that encapsulates the concept.
Along the way the reader gets a nice primer on the legal issues surrounding Cyber Warfare, the ethics that apply, what it takes to be a cyber warrior and a small glimpse over the horizon about what the future of Cyber Warfare might bring. In the end, Winterfield and Andress get high marks for encapsulating this complex material into an easy-to-understand manual; a foundational document that most military cyber warriors should have at their fingertips and a book that should reside on the shelf of anybody interested in the topic.
Sources:
[1] “Book Review: ‘Cyber Warfare: The Next Threat to National Security and What to Do about It (2010)’ by Richard Clarke and Robert Knake,” by Rick Howard, Terebrate, 21 Jan 2013, Last Visited 26 January 2013
http://terebrate.blogspot.com/2013/01...
[2] “What is a Powerpoint Ranger,” by POWERPOINTRANGER, Last Visited: 26 January 2013
http://www.powerpointranger.com/ppran...
Executive Summary:
“Cyber Warfare: Techniques, Tactics and Tools for the Security Practitioners” is a consolidation of the current thinking around the topic of cyber warfare; not the way you hear about in the media where everything is a war of some kind (War on drugs, War on Terrorism, etc) but a discussion about what it means to conduct warfare via cyberspace. This is a tough topic because there are so many opinions about what Cyber Warfare is that you could literally spend an entire book just covering the definitions. The authors deftly avoid that trap and manage to provide a coherent line of thinking around Computer Network Operations even when these kinds of activities bump up against other cyber space dangers like Cyber Crime, Cyber Hactavism, Cyber Espionage and Cyber Terrorism. This is a primer; a one stop shop to get you up to speed on the topic if you are new to it or a refresher even if you have been enmeshed in it for years.
Full Disclosure: One of the authors, Steve Winterfeld, used to work for me when he and I were both in the US Army wrestling with all of these ideas right after 9/11. I ran the Army Computer Emergency Response Team (ACERT) and Steve ran the Army’s Southern Regional CERT (RCERT South). He and I have been friends ever since and he even quoted me in one of the back chapters.
Note: I published this review on Slashdot back in 2011, but since I am working my way through a slate of books about cyber warfare, I thought it would be appropriate to include it here also.
Review:
The authors, Steve Winterfield and Jason Andress, cover everything you will want to consider when thinking about how to use cyberspace to conduct warfare operations. Although the content has been around for a while, it is striking how little the main concepts have changed in the past decade. In a world where new innovations completely alter the popular culture every eighteen months, the idea that Cyber Warfare’s operational principals remain static year after year is counter-intuitive. After reading through the various issues within though, you begin to understand the glacial pace. These difficult concepts spawn intractable problems and the authors do a good job of explaining them.
I do have a slight issue with the subtitle though: “Techniques, Tactics and Tools for the Security Practitioners.” The way I read this book, the general purpose Security Practitioner will not find this book very useful except as background information. Aside from the chapters on Logical Weapons, Social Networking and Computer Network Defense, most of the material has to do with how a nation state, mostly the US, prepares to fight in cyber space. There is overlap for the general purpose security practitioner, but this material is covered in more detail in other books.
The book is illustrated. Some of the graphics are right out of military manuals and have that PowerPoint Ranger [1] look about them. Some are screenshots of the various tools presented. Others are pictures of different equipment. One graphic stood out for me in the Cyberspace Challenges chapter (14). The graphic in question is a neat Venn Diagram that encapsulates all of the Cyber Warfare issues mentioned in the book, categorizes the complexity of each issue and shows where they overlap in terms of Policy, Processes, Organization, Tech, People and Skills. My only ding on the diagram is that in the same chapter, the authors discuss how much each issue might cost to overcome. It would have been very easy to represent that information on the Venn diagram and make it more complete.
One last observation about the graphics that I really liked is the author’s use of “Tip” and “Note” boxes throughout the book. Scattered throughout the chapters are grayed-out text boxes that talk about some technology or procedure that is related to the chapter information but not directly. For example, in the Social Engineering chapter (7), the authors placed a “Note” describing the various Phishing forms. You do not need the information to understand the chapter but having it nearby provides the reader with a nice example to solidify the main arguments. The book is full of these examples.
The first three chapters are my favorites. Winterfield and Andress do a good job of wrapping their heads around entangled concepts like the definition of cyber warfare, the look of a cyber battle space and the current doctrine’s ideas about cyber warfare from the perspective of various nations. It is fascinating. They frustratingly never define what cyber warfare is. Unlike Clarke and Knake in “Cyber Warfare: The Next Threat to National Security and What to Do about It [2],” where the authors give a straight forward definition,
“[T]he term “cyber war” … refers to actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”
Winterfeld and Andress describe the plethora of definitions around the community and decide that one more would just confuse the matter.
In the middle of the book, the authors take on the task of describing the Computer Network Operations (CNO) Spectrum; a spectrum that ranges from the very passive form of Computer Network Defense (CND) through the more active forms of Computer Network Exploitation (CNE) and Computer Network Attack (CNA). It is indeed a spectrum too because the delineation between where CND, CNE and CNA start and stop is not always clean and precise. There is overlap. And somewhere along that same spectrum is where law enforcement organizations and counter-intelligence groups operate. You can get lost fairly quickly without a guide and the authors provide that function admirably. The only thing missing from these chapters is a nice diagram that encapsulates the concept.
Along the way the reader gets a nice primer on the legal issues surrounding Cyber Warfare, the ethics that apply, what it takes to be a cyber warrior and a small glimpse over the horizon about what the future of Cyber Warfare might bring. In the end, Winterfield and Andress get high marks for encapsulating this complex material into an easy-to-understand manual; a foundational document that most military cyber warriors should have at their fingertips and a book that should reside on the shelf of anybody interested in the topic.
Sources:
[1] “Book Review: ‘Cyber Warfare: The Next Threat to National Security and What to Do about It (2010)’ by Richard Clarke and Robert Knake,” by Rick Howard, Terebrate, 21 Jan 2013, Last Visited 26 January 2013
http://terebrate.blogspot.com/2013/01...
[2] “What is a Powerpoint Ranger,” by POWERPOINTRANGER, Last Visited: 26 January 2013
http://www.powerpointranger.com/ppran...
January 30, 2014
Dear past self, this book is poorly written, inaccurate and a waste of reading time, go read "Cyber War Will Not Take Place" by Thomas Rid instead.
The authors appear to have some knowledge of pen-testing tools but beyond their area of expertise they paraphrase what others have said while injecting their own mistakes. Many military writers don't seem to understand, or to have actually read Clausewitz, so I'm willing overlook their misuse of his ideas but confusing "the World Wide Web" with "the Internet", as the authors do in this book, is not acceptable.
'Introduction to Cyber-Warfare' contains many grammatical, logical and factual errors. It reads like a self published book, perhaps the copy-editors at Syngress Press were all sick the week this was published.
Beyond pseudo-military posturing (1980's Cinema called and they want their Cyber-Warriors back*), 'Cyber-warfare' fails to examine its subject matter.
* Yes I know this is a real term used by some folks in the Pentagon. Please don't encourage them.
The authors appear to have some knowledge of pen-testing tools but beyond their area of expertise they paraphrase what others have said while injecting their own mistakes. Many military writers don't seem to understand, or to have actually read Clausewitz, so I'm willing overlook their misuse of his ideas but confusing "the World Wide Web" with "the Internet", as the authors do in this book, is not acceptable.
'Introduction to Cyber-Warfare' contains many grammatical, logical and factual errors. It reads like a self published book, perhaps the copy-editors at Syngress Press were all sick the week this was published.
Beyond pseudo-military posturing (1980's Cinema called and they want their Cyber-Warriors back*), 'Cyber-warfare' fails to examine its subject matter.
* Yes I know this is a real term used by some folks in the Pentagon. Please don't encourage them.
Displaying 1 - 2 of 2 reviews