What do you think?
Rate this book
Cybersecurity and Cyberwar: What Everyone Needs to Know
A generation ago, "cyberspace" was just a term from science fiction, used to describe the nascent network of computers linking a few university labs. Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. And the cybersecurity issues that result challenge literally politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyberwars; business executives defending firms from once unimaginable threats, and looking to make money off of them; lawyers and ethicists building new frameworks for right and wrong. Most of all, cybersecurity issues affect us as individuals. We face new questions in everything from our rights and responsibilities as citizens of both the online and real world to simply how to protect ourselves and our families from a new type of danger. And yet, there is perhaps no issue that has grown so
important, so quickly, and that touches so many, that remains so poorly understood.
In Cybersecurity and What Everyone Needs to Know® , New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its how it all works, why it all matters, and what can we do? Along the way, they take readers on a tour of the important (and entertaining) issues and characters of cybersecurity, from the "Anonymous" hacker group and the Stuxnet computer virus to the new cyber units of the Chinese and U.S. militaries. Cybersecurity and What Everyone Needs to Know® is the definitive account on the subject for us all, which comes not a moment too soon.
What Everyone Needs to Know® is a registered trademark of Oxford University Press.
important, so quickly, and that touches so many, that remains so poorly understood.
In Cybersecurity and What Everyone Needs to Know® , New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its how it all works, why it all matters, and what can we do? Along the way, they take readers on a tour of the important (and entertaining) issues and characters of cybersecurity, from the "Anonymous" hacker group and the Stuxnet computer virus to the new cyber units of the Chinese and U.S. militaries. Cybersecurity and What Everyone Needs to Know® is the definitive account on the subject for us all, which comes not a moment too soon.
What Everyone Needs to Know® is a registered trademark of Oxford University Press.
320 pages, Paperback
First published January 1, 2013
342 people are currently reading
2331 people want to read
About the author
P.W. Singer
15 books646 followersPeter Warren Singer is Strategist and Senior Fellow at the New America Foundation. He previously was Director of the Center for 21st Century Security and Intelligence at the Brookings Institution and the youngest scholar named Senior Fellow in Brookings's 101-year history. Described in the Wall Street Journal as “the premier futurist in the national- security environment," has been named by the Smithsonian as one of the nation’s 100 leading innovators, by Defense News as one of the 100 most influential people in defense issues, by Foreign Policy to their Top 100 Global Thinkers List, and as an official “Mad Scientist” for the U.S. Army’s Training and Doctrine Command. He has consulted for the US Military, Defense Intelligence Agency, and FBI, as well as advised a range of entertainment programs, including for Warner Brothers, Dreamworks, Universal, HBO, Discovery, History Channel, and the video game series Call of Duty, the best-selling entertainment project in history. Peter’s award winning books have been endorsed by people who range from the Chairman of the Joint Chiefs to the co-inventor of the Internet to the writer of HBO Game of Thrones.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 123 reviews
August 1, 2019
Singer and Friedman argue that cyber knowledge needs to be a requirement in schools. All the kids are now in cyberspace yet there is little formal education about the insecurity of simple passwords, the importance of OS updates, and problems inherent in social networking as a mechanism to reveal personal information. Most common password="password" and the 2nd most common is "123456". Common words are easily hack-able. One high level executive told his IT people he only wanted a one letter password, that he was too busy to be bothered to type in a long one. By the end of the day he had labelled himself to everyone in the corporation as a really stupid person and one who didn't care about security.
With complexity comes vulnerability. BMW had designed a high tech car and when authorities in Paris couldn't figure out why only a certain new model of BMW was being stolen they reviewed CCTV cameras and discovered how the thieves could hack into the car's software, unlock the doors, reprogram a blank key and just drive off, all in the pace of five minutes. Terrorists use social networking to get their word out and often with the unwilling connivance of the West. One terrorist cell was using a web hosting company located in Texas to promote their campaign. The hosting company had sixteen million web pages, had not seen the offending pages, and did nothing until someone happened to point out to them what they were doing.
Humans are often the weak link in the chain. In a famous "candy drop" attack, malevolent actors left flash drives around a military base. Sure enough, a soldier picked one up and inserted it in his machine to see what was on it. It took the Army 14 months to clean up the damage to all its machines. People will often just give out their passwords to official sounding individuals who may or may not be really who they say they are. In another example, some soldiers in Iraq took pictures inside their helicopters and posted them to a picture website. There was nothing classified in the pictures but each picture contained locational information in the meta-data and terrorist were able to destroy the helicopters in a mortar attack by knowing their exact location. Emails, pictures, virtually everything that moves on the Internet has meta-data attached to it and just a routine search of social sites can reveal all sorts of information about people they would rather not have known
Just defining what is or is not an attack can be problematic. The authors identify several types. What the response should be may depend on the severity or the result. Often even experts can't agree on what constitutes an attack. How about denial of service attacks. If it simply interferes with gamers ability to finish a game it's not as serious as preventing banks from interacting with their customers or delivering a utility. Is stealing someone's identity in a confidentiality attack just as serious as stealing the plans of a new fighter jet? In one war game sponsored by the U.S. the opposition team changed the shipping labels on shipments intended for troops and they received toilet paper instead of ammunition and MREs.
NSA surveillance practices have caused tension throughout the world. In one instance, the Dutch, were about to refuse any access to cloud services in the Netherlands to U.S. companies. Some foreign countries have now begun to institutionalize the Internet as a basic human right. Authoritarian regimes, on the other hand, see internet freedom as a threat to their governments. Censorship is seen as a tool for stability. In Thailand it's against the law to defame the monarch; in Britain it's a hobby. Cultural differences abound. Internet governance is still up for grabs.
A really interesting book, aimed at the informed layperson. The problem with books of such currency is that they really lack timelessness because of the speed with which the technology changes so the reader has to assume the possibilities have advanced far beyond what the author has explained.
With complexity comes vulnerability. BMW had designed a high tech car and when authorities in Paris couldn't figure out why only a certain new model of BMW was being stolen they reviewed CCTV cameras and discovered how the thieves could hack into the car's software, unlock the doors, reprogram a blank key and just drive off, all in the pace of five minutes. Terrorists use social networking to get their word out and often with the unwilling connivance of the West. One terrorist cell was using a web hosting company located in Texas to promote their campaign. The hosting company had sixteen million web pages, had not seen the offending pages, and did nothing until someone happened to point out to them what they were doing.
Humans are often the weak link in the chain. In a famous "candy drop" attack, malevolent actors left flash drives around a military base. Sure enough, a soldier picked one up and inserted it in his machine to see what was on it. It took the Army 14 months to clean up the damage to all its machines. People will often just give out their passwords to official sounding individuals who may or may not be really who they say they are. In another example, some soldiers in Iraq took pictures inside their helicopters and posted them to a picture website. There was nothing classified in the pictures but each picture contained locational information in the meta-data and terrorist were able to destroy the helicopters in a mortar attack by knowing their exact location. Emails, pictures, virtually everything that moves on the Internet has meta-data attached to it and just a routine search of social sites can reveal all sorts of information about people they would rather not have known
Just defining what is or is not an attack can be problematic. The authors identify several types. What the response should be may depend on the severity or the result. Often even experts can't agree on what constitutes an attack. How about denial of service attacks. If it simply interferes with gamers ability to finish a game it's not as serious as preventing banks from interacting with their customers or delivering a utility. Is stealing someone's identity in a confidentiality attack just as serious as stealing the plans of a new fighter jet? In one war game sponsored by the U.S. the opposition team changed the shipping labels on shipments intended for troops and they received toilet paper instead of ammunition and MREs.
NSA surveillance practices have caused tension throughout the world. In one instance, the Dutch, were about to refuse any access to cloud services in the Netherlands to U.S. companies. Some foreign countries have now begun to institutionalize the Internet as a basic human right. Authoritarian regimes, on the other hand, see internet freedom as a threat to their governments. Censorship is seen as a tool for stability. In Thailand it's against the law to defame the monarch; in Britain it's a hobby. Cultural differences abound. Internet governance is still up for grabs.
A really interesting book, aimed at the informed layperson. The problem with books of such currency is that they really lack timelessness because of the speed with which the technology changes so the reader has to assume the possibilities have advanced far beyond what the author has explained.
March 26, 2018
WWI: War of the Chemists. WW2: War of physicists. WW3: War of the Mathematicians
Please note that I put the original German text at the end of this review. Just if you might be interested.
For the layman, and if one has never heard of passive and active IT security, state, private or even military computer networks appear bombproof, competently maintained and unassailable. At least it would be taken for granted in institutions that are essential for the functioning of economic cycles, infrastructure or defense mechanisms. You have to remember that programming software consists of tens of millions of lines of code.
This is converted into program code utilizing special programs from standard data input in the respective national language. And because human behavior always causes errors and leaves a lot of room for sloppiness, failures or security gaps in the case of 8 to 9-digit basic programming, the field of attack of potential digital invaders is infinitely broad and as unmanageable.
When one hears about passive and active IT security, the orthodoxy begins to erode quickly. Passive protection is the reactionary repair of security vulnerabilities after identifying the potential virus, worm, Trojan, or other digital malware and devising countermeasures. As soon as a modified or even entirely new malicious code comes into circulation, it can run or bypass almost all virus scanners, firewalls, and defense mechanisms until it is detected.
Active security would be much more efficient, more complex and almost impossible to enforce. This would require the search for anomalies in the data stream, preventive detection of previously unknown sources of danger and a general restructuring and reduction of the existing network infrastructure. This is impracticable due to exorbitant costs. It is alarming that the entire modern world depends on passive security systems.
Also, the attribution problem has it all. Since savvy and highly professional attacks one can never be sure who the attacker was because the tracing back is extremely difficult. It makes sense to lay false tracks and to instigate conflicts between two competitors through manipulation.
Cyberhype can be used in information operations to provoke insurrections, propaganda, agitation, demagogy, and deception. For this purpose, a group of information warriors uses new media with several thousand fake but very credible user profiles to influence the opinion. For example, in forums for newspapers, social media, help portals and websites. After gaining a certain reputation in all media, nothing stands in the way of the virulent spread of lies, fake videos and reports by official media and targeted scaremongering.
The economic operations, on the other hand, are aimed not at fomenting popular uprisings and social strife, but at weakening and manipulating the economies of other states. For example, irregularities on the stock exchanges, whose software is highly complex, networked and unmanageable, are not uncommon. The assumption suggests that it is possible to influence the development of entire economies by manipulating currencies, share prices and stock market indices in the per thousand range for years. Or just to weaken and harm.
Also in the military realm, a lot is in trouble, similar to the public relation and economic fields. With the difference that it concerns the control of war equipment and communication devices, which should be considered not insignificant in the case of a crisis.
Industrial plants, the entire state and economic infrastructure and the supply of the civilian population depend on digital silk threads. The only way to create a secure environment would be to dismantle, decentralize and decouple critical areas of networks. That's too expensive again. It would be much smaller amounts of data that can be transported and also the capabilities of appropriate software would be marginal compared to current programs.
One has to keep in mind what brilliant teenagers, individual perpetrators or small criminal groups have already achieved. And then divine the destructive potential of a creeping, militarily conceived assimilation by a financially inexhaustible intelligence service. Anti-cyber defense units in all countries shoot from the grossly neglected foundation of the global network structure. The official figures alone speak of hundreds of thousands of specialists in this sector, probably millions. In the area of espionage and infiltration, there is immense potential for indirect, passive damage to an opponent. As an armed conflict between two great powers, due to mutual economic dependency, MAD, etc., fortunately, has moved into the realm of the impossible.
No general or politician in world history would have ever come up with the idea of making himself dependent both on the functioning of technology and on building the entire communication infrastructure on an insecure primary construct. An unprecedented development. The most cautious states have long begun to decentralize the crucial posts and transform them into small, self-sufficient and independent areas. And to train armies of top informatics.
Whereby it is difficult to quantify what represents the more significant danger: A cyber war of humans against humans over programs. Or AIs, which at some point start to act by themselves.
WWI: Krieg der Chemiker. WW2: Krieg der Physiker. WW3: Krieg der Mathematiker
Für den Laien, und wenn man noch nie von passiver und aktiver IT-Sicherheit gehört hat, erscheinen staatliche, privatwirtschaftliche oder gar militärische Computernetze als bombensicher, kompetent gewartet und unangreifbar. Würde man bei für das Funktionieren von Wirtschaftskreisläufen, Infrastruktur oder Verteidigungsmechanismen essentiellen Einrichtungen zumindest als selbstverständlich erachten.
Dazu muss man sich vor Augen führen, dass die Programmierung von Software aus zig Millionen Zeilen Code besteht. Dieser wird mittels spezieller Programme aus normaler Dateneingabe in der jeweiligen Landessprache in Programmcode umgewandelt. Und da durch menschliche Einwirkung immer Fehler passieren und bei 8 bis 9stelliger Grundprogrammierung sehr viel Raum für Schlampereien, Fehler oder Sicherheitslücken offen bleibt, ist das Angriffsfeld potentieller digitaler Invasoren unendlich weit und ebenso unüberschaubar.
Wenn man dann von passiver und aktiver IT-Sicherheit hört, beginnt die Obrigkeitsgläubigkeit flugs zu erodieren. Passive Sicherheit ist die reaktionäre Nachbesserung von Sicherheitslücken, nachdem man den potentiellen Virus, Wurm, Trojaner oder sonstigen digitalen Schädling erkannt und Gegenmaßnahmen konzipiert hat. Sobald ein modifizierter oder gar komplett neuer Schadcode in Umlauf kommt, kann dieser bis zur Erkennung fast sämtliche Virenscanner, Firewalls und Abwehrmechanismen durchlaufen oder umgehen. Aktive Sicherheit wäre wesentlich effizienter, aufwendiger und fast unmöglich durchzusetzen. Dafür müsste die Suche nach Anomalien im Datenstrom, präventives Erkennen von bisher unbekannten Gefahrenquellen und eine generelle Umstrukturierung und Reduzierung der bisherigen Netzinfrastruktur erfolgen. Das ist aufgrund exorbitanter Kosten undurchführbar. Bedenklich, dass die gesamte moderne Welt an passiven Sicherheitssystemen hängt.
Auch das Attributionsproblem hat es in sich. Da man bei versierten und hochprofessionellen Attacken niemals sicher sein kann, wer wirklich der Angreifer war, gestaltet sich die Rückverfolgung als außerordentlich schwierig. Es bietet sich an, falsche Spuren zu legen und durch Manipulationen Konflikte zwischen 2 Konkurrenten anzuzetteln.
Der Cyberhype kann im Zuge von „Information Operations“ zum Provozieren von Aufständen, für Propaganda, Agitation, Demagogie und Täuschung eingesetzt werden. Dazu nutzt eine Gruppe von Infokriegern neue Medien mit mehreren Tausend gefälschten, aber sehr glaubwürdigen Nutzerprofilen zur gezielten Beeinflussung der Meinung. Etwa in Foren von Zeitungen, sozialen Medien, Hilfeportalen und Websiten. Nach Erlangung einer gewissen Reputation in allen Medien steht der virulenten Verbreitung von Lügen, gefälschten Videos und Berichten offizieller Medien und gezielter Panikmache nichts mehr im Weg.
Die „Economic Operations“ hingegen zielen nicht auf das Schüren von Volksaufständen und sozialen Unfrieden, sondern auf die Schwächung und Manipulation der Wirtschaft anderer Staaten. So sind Unregelmäßigkeiten an den Börsen, deren Software unwahrscheinlich komplex, vernetzt und unüberschaubar ist, keine Seltenheit. Die Vermutung liegt nahe, dass es möglich ist, durch Manipulationen von Währungen, Aktienkursen und Börsenindexen im Promillebereich über Jahre hinweg gezielt die Entwicklung ganzer Volkswirtschaften zu beeinflussen. Oder eben zu schwächen und zu schädigen.
Auch im militärischen Bereich liegt ähnlich wie im Public Relation- und Wirtschaftsareal einiges im Argen. Mit dem Unterschied, dass es um die Steuerung von Kriegsgeräten und Kommunikationseinrichtungen geht, was im Krisenfall als nicht unwesentlich erachtet werden sollte.
Industrieanlagen, die gesamte staatliche und wirtschaftliche Infrastruktur und die Versorgung der Zivilbevölkerung hängen an seidenen digitalen Fäden. Einzige Möglichkeit zur Herstellung einer sicheren Umgebung wäre ein Rückbau samt Dezentralisierung und Abkopplung wichtiger Bereiche von Netzen. Das ist auch wieder zu teuer. Es würden sich wesentlich geringere Datenmengen transportieren lassen und auch die Fähigkeiten entsprechender Software wären marginal im Vergleich zu momentanen Programmen.
Man muss sich vor Augen führen, was geniale Jugendliche, Einzeltäter oder kleine kriminelle Gruppen schon zustande gebracht haben. Und dann das destruktive Potential einer schleichenden, militärisch konzipierten Assimilation durch einen finanziell unerschöpflich ausgestatteten Geheimdienst erahnen. Einheiten zur Abwehr von Cyberattacken schießen in allen Ländern aus dem grob fahrlässig gezimmerten Fundament der globalen Netzstruktur. Allein die offiziellen Zahlen sprechen von Hunderttausenden Spezialisten in diesem Sektor, wahrscheinlich werden es eher Millionen sein.
Es besteht in dem Bereich der Spionage und Infiltration immenses Potential zur indirekten, passiven Schädigung eines Gegners. Da ein bewaffneter Konflikt zwischen zwei Großmächten, bedingt durch gegenseitige wirtschaftliche Abhängigkeit, MAD, etc, glücklicherweise in den Bereich des Unmöglichen gerückt ist.
Kein General oder Politiker der Weltgeschichte wäre jemals auf die Idee gekommen, sich sowohl vom Funktionieren von Technik abhängig zu machen als auch die gesamte Kommunikationsinfrastruktur auf einem unsicheren Grundkonstrukt aufzubauen. Eine bisher einmalige Entwicklung. Die vorsichtigsten Staaten schon längst begonnen, die Schlüsselstellen zu dezentralisieren und in kleine, autarke und voneinander unabhängige Bereiche umzuwandeln. Und Armeen von Spitzeninformatikern auszubilden.
Wobei schwer zu quantifizieren ist, was die größere Gefahr darstellt: Ein Cyberkrieg von Menschen gegen Menschen über Programme. Oder KIs, die irgendwann von selbst zu handeln beginnen.
Please note that I put the original German text at the end of this review. Just if you might be interested.
For the layman, and if one has never heard of passive and active IT security, state, private or even military computer networks appear bombproof, competently maintained and unassailable. At least it would be taken for granted in institutions that are essential for the functioning of economic cycles, infrastructure or defense mechanisms. You have to remember that programming software consists of tens of millions of lines of code.
This is converted into program code utilizing special programs from standard data input in the respective national language. And because human behavior always causes errors and leaves a lot of room for sloppiness, failures or security gaps in the case of 8 to 9-digit basic programming, the field of attack of potential digital invaders is infinitely broad and as unmanageable.
When one hears about passive and active IT security, the orthodoxy begins to erode quickly. Passive protection is the reactionary repair of security vulnerabilities after identifying the potential virus, worm, Trojan, or other digital malware and devising countermeasures. As soon as a modified or even entirely new malicious code comes into circulation, it can run or bypass almost all virus scanners, firewalls, and defense mechanisms until it is detected.
Active security would be much more efficient, more complex and almost impossible to enforce. This would require the search for anomalies in the data stream, preventive detection of previously unknown sources of danger and a general restructuring and reduction of the existing network infrastructure. This is impracticable due to exorbitant costs. It is alarming that the entire modern world depends on passive security systems.
Also, the attribution problem has it all. Since savvy and highly professional attacks one can never be sure who the attacker was because the tracing back is extremely difficult. It makes sense to lay false tracks and to instigate conflicts between two competitors through manipulation.
Cyberhype can be used in information operations to provoke insurrections, propaganda, agitation, demagogy, and deception. For this purpose, a group of information warriors uses new media with several thousand fake but very credible user profiles to influence the opinion. For example, in forums for newspapers, social media, help portals and websites. After gaining a certain reputation in all media, nothing stands in the way of the virulent spread of lies, fake videos and reports by official media and targeted scaremongering.
The economic operations, on the other hand, are aimed not at fomenting popular uprisings and social strife, but at weakening and manipulating the economies of other states. For example, irregularities on the stock exchanges, whose software is highly complex, networked and unmanageable, are not uncommon. The assumption suggests that it is possible to influence the development of entire economies by manipulating currencies, share prices and stock market indices in the per thousand range for years. Or just to weaken and harm.
Also in the military realm, a lot is in trouble, similar to the public relation and economic fields. With the difference that it concerns the control of war equipment and communication devices, which should be considered not insignificant in the case of a crisis.
Industrial plants, the entire state and economic infrastructure and the supply of the civilian population depend on digital silk threads. The only way to create a secure environment would be to dismantle, decentralize and decouple critical areas of networks. That's too expensive again. It would be much smaller amounts of data that can be transported and also the capabilities of appropriate software would be marginal compared to current programs.
One has to keep in mind what brilliant teenagers, individual perpetrators or small criminal groups have already achieved. And then divine the destructive potential of a creeping, militarily conceived assimilation by a financially inexhaustible intelligence service. Anti-cyber defense units in all countries shoot from the grossly neglected foundation of the global network structure. The official figures alone speak of hundreds of thousands of specialists in this sector, probably millions. In the area of espionage and infiltration, there is immense potential for indirect, passive damage to an opponent. As an armed conflict between two great powers, due to mutual economic dependency, MAD, etc., fortunately, has moved into the realm of the impossible.
No general or politician in world history would have ever come up with the idea of making himself dependent both on the functioning of technology and on building the entire communication infrastructure on an insecure primary construct. An unprecedented development. The most cautious states have long begun to decentralize the crucial posts and transform them into small, self-sufficient and independent areas. And to train armies of top informatics.
Whereby it is difficult to quantify what represents the more significant danger: A cyber war of humans against humans over programs. Or AIs, which at some point start to act by themselves.
WWI: Krieg der Chemiker. WW2: Krieg der Physiker. WW3: Krieg der Mathematiker
Für den Laien, und wenn man noch nie von passiver und aktiver IT-Sicherheit gehört hat, erscheinen staatliche, privatwirtschaftliche oder gar militärische Computernetze als bombensicher, kompetent gewartet und unangreifbar. Würde man bei für das Funktionieren von Wirtschaftskreisläufen, Infrastruktur oder Verteidigungsmechanismen essentiellen Einrichtungen zumindest als selbstverständlich erachten.
Dazu muss man sich vor Augen führen, dass die Programmierung von Software aus zig Millionen Zeilen Code besteht. Dieser wird mittels spezieller Programme aus normaler Dateneingabe in der jeweiligen Landessprache in Programmcode umgewandelt. Und da durch menschliche Einwirkung immer Fehler passieren und bei 8 bis 9stelliger Grundprogrammierung sehr viel Raum für Schlampereien, Fehler oder Sicherheitslücken offen bleibt, ist das Angriffsfeld potentieller digitaler Invasoren unendlich weit und ebenso unüberschaubar.
Wenn man dann von passiver und aktiver IT-Sicherheit hört, beginnt die Obrigkeitsgläubigkeit flugs zu erodieren. Passive Sicherheit ist die reaktionäre Nachbesserung von Sicherheitslücken, nachdem man den potentiellen Virus, Wurm, Trojaner oder sonstigen digitalen Schädling erkannt und Gegenmaßnahmen konzipiert hat. Sobald ein modifizierter oder gar komplett neuer Schadcode in Umlauf kommt, kann dieser bis zur Erkennung fast sämtliche Virenscanner, Firewalls und Abwehrmechanismen durchlaufen oder umgehen. Aktive Sicherheit wäre wesentlich effizienter, aufwendiger und fast unmöglich durchzusetzen. Dafür müsste die Suche nach Anomalien im Datenstrom, präventives Erkennen von bisher unbekannten Gefahrenquellen und eine generelle Umstrukturierung und Reduzierung der bisherigen Netzinfrastruktur erfolgen. Das ist aufgrund exorbitanter Kosten undurchführbar. Bedenklich, dass die gesamte moderne Welt an passiven Sicherheitssystemen hängt.
Auch das Attributionsproblem hat es in sich. Da man bei versierten und hochprofessionellen Attacken niemals sicher sein kann, wer wirklich der Angreifer war, gestaltet sich die Rückverfolgung als außerordentlich schwierig. Es bietet sich an, falsche Spuren zu legen und durch Manipulationen Konflikte zwischen 2 Konkurrenten anzuzetteln.
Der Cyberhype kann im Zuge von „Information Operations“ zum Provozieren von Aufständen, für Propaganda, Agitation, Demagogie und Täuschung eingesetzt werden. Dazu nutzt eine Gruppe von Infokriegern neue Medien mit mehreren Tausend gefälschten, aber sehr glaubwürdigen Nutzerprofilen zur gezielten Beeinflussung der Meinung. Etwa in Foren von Zeitungen, sozialen Medien, Hilfeportalen und Websiten. Nach Erlangung einer gewissen Reputation in allen Medien steht der virulenten Verbreitung von Lügen, gefälschten Videos und Berichten offizieller Medien und gezielter Panikmache nichts mehr im Weg.
Die „Economic Operations“ hingegen zielen nicht auf das Schüren von Volksaufständen und sozialen Unfrieden, sondern auf die Schwächung und Manipulation der Wirtschaft anderer Staaten. So sind Unregelmäßigkeiten an den Börsen, deren Software unwahrscheinlich komplex, vernetzt und unüberschaubar ist, keine Seltenheit. Die Vermutung liegt nahe, dass es möglich ist, durch Manipulationen von Währungen, Aktienkursen und Börsenindexen im Promillebereich über Jahre hinweg gezielt die Entwicklung ganzer Volkswirtschaften zu beeinflussen. Oder eben zu schwächen und zu schädigen.
Auch im militärischen Bereich liegt ähnlich wie im Public Relation- und Wirtschaftsareal einiges im Argen. Mit dem Unterschied, dass es um die Steuerung von Kriegsgeräten und Kommunikationseinrichtungen geht, was im Krisenfall als nicht unwesentlich erachtet werden sollte.
Industrieanlagen, die gesamte staatliche und wirtschaftliche Infrastruktur und die Versorgung der Zivilbevölkerung hängen an seidenen digitalen Fäden. Einzige Möglichkeit zur Herstellung einer sicheren Umgebung wäre ein Rückbau samt Dezentralisierung und Abkopplung wichtiger Bereiche von Netzen. Das ist auch wieder zu teuer. Es würden sich wesentlich geringere Datenmengen transportieren lassen und auch die Fähigkeiten entsprechender Software wären marginal im Vergleich zu momentanen Programmen.
Man muss sich vor Augen führen, was geniale Jugendliche, Einzeltäter oder kleine kriminelle Gruppen schon zustande gebracht haben. Und dann das destruktive Potential einer schleichenden, militärisch konzipierten Assimilation durch einen finanziell unerschöpflich ausgestatteten Geheimdienst erahnen. Einheiten zur Abwehr von Cyberattacken schießen in allen Ländern aus dem grob fahrlässig gezimmerten Fundament der globalen Netzstruktur. Allein die offiziellen Zahlen sprechen von Hunderttausenden Spezialisten in diesem Sektor, wahrscheinlich werden es eher Millionen sein.
Es besteht in dem Bereich der Spionage und Infiltration immenses Potential zur indirekten, passiven Schädigung eines Gegners. Da ein bewaffneter Konflikt zwischen zwei Großmächten, bedingt durch gegenseitige wirtschaftliche Abhängigkeit, MAD, etc, glücklicherweise in den Bereich des Unmöglichen gerückt ist.
Kein General oder Politiker der Weltgeschichte wäre jemals auf die Idee gekommen, sich sowohl vom Funktionieren von Technik abhängig zu machen als auch die gesamte Kommunikationsinfrastruktur auf einem unsicheren Grundkonstrukt aufzubauen. Eine bisher einmalige Entwicklung. Die vorsichtigsten Staaten schon längst begonnen, die Schlüsselstellen zu dezentralisieren und in kleine, autarke und voneinander unabhängige Bereiche umzuwandeln. Und Armeen von Spitzeninformatikern auszubilden.
Wobei schwer zu quantifizieren ist, was die größere Gefahr darstellt: Ein Cyberkrieg von Menschen gegen Menschen über Programme. Oder KIs, die irgendwann von selbst zu handeln beginnen.
October 26, 2014
I came across this book in a magazine from a professional organization I'm a member of. At first, I thought it would be "textbook priced" (that is, $120 or more), but the Kindle version was about $9, so I bought it.
The authors are members of the Brookings Institute, and have some kind of "all access pass" to Cybercom, the NSA, DHS, DoD, and other government agencies and contractors. They've come across many "cybersecurity professionals" who don't know what an ISP is, so they wrote this book.
This isn't meant to be a comprehensive book on cybersecurity, but it is a good comprehensive overview of the topic. It's written in three parts in a question and answer style. They cover most topics related to cybersecurity and cyberwar in a general manner, but if you read this book, you're probably already ahead of most of the people you work with.
At times, the book seemed to read like an apologetic for U.S. Cybercom and the NSA (National Spying Agency). And it gets a little repetitive in section 3 with discussions on how the government should do something. But I highly recommend reading it to get an overview of what cybersecurity and cyberwar are, what are the big issues in the fields, and what to do about them.
Your own education should move onto other books after this one, but this is a great book to get started.
The authors are members of the Brookings Institute, and have some kind of "all access pass" to Cybercom, the NSA, DHS, DoD, and other government agencies and contractors. They've come across many "cybersecurity professionals" who don't know what an ISP is, so they wrote this book.
This isn't meant to be a comprehensive book on cybersecurity, but it is a good comprehensive overview of the topic. It's written in three parts in a question and answer style. They cover most topics related to cybersecurity and cyberwar in a general manner, but if you read this book, you're probably already ahead of most of the people you work with.
At times, the book seemed to read like an apologetic for U.S. Cybercom and the NSA (National Spying Agency). And it gets a little repetitive in section 3 with discussions on how the government should do something. But I highly recommend reading it to get an overview of what cybersecurity and cyberwar are, what are the big issues in the fields, and what to do about them.
Your own education should move onto other books after this one, but this is a great book to get started.
May 30, 2016
Singer and Friedman have spent way to much time dealing with politicians and corporate leaders who didn't understand the basics of computers and the internet. They wrote this primer to introduce basic foundations and to frame future conversations.
Why I started this book: I really liked Singer's Wired for War: The Robotics Revolution and Conflict in the 21st Century and was looking for more of that style.
Why I finished it: This book is written in the question and answer format, which makes it easier to cover the basics, but harder to push yourself to read the whole book with all the convenient stopping places. The information is excellent but I still stalled while reading it.
Why I started this book: I really liked Singer's Wired for War: The Robotics Revolution and Conflict in the 21st Century and was looking for more of that style.
Why I finished it: This book is written in the question and answer format, which makes it easier to cover the basics, but harder to push yourself to read the whole book with all the convenient stopping places. The information is excellent but I still stalled while reading it.
June 15, 2017
Don't listen to this when you passed your CISSP exam.
Very global and high level. Explains password mishaps, for instance.
Probably a good read for people with no background in IT or security.
Very global and high level. Explains password mishaps, for instance.
Probably a good read for people with no background in IT or security.
June 6, 2017
I listened to the audio version of this book, which was well narrated by Sean Pratt.
I'm not sure "everyone needs to know" what's in this book, but it is a great introduction to the topics of cyber-security and cyber-warfare. The emphasis is on government and business polices and the basic issues facing the world, and not so much on what individuals should do to protect themselves online, although general online precautions are discussed briefly.
I'm not sure "everyone needs to know" what's in this book, but it is a great introduction to the topics of cyber-security and cyber-warfare. The emphasis is on government and business polices and the basic issues facing the world, and not so much on what individuals should do to protect themselves online, although general online precautions are discussed briefly.
Want to read
August 12, 2022">
March 12, 2024
Still relevant, though I had a hard time staying focused with the narrator.
June 4, 2024
Really great book that makes a complicated subject accessible for even the novices. Highly recommend
June 7, 2018
Caveat: I work in the field and have been in computer security for two decades. I read the book to see if I would use it as a textbook for a class on cyberterrorism and cyberwarfare.
The book is a primer for non-technical policy makers. It is broken into three parts, each laid out in a FAQ type format. The first part sets a foundation of knowledge in the history of computers, networking, and the Internet and how the Internet works at a high level. It then goes into some basic concepts of information security. Being technical, I was frustrated with how things were simplified, but they have to be for the target non-technical audience. The second part deals with the types of conflict in cyberspace and how analogies from real warfare are applied and misapplied to understand the cyber domain. There is a wealth of stories of cyber attacks in the book. The third part is a catalog of policy prescriptions.
The book's main weakness is that it is completely unfootnoted, which is maddening. I know the papers and conference presentations that quotes are drawn from and to not see them properly footnoted is a problem for using the book in an academic setting. Otherwise, it would have been a good choice for a lower division class.
The book is a primer for non-technical policy makers. It is broken into three parts, each laid out in a FAQ type format. The first part sets a foundation of knowledge in the history of computers, networking, and the Internet and how the Internet works at a high level. It then goes into some basic concepts of information security. Being technical, I was frustrated with how things were simplified, but they have to be for the target non-technical audience. The second part deals with the types of conflict in cyberspace and how analogies from real warfare are applied and misapplied to understand the cyber domain. There is a wealth of stories of cyber attacks in the book. The third part is a catalog of policy prescriptions.
The book's main weakness is that it is completely unfootnoted, which is maddening. I know the papers and conference presentations that quotes are drawn from and to not see them properly footnoted is a problem for using the book in an academic setting. Otherwise, it would have been a good choice for a lower division class.
April 26, 2016
I read this for class.
I think this book raises a good points of cyber security and cyberwar from political/public policy point of view. I like it because it discusses cyber security issue with a more neutral/objective tone - at least to me. Another plus point is that the book does give a preliminary explanation about the internet, the history of the internet, and other techie stuff so the non-techie readers wouldn't be so confused when reading it. In general, it is an easy read although sometimes the layout can be a bit overwhelming with the font positioning and stuff (so many texts in one page!).
I think this book raises a good points of cyber security and cyberwar from political/public policy point of view. I like it because it discusses cyber security issue with a more neutral/objective tone - at least to me. Another plus point is that the book does give a preliminary explanation about the internet, the history of the internet, and other techie stuff so the non-techie readers wouldn't be so confused when reading it. In general, it is an easy read although sometimes the layout can be a bit overwhelming with the font positioning and stuff (so many texts in one page!).
July 1, 2016
Cybersecurity and Cyberwar gives a great run down of important points of cyber-security. It is a read for anyone interested in information sharing and politics. The book did not go in-depth on any particular history or political issue but it was a great introduction Internet history, security policy, and cyber international relations.
I found the book very intriguing and relevant. I would recommend it to any interested party, I would go so far as to buy a copy for my book shelf.
I found the book very intriguing and relevant. I would recommend it to any interested party, I would go so far as to buy a copy for my book shelf.
March 13, 2021
At the time of this reading, this book feels somewhat out of date, having been written in 2014. However, it is a good foundational book about cyberspace and cybersecurity. It discusses the evolution and transformation of the internet as well as the parallel history of protocols and organizations, that allowed an internet to exist such as url name management in DNS, standardized communication protocols in HTTP, and other important features. The book goes over important terms such as ISP (internet service provider) and Tor (the Onion router, used as a way to mask internet access and communication by dispersing a user's origin point across a decentralized network). It talks about APTs (Advanced Persistent Threats-when hackers spend a long time trying to mess with you), Spear Phishing, Malware, DDOS, Botnets, and other important terms. All of this provides a good overview of what cyberspace is (the physical and virtual network that connects digital devices through shared methods of communication-which is my definition) and the threats that exist in this space.
When it comes to cybersecurity, the book is full of recommendations as opposed to an extensive history of its development. That is because there are a great many challenges in securing cyberspace and largely attackers have been successful in consistently compromising many systems (though of course not all, not indefinitely, and not holistically) that operate in cyberspace. The authors go through the difficulty of creating a more "secure internet" including proper incentives for companies, the distributed nature of the internet and that there is no "one" internet, the difficulty of updating security to many users with legacy or pirated software/hardware, and the difficulty of getting users to secure themselves including creating better passwords, not willingly though unwittingly allowing attackers to gain access through email, bad links, or providing credentials through other dumb behavior.
Many of the challenges of cybersecurity have no simple solution. Responsibility is distributed from the ISP all the way down to the root user: including companies, governments, organizations, and any average Joe who owns a smartphone. This means there needs to be greater understanding of the risks and proper methods for security at all these levels. Additionally, there needs to be incentives to engage in best practices. An example of a misalignment of incentives would be a company who does not release that they were compromised due to fears of how this would affect their customers or investors perceptions and consequently other companies with similar vulnerabilities are unprepared when they are attacked. There is no easy solution to a problem such as this. Governments can provide better oversight and regulations to encourage good behavior from the market but not even the United States government controls or regulates a sufficiently large enough portion the Internet to remove threats and rapidly clear up vulnerabilities entirely. However, there are some cases where removing a single bad actor can make a sizable difference. For instance, the book discusses an example of a domain hosting site (need verification on the name and type of the company) who was providing services for thousands of spoofed sites (things like paipal.com or aple.com or amezon.com and other sites that might steel user information and money). A journalist discovered this and told the ISP responsible for that domain hosting site who quickly severed ties. Consequently, fraud from spoofed sites dropped by like 70% in that period. [All this information should be verified as it is going of memory and therefore may not be the exact specifics discussed in the book but the general story is accurate-someone pointed out a bad actor whose removal stopped a large portion of cybercrime]
I would recommend this book to anyone looking to better understand cybersecurity. However, they should recognize that much has changed in the seven years since its publication and the cloud-computing revolution, internet-of-things, and other "coming changes" in the book are very much lived realities now and constitute an evolution in the nature of the Internet and the challenges in cybersecurity.
When it comes to cybersecurity, the book is full of recommendations as opposed to an extensive history of its development. That is because there are a great many challenges in securing cyberspace and largely attackers have been successful in consistently compromising many systems (though of course not all, not indefinitely, and not holistically) that operate in cyberspace. The authors go through the difficulty of creating a more "secure internet" including proper incentives for companies, the distributed nature of the internet and that there is no "one" internet, the difficulty of updating security to many users with legacy or pirated software/hardware, and the difficulty of getting users to secure themselves including creating better passwords, not willingly though unwittingly allowing attackers to gain access through email, bad links, or providing credentials through other dumb behavior.
Many of the challenges of cybersecurity have no simple solution. Responsibility is distributed from the ISP all the way down to the root user: including companies, governments, organizations, and any average Joe who owns a smartphone. This means there needs to be greater understanding of the risks and proper methods for security at all these levels. Additionally, there needs to be incentives to engage in best practices. An example of a misalignment of incentives would be a company who does not release that they were compromised due to fears of how this would affect their customers or investors perceptions and consequently other companies with similar vulnerabilities are unprepared when they are attacked. There is no easy solution to a problem such as this. Governments can provide better oversight and regulations to encourage good behavior from the market but not even the United States government controls or regulates a sufficiently large enough portion the Internet to remove threats and rapidly clear up vulnerabilities entirely. However, there are some cases where removing a single bad actor can make a sizable difference. For instance, the book discusses an example of a domain hosting site (need verification on the name and type of the company) who was providing services for thousands of spoofed sites (things like paipal.com or aple.com or amezon.com and other sites that might steel user information and money). A journalist discovered this and told the ISP responsible for that domain hosting site who quickly severed ties. Consequently, fraud from spoofed sites dropped by like 70% in that period. [All this information should be verified as it is going of memory and therefore may not be the exact specifics discussed in the book but the general story is accurate-someone pointed out a bad actor whose removal stopped a large portion of cybercrime]
I would recommend this book to anyone looking to better understand cybersecurity. However, they should recognize that much has changed in the seven years since its publication and the cloud-computing revolution, internet-of-things, and other "coming changes" in the book are very much lived realities now and constitute an evolution in the nature of the Internet and the challenges in cybersecurity.
May 2, 2020
The book has a general understanding of the concepts and it is an informative overview of cybersecurity topics. It has three parts by the question and answer format and it is answering these questions: How does it all work?, Why does it matter?, What we can do?
I think anyone can read this book because you don’t need any prior knowledge of cybersecurity, and you have a general understanding of the concepts by the time they are done reading it.
The book starts with the explanation of the internet and its history, gives us some examples of cybersecurity and cyberwar between countries, then some detail of hacking (such as Stuxnet), description of cyberattack, cyberterrorism and cyber counterterrorism. The writers' explanation of these elements starts with anecdotes in each chapter.
The authors emphasize cyber world is the dominant part of our lives and how vulnerable we are! So they give some tips for us, such as we have to update passwords regularly and always use “strong” and “unique” passwords that are both lengthy and mix numbers, letters, and signs, never use common words and phrases such as “123456” or “password”.
The authors were also focus on about the cyber-industrial complex. They give notice of the cybersecurity market and warn people/government has to be careful to balance between protecting and sharing information.
The book did get me thinking about what kind of cyber world we will have or want to have in the years ahead. So while none of us can know exactly what the future world is going to look like, we have to pay attention to the key trends today that might shape that world so we must accept and manage the risks of this world-both online and real.
I think anyone can read this book because you don’t need any prior knowledge of cybersecurity, and you have a general understanding of the concepts by the time they are done reading it.
The book starts with the explanation of the internet and its history, gives us some examples of cybersecurity and cyberwar between countries, then some detail of hacking (such as Stuxnet), description of cyberattack, cyberterrorism and cyber counterterrorism. The writers' explanation of these elements starts with anecdotes in each chapter.
The authors emphasize cyber world is the dominant part of our lives and how vulnerable we are! So they give some tips for us, such as we have to update passwords regularly and always use “strong” and “unique” passwords that are both lengthy and mix numbers, letters, and signs, never use common words and phrases such as “123456” or “password”.
The authors were also focus on about the cyber-industrial complex. They give notice of the cybersecurity market and warn people/government has to be careful to balance between protecting and sharing information.
The book did get me thinking about what kind of cyber world we will have or want to have in the years ahead. So while none of us can know exactly what the future world is going to look like, we have to pay attention to the key trends today that might shape that world so we must accept and manage the risks of this world-both online and real.
May 13, 2019
But it could easily have been two stars. The authors start off by indicating that the eight of the nine US Supreme Court Justices who do not use email may be some kind of Luddite oddity. Before long they would have you sympathizing with them - who needs all the danger and drama of the networked world, right? There are fairly straightforward steps given one can take to be protected to a degree - not bad stuff.
They did lose me in the area of cyber-terrorism. The claim is made that no lives have been lost to terrorists in the cyber realm. I do not recall a precise description being claim for the phenomenon. But I wonder about the subjects of the terrorist recruitment films where heads are cut off - they clearly had their lives taken. And what of the deaths of others who were lost when this recruitment technique succeeded in sucking in other to follow whatever group is making these hideous videos. Just a thought.
The book may serve well as a recruitment tool for the various schools offering cybersecurity protection. Just another stray thought. Ah yes, the wonders of the digital age.
They did lose me in the area of cyber-terrorism. The claim is made that no lives have been lost to terrorists in the cyber realm. I do not recall a precise description being claim for the phenomenon. But I wonder about the subjects of the terrorist recruitment films where heads are cut off - they clearly had their lives taken. And what of the deaths of others who were lost when this recruitment technique succeeded in sucking in other to follow whatever group is making these hideous videos. Just a thought.
The book may serve well as a recruitment tool for the various schools offering cybersecurity protection. Just another stray thought. Ah yes, the wonders of the digital age.
May 9, 2024
Cybersecurity and Cyberwar: What Everyone Needs to Know by PW Singer and Allan Friedman is a very good, if increasingly dated, book. When it first came out a decade ago, this book should probably have been required reading for various members and adjuncts of the blobby Pentagon, including its ancillary members in Congress and the Defense Industry. Now? There are still a few that need to read this book, but instead its more foundational for those that are a bit new to the topic. This book is very comprehensive, as it is composed of dozens of small thematic chapters loosely organized into sections. Almost everything that the authors thought someone in Congress or DoD should be made aware of got a section, alongside working out some monumentally dumb ideas (like restarting the internet). I think this would have been a great book to read on my end even 5 years ago, but now your mileage will vary.
July 11, 2019
I found this to be a nice primer on the fundamental theories and philosophical concepts that relate to cybersecurity and cyberwar. This quick read enhanced my own knowledge of the complexity and intricacies that exist within the cyber realm. Best parts of the book were the descriptions and analyses of the various stakeholders within this dimension of warfare: international institutions, state actors, non-state actors, private companies, and individuals. The authors were also spot-on about the importance of the most the concerning trends they wrote about in 2012. Weak aspects were the lack of focus on states outside China and the U.S., a lack of enhancing readers basic technical knowledge, and some repetitive topics that were a tad boring and did not effectively serve to help implant ideas further into my mind.
June 2, 2025
This book was published in 2014, and so is literally over a decade out of date. And yet, I still believe to my core that if more people read this book or even some of the more important chapters in this book, we wouldn't be in such a security and privacy mess currently.
I was impressed not just by the geopolitical and social analysis within, but the actual technical explanations of how hacking actually works, how networks can be infiltrated and exploited, and how vulnerable modern society has become to cyber attacks large or small.
This book is a great introduction to cyber issues for anyone who is curious about this ever important field. I now want a book just like this but updated for the 2020s which covers AI, the blockchain, quantum computing, and drones, all of which I'm sure have their own dedicated books.
I was impressed not just by the geopolitical and social analysis within, but the actual technical explanations of how hacking actually works, how networks can be infiltrated and exploited, and how vulnerable modern society has become to cyber attacks large or small.
This book is a great introduction to cyber issues for anyone who is curious about this ever important field. I now want a book just like this but updated for the 2020s which covers AI, the blockchain, quantum computing, and drones, all of which I'm sure have their own dedicated books.
May 23, 2020
While as soon as any book covering the IT or cyber world is somewhat dated by the time it hits the press, Singer and Friedman do a good job presenting the fundamentals required to understand cyber security and cyber war. This book was easy to understand and remained engaging throughout.
Topics spanned pertinent history, fundamentals, case studies, military application, corporate application, and personal application among others.
Will this book make you a cyber expert? Definitely not. You will, however, be able to follow a conversation about cyber and take the appropriate personal cyber related steps after reading the book.
Topics spanned pertinent history, fundamentals, case studies, military application, corporate application, and personal application among others.
Will this book make you a cyber expert? Definitely not. You will, however, be able to follow a conversation about cyber and take the appropriate personal cyber related steps after reading the book.
December 14, 2017
Raises some interesting points
It's not the most exciting topic but I think Peter did a nice job of shedding light into dark corners to help raise awareness of our collective government lack in understanding, or more specifically, misunderstanding.
I think his frame of mind for how we should approach cyber is of value, and certaintly better than how we were going about cyber at the time of this publication (although the same mindsets seem to still exist today).
A good bus or train read for anyone interested in cyber policy.
It's not the most exciting topic but I think Peter did a nice job of shedding light into dark corners to help raise awareness of our collective government lack in understanding, or more specifically, misunderstanding.
I think his frame of mind for how we should approach cyber is of value, and certaintly better than how we were going about cyber at the time of this publication (although the same mindsets seem to still exist today).
A good bus or train read for anyone interested in cyber policy.
January 5, 2020
An excellent starting point for anybody with an interest in Cybersecurity. It gives you a succinct overview of many cybersecurity ‘subheadings’, going into enough detail so as to be informative and entertaining, but still so you can cherry pick what to do further reading on.
A criticism, however, would be that the authors repeat themselves a lot. Combined with a handful of typos littered in the text, makes it a slow and clunky read of an otherwise enjoyable book.
A criticism, however, would be that the authors repeat themselves a lot. Combined with a handful of typos littered in the text, makes it a slow and clunky read of an otherwise enjoyable book.
May 24, 2021
I was surprised, because it had quite a few leadership lessons applicable outside of this somewhat niche sector. Of note for me: "A key to resilience is accepting the inevitability of threats and even limited failure. It's about remaining operational." "No such thing as absolute security
Your key concerns and tendencies
Silent failures was a huge one I'll be stealing, and the same goes for organizational slack
Your key concerns and tendencies
Silent failures was a huge one I'll be stealing, and the same goes for organizational slack
December 31, 2021
Though it was an informative read, especially for people who don’t understand a lot about computers, the internet, etc., I found it to be overly long. I found myself skimming through large sections trying to get to the more interesting parts.
Definitely a good book to read as a primer on all things cyber though. If you are largely familiar with this stuff, you may find it repetitive and somewhat boring.
Definitely a good book to read as a primer on all things cyber though. If you are largely familiar with this stuff, you may find it repetitive and somewhat boring.
March 30, 2022
2014 publication still relevant in 2022 regards taking care of your passwords and to expect worsening threats. Minus one star for more than average # typos for an academic press, and seems to appeal to government and academic audiences (conceivers of the Internet) while concluding it's up to everybody (which it is) to be vigilant and practice good security habits with while we're linked together on the Web, along with newest devices and appliances. Everybody doesn't read books.
October 17, 2017
An essential read for anyone that is interested in or could be effected by cyber warfare. The book is written so that anyone can pick it up, without any prior knowledge of cyber security, and have a general understanding of the concepts by the time they are done reading it. The only thing I did not like was the question and answer format, which made it feel more like reading a text book.
April 28, 2019
I really found this book interesting and gained some insight from it. I am studying cyber security and found a lot of the cyberwar information useful. Admittedly, this was written in 2013 and so relatively older, the concepts and real world elements, including the governmental involvement, are still relevant.
June 6, 2020
The book is one of Oxford University's 'What everyone needs to know' series. It is in question and answer format and covers a lot of fundamental questions on cyber. It is very much informative. I found the concluding chapter instructive on what factors will have major effect on the cyber realm in the years to come.
May 14, 2021
Excellent starting point for those curious about cyber. The three sections answer sequential questions and walk through "where to go next" by the end. The most curious thing is how little has changed since publication: the authors were concerned about no regulation for 10 years and this was almost 10 years ago.
September 12, 2024
This book is a good crash course in the importance of Cybersecurity, and the dangers that Cyberwar can, and does pose in a world that is increasingly more connected. Overall, a Great book that is easy to understand to those who may not know much at all about Cybersecurity. It is also quite engaging with numerous focuses, such as on Stuxnet.
January 1, 2025
Pretty good entry-level information regarding network cybersecurity and possible (national security) threats. I found it to be too repetitive but that very well could be intentional. I would say this is good for the intended target audience (u.s political officials who have seemingly never touched a computer).
Displaying 1 - 30 of 123 reviews