Cyber-espionage and cyber-war are importants forms of crime and conflict in the 21st century. Here are resources to help you understand and prepare.
(1) Posts by Marcus Ranum about cyber-espionage and cyberwar
- Obama knows how to lead America by exploiting our fears, 5 June 2009 — About cyberwar
- Cyberwar: a Whole New Quagmire. Part 1: The Pentagon Cyberstrategy, 2 September 2011
- “Do as I say, not as I do” shall be the whole of the law, 11 September 2011
- Conflating Threats, 14 September 2011
- About Stuxnet, the next generation of warfare?, 29 September 2011 – Introducing Stuxnet and some of the issues surrounding practical malware-based warfare.
- Cyberwar: a Whole New Quagmire – When the Drones Come To Roost, 8 October 2011
- About Attribution (identifying your attacker), 21 October 2011
- You must Be >this< Tall To Play Cyberwar (has DoD grown enough yet?), 16 December 2011
- Parsing Cyberwar – Part 1: The Battlefield, 9 August 2012
- Parsing Cyberwar – Part 2: The Logistical Train, 10 August 2012
- Parsing Cyberwar – Part 3:Synergies and Interference, 13 August 2012
- Parsing Cyberwar – Part 4: The Best Defense is a Good Defense, 20 August 2012
- Cyberwar, the Power of Nightmares, 31 August 2012
- How do we identify our attackers in cyberspace?
- The horror of cyberspace: we can’t easily identify our attackers.
- The Best Defense Is a Strong Defense. Never Fight a Land War in Cyberspace.
(2) A series by Edwin Covert
- Cyber Terrorism as a Strategy
- Selling Fear: How Cyber Terrorism is Being Portrayed
- Unraveling the Complexities of Cyber Terrorism
- Consequences of Overstating the Cyber Terrorism Threat
(3) About the Sony hack
- Another day, another campaign of fearmongering in America: North Korea’s cyberattack on Sony., 18 December 2014
- The FBI told their story about North Korea attacking Sony. Before we retaliate, read what they didn’t tell you., 20 December 2014
- Why do we believe, when the government lies to us so often? When we change, the government also will change., 22 December 2014
- See how the news shapes our beliefs about the North Korea hack, 23 December 2014
(4) Other posts about cyber-related issues
- Identifying the guilty: tying nation states to cyber espionage, by Emilio Iasiello.
- Cybercrime: Now More Profitable Than The Drug Trade.
- Bitcoin, the deep web, & the big conflicts of the 21st C.
- Advice from Sun Tzu and John Boyd on winning at cyberwar — by Steve Tornio and Brian Martin.
- How would Sun Tzu defend computer systems? Poorly. A new era needs new thinking.
- About the theft of the Federal government’s personnel records: sorting fact from fiction.
- Seeing behind the headlines about China’s attack, stealing the governments’ jewels.
(5) Useful sources of information about cybercrime, cyber-espionage, & cyberwar
- Journal of Law & Cyber Warfare
- Review of “Countdown To Zero Day”, describing the new era of war, preparing you for the next attack.
(6) Good books about this new frontier
- Kevin Mitnick’s Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker,
- Andy Greenberg’s This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World’s Information,
- Brian Krebs’ Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door.
- Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, describing the new era of war and preparing you for the next attack (see a review here).
(7) For More Information
- “Cyberwar is Coming!”, John Arquilla and David Ronfeldt, Comparative Strategy, Spring 1993 — republished by RAND report (pdf)
- “War Logs On: Girding America for Computer Combat“, Bruce D. Berkowitz (RAND, coauthor of Best Truth: Intelligence in the Information Age), Foreign Affairs, May/June 2000 — “In Kosovo, America stumbled into the age of computer warfare. Now Washington must think hard about how to attack its foes’ electronic networks and defend its own.”
- “Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats“, James A. Lewis, Center for Strategic and International Studies, December 2002
- “The Use, Misuse, and Abuse of Statistics in Information Security Research“, Julie J.C.H. Ryan, George Washington University, 2003 — Slide presentation here.
- “Unsecured Economies, and Overly-secured Reports“, Jackie Rees and Karthik Kannan, Center for Education and Research in Information Assurance and Security (CERIAS), Purdue U, 30 January 2009
- “Securing the Information Highway – How to Enhance the United States’ Electronic Defenses“, Wesley K. Clark and Peter L. Levin, Foreign Affairs, November/December 2009
- Defending a New Domain – The Pentagon’s Cyberstrategy“, William J. Lynn III, Foreign Affairs, September/October 2010
- “Science of Cyber-Security“, JASON Defense Advisory Panel, November 2010 — This examines the theory and practice of cyber-security, and evaluates whether there are underlying fundamental principles that would make it possible to adopt a more scientific approach.
- “The Online Threat. Should we be worried about a cyber war?“, Seymour M. Hersh, The New Yorker, 1 November 2010
- “Underground Economies – Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency“, McAfee and SAIC, 2011
- “Reducing Systemic Cybersecurity Risk”, Peter Sommer (London School of Economics) and Ian Brown (Oxford), OECD, 14 January 2011
- “Sex, Lies and Cybercrime Surveys“, Dinei Florencio and Cormac Herley, Microsoft Research, June 2011
- “The Wrong War: The Insistence on Applying Cold War Metaphors to Cybersecurity Is Misplaced and Counterproductive“, Peter W. Singer and Noah Shachtman, Brookings Institute, 15 August 2011 — Both authors are with the 21st Century Defense Initiative.
- “The Calm Before the Storm“, Joel Brenner, Foreign Policy, 6 September 2011 — “Cyberwar is already happening — and it’s about to get much, much worse. A veteran cyberwarrior explains how America can prepare itself.”
- “Cyber War: Reality or Hype?“, Conn Hallinan, Foreign Policy in Focus, 11 January 2012
- “Cyber-Weapons”, Thomas Rid (Kings College) and Peter McBurney, The RUSI Journal, February 2012
- “Cyber War Will Not Take Place“, Thomas Rid (Kings College), Journal of Strategic Studies, February 2012
- “Think Again: Cyberwar“, Thomas Rid (Kings College), Foreign Policy, March/April 2012 — “Don’t fear the digital bogeyman. Virtual conflict is still more hype than reality.”
- “Does Cybercrime Really Cost $1 Trillion?“, by Peter Maass and Megha Rajagopalan, ProPublica, 1 August 2012
- “CSI: Cyber-Attack Scene Investigation–a Malware Whodunit” by Larry Greenemeier, Scientific American, 28 January 2016 — “Although the method of a hack attack can be deciphered, the culprits often remain a mystery.”