Cyber-espionage and cyber-war are important forms of crime and conflict in the 21st century. Here are resources to help you understand and prepare.
(1) Posts by Marcus Ranum about cyber-espionage and cyberwar
- Obama knows how to lead America by exploiting our fears — About cyberwar.
- Cyberwar: a Whole New Quagmire. Part 1: The Pentagon Cyberstrategy.
- “Do as I say, not as I do” shall be the whole of the law.
- Conflating Threats.
- About Stuxnet, the next generation of warfare?, 29 September 2011 – Introducing Stuxnet and some of the issues surrounding practical malware-based warfare.
- Cyberwar: a Whole New Quagmire – When the Drones Come To Roost.
- About Attribution (identifying your attacker).
- You must Be >this< Tall To Play Cyberwar (has DoD grown enough yet?).
- Parsing Cyberwar – Part 1: The Battlefield.
- Parsing Cyberwar – Part 2: The Logistical Train.
- Parsing Cyberwar – Part 3:Synergies and Interference.
- Parsing Cyberwar – Part 4: The Best Defense is a Good Defense.
- Cyberwar, the Power of Nightmares.
- How do we identify our attackers in cyberspace?
- The horror of cyberspace: we can’t easily identify our attackers.
- The Best Defense Is a Strong Defense. Never Fight a Land War in Cyberspace.
- After the largest cyberattack ever, here’s how to defend against the next & bigger ones — by Marcus Ranum.
(2) A series by Edwin Covert
- Cyber Terrorism as a Strategy.
- Selling Fear: How Cyber Terrorism is Being Portrayed.
- Unraveling the Complexities of Cyber Terrorism.
- Consequences of Overstating the Cyber Terrorism Threat.
(3) A series by Emilio Iasiello
- Identifying the guilty: tying nation states to cyber espionage,
- Russia’s Propaganda Trolls become a power in cyberspace.
- The new frontier: Even Developing Nations Do Cyber Spying.
- Debunking the hysteria about cyberterrorism. Some sensible advice.
- Is the best defense a strong offense in cybersecurity?
- About Anonymous – an emerging cyberpower.
- Complacency in Cyberspace May Be Our Biggest Vulnerability.
- We Must Stop The Race to Attribution After Each Cyberattack.
- China is buying U.S. Companies. What secrets do they get?
- The US & Russia: Cyber-cooperation against common foes.
- U.S. Cyber Command Attacks ISIS. Slow Progress. Few Results.
- The Internet of Things attacks. If we don’t do better, we will get hurt.
(4) About the Sony hack
- Another day, another campaign of fearmongering in America: North Korea’s cyberattack on Sony., 18 December 2014.
- The FBI told their story about North Korea attacking Sony. Before we retaliate, read what they didn’t tell you., 20 December 2014.
- Why do we believe, when the government lies to us so often? When we change, the government also will change., 22 December 2014.
- See how the news shapes our beliefs about the North Korea hack, 23 December 2014.
(5) About the OPM hack
- About the theft of the Federal government’s personnel records: sorting fact from fiction.
- Seeing behind the headlines about China’s attack, stealing the governments’ jewels.
- Fight the hysteria about the hack of OPM’s files. It’s probably not a big threat.
- Remember the world-shaking effects of the March 2014 OPM hack!
(6) Other posts about cyber-related issues
- Cybercrime: Now More Profitable Than The Drug Trade.
- Bitcoin, the deep web, & the big conflicts of the 21st C.
- How would Sun Tzu defend computer systems? Poorly. A new era needs new thinking. — by Steve Tornio and Brian Martin.
- Advice from Sun Tzu and John Boyd on winning at cyberwar — By Chet Richards.
- Stratfor: it’s the breakout year for cybercrime! How do we fight it?
- Stratfor looks back at 2016, the breakout year for cybercrime.
- Stratfor untangles the web of Russia’s cyber operations.
- Skip the hysteria. What you need to know about the big ransomware attack.
(7) Good books about this new frontier
- Kevin Mitnick’s Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker.
- Andy Greenberg’s This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World’s Information.
- Brian Krebs’ Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door.
- Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, describing the new era of war and preparing you for the next attack (see a review here).
(8) For More Information
- Journal of Law & Cyber Warfare.
- Review of “Countdown To Zero Day”, describing the new era of war, preparing you for the next attack.
- “Cyberwar is Coming!”, John Arquilla and David Ronfeldt, Comparative Strategy, Spring 1993 — republished by RAND report (pdf).
- “War Logs On: Girding America for Computer Combat“, Bruce D. Berkowitz (RAND, coauthor of Best Truth: Intelligence in the Information Age), Foreign Affairs, May/June 2000 — “In Kosovo, America stumbled into the age of computer warfare. Now Washington must think hard about how to attack its foes’ electronic networks and defend its own.”
- “Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats“, James A. Lewis, Center for Strategic and International Studies, December 2002.
- “The Use, Misuse, and Abuse of Statistics in Information Security Research“, Julie J.C.H. Ryan, George Washington University, 2003 — Slide presentation here.
- “Unsecured Economies, and Overly-secured Reports“, Jackie Rees and Karthik Kannan, Center for Education and Research in Information Assurance and Security (CERIAS), Purdue U, 30 January 2009.
- “Securing the Information Highway – How to Enhance the United States’ Electronic Defenses“, Wesley K. Clark and Peter L. Levin, Foreign Affairs, November/December 2009.
- Defending a New Domain – The Pentagon’s Cyberstrategy“, William J. Lynn III, Foreign Affairs, September/October 2010.
- “Science of Cyber-Security“, JASON Defense Advisory Panel, November 2010 — This examines the theory and practice of cyber-security, and evaluates whether there are underlying fundamental principles that would make it possible to adopt a more scientific approach.
- “The Online Threat. Should we be worried about a cyber war?“, Seymour M. Hersh, The New Yorker, 1 November 2010.
- “Underground Economies – Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency“, McAfee and SAIC, 2011.
- “Reducing Systemic Cybersecurity Risk”, Peter Sommer (London School of Economics) and Ian Brown (Oxford), OECD, 14 January 2011.
- “Sex, Lies and Cybercrime Surveys“, Dinei Florencio and Cormac Herley, Microsoft Research, June 2011.
- “The Wrong War: The Insistence on Applying Cold War Metaphors to Cybersecurity Is Misplaced and Counterproductive“, Peter W. Singer and Noah Shachtman, Brookings Institute, 15 August 2011 — Both authors are with the 21st Century Defense Initiative.
- “The Calm Before the Storm“, Joel Brenner, Foreign Policy, 6 September 2011 — “Cyberwar is already happening — and it’s about to get much, much worse. A veteran cyberwarrior explains how America can prepare itself.”
- “Cyber War: Reality or Hype?“, Conn Hallinan, Foreign Policy in Focus, 11 January 2012
- “Cyber-Weapons”, Thomas Rid (Kings College) and Peter McBurney, The RUSI Journal, February 2012.
- “Cyber War Will Not Take Place“, Thomas Rid (Kings College), Journal of Strategic Studies, February 2012.
- “Think Again: Cyberwar“, Thomas Rid (Kings College), Foreign Policy, March/April 2012 — “Don’t fear the digital bogeyman. Virtual conflict is still more hype than reality.”
- “Does Cybercrime Really Cost $1 Trillion?“, by Peter Maass and Megha Rajagopalan, ProPublica, 1 August 2012.
- “CSI: Cyber-Attack Scene Investigation–a Malware Whodunit” by Larry Greenemeier, Scientific American, 28 January 2016 — “Although the method of a hack attack can be deciphered, the culprits often remain a mystery.”