Title: Cyber War
Author: Richard A. ClarkePublisher: Harper Collins
ISBN: 978-0-06-196223-3
Pages: 290
In a recent edition of the International Herald Tribune, there was an oped article by Vincent Cerf expressing concern about the potential limitations and oversight being considered for the internet at an upcoming International Telecommunications Union (an organization within the U.N) summit. The nature of the article underlines the fundamental debate raging in today’s world where the unregulated internet is being used for both positive and negative outcomes and provides the backbone within which hazard and threat could potentially be directed at the world’s increasingly digitized social and economic structures.
The premise
of Richard A Clarke’s book “Cyber War” addresses this issue directly with a broad
ranging review of what it is, how it is being used (both offensively and
defensively), how prepared the world is for it and what recommendations he
would suggest on how nation states can ensure that they don’t fall victim to
it. He acknowledges at the outset that this is a very complex subject; one fraught
with aspects that transcend social, economic, national and cultural boundaries;
and one that not enough attention is being paid to for a number of reasons.
He
approaches the issues, background and recommendations in such a manner that
that they are accessible to the common reader and does not shy away from
identifying positions that run contrary to his own. This approach is a major strength
of the narrative. Cyber warfare is unlike any potential battlefield that we, as
nations, have ever been faced with. The potential for a nation with very
limited traditional offensive capabilities to be able to undermine the military
strength of a first world power with a few keystrokes that shut down power
grids or communication systems is a profound change in paradigm. Indeed, as
Clarke points out, it fundamentally alters the art and practice of
international relations (and warfare) as we understand it. Further complicating
the issue is the fact that access to this potential is not limited to nation
states but to individuals in the form of terrorists, hackers and activists.
This
book is important because it provides education to those not familiar with the
threat and promotes dialogue within the circles of government, industry and
society on what we should do. A major stumbling block to the discussion is as
basic as trying to identify what constitutes a threat that requires government
intervention or oversight. For example, if you receive spam that shuts down
your server, is that an attack or simply malicious behavior on the part of the
originator of the spam? Does a self replicating virus constitute a national
level threat? Coming to common agreement on the definition of what constitutes
cyber warfare is a huge undertaking in and of itself. Clarke points out that
this agreement is not solely resting within the purview of national level
governments as traditional threats (ie gas warfare) have done. This also has to
include industry and society as they will be profoundly affected by decisions
based upon international agreement.
The creators of the internet had no idea of the range and scope of its potential; neither did governments. Originally designed to support research and development within closed circles of scientists and academics, it has expanded through industry to provide a worldwide interface that has largely developed from the bottom up, free of regulatory oversight. This has always been touted as one of the internet’s strengths. Unfortunately, as Cyber War identifies, it has also resulted in being one of its great vulnerabilities (or opportunities depending upon your perspective). Clarke points out that this has been recognized but that nothing has been done for a number of reasons:
a.
Lack of visible loss – society has not experienced
a major disruption that they have equated to an internet attack;
b.
Lack of consensus on what to do – between industry,
government and interest groups;c. Concerns over privacy and regulation – how much is too much;
d. Boy who cried wolf syndrome – too many alleged threats with no discernible consequence;
e. Influence of big business ie Microsoft on the discussion; and
f. Disagreement on who is responsible for internet security/regulation – the Government or industry?
Each of these areas opens a Pandora’s box of negotiation,
perception and discussion with little to no consensus.
Negotiations
concerning traditional conventional weapons systems and the nuclear threat, have
been able to be accomplished much through deterrence. That discussion centered on
capability and included academics and military experts able to provide
government negotiators with hard data that could be balanced against. In the
world of cyber warfare, individuals have little to no idea of the offensive or
defensive capabilities of their potential adversaries (or even who those
adversaries may be). Given that fact, how does a nation prepare itself and,
within the realm of negotiated treaty, how does a nation ensure compliance?
Clarke
identifies and explains what he sees as the five main areas of vulnerability
for nation states: 1. lack of encryption, 2. the decentralization of the
system, 3. border gateway protocols (essentially how information enters the
system), 4. domain naming system (how information is identified), and 5. the
propagation of malicious traffic. He then goes on to recommend methods by which
these could be addressed (acknowledging however that this will require some
form of regulation). For Clarke, the issue is not should there be a form of
regulation, but more, what kind of and under whose authority should this be
done.
The
irony of cyber warfare to the first world nations is that the development and
propagation of the internet has made them more vulnerable than ever to threat
due to the high level of digitization of banking, power, transportation etc.
That which has made the West stronger has also made it weaker. This is an
excellent book to explain the issues at hand and to stimulate discussion
towards addressing the challenges of ensuring
that the internet remains safe while continuing to provide a medium for
making the world smaller.
No comments:
Post a Comment