Dependence on computers has had a transformative effect on human society. Cybernetics is now woven into the core functions of virtually every basic institution, including our oldest ones. War is one such institution, and the digital revolution's impact on it has been profound. The Americanmilitary, which has no peer, is almost completely reliant on high-tech computer systems. Given the Internet's potential for full-spectrum surveillance and information disruption, the marshaling of computer networks represents the next stage of cyberwar. Indeed, it is upon us already. The recentStuxnet episode, in which Israel fed a malignant computer virus into Iran's nuclear facilities, is one such example. Penetration into US government computer systems by Chinese hackers - presumably sponsored by the Chinese government - is another. Together, they point to a new era in the evolution ofhuman conflict. In Cybersecurity: What Everyone Needs to Know, noted experts Peter W. Singer and Allan Friedman lay out how the revolution in military cybernetics occurred and explain where it is headed. They begin with an explanation of what cyberspace is before moving on to discussions of how it can be exploitedand why it is so hard to defend. Throughout, they discuss the latest developments in military and security technology. Singer and Friedman close with a discussion of how people and governments can protect themselves. In sum, Cybersecurity is the definitive account on the subject for the educatedlayman who wants to know more about the nature of war, conflict, and security in the twenty first century.
Peter W. Singer is a Senior Fellow and the Director of the 21st Century Defense Initiative at the Brookings Institution.
Allan Friedman is a Fellow in Governance Studies and Research Director of the Center for Technology Innovation at the Brookings Institution.
Table of Contents
Why Write a Book about Cybersecurity and Cyberwar?
Why Is There a Cybersecurity Knowledge Gap, and Why Does It Matter?
How Did You Write the Book and What Do You Hope to Accomplish?
PART I: HOW IT ALL WORKS
The World Wide What? Defining Cyberspace
Where Did This "Cyber Stuff" Come from Anyway? A Short History of the Internet
How Does the Internet Actually Work?
Who Runs It? Understanding Internet Governance
On the Internet, How Do They Know Whether You Are a Dog?
Identity and Authentication
What Do We Mean by "Security" Anyway?
What Are the Threats?
One Phish, Two Phish, Red Phish, Cyber Phish: What Are Vulnerabilities?
How Do We Trust in Cyberspace?
Focus: What Happened in WikiLeaks?
What Is an Advanced Persistent Threat (APT)?
How Do We Keep the Bad Guys Out? The Basics of Computer Defense
Who Is the Weakest Link? Human Factors
PART II: WHY IT MATTERS
What Is the Meaning of Cyberattack? The Importance of Terms and Frameworks
Whodunit? The Problem of Attribution
What Is Hactivism?
Focus: Who Is Anonymous?
The Crimes of Tomorrow, Today: What Is Cybercrime?
Shady RATs and Cyberspies: What Is Cyber Espionage?
How Afraid Should We Be of Cyberterrorism?
So How Do Terrorists Actually Use the Web?
What about Cyber Counterterrorism?
Security Risk or Human Right? Foreign Policy and the Internet
Focus: What Is Tor and Why Does Peeling Back the Onion Matter?
Who Are Patriotic Hackers?
Focus: What Was Stuxnet?
What Is the Hidden Lesson of Stuxnet? The Ethics of Cyberweapons
"Cyberwar, Ugh, What Are Zeros and Ones Good For?": Defining Cyberwar
A War by Any Other Name? The Legal Side of Cyber Conflict
What Might a "Cyberwar" Actually Look Like? Computer Network Operations
Focus: What Is the US Military Approach to Cyberwar?
Focus: What Is the Chinese Approach to Cyberwar?
What about Deterrence in an Era of Cyberwar?
Why Is Threat Assessment So Hard in Cyberspace?
Does the Cybersecurity World Favor the Weak or the Strong?
Who Has the Advantage, the Offense or the Defense?
A New Kind of Arms Race: What Are the Dangers of Cyber Proliferation?
Are There Lessons from Past Arms Races?
Behind the Scenes: Is There a Cyber-Industrial Complex?
PART III: WHAT CAN WE DO?
Don't Get Fooled: Why Can't We Just Build a New, More Secure Internet?
Rethink Security: What Is Resilience, and Why Is It Important?
Reframe the Problem (and the Solution): What Can We Learn from Public Health?
Learn from History: What Can (Real) Pirates Teach Us about Cybersecurity?
Protect World Wide Governance for the World Wide Web: What Is the Role of International Institutions?
"Graft" the Rule of Law: Do We Need a Cyberspace Treaty?
Understand the Limits of the State in Cyberspace: Why Can't the Government Handle It?
Rethink Government's Role: How Can We Better Organize for Cybersecurity?
Approach It as a Public-Private Problem: How Do We Better Coordinate Defense?
Exercise Is Good for You: How Can We Better Prepare for Cyber Incidents?
Build Cybersecurity Incentives: Why Should I Do What You Want?
Learn to Share: How Can We Better Collaborate on Information?
Demand Disclosure: What Is the Role of Transparency?
Get "Vigorous" about Responsibility: How Can We Create Accountability for Security?
Find the IT Crowd: How Do We Solve the Cyber People Problem?
Do Your Part: How Can I Protect Myself (and the Internet)?
Where Is Cybersecurity Headed Next?
What Do I Really Need to Know in the End?