5-24-2010 Monday – Book Review: CYBERWAR by Richard Clarke

Over the last couple of years I have developed an interest, a strong interest, in security.  I even went so far as to download the .pdf of “Who Wrote So Big” after reading “Fatal System Error“.  I will attach it to this blog for those who may want to read it.  It is only a 20 page read…the other 20+ pages is the PGP key for copyright and author identification.

WhoWroteSobig

Before reading “Fatal System Error” I did not realize the extent the Eastern European/Former Soviet Republics/Russia were involved in all this malware, id theft, etc…Now, to be sure, books like  “Fatal System Error” and “Cyberwar” are a dystopian view of our Anywhere culture, but they are real and information is power.

You have to admire Mr. Clarke’s passion about this issue.  While some have put the book down by comparing it to the movie “Live Free or Die Hard” (which, to Mr. Clarke’s credit, he references in his book) it does not mean the book is without merit.

Also, Mr. Clarke’s credentials are impeccable.

The main thrust of the book is the United States needs a comprehensive Cyberwar strategy.  Mr Clarke contends that we may have a very good offense but we suck at defense.  The military certainly has defense.  The .gov domain has assigned accountability for defense to the DHS.  But there is no one watching over the Public .com domain.  What is particularly worrisome to Mr. Clarke is the (public) Power Grid is accessible via the Internet.

If you are expecting to learn any specific offensive or defensive Cyber War weapons you will be disappointed.  However, if you are like me and just looking to gain an understanding of the issues and learn some of the ‘lingo’ then you will be satisfied.

Mr. Clarke uses his background with Nuclear Arms treaties and negotiations during the Cold War to lead his discussion.  Now, Cyberwar is NOT like the Cold War.  I.e. launching an all out Cyberwar is not a ‘planet killer’.  But, the planning process – the method and questions one must ask – are equivalent:

  • What are you willing to do
  • What are the ramifications of the action

I also learned terms like ‘logic bombs’ and about the Attribution Problem.  The scenario:  if our public power grid is shut down how will we know who did it?  And how long will it take to find out?  Do we wait to retaliate until we are “sure” who did it?  During the Cold War we would know ABSOLUTELY where the ICBMs launched from and take “sure” action to retaliate.  That is not true in the 21st century.

Mr. Clarke recommends three things we (the US Government) must do:

  • A Presidential ‘decree’ of what the US response would be if we are the victim of a Cyber Attack.
  • Get Public Utilities off the Internet and on a ‘private’, ‘secure’ and ‘trusted’ network
  • Regulate the top five Internet Carriers to put in place certain ‘defensive’ software and architecture changes to reduce exposure to Cyber Attacks.

Mr. Clarke contends North Korea is the ‘safest’ country from a Cyberwar.  North Korea has only one ‘pipe’ to the ‘outside’ world and it can easily be ‘turned off’.  China too, can turn of it’s pipes and isolate itself from attack.

Between the books  “Fatal System Error“, “Cyberwar” and “Anywhere” it seems to me we need two “Internets”.  One like we have now, Open and Free and another Secure.  Secure, where everyone’s and everything’s ID/name  is known and Trusted.   As mobile technology become ubiquitous perhaps the ‘wireless’ network becomes the “Open and Free” and the ‘hard-wired’ network becomes secure and Trusted…encryption could be used to move from the Open to the Secure…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: