Book Archives - The Cyber Loop

Cyber Warfare: A Reference Handbook

This timely handbook traces the development of cyber capabilities from their roots in information warfare and cryptology to their potential military application in combat.

• Incorporates expertise from diverse viewpoints from the military, government agencies, industry, and academia

• Provides an informative timeline of key events in the development of cyber warfare capabilities

• Highlights the most prominent and effective cyber attacks in history as well as legal attempts to curb them

The Evolution of Cyber War: International Norms for Emerging-Technology Weapons

From Amazon.com:

Former secretary of defense Leon Panetta once described cyber warfare as “the most serious threat in the twenty-first century,” capable of destroying our entire infrastructure and crippling the nation.

Already, major cyber attacks have affected countries around the world: Estonia in 2007, Georgia in 2008, Iran in 2010, and most recently the United States. As with other methods of war, cyber technology can be used not only against military forces and facilities but also against civilian targets. Information technology has enabled a new method of warfare that is proving extremely difficult to combat, let alone defeat.

And yet cyber warfare is still in its infancy, with innumerable possibilities and contingencies for how such conflicts may play out in the coming decades. Brian M. Mazanec examines the worldwide development of constraining norms for cyber war and predicts how those norms will unfold in the future. Employing case studies of other emerging-technology weapons—chemical and biological, strategic bombing, and nuclear weaponry—Mazanec expands previous understandings of norm-evolution theory, offering recommendations for U.S. policymakers and citizens alike as they grapple with the reality of cyber terrorism in our own backyard.

Cyber Terrorism after STUXNET

From the Summary:

Terrorists are known to use the Internet for communications, planning, recruitment, propaganda, and reconnaissance. They have shown interest in carrying out cyberattacks on U.S. critical infrastructures, although no such serious attacks are known publicly to have occurred. The discovery of the Stuxnet malware in July 2010, and its analysis over the next several months, was widely believed to have been a landmark event in cybersecurity, because it showed that cyberattacks against industrial control systems, hypothesized for a long time, are actually possible. After Stuxnet, there were public concerns that terrorists might be encouraged to acquire capabilities for similar cyberattacks.

This monograph examines cyberterrorism before and after Stuxnet by addressing questions of:

1. Motive—Are terrorists interested in launching cyberattacks against U.S. critical infrastructures?

2. Means—Are terrorists building capabilities and skills for cyberattacks?

3. Opportunity—How vulnerable are U.S. critical infrastructures?

It is noted that no serious cyberterrorism attacks have occurred after Stuxnet. This can be explained from a cost-benefit perspective that has not changed since Stuxnet. It can be argued that U.S. policies can really address vulnerabilities only by strengthening defenses of critical infrastructures.

Read the full book here.

Tallinn Manual

From Amazon.com

The product of a three-year project by twenty renowned international law scholars and practitioners, the Tallinn Manual identifies the international law applicable to cyber warfare and sets out ninety-five ‘black-letter rules’ governing such conflicts. It addresses topics including sovereignty, State responsibility, the jus ad bellum, international humanitarian law, and the law of neutrality. An extensive commentary accompanies each rule, which sets forth the rule’s basis in treaty and customary law, explains how the group of experts interpreted applicable norms in the cyber context, and outlines any disagreements within the group as to each rule’s application.

Making Strategic Sense of Cyber Power: Why the Sky Is Not Falling

From the Executive Summary:

Cyber is now recognized as an operational domain, but the theory that should explain it strategically is, for the most part, missing. It is one thing to know how to digitize; it is quite another to understand what digitization means strategically. The author maintains that, although the technical and tactical literature on cyber is abundant, strategic theoretical treatment is poor. He offers four conclusions: (1) cyber power will prove useful as an enabler of joint military operationsl; (2) cyber offense is likely to achieve some success, and the harm we suffer is most unlikely to be close to lethally damaging; (3) cyber power is only information and is only one way in which we collect, store, and transmit information; and, (4) it is clear enough today that the sky is not falling because of cyber peril. As a constructed environment, cyberspace is very much what we choose to make it. Once we shed our inappropriate awe of the scientific and technological novelty and wonder of it all, we ought to have little trouble realizing that as a strategic challenge we have met and succeeded against the like of networked computers and their electrons before. The whole record of strategic history says: Be respectful of, and adapt for, technical change, but do not panic.

Read the full book here.

We Are Anonymous

From Amazon.com

WE ARE ANONYMOUS is the first full account of how a loosely assembled group of hackers scattered across the globe formed a new kind of insurgency, seized headlines, and tortured the feds-and the ultimate betrayal that would eventually bring them down. Parmy Olson goes behind the headlines and into the world of Anonymous and LulzSec with unprecedented access, drawing upon hundreds of conversations with the hackers themselves, including exclusive interviews with all six core members of LulzSec.

In late 2010, thousands of hacktivists joined a mass digital assault on the websites of VISA, MasterCard, and PayPal to protest their treatment of WikiLeaks. Other targets were wide ranging-the websites of corporations from Sony Entertainment and Fox to the Vatican and the Church of Scientology were hacked, defaced, and embarrassed-and the message was that no one was safe. Thousands of user accounts from pornography websites were released, exposing government employees and military personnel.

Although some attacks were perpetrated by masses of users who were rallied on the message boards of 4Chan, many others were masterminded by a small, tight-knit group of hackers who formed a splinter group of Anonymous called LulzSec. The legend of Anonymous and LulzSec grew in the wake of each ambitious hack. But how were they penetrating intricate corporate security systems? Were they anarchists or activists? Teams or lone wolves? A cabal of skilled hackers or a disorganized bunch of kids?

WE ARE ANONYMOUS delves deep into the internet’s underbelly to tell the incredible full story of the global cyber insurgency movement, and its implications for the future of computer security.

Countdown to Zero Day

From Amazon.com

Top cybersecurity journalist Kim Zetter tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare—one in which a digital attack can have the same destructive capability as a megaton bomb.

In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at an Iranian uranium enrichment plant were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the technicians replacing the centrifuges as to the inspectors observing them.

Then, five months later, a seemingly unrelated event occurred: A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were crashing and rebooting repeatedly.

At first, the firm’s programmers believed the malicious code on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a mysterious virus of unparalleled complexity.

They had, they soon learned, stumbled upon the world’s first digital weapon. For Stuxnet, as it came to be known, was unlike any other virus or worm built before: Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak actual, physical destruction on a nuclear facility.

In these pages, Wired journalist Kim Zetter draws on her extensive sources and expertise to tell the story behind Stuxnet’s planning, execution, and discovery, covering its genesis in the corridors of Bush’s White House and its unleashing on systems in Iran—and telling the spectacular, unlikely tale of the security geeks who managed to unravel a sabotage campaign years in the making.

But Countdown to Zero Day ranges far beyond Stuxnet itself. Here, Zetter shows us how digital warfare developed in the US. She takes us inside today’s flourishing zero-day “grey markets,” in which intelligence agencies and militaries pay huge sums for the malicious code they need to carry out infiltrations and attacks. She reveals just how vulnerable many of our own critical systems are to Stuxnet-like strikes, from nation-state adversaries and anonymous hackers alike—and shows us just what might happen should our infrastructure be targeted by such an attack.

Propelled by Zetter’s unique knowledge and access, and filled with eye-opening explanations of the technologies involved, Countdown to Zero Day is a comprehensive and prescient portrait of a world at the edge of a new kind of war.

Cyber Defense: An International View

From the Summary:

Despite the history of offensive cyber activity being much longer than is commonly thought, cyber defense is still considered a new discipline. It is only relatively recently that states have established formal structures to provide for cyber defense, and cyber security more broadly. In this context, each nation has developed its own mix of public, private, and military organizations active in the field.

The relationships between these organizations are based on the nation’s unique circumstances, determining the overall shape of relations between the state and business, the approach to e-government, civilian control of the military, threat perception, and much more. The United States is no exception and has developed its own approach to organizing cyber defense based on factors specific to it. But the wide range of organizational approaches to reaching a “best fit” template for successful cyber defense raises the possibility that other nations may have developed approaches that could be usefully adopted in a U.S. context.

This Paper introduces four different foreign approaches to cyber defense, each very different from the U.S. model. In surveying the cyber defense organizations of Germany, Sweden, Norway, and Estonia, the Paper aims not only to provide baseline information on overseas structures and planning in order to facilitate U.S. cooperation with international partners, but also to provide policymakers with an overview of effective alternative approaches that may be applicable in a U.S. context.

Read the full book here.

Cybersecurity for Executives

From Amazon.com
Practical guide that can be used by executives to make well-informed decisions on cybersecurity issues to better protect their business

Emphasizes, in a direct and uncomplicated way, how executives can identify, understand, assess, and mitigate risks associated with cybersecurity issues
Covers ‘What to Do When You Get Hacked?’ including Business Continuity and Disaster Recovery planning, Public Relations, Legal and Regulatory issues, and Notifications and Disclosures
Provides steps for integrating cybersecurity into Strategy; Policy and Guidelines; Change Management and Personnel Management
Identifies cybersecurity best practices that executives can and should use both in the office and at home to protect their vital information

Dark Territory

From Amazon.com

As cyber-attacks dominate front-page news, as hackers join terrorists on the list of global threats, and as top generals warn of a coming cyber war, few books are more timely and enlightening than Dark Territory: The Secret History of Cyber War, by Slate columnist and Pulitzer Prize–winning journalist Fred Kaplan.

Kaplan probes the inner corridors of the National Security Agency, the beyond-top-secret cyber units in the Pentagon, the “information warfare” squads of the military services, and the national security debates in the White House, to tell this never-before-told story of the officers, policymakers, scientists, and spies who devised this new form of warfare and who have been planning—and (more often than people know) fighting—these wars for decades.

From the 1991 Gulf War to conflicts in Haiti, Serbia, Syria, the former Soviet republics, Iraq, and Iran, where cyber warfare played a significant role, Dark Territory chronicles, in fascinating detail, a little-known past that shines an unsettling light on our future.