Scan barcode
zare_i's review against another edition
4.0
In this book author gives a very interesting premise - cyber war will not take place because there is no such thing as cyber war.
Book explains in a very precise way how cyber warfare, no matter how crazed (and yes, truly crazed, bombastic and ever on the lookout for sensations and half truths) media and politicians want it to be seen differently, is not warfare in the way we understand it, is not warfare at all but a tool. And again not a tool in Clausewitz's sense (continuation of policy by other means) but support tool, yet another venue for supporting the conventional means of warfare in the same way GPS, communication and recon satellites are supporting tools.
Going very slowly and thoroughly through historical examples (from 1980's to modern times - of course 2016 gets mention here) author describes that cyber warfare actions can never be seen as standard violent actions of opposing armed forces because it is in one way either highly specialized and precise tool for support (Stuxnet and APT for example) and in other so dispersed and decentralized that it can motivate people to join a virtual movement but also leave it as soon as they get bored (social oriented software and systems) that it cannot survive on its own. It needs to be used as part of the whole and it cannot survive on its own to achieve any goal.
In other words if cyber warfare ever achieves its goal then it will not be an action triggered by the moment (like assassination of Hapsburg monarch in the Balkans or mishap in firing of nuclear weapons) but precisely launched attack on the very much studied and observed target, for months if not years. There will be no excuse for this offense, no I/we did not know. And this is why it will never be triggered because to trigger it means painting huge bulls-eye on ones country to be ripped apart by other parties. And all for the dubiously effective attack on infrastructure (that is continuously covered by government services). This is what makes the situation highly unlikely (if not completely impossible).
And this is where reality clashes with fiction (yeah, Swordfish is not the way hacking is done, although I liked the entry test :)), fiction that is so liked by people looking for sensations and bombastic titles - to get more funding or get more blog/news media readers.
Even when used for sabotage and subversion cyber warfare tools are only as good as other parts of the operation. From insertion to exfiltration.
Excellent book that explains how computer network warfare (sounds much boring than cyber warfare right?) can be dangerous in many ways - especially in wrong attribution of the events and inability to discern criminal from state sponsored actions. It is a tool used by shadow agencies in false flag and proper assaults but either as a scalpel cut or as a support tool in a greater operation (to shutdown radar networks i.e.). We are still far away from Gibson's matrix or Cyberpunk future - which is good, because those book need to be considered a warning not something to yearn for (unless we as a society truly are sick in our collective mind).
I found it very interesting that fear rising in the West from the East seem to be caused by the knowledge coming from western lead operation. It is same as fear of the spy that causes him to see spies all around him, because he knows what can happen and what can be done (i.e. take 2016 and very sophisticated Arab spring - in general they are the same, executed using same tools and network media for pushing ones ideas). Don't get me wrong, East is more than willing to submit these types of operations (and they do it as APT operation shows) but this looks like a closed circuit, without end and with so many contradictions it is unbelievable (i.e. I would like current politicians to finally come to terms with N. Korea - is it backward, starving nation with large peasant army and almost no hi tech, or SPECTRE-like construct that is so capable to conduct cyber warfare operations and endanger highly sophisticated West?).
And this is where additional danger lies - there are so many half-truths, exaggerations for this new vector of attack that you can say almost everything and get away with it. You can present your enemy to be this great great threat in this aspect and nobody will ask for any more details because this boogey-man-warfare is THE threat, our wise official say.
Hopefully this book will put things in proper context because it needs to be done to prevent unnecessary conflicts between nations.
Highly recommended.
Book explains in a very precise way how cyber warfare, no matter how crazed (and yes, truly crazed, bombastic and ever on the lookout for sensations and half truths) media and politicians want it to be seen differently, is not warfare in the way we understand it, is not warfare at all but a tool. And again not a tool in Clausewitz's sense (continuation of policy by other means) but support tool, yet another venue for supporting the conventional means of warfare in the same way GPS, communication and recon satellites are supporting tools.
Going very slowly and thoroughly through historical examples (from 1980's to modern times - of course 2016 gets mention here) author describes that cyber warfare actions can never be seen as standard violent actions of opposing armed forces because it is in one way either highly specialized and precise tool for support (Stuxnet and APT for example) and in other so dispersed and decentralized that it can motivate people to join a virtual movement but also leave it as soon as they get bored (social oriented software and systems) that it cannot survive on its own. It needs to be used as part of the whole and it cannot survive on its own to achieve any goal.
In other words if cyber warfare ever achieves its goal then it will not be an action triggered by the moment (like assassination of Hapsburg monarch in the Balkans or mishap in firing of nuclear weapons) but precisely launched attack on the very much studied and observed target, for months if not years. There will be no excuse for this offense, no I/we did not know. And this is why it will never be triggered because to trigger it means painting huge bulls-eye on ones country to be ripped apart by other parties. And all for the dubiously effective attack on infrastructure (that is continuously covered by government services). This is what makes the situation highly unlikely (if not completely impossible).
And this is where reality clashes with fiction (yeah, Swordfish is not the way hacking is done, although I liked the entry test :)), fiction that is so liked by people looking for sensations and bombastic titles - to get more funding or get more blog/news media readers.
Even when used for sabotage and subversion cyber warfare tools are only as good as other parts of the operation. From insertion to exfiltration.
Excellent book that explains how computer network warfare (sounds much boring than cyber warfare right?) can be dangerous in many ways - especially in wrong attribution of the events and inability to discern criminal from state sponsored actions. It is a tool used by shadow agencies in false flag and proper assaults but either as a scalpel cut or as a support tool in a greater operation (to shutdown radar networks i.e.). We are still far away from Gibson's matrix or Cyberpunk future - which is good, because those book need to be considered a warning not something to yearn for (unless we as a society truly are sick in our collective mind).
I found it very interesting that fear rising in the West from the East seem to be caused by the knowledge coming from western lead operation. It is same as fear of the spy that causes him to see spies all around him, because he knows what can happen and what can be done (i.e. take 2016 and very sophisticated Arab spring - in general they are the same, executed using same tools and network media for pushing ones ideas). Don't get me wrong, East is more than willing to submit these types of operations (and they do it as APT operation shows) but this looks like a closed circuit, without end and with so many contradictions it is unbelievable (i.e. I would like current politicians to finally come to terms with N. Korea - is it backward, starving nation with large peasant army and almost no hi tech, or SPECTRE-like construct that is so capable to conduct cyber warfare operations and endanger highly sophisticated West?).
And this is where additional danger lies - there are so many half-truths, exaggerations for this new vector of attack that you can say almost everything and get away with it. You can present your enemy to be this great great threat in this aspect and nobody will ask for any more details because this boogey-man-warfare is THE threat, our wise official say.
Hopefully this book will put things in proper context because it needs to be done to prevent unnecessary conflicts between nations.
Highly recommended.
lpm100's review against another edition
1.0
I was just looking over a book that someone sent me as a result of liking my review for another book. As I look back, it one was on my "Greatest Hits." It was about Thomas Rid's book "Cyber War Will Not Take Place."
************************
The upshot: Save your money.
At the outset, this author seems to have at least two major problems in his reasoning.
1. He chooses a definition of war (it must involve violence, it must be political, and it must be instrumental) and then concludes that whatever does not fit onto that definition does not constitute war. It's like he never stops to consider that, in light of new technology the definition of war could (and should) be expanded.
2. He gives a lot of anecdotal examples from history and shows where they were ultimately of little consequence. And therefore he arrives at the conclusion (not too lightly) that future attacks will be equally benign (or will not be able to wreak the destruction that many people fear). But to follow that reasoning to its logical conclusion, one could conclude that because the last attack where people fired muskets (and didn't kill that many people) meant that guns would never get to the level of destruction of an AK-47.
The book is written such that any of the chapters can be read stand-alone. And so I'll go through the book and make some statements chapter by chapter.
Chapter 1 (Definitions). This is where Rid lays out the definition. Again, war must be political, instrumental, and violent. The author then goes on to make the case that since not many people have been killed by electronic warfare, that it is not the same thing as hand to hand warfare or nuclear devices. The problem is that words are not our masters. They are our servants. If we follow this author's line of reasoning to its logical conclusion we could say something like: "So and so said that a legal system should have impartial jurists and be predictable. A country/ territory that does not have predictability and impartial jurists does not have a legal system." Yet that would not explain the Chinese legal system (which is unpredictable and the concept of "impartial jurist" does not exist-- at least not in the Western sense) and that is not to say that there *is* no legal system in China. There's just one that does not fit onto So and So's definition of what is a legal system. The author then goes into a few anecdotal examples. But these are irrelevant. If you have had 100 electronic ("cyber") attacks and they caused limited damage, you can say absolutely nothing (!) about the 101st.
Chapter 2 (Violence). More semantics. More pressing of the Clausewitz definition. Based on the Clausewitz definition, wars must be violent (and violence must have an emotional impact). Electronic attacks are not violent, nor are they the same thing as a bullet or an explosive device. And so they therefore don't qualify as war. There is some interesting discussion about the instrumental role of violence in establishing the power of the state and maintenance of trust. (And so if violence is not directed toward establishing the role of the state and maintenance of trust relationships, then it is not instrumental.) It's a very long argument, but ultimately it's sophistry. One could say that erosion of trust (by repeated cyber attacks) destroys so much economic activity. And if you pick a certain value per life, then that is the same thing as killing actual civilians. And in that case, then it is instrumental (destroying the government of the enemy) and does count as "war."
Chapter 3 (Weapons). Here we get part of a helpful distinction between generic and low potential tools vs. specific and high potential weaponry. But before the chapter if finished, he gets into more casuistry. Weapons are meant to hurt people/ things. But DDoS attacks don't actually harm anyone. The damage that they cause is second-order, and so they don't fit onto the definition of "weapons" (which, are meant for direct use in this case).
Chapter 4 (Sabotage). There is some discussion of attacks on things like the attacks on Saudi Aramco. He says that they interrupted operations for less than a day. But it is fallacious to conclude that just because something happened one way one time that it might not be worse the second time. The author expands this foolish line of reasoning for *several* pages.
Chapter 5 (Espionage). Here the author makes the distinction between Human Intelligence and Signal Intelligence. Apparently economic espionage can be damaging, but it is not all that damaging for things that have process knowledge (just because you have recipe for bread doesn't mean that you know how to make it *well*.) As with all the other chapters, he builds his argument by anecdote-- and then assumes that absence of evidence is evidence of absence (so, if you can't prove beyond a shadow of a doubt that Chinese espionage didn't cause the collapse of a company then that is enough to rule out electronic espionage as anything significant).
Chapter 6 (Subversion). I am not sure what his point is here. And I didn't have the patience to fish for it (through the long discussion about what does subversion mean). Some part of it seems to be an argument that was repeated before by Evgeny Morozov in The Net Delusion: The Dark Side of Internet Freedom. Basically, he says that: 1. Movements that are not made by flesh and blood people might not have the same "stickiness" as movements that are based online, and; 2. As larger numbers of people get together the focus of the group becomes more vague. (This could account for why the Occupy Wall Street Movement had such a hard time articulating a message-- or even finding one for that matter.)
Chapter 7 (Attribution). Now the book gets really silly. He goes over some cases where attribution was difficult (as we suspect that it might be given the nature of the tools). And even though the author has mentioned that circumstantial evidence would not hold up in court (such as the fact that in one case all the attacks happened between 9am and 5pm Beijing time and were traceable to the Shanghai Pudong District)....how this is relevant, I'm totally unsure.
Chapter 8 (Conclusions). There is some interesting discussion about the use of metaphors (1. didactic devices; 2. creative devices; 3. testing devices). And he seems to conclude that the advantage is on the side of the defenders. Given how shakily reasoned this book has heretofore been, I am tempted to conclude the exact opposite of what he says. Finally, there is a bit of discussion on the *ethics* of cyber attacks. And this strange, because: 1. The author has just gotten finished telling us that electronic warfare is not the same as physical warfare; 2. Don't let your metaphors take you too far. But then he turns around and does *just that* by imagining that conventions can be made to which countries will agree to adhere-- even though patriot hackers are not government officials and hence not bound by war conventions. And even though attribution is difficult (gist of the last chapter)-- how can someone be called to account for something that no one can prove that they did? And even though some people don't have any ethical superstructure to appeal to (China). Rid suggests that more needs to be done on defense than offense (the US government concentrates on offense). But then, who knows what they are doing? (He admits that most of this work is stamped "secret.")
Verdict: This book is worth the time if you want to sit and pick apart the arguments (I *love* tearing things apart). But as an investigation into the subject, it's not all that great. The reasoning is just too strained and sloppy. In any case, anyone who wants to tear apart strange arguments can just pick up a copy of the New York Times for less than a couple of bucks. I can't see investing the $12 for this book if I had the chance to do it all over again. It doesn't really settle the case for me any better than when I started the book.
************************
The upshot: Save your money.
At the outset, this author seems to have at least two major problems in his reasoning.
1. He chooses a definition of war (it must involve violence, it must be political, and it must be instrumental) and then concludes that whatever does not fit onto that definition does not constitute war. It's like he never stops to consider that, in light of new technology the definition of war could (and should) be expanded.
2. He gives a lot of anecdotal examples from history and shows where they were ultimately of little consequence. And therefore he arrives at the conclusion (not too lightly) that future attacks will be equally benign (or will not be able to wreak the destruction that many people fear). But to follow that reasoning to its logical conclusion, one could conclude that because the last attack where people fired muskets (and didn't kill that many people) meant that guns would never get to the level of destruction of an AK-47.
The book is written such that any of the chapters can be read stand-alone. And so I'll go through the book and make some statements chapter by chapter.
Chapter 1 (Definitions). This is where Rid lays out the definition. Again, war must be political, instrumental, and violent. The author then goes on to make the case that since not many people have been killed by electronic warfare, that it is not the same thing as hand to hand warfare or nuclear devices. The problem is that words are not our masters. They are our servants. If we follow this author's line of reasoning to its logical conclusion we could say something like: "So and so said that a legal system should have impartial jurists and be predictable. A country/ territory that does not have predictability and impartial jurists does not have a legal system." Yet that would not explain the Chinese legal system (which is unpredictable and the concept of "impartial jurist" does not exist-- at least not in the Western sense) and that is not to say that there *is* no legal system in China. There's just one that does not fit onto So and So's definition of what is a legal system. The author then goes into a few anecdotal examples. But these are irrelevant. If you have had 100 electronic ("cyber") attacks and they caused limited damage, you can say absolutely nothing (!) about the 101st.
Chapter 2 (Violence). More semantics. More pressing of the Clausewitz definition. Based on the Clausewitz definition, wars must be violent (and violence must have an emotional impact). Electronic attacks are not violent, nor are they the same thing as a bullet or an explosive device. And so they therefore don't qualify as war. There is some interesting discussion about the instrumental role of violence in establishing the power of the state and maintenance of trust. (And so if violence is not directed toward establishing the role of the state and maintenance of trust relationships, then it is not instrumental.) It's a very long argument, but ultimately it's sophistry. One could say that erosion of trust (by repeated cyber attacks) destroys so much economic activity. And if you pick a certain value per life, then that is the same thing as killing actual civilians. And in that case, then it is instrumental (destroying the government of the enemy) and does count as "war."
Chapter 3 (Weapons). Here we get part of a helpful distinction between generic and low potential tools vs. specific and high potential weaponry. But before the chapter if finished, he gets into more casuistry. Weapons are meant to hurt people/ things. But DDoS attacks don't actually harm anyone. The damage that they cause is second-order, and so they don't fit onto the definition of "weapons" (which, are meant for direct use in this case).
Chapter 4 (Sabotage). There is some discussion of attacks on things like the attacks on Saudi Aramco. He says that they interrupted operations for less than a day. But it is fallacious to conclude that just because something happened one way one time that it might not be worse the second time. The author expands this foolish line of reasoning for *several* pages.
Chapter 5 (Espionage). Here the author makes the distinction between Human Intelligence and Signal Intelligence. Apparently economic espionage can be damaging, but it is not all that damaging for things that have process knowledge (just because you have recipe for bread doesn't mean that you know how to make it *well*.) As with all the other chapters, he builds his argument by anecdote-- and then assumes that absence of evidence is evidence of absence (so, if you can't prove beyond a shadow of a doubt that Chinese espionage didn't cause the collapse of a company then that is enough to rule out electronic espionage as anything significant).
Chapter 6 (Subversion). I am not sure what his point is here. And I didn't have the patience to fish for it (through the long discussion about what does subversion mean). Some part of it seems to be an argument that was repeated before by Evgeny Morozov in The Net Delusion: The Dark Side of Internet Freedom. Basically, he says that: 1. Movements that are not made by flesh and blood people might not have the same "stickiness" as movements that are based online, and; 2. As larger numbers of people get together the focus of the group becomes more vague. (This could account for why the Occupy Wall Street Movement had such a hard time articulating a message-- or even finding one for that matter.)
Chapter 7 (Attribution). Now the book gets really silly. He goes over some cases where attribution was difficult (as we suspect that it might be given the nature of the tools). And even though the author has mentioned that circumstantial evidence would not hold up in court (such as the fact that in one case all the attacks happened between 9am and 5pm Beijing time and were traceable to the Shanghai Pudong District)....how this is relevant, I'm totally unsure.
Chapter 8 (Conclusions). There is some interesting discussion about the use of metaphors (1. didactic devices; 2. creative devices; 3. testing devices). And he seems to conclude that the advantage is on the side of the defenders. Given how shakily reasoned this book has heretofore been, I am tempted to conclude the exact opposite of what he says. Finally, there is a bit of discussion on the *ethics* of cyber attacks. And this strange, because: 1. The author has just gotten finished telling us that electronic warfare is not the same as physical warfare; 2. Don't let your metaphors take you too far. But then he turns around and does *just that* by imagining that conventions can be made to which countries will agree to adhere-- even though patriot hackers are not government officials and hence not bound by war conventions. And even though attribution is difficult (gist of the last chapter)-- how can someone be called to account for something that no one can prove that they did? And even though some people don't have any ethical superstructure to appeal to (China). Rid suggests that more needs to be done on defense than offense (the US government concentrates on offense). But then, who knows what they are doing? (He admits that most of this work is stamped "secret.")
Verdict: This book is worth the time if you want to sit and pick apart the arguments (I *love* tearing things apart). But as an investigation into the subject, it's not all that great. The reasoning is just too strained and sloppy. In any case, anyone who wants to tear apart strange arguments can just pick up a copy of the New York Times for less than a couple of bucks. I can't see investing the $12 for this book if I had the chance to do it all over again. It doesn't really settle the case for me any better than when I started the book.
matthew_p's review against another edition
2.0
Good arguments, interesting concepts, but rather densely written.
martijn_grooten's review against another edition
First published in 2013 and thus slightly dated, at least when it comes to the referred examples, Thomas Rid's book has stood the test of time and is an intelligent discussion on what cyber war really is and how little it has to do with war.