Book Review - Surviving Cyberwar by Richard Stiennon

In 2011 I had the opportunity to share some hours with Richard Stiennon, author of the book titled "Surviving Cyberwar". This post is a personal summary/overview on this light (not related to thought depth but to physical weight) book,  on the use of IT systems to endanger nations' resources as a developing threat. As always, a modest disclaimer, this summary does not replace the reading of the book but rather encourages it.

chapter 1
The first chapter provides some clues about the hazardous life of a cyber warrior, often endangering their personal balance and/or their social relations. Preparing, performing and even reporting cyber attacks is usually a lonely task. As an example, he referes to the "Titan Rain" operation.

chapter 2
This chapter explains the difference in activities among CIA, tasked with infiltrating into foreign organisations to protect US interests, the NSA, tasked, among other things, with intercepting hostile communications and the FBI, devoted to US internal affairs. In this chapter, the reader starts to receive the message that some countries are not equipped to monitor, detect or respond to cyber attacks in a comprehensive and coordinated manner.
Richard also provides some evidences of the real existence of cyber attacks, some of them synchronised with specific events in the physical world, like the ones happening between China and the US in 2001 (related to a Chinese fighter jet and a US reconnaisance plane).
In this chapter, there is also a reference to the popular Sun Tzu's book "The Art of War" and how it presents the spirit of current national intelligence activities i.e. counter-intelligence, psychological warfare, deception, security and fabrication. And, to make things even more interesting, in our current IT systems, there is not even the need to find a vulnerability. All is needed is for a recipient, e.g. of an email, to be induced to install a piece of SW in their computer.

chapter 3
This chapter presents a clear concept, the essence of spionage is access. Let's have this piece of wisdom in mind. Depending on what we assume that is hostile in our environment, we have different scenarios: simple traditional security assumes that endpoints are hostile, but the network can also be hostile, and even the user. This is why the concept of activity monitoring is so crucial.

chapter 4 
Here we read why email servers have been and are important elements in cyber attacks (example mentioned from reality: "ghost net")

chapter 5 
Let's highlight only one figure: The US pentagon spent 100$ million: a clear demonstration that cyberattacks are happening.

chapter 6 
Where is real innovation is happening? In regional conflicts between opposing nations. They have a link with kinetic attacks and all potential adversaries learn from them.

chapter 7
An introduction to a key player, Barret Lyon, a guru in DDOS defence, DDOS today can reach 60GB throughput! and we currently relay on ad-hoc responses. Certainly, there is also a reference to the BGP routing protocol, a real threat vector that needs to be secured.

chapter 8
These pages present a powerful concept: the power of crowdsourcing cyber attacks, based on ancient military school strategies. Almost everything can be crowdsourced e.g. the naming of a whale by Greenpeace. We also read about the use of twitter as a mobilisation tool. By the way, in some countries, the provision of an IP address owner can mean a 10-year sentence for that IP address user e.g. if they sent an email instrumental for an attack or a crime to succeed.
This chapter finalises presenting that some big countries have armies of blog commentators and practice web site censorship.

chapter 9 
This chapter deals with an interesting case study: cyber attacks targeting Estonia in 2007. It also presents a secondary effect: by blocking attacks, a country can cut itself off the Internet. A last point mentioned on these pages: how content management web servers are easier to DDOS that less complex web servers.

chapter 10
From this chapter, two details are worth stressing: opponents at war try to silence each other's Internet sites and cyber events are synchronised with events happening in the physical world.

chapter 11
It is now time to go deeper into the link between kynetic and cyber attacks. The author mentions that this has already happened. Additionally, an example of collateral damage worth mentioning is an unwanted DDOS against a site that shares resources with the initially targeted one. We read in this chapter thath we have to assume that any future military conflict will bring along cyber attacks. Until some years ago, armies lacked cyber response or attack capabilities, the question now is how can armies attract security experts? Richard Stiennon proposes, as a first step, the use of a similar method to the one used by medical staff in the military to attract good professionals.
Some additional ideas are that we need to experiment and to create security labs and also new international treaties e.g. will the NATO help their members only using cyber resources in case of a cyber attack against one member country? The problem with this is again, attribution, not easy at all!

chapter 12
Around the most important topic of this book, we read that IT warfare is an "just" an extension of the evolution of warfare. So far, the author highlights that there has been a mostly reactionary approach towards cyber attacks. He claims that there is a lot to learn from studying previous attacks. For example,
most of the current security measures such as patching IPS, etc come from the experience gathered in past criminal attacks. Subsequently, we read a strong statement: the decision by banks to guarantee customers' funds when they suffer an attack, more than to improve security, is a way to fund new criminal hackers. This is an reflection-deserving thought. A new angle to daily incident management business.
In this chapter we can also read that espionage and DDOS are the two new open fronts. The author touches upon some still open questions such us how to organise a cyber security operation or how to organise resilience in critical infrastructures?

chapter 13
According to Richard Stiennon, the 4 pillars of cyberwar are intelligence, technology, logistics and command. The goal of these cyber attacks is information dominance. In the 1980s, some cyber attacks were already succesful. This chapter also mentions a foundational concept: every party needs to understand each other's way of thinking. Therefore, monitoring communications, activity so close to signal analysis, is essential. He also mentions three steps in a cyber espionage activity: reconnaisance, acquisition and analysis.
These pages finalise refering to concepts like vulnerability discovery, exploitation, automation, malware, rootkits, backdoors, DDOS, SCADA, DNS and BGP attacks.

chapter 14
We start reading a clear fact: human beings and organisations like states are slow to recognise the need for preparedness. Throughout this chapter, we read how different countries e.g. USA Germany Estonia... are preparing (or have prepared) themselves for cyber warfare (e.g. Estonia aims at a public-private sector collaboration). An element of this preparation is the creation of CERTs in different countries.

chapter 15
This last chapter talks about repercusions of this new scenario. Apart from improving IT systems in military organisations and the use of cyber attacks as deterrent measures, there are broader consequences. Some of them are good, like more secure companies and infrastructures, together with intrnational
cooperation, but some others are negative, like more control exerted to citizens by states and business being also victims of these attacks.

All in all, a book that everyone interested in geopolitics, even if they are not IT literate, will find worth reading. Thank you Richard for this book!

Happy reading!

New attack instruments

Tweet this post to your reader colleagues!