||New Reviews| |Software Methodologies| |Popular Science| |AI/Machine Learning| |Programming| |Java| |Linux/Open Source| |XML| |Software Tools| |Other| |Web| |Tutorials| |All By Date| |All By Title| |Resources| |About||
Keywords: Network security, cyber warface, internet
Title: Inside Cyber Warfare
Author: Jeffrey Carr
Verdict: Interesting but highly variable
This is the second edition of Jeffrey Carr's introduction to cyber warfare, updated and slightly expanded from the first edition published back in 2009. It opens dramatically with the story of Magomed Yevloev, possibly the first fatality in cyberwar. Yevloev's was the publisher of an anti-Kremlin website, and was shot in the head while being escorted to police headquarters to be questioned about his activities. It provides the book with a shocking and brutal opening and focuses attention from the beginning on Russia, who along with China are the two main protagonists that this book deals with.
The book provides a strange mix of recent historical narratives, ruminations on the nature of cyberspace and cyber warfare, technical detail on cyber attacks (from distributed denial of service to zero day malware), to essays on legal and political questions on the nature of cyber warfare and speculations on what is going on in different countries. It's an odd mix, slightly disorganised and to a degree fairly repetitive (for example the cyber war activities of Russia and it's former satellites crops up repeatedly), bit in many respects this is problem symptomatic of the real world field of cyber warfare.
For those looking for perspectives on the technology angles the advice has to be to look elsewhere. This really isn't the book to turn to for advice on network security or how to deal with cyber attacks. In many respects technology is almost incidental to the topic at hand. The book is more about trying to unpick the complex web of associations and motives behind cyber warfare. What's the relationship between cyber criminals and the security services? How does plausible denial play out? Is it possible to work out what the cyber warfare programs are in different countries?
A key issue is trying to attribute the source of an attack. The virtual nature of the internet means it's extremely difficult to work out who is behind an incident. The servers driving a denial of service attack may be hosted in the same country as the target of the attack and yet may be run from a third party country via layers of indirection. It's a core problem without an easy solution, which is one of the most concrete things that comes out of this book.
Some of the content is decidedly on the dry and legalistic side of things - and it's clear that essays on the legal status of cyber warfare are aimed at those interested in policy options and not the geek or the lay reader. Other sections - such as the chapter on tracking who runs what (i.e. who is hosting and registering specific cyber warfare related domains and web sites), reads more like a thriller and really provide the most engaging sections of the book.
All in all while this contains some interesting material, the book fails to really present a coherent whole. No doubt that's because cyber warfare is always a work in progress, with dribs and drabs of information coming through. But the book could have been stronger if it was more focused - either it's a book aimed at policy makers or it's a book aimed at the tech savvy geek market (which is the usual O'Reilly market), trying to do both really dilutes the message.