Cyber War: The Next Threat to National Security and What to Do About It (Anglais) Broché – 10 avril 2012
|Neuf à partir de||Occasion à partir de|
Descriptions du produit
Revue de presse
“Clarke and Knake are right to sound the alarm.” (Wall Street Journal)
“[CYBER WAR] may be the most important book about national-security policy in the last several years.” (Slate)
“In this chilling and eye-opening book, Clarke and Knake provide a highly detailed yet accessible look at how cyber warfare is being waged and the need to rethink our national security to face this new threat.” (Booklist)
“Will strengthen Clarke’s claims as one of the founding fathers of cybersecurocracy....It is worth buying this book if only for his pithy five-page vision of this coming apocalypse and a return to stone-age conditions within a week, all because of a few pesky hackers and viruses.” (Financial Times)
Présentation de l'éditeur
Author of the #1 New York Times bestseller Against All Enemies, former presidential advisor and counter-terrorism expert Richard A. Clarke sounds a timely and chilling warning about America’s vulnerability in a terrifying new international conflict—Cyber War! Every concerned American should read this startling and explosive book that offers an insider’s view of White House ‘Situation Room’ operations and carries the reader to the frontlines of our cyber defense. Cyber War exposes a virulent threat to our nation’s security. This is no X-Files fantasy or conspiracy theory madness—this is real.
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre numéro de téléphone mobile.
Détails sur le produit
Commentaires en ligne
Meilleurs commentaires des clients
L'exposé de la problématique liée à la cyber war (espionnage, préparation d'attaques, attaques) est très clair.
Il convainc moins dans ses recommandations pour "policer" l'Internet sans le transformer en outil Big Brother, surtout connaissant le déplorable track record des USA sur le sujet (merci Snowden).
Sa principale faiblesse, politiquement correcte, est de présenter les USA comme victime potentielle alors que depuis des.décennies ce sont les principaux agresseurs (Echelon...). Les principaux exemples offensifs cités sont tous attribués aux méchants Russes ou Chinois, en oubliant commodément de trop détailler Stuxnet et d'autres.
Et quelques énormités (réseau électrique US en "60 MegaHerz" !) font parfois douter de la compétence technique réelle de l'auteur, ou a minima de celle de ses relecteurs...
Reste à écrire le pendant de ce livre vu du côté non Américain.
Les Français ont leur chance puisqu'ils sont cités en bonne place après les Russes et Chinois comme ayant des capacités offensives réelles : ennemis potentiels des USA ou victimes rebelles ?
Commentaires client les plus utiles sur Amazon.com (beta)
Clarke first gives an overview of all the instances to date where cyber attacks have been used by state actors. In all cases but one (The Estonia attacks in 2007), the cyber attack was used to enhance a conventional attack. This is actually the best such overview I've seen, included some examples I hadn't heard of before, and Clarke's analysis is spot on. The only thing he didn't include was the very recent "operation aurora" (Google it if you want details), which probably occurred after he finished writing the book.
The book then has a detailed discussion of American policy on cyber warfare, and Clarke details all the developments to date. Since Clarke worked for presidents Clinton, Bush, and Obama on national security issues, this book provides a front row seat to the ins and outs of the way our policies have developed. Clarke also details what is known about the cyber war capabilities of other countries, including China, Russia, and North Korea.
Only then does Clarke begin to go into the technical aspects of cyber attacks, but the technical stuff is very high level (the back cover description explicitly says that this book goes "beyond the geek talk"). He really is just trying to show the potential damage that can be done with cyber attacks. (In other words, this is the part of the book where he tries to scare you).
Clarke then discusses what he views as the primary reasons there has not been significant action in the area of defending against concerted cyber attacks. It is, in my opinion, a very realistic and fair analysis which avoids finger pointing. He then starts to lay out what he feels are reasonable defenses that the US must begin to take.
In the last part of the book he lays out a clear agenda for defending against cyber attacks which includes a mix of regulation (he admits it's a dirty word but thinks it's necessary), more technical controls at major network boundaries, and an expanded scope for DHS to protect the civilian infrastructure too. He also discusses international arms control treaties, and appears to be a big fan of some international cyber war treaties, which, like nuclear arms control treaties from a generation ago, could be used to create "rules of the game" for international war.
As I said, in the beginning, this is without a doubt the best piece on cyber war I've ever read. He really does an excellent job of covering everything from the history to the players to the regulations to the endless possibilities. The one place where I feel he misses the boat is in some of the technical aspects. He admits to not being a technical person, and does make a few technical errors, although they're all far too minor to be worth mentioning. My real issue is that in all his scenarios he starts with the assumption that every combatant (like, say, the USA and China) have successfully hacked into every network that the other side controls, and left backdoors to get back in. Further, none of these back doors have been discovered and removed. As someone who does this for a living, I can assure you it's not that simple. While I have no doubt that a government spending considerable resources could certainly gain access to many networks in a relatively short period of time, and if they left backdoors some might not be discovered, if someone left too many backdoors some would certainly be discovered. Breaking in is not as simple as just pushing a button like it is in the movies - in fact, recent studies have shown that the average security breach is the result of four separate mistakes. While mistakes are made all the time (which means that breaches occur all the time _somewhere_), it's much harder to cause breaches in every system you target all at once. In several places, Clarke's dire warnings fall into the trap of imitating movies more than real life. I will admit that as a technical person this is my bias showing, and I realize that this book is still largely intended to be a policy one, which is why I still give it a very positive rating. I would simply be remiss if I let this pass unmentioned.
Clarke takes the time to go over the basics of the cyber-universe for those that are not especially net-savvy, and then gets into the meat of the what, who, where and how (the "when" is the big question of course) of potential cyber attacks against the US. He gives a bit of history on attacks that have already happened, and a few that have failed.
I say the information is a bit scary because, even with a degree in Computer Science, I did not know the extent to which the Internet connects and controls so many aspects of our daily lives; in business as well as in our personal lives. More and more machines and appliances are being built with the capability to "talk" to the manufacturers who make them, a legitimate and smart way to diagnose problems and download fixes.... but the idea that the new copy machine in my home office might be hacked, and ordered to malfunction to the point that it catches on fire, is unsettling to say the least.
This is a good book, a page turner, and delivers information every 21st Century American should know.
At their best, Clarke and Knake walk the reader through the mechanics of cyber war, who some of the key players and countries are who could engage in it, and identify what the costs of such of war would entail. Other times, however, the book suffers from a somewhat hysterical tone, as the authors are out here not just to describe cyber war, but to also issue a clarion call for regulatory action to combat it. A bigger problem with the book is the complete lack of reference material, footnotes, or even an index. If you're going to go around sounding like a couple of cyber-Jeremiahs, you really should include some reference material to back up your gloomy assertions of impending doom.
The authors go after ISPs and many other comapnies for supposedly not caring about cyber-security. In reality, those companies have powerful incentives to make sure their networks are relatively safe and secure to avoid costly attacks and retain customers who demand their online information and activities be trouble-free. And most ISPs take steps not just to guard against malware and other types of cyber attacks, but they also offer customers free (or cheap) security software as part of a growing suite of gratis services (anti-virus, parental controls, e-mail, etc).
Clarke and Knake would like to see government impose a fairly sweeping set of new rules on ISPs to better secure their networks against potential attacks. In true deputize-the-middleman fashion, they want ISPs to engage in a great deal more network monitoring (using deep-packet inspection techniques) under threat of legal sanction if things go wrong. They admit there are corresponding costs and privacy concerns, but largely dismiss them and essentially ask us to just get over those concerns in the name of a safer and more secure cyberspace. They do, however, say they would be willing to have a "Privacy and Civil Liberties Board" appointed "to ensure that neither the ISPs nor the government was illegal spying on us." I doubt that will soothe the fears of those who (like me) are fundamentally suspicious of government snooping.
Overall, Clarke and Knake have written a book that is worth reading, but suffers from hyperbolic rhetoric and a serious lack of documentation. Readers should also seek out other perspectives on cyber-security issues, which take a more reasoned approach to the issue.
Early in the book I liked the "modern history" of cyber war. I especially enjoyed comparisons with the US military's experiences creating Space Command. I lived through some of that period but was unaware how Space Command's history affected creation of Cyber Command. Later, the book is almost derailed by the over-the-top cyber-geddon described at the end of chapter 3. It's just not necessary to include several pages where everything fails simultaneously, and I bet it erodes the confidence some readers have in the story. I'd remove the doom-and-gloom in future editions because I think people can imagine disasters fairly easily. Push through to chapter 4 and the book is once again on a sensible path, at least with respect to policy and history. For example, I loved reading Microsoft's lobbying goals: don't regulate, keep the military as a customer, and don't critique China! These rang true for me.
Shortly thereafter we encounter the weakest part of CW: technical advice. These sections assume that inspecting and blocking traffic at the ISP level using "deep packet inspection" (DPI), especially "where fiber optic cables come up out of the ocean" (p 163), with signatures from malware companies, is a strategy to protect us from nation-states and other adversaries. I'd like to know how this silly idea is supposed to be any different from the defenses deployed on private networks. Even if .gov provided special "signatures" in "black boxes" at ISPs to "block attacks," sufficiently equipped and motivated adversaries would evade them. The authors admit this already happens on p 260. (On a final technical note: please replace the mathematically impossible IP addresses with something accurate, where each octet is less than 256!)
These weak technical defensive ideas erode one of the authors' main points: reliance on defense instead of offense to counter threats. This will not work because their defensive ideas will fail (and have already failed). They also promote a "declaratory posture" on pp 176-178, with which I agree because it warns adversaries how the US would react to cyber attacks. However, that echoes the concept that the best defense is a good offense, which the authors dislike. The authors also frown on ideas of deterrence, but they (like others) narrowly focus on deterrence via weapon systems (as was the case with nukes). Instead, deterrence in cyberspace should be (and already is) based on the *skill of operators* and their *reputation in battle*. For example, Israel is likely building itself a reputation in cyberspace; who cares about the specific weapons at play?
Finally, the authors discuss cyber war itself, with their definition on p 228 hinging on the word "purpose," meaning the adversary's intent determines whether war is happening or not. I can't believe someone would build policy based on adversary intent, because that can never be conclusively known and could be estimated to be whatever suits the victim's plans. I love General Minihan's quote on p 236 that "we are conducting warfare activities without thinking that it is war." The difference I see between the US and Chinese or Russians is that the Chinese and Russians know cyber war is already happening, but the US does not. The CW authors fall into this trap by talking about "economic warfare" (p 277) without realizing that undermining the US economy *is* the war. I liked the authors' recommendations to ban attacks on civilian infrastructure, along with "bilateral, private" discussions with adversaries; those are far more likely to help compared to DPI, encrypting the electrical grid (p 260), and a "Military Protocol" (p 274).
I bought and read CW, and I think you would enjoy it too.
My main concern with he book isn't really what he write about, but rather what he doesn't touch on. He spends a lot of time comparing a "cyber" strategy to the Cold War strategy. My complaint is that while he makes them sound very related, he forgets a very important difference. In the Cold War, only a powerful government could launch a nuclear missile. In a Cyber War, just because the U.S. government may decide to not take action, does not mean that a citizen will. If you are a skilled computer guy, or a "hacker" to use the authors term, you could decide to initiate or retaliate a response without the government even knowing it. I can only assume this wasn't covered in the book because it would just complicate the strategy even more than it already is.
While the book may be too technical for some and not technical enough for others, it does a good job of laying down the foundation for a national discussion. Considering the state of the economy, I think most of us realize how quickly things can go from bad to worse, and our financial markets are extremely susceptible to this new threat. I hope the book will get more people thinking about the issue, and I'm sure that was Clarke's primary objective in writing it.