Given that it’s national cybersecurity awareness month, I hope that all cybersecurity professionals are familiar with the Cybersecurity Canon. For those that are not, the goal of the cybersecurity canon is as follows:
To identify a list of must-read books for all cybersecurity practitioners – be they from industry, government or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.
I am a proud member of the Cybersecurity Canon committee and as such, I get to read and review books and then recommend them for inclusion into the Cybersecurity Canon. I recently reviewed There Will Be Cyberwar, by old friend and cybersecurity expert Richard Stiennon.
There Will Be Cyberwar, is a short (i.e. 136 pages) concise analysis of the cybersecurity impact of the U.S. military adoption of network-centric warfare. The book traces the history of the transition to network-centric warfare which began in the early 1990s, gained steam throughout the decade, and is now a fundamental piece of the overall U.S. military tactics and strategy.
Clearly the transition to network-centric warfare produced some astounding outcomes such as precision-guided weapons, improved situational awareness through sensors and data collection, and vast advances in military communications as well as command-and-control. Stiennon argues, however, that these benefits come with a steep cost – with its increasing dependence on technology, the U.S. military has become extremely vulnerable to crippling cyber-attacks that could degrade or even destroy its offensive and defensive capabilities.
To illustrate the extent of these vulnerabilities, the book begins by presenting a fictitious military operation (in the Taiwan Straits), and uses this to illustrate the potential outcome if a military adversary (in this case the People’s Republic of China) was able to compromise U.S. military technologies as part of an attack. Needless to say, the results aren’t pretty.
To supplement his thesis on military technology vulnerabilities, Stiennon weaves in numerous real-world examples of cyber-attacks on all types of military, intelligence, and even private sector organizations. These incidents are used to hammer home what’s at stake in terms of financial and operational damages. The book concludes with some brief suggestions on how the Pentagon should address its current cybersecurity weaknesses including bolstering cyber supply chain security, adopting more pervasive use of encryption (and strong key management), and continuously monitoring all network traffic.
There Will Be Cyberwar is not for everyone as it really looks at cybersecurity through the lens of network-centric warfare. But for those cybersecurity professionals interested in military technology, IoT, public policy, and the geo-political landscape, however, this book can serve as a quick, high-level, and interesting read.
The full book report can be found here.