Hardcover(Second Edition, Revised Edition)
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
Overview
Product Details
ISBN-13: | 9781682475867 |
---|---|
Publisher: | Naval Institute Press |
Publication date: | 09/15/2021 |
Series: | Transforming War |
Edition description: | Second Edition, Revised Edition |
Pages: | 512 |
Sales rank: | 963,018 |
Product dimensions: | 7.00(w) x 10.00(h) x (d) |
About the Author
Table of Contents
List of Illustrations xiii
List of Acronyms and Abbreviations xv
Introduction 1
Part I Foundations
Chapter 1 Emblematic Attacks 5
Prototypical Events 5
Cybercrime and Other System Intrusions 8
Advanced Persistent Threat 10
Distributed Denial-of-Service Attacks 14
Disruptive and Destructive Attacks 16
Doxing Attacks 22
Conclusions 23
Chapter 2 Some Basic Principles 24
Cyberwar and Cyberspace 26
Layers 27
How Hacks Work 29
Agoras and Castles 34
Most Cyberattacks Have Transitory Effects 36
Chapter 3 How to Compromise a Computer 41
Abuses by Random External Users 41
Abuses by Authorized Internal Users 43
Altered Instructions via Supply-Chain Attack 45
Malware 47
Conclusions 50
Chapter 4 Cybersecurity as a Systems Problem 51
Applications Are Often the Weak Links in the Security Chain 51
The Role of Input Filtering 52
The Role of Browsers and Operating Systems 53
The Role of People 54
The Role of Cryptography 56
A Role for Firewalls? 57
The Role of Air-Gapping 60
Relationships among Machines, Systems, and Engineering 63
Cybersecunty as a Business Process Problem 64
Measures and Countermeasures 66
Lessons from the OPM Hack 68
Chapter 5 Defending against Deep and Wide Attacks 69
Deep Attacks 69
Identifying Near-Catastrophes to Get Ahead of Catastrophes 71
Hedging to Deal with Exceptions to the Power-Law Rule 72
Attacks of Broad Consequence 73
Scalability Influences How Well a Near-Catastrophe Predicts a Catastrophe 76
Implications for Learning 78
Is Information Sharing a Panacea? 79
Chapter 6 Deterrence by Denial 82
What Is Being Discouraged? 82
Complicating Psychological Factors 85
Dissuading Cyberattack by Defeating Its Strategy 86
Is Deterrence by Denial Transferable? 87
Part II Operations
Chapter 7 Tactical Cyber War 89
Possible Effects 89
Timing Cyberattacks 92
The Role of Surprise 93
A Tactical Cyberwar Scenario 99
Would China Use Tactical Cyberwar the Same Way? 100
Why Supremacy Is Meaningless and Superiority Unnecessary 101
Conclusions 103
Chapter 8 Organizing a Cyberwar Campaign 104
Why a Campaign? 104
Whose Campaign? 106
The Challenge of Skepticism over the Potential of Tactical Cyberwar 108
The Insertion of Tactical Cyberwar into Kinetic Operations 110
Escalation and Tactical Cyberwar 111
Chapter 9 Professionalizing Cyberwar 113
Battle Damage Assessment 113
Collateral Damage 115
Other Weaponization Parameters 120
Should Cyberwar Authority Be Predelegated? 121
A Hacker Way of Warfare 122
Programming and Budgeting for Cyberwar 124
Chapter 10 Is Cybebspace a Warfighting Domain? 127
Cyberwar Operations Are about Usurping Command and Control 128
Cyberspace as Multiple Media 129
Defend the Domain or Ensure Missions? 130
Offensive Operations 130
Cyberspace as a Warfighting Domain and DDOS Attacks 131
Other Errors from Calling Cyberspace a Warfighting Domain 133
No Domain, No Cyber Equivalent of Billy Mitchell 134
Conclusions 136
Chapter 11 Strategic Implications of Tactical Cyberwar 137
Influencing Others against Digitization 137
Cyberattacks and the Correlation of Forces 141
The Challenge of Alliance Defense in Cyberspace 145
Chapter 12 Stability Implications of Tactical Cyberwar 148
Attack Wins 148
Getting the Jump Wins 150
The Risks of Acting Are Reduced 152
The Risks of Not Acting Are Increased 153
A Missing Element of Caution 155
A Quick Comparison to Nuclear Weapons 155
Do Cyberattack Options Reduce Violence? 156
Conclusions 159
Part III Strategies
Chapter 13 Strategic Cyberwar 161
Strategic Cyberwar May Focus on Power Grids and Banks 161
How Coercive Can a Strategic Cyberwar Campaign Be? 164
The Conduct of Strategic Cyberwar 166
Indications and Warnings 168
A Cyber SIOP? 169
Keeping Targets in Reserve 171
Terminating Cyberwar 171
Conclusions 172
Chapter 14 Cyberwar Threats as Deterrence and Compulsion 173
The Anger/Fear Balance 174
The Difficulty of Evaluating a Coercive Campaign 175
A Stalling Strategy for Compulsion 177
A Deterrence Response Window 178
Chapter 15 The Unexpected Asymmetry of Cyberwar 181
The Third World Disadvantage 181
The Particular U.S. Advantage 183
Was This All an Exercise in Nostalgia? 186
A Silver Lining Arising from Kerckhoffs's Principle 187
The Influence of Third Parties on the Balance of Power in Cyberspace 188
Chapter 16 Responding to Cyberattack 190
First-Strike Cyberattacks May Have a Variety of Motives 190
What Looks like an Unprovoked Cyberattack May Not Be 193
Should the Target Reveal the Cyberattack-and When? 193
A Delayed Response 195
Responding without Force 196
Economic Responses 198
Sanctions until the Behavior Ends 199
The Perils of an Easy Response 200
Sub-Rosa Cyberwar 200
A Drawback to Any Response 204
How Will the Attacker Respond to Retaliation? 204
Conclusions 207
Chapter 17 Deterrence Fundamentals 209
Cyberdeterrence Differs from Nuclear and Criminal Deterrence 210
The Rationale for Deterrence 211
What Makes Deterrence Work? 213
The Core Message of Deterrence 215
Tailored Deterrence 217
The Problematic Nature of Cyberdeterrence 217
Chapter 18 The Will to Retaliate 218
The Risks of Reprisals 218
Third-Party Cyberattacks 219
Retaliation May Be Stymied by Bigger Issues on the Table 219
Credibility May Not Be Easy to Establish 221
The Signals Associated with Carrying Out Reprisals May Get Lost in the Noise 222
The Impact of Good Defenses on Credibility Is Mixed 222
Can Extended Deterrence Work in Cyberspace? 224
A Baltic Cyberspace Alliance? 225
Conclusions 228
Chapter 19 Attribution 230
What Will Convince Others of Your Attribution? 230
How Good Would Attribution Be? 233
What Could Make Attribution So Hard? 234
When Attribution Seems to Work 235
When Can Countries Be Blamed for What Starts within Their Borders? 237
Why Credibility Makes Attribution an Issue 240
Will the Attacker Always Avoid Attribution? 241
Why an Attacker May Favor Ambiguous Attribution over None at All 243
What Should Be Revealed about Attribution? 244
Attribution in a Post-Truth World 246
Conclusion 246
Chapter 20 What Threshold for Response? 247
A Zero-Tolerance Policy? 247
Non-Zero Thresholds 249
Did NotPetya Cross What Would Be a Reasonable Threshold? 251
Should Pulled or Failed Punches Merit Retaliation? 252
Compulsion versus Deterrence 253
Threshold Issues Complicate Retaliating against Cyberespionage 254
Chapter 21 A Deterministic Posture 255
Advantages of Determinism 255
Advantages of a Probabilistic Deterrence Posture 257
The Choice to Retaliate under Uncertainty 259
Chapter 22 Punishment and Holding Targets at Risk 261
The Lack of Good Targets for Intradomain Deterrence 261
The Temptations of Cross-Domain Deterrence 263
Will Targets Actually Hit Back at All? 264
Can Secondary Deterrence Address the Problems of Primary Deterrence? 265
Persistent Engagement qua Deterrence 267
Summary Observations on Cyberdeterrence 268
Chapter 23 Cyberwar Escalation 271
The Purpose and Risks of Escalation 271
Escalation in Strategic Cyberwar 272
The Difficulties of Tit-for-Tat Management 273
Escalation into Kinetic Warfare 278
Escalation Risks from Proxy Cyberwar 279
Proxy Cyberattacks 282
Conclusions 283
Chapter 24 Brandishing Cyberattack Capabilities 284
What Brandishing Is 284
Your Power or Their Powerlessness? 285
How to Brandish Cyberattack Capabilities 285
Brandishing Implants 287
Escalation Dominance and Brandishing 289
Counter-Brandishing 290
Caveats and Cautions 292
Chapter 25 Narratives and Signals 294
Narratives to Facilitate Crisis Control 294
A Narrative Framework for Cyberspace 295
Narratives as Morality Plays 296
Narratives to Walk Back a Crisis 297
Narrative, Attribution, and Response 298
Signaling 299
What Can We Say with Signals That Would Come as News to Others? 300
Ambiguity in Signaling 302
Why Narratives Matter to Signals 303
Chapter 26 Cyberattack Inferences from Cyberespionage 305
Inferring Cyberattacks from Cyberespionage 305
Inferences from the Fact of Cyberespionage Alone 307
How to Continue with Cyberespionage with Less Risk 308
Stick with Attacks on Offensive Systems? 308
The Defender's Options 309
Deliberate Signaling, Both Friendly and Hostile 310
Conclusions 311
Chapter 27 Strategic Stability 312
Would Nuclear Dilemmas Echo in Cyberspace? 312
Misperception as a Source of Crisis 315
Excessive Confidence in Attribution or Preemption 316
Can There Be a Cuban Missile Crisis in Cyberspace? 317
Conclusions 318
Part IV Norms
Chapter 28 Norms for Cyberspace 319
Unilateral Red Lines and Multilateral Norms 320
Red Lines versus Norms 320
The Criminalization of Hacking 323
Norms on Attribution 324
Arms Control 325
Normalization 326
Law of Armed Conflict: Jus in bello 329
Law of Armed Conflict: Jus ad bellum 331
From, the Tallinn Manual to Las Vegas Rules 333
What the Tallinn Manual Says 333
Viva Las Vegas 335
But Not So Fast 337
Why Not Las Vegas Rules for Outer Space as Well? 338
Conclusions 339
Chapter 29 The Rocky Road to Cyberespionage Norms 340
Norms against Economically Motivated Cyberespionage 340
The Cybercrime Markets Norm 341
The No-Political-Doxing Norm 342
Prohibiting Certain Targets to Prohibit Unwelcome Uses of Purloined Information 344
Cyberespionage against Critical Infrastructure 344
Getting to Norms 346
Chapter 30 Sino-American Relations and Norms in Cyberspace 347
The United States Advocates Its Norms 347
Can We Trade? 349
The Deal That Was Struck 351
Chapter 31 The Enigma of Russian Behavior in Cyberspace 354
The Early Years 354
After Maidan 354
What Happened to Cyberwar in the Russo-Ukraine Conflict? 355
Cyberattacks to Support Narratives 357
Conclusions 357
Chapter 32 Cybersecurity Futures 359
Better Offense 359
A Larger Attack Surface 360
Better Defense 363
Artificial Intelligence 365
A Three Mile Island in Cyberspace 366
Chapter 33 Cyberwar: What Is It Goob For? 370
Notes 373
Bibliography 425
Index 481