Cyber War: The Next Threat to National Security and What to Do About It [Hardcover]

Richard A. Clarke (Author), Robert Knake (Author)

Book Description

Publication Date: April 20, 2010

Richard A. Clarke warned America once before about the havoc terrorism would wreak on our national security -- and he was right. Now he warns us of another threat, silent but equally dangerous. Cyber War is a powerful book about technology, government, and military strategy; about criminals, spies, soldiers, and hackers. This is the first book about the war of the future -- cyber war -- and a convincing argument that we may already be in peril of losing it.

Cyber War goes behind the "geek talk" of hackers and computer scientists to explain clearly and convincingly what cyber war is, how cyber weapons work, and how vulnerable we are as a nation and as individuals to the vast and looming web of cyber criminals. From the first cyber crisis meeting in the White House a decade ago to the boardrooms of Silicon Valley and the electrical tunnels under Manhattan, Clarke and coauthor Robert K. Knake trace the rise of the cyber age and profile the unlikely characters and places at the epicenter of the battlefield. They recount the foreign cyber spies who hacked into the office of the Secretary of Defense, the control systems for U.S. electric power grids, and the plans to protect America's latest fighter aircraft.

Economically and militarily, Clarke and Knake argue, what we've already lost in the new millennium's cyber battles is tantamount to the Soviet and Chinese theft of our nuclear bomb secrets in the 1940s and 1950s. The possibilities of what we stand to lose in an all-out cyber war -- our individual and national security among them -- are just as chilling. Powerful and convincing, Cyber War begins the critical debate about the next great threat to national security.

Editorial Reviews

From Publishers Weekly

On today's battlefields computers play a major role, controlling targeting systems, relaying critical intelligence information, and managing logistics. And, like their civilian counter-parts, defense computers are susceptible to hacking. In September 2007, Israeli cyber warriors "blinded" Syrian anti-aircraft installations, allowing Israeli planes to bomb a suspected nuclear weapons manufacturing facility (Syrian computers were hacked and reprogrammed to display an empty sky). One of the first known cyber attacks against an independent nation was a Russian DDOS (Deliberate Denial of Service) on Estonia. Since it can rarely be traced directly back to the source, the DDOS has become a common form of attack, with Russia, China, North Korea, the U.S., and virtually every other country in possession of a formidable military having launched low-level DDOS assaults. Analysts across the globe are well aware that any future large-scale conflict will include cyber warfare as part of a combined arms effort. Clarke and Knake argue that today's leaders, though more computer savvy than ever, may still be ignorant of the cyber threats facing their national security.
Copyright © Reed Business Information, a division of Reed Elsevier Inc. All rights reserved.

From Booklist

International security experts—Clarke from the nuclear generation and Knake from the cyber generation—ponder the irony that although the U.S. pioneered the technology behind cyber warfare, outdated thinking, policies, and strategies make us vulnerable to losing any cyber contest with a hostile nation. Cyber war refers to hostile attempts by one nation to penetrate another’s computers or networks. Among recent examples: suspicion that in 2007 Israel executed a cyber assault on a Syrian nuclear weapons plant being built by North Korea, the 2008 cyber attack on Georgia by Russia to knock out its government computers before an actual attack on that nation, and North Korea’s actions in 2009 after a nuclear missile test to launch botnets to disrupt government computer systems in the U.S. and South Korea. Cyber warriors often use programs to crash Web sites and computers to cover other, more aggressive actions in the real world. In this chilling and eye-opening book, Clarke and Knake provide a highly detailed yet accessible look at how cyber warfare is being waged and the need to rethink our national security to face this new threat. --Vanessa Bush

See all Editorial Reviews

Product Details

• Hardcover: 304 pages
• Publisher: Ecco; First Edition edition (April 20, 2010)
• Language: English
• ISBN-10: 0061962236
• ISBN-13: 978-0061962233
• Product Dimensions: 9.2 x 6.2 x 1 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 4.1 out of 5 stars  See all reviews (97 customer reviews)
• Amazon Best Sellers Rank: #37,940 in Books (See Top 100 in Books)
  • #40 in Books > Computers & Technology > Business & Culture > Culture
  • #79 in Books > Computers & Technology > Security & Encryption

More About the Author

I started writing books after a thirty year career in government writing bureaucratic papers. It was quite a shift. Cyber War is my fifth book and my third non-fiction. People often ask which genre do you prefer to write, fiction or non-fiction? They are both a challenge and both are exciting to attempt. Fiction may be the greater challenge, because of the need for imagination, characterization, dialogue, and plot twists. Non-fiction may actually have some real world effects. I've posted excerpts and other information on my web page; www.richardaclarke.net.

Customer Reviews

Most Helpful Customer Reviews

62 of 65 people found the following review helpful:

5.0 out of 5 stars The best I've read on the topic, April 21, 2010

By 

Ari Elias Bachrach (Philadelphia PA) - See all my reviews
(REAL NAME)   

This review is from: Cyber War: The Next Threat to National Security and What to Do About It (Hardcover)

(What's this?)

I've been in the information security field just about my entire professional life, both in and out of government, and I've been hearing people sound the alarms about "cyber warfare" for at least the last 15 years. Most of the time their grasp of the technical aspects is limited, they don't have a clear idea about what they're talking about, their scenarios read like movie plots, and they're usually trying to win government contracts. Although this book does have some serious shortcomings, Clarke's book is without a doubt the clearest and best work I've seen on cyber warfare. I'll lay out his book and his thesis first, then I'll tell you where I thought he fell short and what I thought of it.

Clarke first gives an overview of all the instances to date where cyber attacks have been used by state actors. In all cases but one (The Estonia attacks in 2007), the cyber attack was used to enhance a conventional attack. This is actually the best such overview I've seen, included some examples I hadn't heard of before, and Clarke's analysis is spot on. The only thing he didn't include was the very recent "operation aurora" (Google it if you want details), which probably occurred after he finished writing the book.

The book then has a detailed discussion of American policy on cyber warfare, and Clarke details all the developments to date. Since Clarke worked for presidents Clinton, Bush, and Obama on national security issues, this book provides a front row seat to the ins and outs of the way our policies have developed. Clarke also details what is known about the cyber war capabilities of other countries, including China, Russia, and North Korea.

Only then does Clarke begin to go into the technical aspects of cyber attacks, but the technical stuff is very high level (the back cover description explicitly says that this book goes "beyond the geek talk"). He really is just trying to show the potential damage that can be done with cyber attacks. (In other words, this is the part of the book where he tries to scare you).

Clarke then discusses what he views as the primary reasons there has not been significant action in the area of defending against concerted cyber attacks. It is, in my opinion, a very realistic and fair analysis which avoids finger pointing. He then starts to lay out what he feels are reasonable defenses that the US must begin to take.

In the last part of the book he lays out a clear agenda for defending against cyber attacks which includes a mix of regulation (he admits it's a dirty word but thinks it's necessary), more technical controls at major network boundaries, and an expanded scope for DHS to protect the civilian infrastructure too. He also discusses international arms control treaties, and appears to be a big fan of some international cyber war treaties, which, like nuclear arms control treaties from a generation ago, could be used to create "rules of the game" for international war.

As I said, in the beginning, this is without a doubt the best piece on cyber war I've ever read. He really does an excellent job of covering everything from the history to the players to the regulations to the endless possibilities. The one place where I feel he misses the boat is in some of the technical aspects. He admits to not being a technical person, and does make a few technical errors, although they're all far too minor to be worth mentioning. My real issue is that in all his scenarios he starts with the assumption that every combatant (like, say, the USA and China) have successfully hacked into every network that the other side controls, and left backdoors to get back in. Further, none of these back doors have been discovered and removed. As someone who does this for a living, I can assure you it's not that simple. While I have no doubt that a government spending considerable resources could certainly gain access to many networks in a relatively short period of time, and if they left backdoors some might not be discovered, if someone left too many backdoors some would certainly be discovered. Breaking in is not as simple as just pushing a button like it is in the movies - in fact, recent studies have shown that the average security breach is the result of four separate mistakes. While mistakes are made all the time (which means that breaches occur all the time _somewhere_), it's much harder to cause breaches in every system you target all at once. In several places, Clarke's dire warnings fall into the trap of imitating movies more than real life. I will admit that as a technical person this is my bias showing, and I realize that this book is still largely intended to be a policy one, which is why I still give it a very positive rating. I would simply be remiss if I let this pass unmentioned.

71 of 80 people found the following review helpful:

5.0 out of 5 stars Easy to Read...... and Scary!, April 15, 2010

By 

Patrick Reeves (Cheney, WA - USA) - See all my reviews
(VINE VOICE)    (REAL NAME)   

This review is from: Cyber War: The Next Threat to National Security and What to Do About It (Hardcover)

(What's this?)

Richard Clarke's credentials are well established, having been a national security advisor to presidents of both parties, his viewpoints are his own, not politically-driven ideology.

Clarke takes the time to go over the basics of the cyber-universe for those that are not especially net-savvy, and then gets into the meat of the what, who, where and how (the "when" is the big question of course) of potential cyber attacks against the US. He gives a bit of history on attacks that have already happened, and a few that have failed.

I say the information is a bit scary because, even with a degree in Computer Science, I did not know the extent to which the Internet connects and controls so many aspects of our daily lives; in business as well as in our personal lives. More and more machines and appliances are being built with the capability to "talk" to the manufacturers who make them, a legitimate and smart way to diagnose problems and download fixes.... but the idea that the new copy machine in my home office might be hacked, and ordered to malfunction to the point that it catches on fire, is unsettling to say the least.

This is a good book, a page turner, and delivers information every 21st Century American should know.

27 of 31 people found the following review helpful:

3.0 out of 5 stars worth reading, but with a big grain of salt, August 6, 2010

By 

Adam Thierer (technology policy analyst in Washington, DC area) - See all my reviews

Amazon Verified Purchase

This review is from: Cyber War: The Next Threat to National Security and What to Do About It (Hardcover)

Clarke and Knake's book is important if for no other reason than, as they note, "there are few books on cyber war." Thus, their treatment of the issue will likely remain the most relevant text in the field for some time to come. They define cyber war as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption" and they argue that such actions are on the rise. And they also claim that the U.S. has the most to lose if and when a major cyber war breaks out, since we are now so utterly dependent upon digital technologies and networks.

At their best, Clarke and Knake walk the reader through the mechanics of cyber war, who some of the key players and countries are who could engage in it, and identify what the costs of such of war would entail. Other times, however, the book suffers from a somewhat hysterical tone, as the authors are out here not just to describe cyber war, but to also issue a clarion call for regulatory action to combat it. A bigger problem with the book is the complete lack of reference material, footnotes, or even an index. If you're going to go around sounding like a couple of cyber-Jeremiahs, you really should include some reference material to back up your gloomy assertions of impending doom.

The authors go after ISPs and many other comapnies for supposedly not caring about cyber-security. In reality, those companies have powerful incentives to make sure their networks are relatively safe and secure to avoid costly attacks and retain customers who demand their online information and activities be trouble-free. And most ISPs take steps not just to guard against malware and other types of cyber attacks, but they also offer customers free (or cheap) security software as part of a growing suite of gratis services (anti-virus, parental controls, e-mail, etc).

Clarke and Knake would like to see government impose a fairly sweeping set of new rules on ISPs to better secure their networks against potential attacks. In true deputize-the-middleman fashion, they want ISPs to engage in a great deal more network monitoring (using deep-packet inspection techniques) under threat of legal sanction if things go wrong. They admit there are corresponding costs and privacy concerns, but largely dismiss them and essentially ask us to just get over those concerns in the name of a safer and more secure cyberspace. They do, however, say they would be willing to have a "Privacy and Civil Liberties Board" appointed "to ensure that neither the ISPs nor the government was illegal spying on us." I doubt that will soothe the fears of those who (like me) are fundamentally suspicious of government snooping.

Overall, Clarke and Knake have written a book that is worth reading, but suffers from hyperbolic rhetoric and a serious lack of documentation. Readers should also seek out other perspectives on cyber-security issues, which take a more reasoned approach to the issue.