Publication: Survival: Global Politics and Strategy February–March 2011
Article Type:
Book Reviews
Pages: 177-196
Volume: 53
Edition number:
1
Date:
01 February 2011
Arms, Arms Control and Technology
Bruno Tertrais
Cyber War: The Next Threat to National Security and What To Do About It
Richard A. Clarke and Robert K. Knake. New York: Ecco, 2010. £16.99/$25.99. 290 pp.
Cyber war is an extraordinarily arcane subject of which few
commentators have detailed knowledge. Richard Clarke, a former White House
adviser with a taste for writing thrillers, and Robert Knake, a fellow at the
Council on Foreign Relations, have produced one of the first serious, informed
books about cyber war which is truly accessible to the greater public, filled
with scenarios and concrete examples.
What makes cyber war particularly attractive – and cyber
defence difficult – is that the Internet is a highly vulnerable system, since
it was primarily designed for civilian use, and is, if the authors are to be
believed, ‘deeply imbued with the sensibilities and campus politics of [the
1960s]’ (p. 82).
Clarke and Knake make interesting comparisons with the field
of nuclear strategy. They argue that deterrence may not work well in
cyberspace: many capabilities are highly classified; clear and convincing
‘demonstrations’ are hard to make; attacks happen at the speed of light, but
may not be detected for a long time; perpetrators are difficult to identify;
commercial, civilian and military networks are tightly connected; and Western
countries are much more dependent on networks than are some of their potential
adversaries. The authors note that there is a dangerous incentive to strike
preventively.
The book is clearly intended for an American readership:
long passages are devoted to the way successive US administrations have dealt
with the problem and to recommendations for improving American cyber-warfare
capabilities. But these recommendations are potentially of wider interest as
they incorporate valuable and creative discussion of the applicability of various
Cold War concepts (‘no-first-use’, ‘crisis instability’, ‘target withholds’,
‘arms control’) to cyberspace.
Some passages may raise eyebrows among technical experts.
There is no question that hostile acts such as Distributed Denial of Service
(DDoS) attacks designed to crash or jam a network are relatively easy to
organise and are thus frequent. But the authors may overstate the ease with
which a Supervisory Control and Data Acquisition (SCADA) software program
controlling a distribution and transport network (such as an electrical power
grid) can be disabled, as well as the consequences of a successful attack, in
particular in countries that have decentralised networks. They may also
overestimate the threat of a foreign attack on banking and financial systems,
given the international interdependence that exists in this field. But any
flaws on the technical side do not diminish the value of Clarke and Knake’s
book as a thought-provoking exercise.