“Cyberpower and National Security” edited by Fraklin D. Kramer, Stuart H. Starr, and Larry K. Wentz is a deep dive book into the substantive literature and ideas of the interaction between cyberspace, conflict, people, politics, and the diplomacy of deciding who should do what. As an anthology of ideas and concepts the authors have broke the book into six parts; Foundation and overview; Cyberspace; Cyberpower: Military use and deterrence; Cyberpower: Information; Cyberpower: Strategic Problems; Institutions factors.
I worried when I read the definition used by the authors through the entirety of the book for cyberspace, “Cyberspace is a global domain within the information environment whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange, and exploit information via interdependent and interconnected networks using information-communication technologies”. In other words cyberspace (sic) is not a kinetic battle space and has no effect within the real world. This is unfortunate that such a large definition should rule out the majority of cyber warfare. Consider the results of SCADA attacks within the physical or meat space as an example not handled by the definition of the authors.
Dr. Kuehl discusses (page 33) the idea that cyberspace has multiple layers. The foundation being the physical characteristics, the next being technological, and the last layer being the information itself. In other words Dr. Kuehl has reinvented through discovery the OSI 7 Layer model. A few other authors will trip across this truism. Though none seemed to expand upon it.
William O’Neil has an interesting chapter on infrastructure and network theory. He seems to misread or not explain the difference between logical and physical networks (Page 115). He very correctly points out that the robust nature of the logical infrastructure of the Internet is not to be found in the physical structure (page 119). He explains superbly the problem with physical networks and the idea of cascading failures with examples of the electric transmission grid (page 121). Which he proceeds to turn into a case study of the north east power blackout of 2003 (page 125). I especially like the point he makes about smart control systems being likely culprits of future problems (page 126). Unfortunately like many other authors when discussing SCADA and the idea of failure (page 129) he misses a big target. Why has nobody mentioned that ENRON engineered rolling blackouts and that was done using the systems on hand. In other words if you can do it on purpose can’t you do it when nobody is looking?
One of my favorite chapters is by Dr. Lachow. Though he starts out by saying something I say is untrue if I am quibbling. Dr. Lachow says that there has not been a single documented incidence of cyber terrorism against the U.S. Government (page 437). I would disagree. There was an event called Solar Sunrise that was a serious attack against United States defense systems. This event though might not rise to the realm of terrorism. The problem is that terrorism is as nebulous of term as cyberspace and the definitions are many. As such I can say one thing and the good doctor and refute leaving us both right but far apart in understanding. Dr. Lachow attempts to clear this up by making the definitions more meaningful (page 438). The issue then becomes the predicated definition used by all the authors restricts rather than informs. There is an interesting taxonomy of cyber adversaries. I found it interesting having read Dr. Marcus Rogers paper on a hacker taxonomy. The gem of the chapter is the discussion of threats and how terrorist organizations may not have the depth of talent to enter the theater. I believe by personal experience that this may be less true today as we begin to see professionalism creep into the terrorist organizations as seen in the paper “Engineers of Jihad” by Diego Gambetta.
The chapter by Lachow and another by Wingfield were by far my favorite chapters. I would say that any scholar of cyber warfare/terrorism needs to have a copy of this book on their shelf. It is recommended with a strong buy. I think the authors should be commended for a particularly satisfying work. Though I may quibble with parts I would say they have added substantively to the body of scholarship.