Why Write a Book about Cybersecurity and Cyberwar?
"All this cyber stuff."
The setting was a Washington, DC, conference room. The speaker was a senior leader of the US Department of Defense. The topic was why he thought cybersecurity and cyberwar was so important. And yet, when he could only describe the problem as "all this cyber stuff," he unintentionally convinced us to write this book.
Both of us are in our thirties and yet still remember the first computers we used. For a five-year-old Allan, it was an early Apple Macintosh in his home in Pittsburgh. Its disk space was so limited that it could not even fi t this book into its memory. For a seven-year-old Peter, it was a Commodore on display at a science museum in North Carolina. He took a class on how to "program," learning an entire new language for the sole purpose of making one of the most important inventions in the history of mankind print out a smiley face. It spun out of a spool printer, replete with the perforated paper strips on the side.
Three decades later, the centrality of computers to our lives is almost impossible to comprehend. Indeed, we are so surrounded by computers that we don't even think of them as "computers" anymore. We are woken by computerized clocks, take showers in water heated by a computer, drink coffee brewed in a computer, eat oatmeal heated up in a computer, then drive to work in a car controlled by hundreds of computers, while sneaking peeks at the last night's sport scores on a computer. And then at work, we spend most of our day pushing buttons on a computer, an experience so futuristic in our parents' day that it was the stuff of The Jetsons (George Jetson's job was a "digital index operator"). Yet perhaps the best way to gain even a hint of computers' modern ubiquity is at the end of the day. Lie in bed, turn off the lights, and count the number of little red lights staring back at you.
These machines are not just omnipresent, they are connected. The computers we used as little kids stood alone, linked to nothing more than the wall electricity socket and maybe that spool printer. Just a generation ago, the Internet was little more than a link between a few university researchers. The first "electronic mail" was sent in 1971. The children of those scientists now live in a world where almost 40 trillion e-mails are sent a year. The first "website" was made in 1991. By 2013, there were over 30 trillion individual web pages.
Moreover, the Internet is no longer just about sending mail or compiling information: it now also handles everything from linking electrical plants to tracking purchases of Barbie dolls. Indeed, Cisco, a company that helps run much of the back end of the Internet, estimated that 8.7 billion devices were connected to the Internet by the end of 2012, a figure it believes will rise to 40 billion by 2020 as cars, fridges, medical devices, and gadgets not yet imagined or invented all link in. In short, domains that range from commerce to communication to the critical infrastructure that powers our modern-day civilization all operate on what has become a globalized network of networks.
But with the rise of "all this cyber stuff," this immensely important but incredibly short history of computers and the Internet has reached a defining point. Just as the upside of the cyber domain is rippling out into the physical domain, with rapid and often unexpected consequences, so too is the downside.
As we will explore, the astounding numbers behind "all this cyber stuff" drive home the scale and range of the threats: 97 percent of Fortune 500 companies have been hacked (and 3 percent likely have been too and just don't know it), and more than one hundred governments are gearing up to fight battles in the online domain. Alternatively, the problems can be conceptualized through the tough political issues that this "stuff" has already produced: scandals like WikiLeaks and NSA monitoring, new cyberweapons like Stuxnet, and the role that social networking plays in everything from the Arab Spring revolutions to your own concerns over personal privacy. Indeed, President Barack Obama declared that "cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century," a position that has been repeated by leaders in countries from Britain to China.
For all the hope and promise of the information age, ours is also a time of "cyber anxiety." In a survey of where the world was heading in the future, Foreign Policy magazine described the cyber area as the "single greatest emerging threat," while the Boston Globe claimed that future is already here: a "cyber world war" in progress that will culminate in "bloody, digital trench warfare."
These fears have coalesced into the massive booming business of cybersecurity, one of the fastest growing industries in the world. It has led to the creation of various new governmental offices and bureaucracies (the US Department of Homeland Security's National Cyber Security Division has doubled or tripled in size every year since its inception). The same is true for armed forces around the globe like the US Cyber Command and the Chinese "Information Security Base" ( xinxi baozhang jidi ), new military units whose very mission is to fight and win wars in cyberspace.
As we later consider, these aspects of "cyber stuff" raise very real risks, but how we perceive and respond to these risks may be even more crucial to the future, and not just of the Internet. As Joe Nye, the former Dean of the Harvard Kennedy School of Government, notes, if users begin to lose confidence in the safety and security of the Internet, they will retreat from cyberspace, trading "welfare in search of security."
Fears over cybersecurity increasingly compromise our notions of privacy and have allowed surveillance and Internet filtering to become more common and accepted at work, at home, and at the governmental level. Entire nations, too, are pulling back, which will undermine the economic and human rights benefits we've seen from global connectivity. China is already developing its own network of companies behind a "Great Firewall" to allow it to screen incoming messages and disconnect from the worldwide Internet if needed. As a Yale Law School article put it, all of these trends are "converging into a perfect storm that threatens traditional Internet values of openness, collaboration, innovation, limited governance and free exchange of ideas."
These issues will have consequences well beyond the Internet. There is a growing sense of vulnerability in the physical world from new vectors of cyberattack via the virtual world. As a report entitled "The New Cyber Arms Race" describes, "In the future, wars will not just be fought by soldiers with guns or with planes that drop bombs. They will also be fought with the click of a mouse a half a world away that unleashes carefully weaponized computer programs that disrupt or destroy critical industries like utilities, transportation, communications, and energy. Such attacks could also disable military networks that control the movement of troops, the path of jet fighters, the command and control of warships."
Such a vision of costless war or instant defeat either scares or comforts, wholly dependent on which side of the cyberattack you're on. The reality, as we explore later in the book, is much more complex. Such visions don't just stoke fears and drive budgets. They also are potentially leading to the militarization of cyberspace itself. These visions threaten a domain that has delivered massive amounts of information, innovation, and prosperity to the wider planet, fuel tensions between nations, and, as the title of the aforementioned report reveals, maybe even have set in motion a new global arms race.
In short, no issue has emerged so rapidly in importance as cybersecurity. And yet there is no issue so poorly understood as this "cyber stuff."
Reprinted from Cybersecurity and Cyberwar: What Everyone Needs to Know by P.W. Singer and Allan Friedman with permission from Oxford University Press USA. Copyright 2014 by P.W. Singer and Allan Friedman.