Full Text:
Cyberdeterrence and Cyberwar by Martin C. Libicki. Rand Corporation
(http://www.rand.org /pubs.html), 1776 Main Street, Santa Monica,
California 90401-3208, 2009, 238 pages, $26.40 (softcover), ISBN
978-0-8330-4734-2.
You're a system administrator running some routine checks on
your data-management functions when you come across something that at
first looks like nothing more than a system hiccup. Upon closer
examination, which includes checking the servers and hardware, you find
that some codes and information have been changed, revealing a more
serious problem. Is this the work of thrill-seeking hackers, attempted
sabotage by internal personnel, or a cyber attack? If the latter, do you
retaliate or simply pretend it never happened?
Martin Libicki's Cyberdeterrence and Cyberwar, which addresses
the subjects of the book's title in the Internet age, examines
cyber war's radical differences from conventional war and the
difficulty of implementing and enforcing a policy of cyber deterrence.
With regard to a nation that has a policy of cyber deterrence, the
author also raises such issues as determining the identity of the
attacker, his motive, and the nature of the response (e.g., retaliating,
ignoring the incident, or pretending it caused little damage); assessing
the importance of such a determination; following a "no
tolerance" policy versus attempting to distinguish between a true
cyber attack and hacking; and conducting a cyber war or implementing a
deterrence strategy, which includes formulating reasons for doing so and
ending a war that has no outward signs of damage, casualties, or
immediate (theoretically) effects. Libicki concludes by discussing cyber
defense, its construction, and its procedures (e.g., "deception
methods" and "red teaming," pp. 171 and 173).
The fact that Lt Gen Robert Elder Jr., USAF, retired, former
commander of Eighth Air Force and joint functional component commander
for space and global strike, US Strategic Command, sponsored
Cyberdeterrence and Cyberwar gives it considerable credibility. Readers
knowledgeable about the now-global cyber wars (conducted by such groups
as Anonymous and LulzSec), as well as readers working as systems
administrators and computer designers, should find some of the
book's theories and cases familiar. The book's primary
strength is that it presents the rapidly developing and ever-changing
fields of cyber war and cyber deterrence in a fairly easy-to-comprehend
format, free of overly detailed technical terms or information
processes.
However, one does find flaws in formatting, organization, and the
use of abbreviations that may detract from the study's value and
impact. For example, the presence of pages only partially filled with
text (e.g., pp. 75, 147, and 149) and of unnecessary hyphenation (e.g.,
"locked-down" [p. 151], "more-violent" [p. 72], and
"flow-rate" [p. 155]) gives the book the feel of a rough draft
rather than a finished manuscript. Furthermore, readers find no
information about the author, his credentials, his motivation for
writing the book, or his methodology. Lastly, the author's
inclusion of a list of abbreviations (p. xxiii) with which most people
are already familiar seems unnecessary, and his tendency not to
reidentify infrequently occurring abbreviations creates difficulty for
the reader (e.g., "RF" [p. xxiv], which doesn't appear
again until p. 164). Together with the absence of an index and the
confusing, poorly explained charts in Appendix B, such flaws are
certainly distracting and give readers an unfavorable impression of the
book.
Is Cyberdeterrence and Cyberwar relevant to the Air Force
community? Despite the abovementioned problems, it does raise
interesting questions and theories about cyber warfare and cyber
deterrence as well as what they mean to today's military operations
and civilians. I recommend it to all military personnel, even those not
directly involved in system security or computers in general.
Mel Staffeld
Council Bluffs, Iowa