What do you think?
Rate this book
Cyberdeterrence and Cyberwar
Protecting cyberspace is now a vital national interest because of its importance to both the economy and military power. An attacker may tamper with networks to steal information for money or to disrupt operations. Future wars are likely to be carried out in cyberspace, so it might seem that maneuvering in cyberspace is like maneuvering in other media, but it isn't. Libicki explores these topics in detail and uses the results to address such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and other actions the United States can take to protect itself in the face of cyberattack.
6 pages, Audio Cassette
First published September 22, 2009
3 people are currently reading
114 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
June 23, 2017
The premise of this book is spot on: Cyberspace is its own medium and therefor follows its own rules (i.e. historic constructs of war (force, offense, defense, deterrence, etc) cannot be applied the same way in cyberspace as they are in the other domains of land, sea, air, and space). Unfortunately, the book then spends the next 200 pages laying out the supporting logic for this argument in excruciatingly fine detail that is guaranteed to bore all but the most ardent scholars to tears. This is not to say that the arguments are bad, in fact the main points (summarized below) are really good. It’s just that the discussion of each major point that follows is so tedious and theoretical that it doesn’t really add much to the reader’s appreciation of the argument. Having finished the book, I’m comfortable saying that I could have just read the 8 page summary in the beginning and come away with the same appreciation for the author’s thesis.
Some of the main points in the argument:
- Force is a key characteristic of warfare…larger, faster, more powerful militaries typically have an advantage. In cyberspace, there is no forced entry. Entry is achieved through pathways produced by the system itself (i.e. when somebody “hacks” into a system they are not overwhelming it by force but following a path that the software permits).
- A salient characteristic of cyberattacks is that they only produce temporary effects and impel countermeasures (i.e. people patch the vulnerable code). This suggests that cyberattacks be used sparingly and precisely. One-shot strikes (to silence surface-to-air missile systems prior to a kinetic attack for example) could prove highly effective. Prolonged cyber campaigns will not be as successful because the longer they go on the more the opponent patches vulnerable code that enables said attacks (i.e. the best cyber exploits have a limited shelf life).
- Strategic cyberwar (used similar to strategic bombing) is unlikely to be decisive. Systems become hardened the longer the cyberattacks continue and any successful prolonged cyber-attacks could invite escalation to physical violence.
- Cyberdeterrence may not work as well as nuclear deterrence. Nuclear deterrence had clear attribution, had acknowledged thresholds for retaliation, battle damage was clear, repeat strikes were each as serious as the first, and both sides had a lot to lose. In cyberspace, identifying the attacker (attribution) is difficult, the opponent may have nothing of value to strike with a cyberattack, and holding targets at risk repeatedly is not necessarily possible. Likewise, cyberattacks may not always cross a clear threshold for retaliation. Additionally, the actor may not be sanctioned by a government, in such cases, any retaliation risks escalation to military conflict.
Some of the main points in the argument:
- Force is a key characteristic of warfare…larger, faster, more powerful militaries typically have an advantage. In cyberspace, there is no forced entry. Entry is achieved through pathways produced by the system itself (i.e. when somebody “hacks” into a system they are not overwhelming it by force but following a path that the software permits).
- A salient characteristic of cyberattacks is that they only produce temporary effects and impel countermeasures (i.e. people patch the vulnerable code). This suggests that cyberattacks be used sparingly and precisely. One-shot strikes (to silence surface-to-air missile systems prior to a kinetic attack for example) could prove highly effective. Prolonged cyber campaigns will not be as successful because the longer they go on the more the opponent patches vulnerable code that enables said attacks (i.e. the best cyber exploits have a limited shelf life).
- Strategic cyberwar (used similar to strategic bombing) is unlikely to be decisive. Systems become hardened the longer the cyberattacks continue and any successful prolonged cyber-attacks could invite escalation to physical violence.
- Cyberdeterrence may not work as well as nuclear deterrence. Nuclear deterrence had clear attribution, had acknowledged thresholds for retaliation, battle damage was clear, repeat strikes were each as serious as the first, and both sides had a lot to lose. In cyberspace, identifying the attacker (attribution) is difficult, the opponent may have nothing of value to strike with a cyberattack, and holding targets at risk repeatedly is not necessarily possible. Likewise, cyberattacks may not always cross a clear threshold for retaliation. Additionally, the actor may not be sanctioned by a government, in such cases, any retaliation risks escalation to military conflict.
February 11, 2022
In this book the author spends most of the time discussing the political and strategic moves on when and how to retaliate when dealing with actors in Cyber War for optimal outcome. This focus makes this work still relevant if though it is 13 years old now. It is a chess game of thinking 3-4 moves ahead to get ahead of the next move by this attacker as well as set precedence for future actions by others . Should the response be technical, legal, political, financial, press release, no action or some combination of all of these? If looking for an educational work on the type of attacks and their prevention look elsewhere but if looking for insight on how and when to retaliate for optimal outcome this work gives very valuable input.
March 20, 2018
A little dated. Interesting but there are more up to date books on this topic.
January 23, 2011
Listened to the audiobook.
As it is a report done on the behalf of a ranking US officer, it is quite dry and technical but does give a decent ideo of how larger nations today view cybersecurity and cyberwar.
The report suffers for heaving almost no historical events to cite, making it speculative. Regardless, it raises good points as to how cyberwar is different from a "conventional" war, mostly in that Disarmament is nigh impossible and Deterrence is extremely difficult.
Focus thus needs to be Defense, which is orders of magnitude more expensive than offense. I.e. even if large nations spend inordinate amounts of money on cybersecurity, it will be relatively cheap to launch an effective attack on them.
Another conclusion is that cyberattacks (for large nations) are unlikely to work as a tactical tool, but more likely to be effective as operational support. Seeing as neither has been tried on any real scale, this is still speculative.
Recommended if you are interested in cyberwarfare and don't mind speculative reports.
As it is a report done on the behalf of a ranking US officer, it is quite dry and technical but does give a decent ideo of how larger nations today view cybersecurity and cyberwar.
The report suffers for heaving almost no historical events to cite, making it speculative. Regardless, it raises good points as to how cyberwar is different from a "conventional" war, mostly in that Disarmament is nigh impossible and Deterrence is extremely difficult.
Focus thus needs to be Defense, which is orders of magnitude more expensive than offense. I.e. even if large nations spend inordinate amounts of money on cybersecurity, it will be relatively cheap to launch an effective attack on them.
Another conclusion is that cyberattacks (for large nations) are unlikely to work as a tactical tool, but more likely to be effective as operational support. Seeing as neither has been tried on any real scale, this is still speculative.
Recommended if you are interested in cyberwarfare and don't mind speculative reports.
June 16, 2012
I didn't realize this was a RAND corporation report for the Air Force -- so it was rather dry and written in "strategic speak" at some points (if the target does A .. while on the other hand target may respond...). There was also lots of discussion that reminded me of "game theory"/nuclear deterrence thought -- the book does compare and contrast nuclear deterrence (as well as air power, naval power, and even legal deterrence). However, it was quite well thought out, and the surprising conclusion that cyberdeterrence is not an effective strategy was interesting. It was thought provoking and an interesting read.
November 26, 2015
I tried to get through this overly verbose book. I made it to the third to last chapter. Too high macro thoughts without practical application. Stayed with the book too long in hopes of some sort of glimmer of new introduction. Much better to read the "Art of War."
Displaying 1 - 6 of 6 reviews