_
Cybersecurity and Cyberwar: What Everyone Needs To Know
Peter W. Singer and Allan Friedman's brand new book is an impressively comprehensive guide to one of the least understood arenas of modern life. The book consists of some five dozen questions and answers about cybersecurity, divided into sections: How It All Works, Why It Matters, and What Can We Do? As I read through it, thinking about these questions I might want to ask the authors, all too often the question that occurred to me on one page was already answered on the next._
Popular Science: What was the context and impetus for you and your coauthor to create this book, and what impact can you optimistically foresee from its publication?
Peter W. Singer: We were at a major conference in Washington DC. A senior Pentagon leader was trying to explain why he thought cybersecurity and cyberwar was important. But he could only describe the problem as "all this Cyber-stuff."
Our entire modern way of life, from communication to commerce to conflict, depends on the Internet, and the resultant cybersecurity issues challenge literally everyone. We face new questions in everything from our rights and responsibilities as citizens of both the virtual and real world, to how to protect our companies, our nations, and our families from a new type of danger.
And, yet there is perhaps no issue so important that remains so poorly understood. That “stuff” problem happens in the halls of government power, but also in business, the military, law, media, and even in our personal lives. It ranges from the 70% of business executives who have ended up making a cyber decision for their firm, despite the fact that no MBA teaches it as a regular part of 21st public and mass media’s confusion on matters from the NSA to the latest credit card hacks.
So what we tried to do is provide the kind of easy-to-read yet deeply informative resource book that has been missing on this crucial issue. The book is structured around the key questions of cybersecurity: how it all works, why it all matters, and what we can do? Along the way, we take readers on a tour of the important (and entertaining) issues and characters of cybersecurity, from the "Anonymous" hacker group and the Stuxnet computer virus to the new cyber units of the Chinese and US militaries. Importantly, its neither too technical nor histrionic. Rather, I hope it pushes some new matters and approaches to aid the experts, but more generally helps people understand this all. Hopefully it will better equip us all to deal with these important issues and new responsibilities, as they are not going away.
We have to understand that as long as we use the Internet, we will face cybersecurity and cyber war issues. The question is how will we manage them?
PS: What sort of significant changes or scenarios do you predict we may expect in the cybersecurity arena over the next year or two?
PWS: Clearly the number of attacks will go up; indeed, we're discovering 9 new pieces of malware every second. But in the book we try to look beyond these astronomical, but also sometimes meaningless numbers, to key trends. One, for example, is the shift to different uses and users, such as the move towards more mobile devices (and threats towards them). Moreover, the Internet is no longer just about sending or compiling information online, it shapes the real world via the emerging Internet of Things. Indeed, Cisco believes the number of Internet-enabled devices will rise to 40 billion over the next 5 years, as cars, fridges, medical devices, and gadgets not yet imagined or invented all link in. But these in turn will be targeted with different consequences that say defacing a website. For instance, PopSci has explored the move toward Internet-enabled cars and even driverless cars and the drone boom. Well, we're also seeing the move towards "car-hacking" and "drone-hacks."
In war, more than 100 nations are now building some kind of cyber-military capability and that trend will only grow. Indeed, it has all the hallmarks of an arms race, from the outcome of more spending (the word “cyber” appears 147 times in next year’s Pentagon budget), but less security, to even a brewing “cyber-industrial complex.” The interesting (and scary) thing for warfare overall will be militaries figuring out how to integrate and synergize computer network operations with their other military tasks. Think of it like how they had new technologies like radios, airplanes, and tanks in World War I, but it wasn’t until they were all brought together in the Blitzkrieg that they reached their true power.
Finally, 2014 will be a huge year for the role of the government in the online world to be debated. It is not just the ongoing NSA mess that will continue to shake out in the US and reverberate abroad (notably on American tech companies, who have already lost billions of revenue). There are also international negotiations over the underlying governance of the Internet, where authoritarian regimes are pushing for more controls. If we don’t watch out, the Internet that has been so wonderful to us could be something our kids don’t end up enjoying.
PS: Can you synopsize three early actions you would take if you were appointed to an official executive role to improve US cybersecurity?
PWS: Goodness, the last third of the book is all "what can we do?" type chapters, not just at national level, but also at corporate and even personal levels. But a few that would be important for the US government would be:
Launch a major campaign of cyber hygiene awareness, backed by a cyber version of the most successful government agency in history, the CDC (Centers for Disease Control). At the end of the day, both the problems and answers in cybersecurity and cyberwar are not about the software or hardware, but the wetware, the people behind the systems. Get the incentives, the organizations, and education right and things get much better. Not solved, but better. Indeed, one study found that as much as 94 percent of attacks would be stopped by basic cyber hygiene, with my favorite example being that the most popular password is..."password."
Create balance in our approach: At the Pentagon, we are spending 2.5-4 times as much on cyber offense research as we are cyber defense research. That’s a lot like standing in your glass house and thinking the best way to deal with gangs of neighborhood kids is to buy a stone sharpening kit. We are spending over 10 times as much on the Pentagon cyber capabilities as we are at civilian agencies like the DHS. Likewise, we need balance in the public-private sector responsibilities. Firms should not think this is only for the government to handle. Whether you are a bank, a power company, a department store, or a cupcake stand, you have to start taking your cybersecurity responsibilities more seriously.
Get Congress on board (harder said than done): The last time Congress passed any significant cybersecurity legislation was 2002, half a decade before anyone had even heard of the iPhone, let alone today’s world of metadata and Google Glass.
PS: As you recognize in your book, the internet has facilitated an explosion in the creation and distribution of cute videos. Will you share a favorite or two?
PWS: Since my last book was on robots, I have to combine the two and go with the cat using his Roomba robot to escalate the eons-old battle with canine forces.
But as the new book explores, the US and Chinese approaches to cybersecurity and cyberwar are another one of those crucial trends that will define the future. Part of this is the two governments’ political and economic power and their very different visions of the future. But part is simply driven by the fact that the Internet’s users and uses has evolved from its roots a generation back in California. And there is no better illustration than the news that cute panda bear videos are now starting to outnumber cute cat videos. So I should also include my favorite of those, where pandas play on a slide, just like Nature intended...
