The biggest security threat to a computer system is said to be the idiot at the keyboard — the user who is lured into clicking a dodgy link and opening the door to the hacker. This book is for that idiot — you, me and the irritating colleague at the next terminal. Licensed for download and individual use, it explains, in purely layman terms, challenges to comprehension in an age when conflict is transiting from organised to irregular warfare; and, when unknown future threats, sensible but not completely comprehensible, are gaining salience. There’s not a whiff of either cordite or crypto arcana like RSA and AES in here. The idiot at the keyboard is guaranteed to understand everything. This one did, at least. You will, too.
The 14 analogies listed proceed from the editors’ observation that people try to make sense of current developments by comparison with past experience. Strategic thinkers and military commanders are people, too. They try to understand present and future threats from their reading of military history. In the case of security, the recommended reading is of fine vintage, stretching back to Sun Tzu in 500 BC, the Arthashastra, which reached its final form about 300 CE, and the first use of steganography in Greece in 440 BC, reported by Herodotus.
Cyberwarfare is top of the mind right now, with the world’s most powerful democracy — the very nation which gave the world the internet — contemplating the electronic lint in its navel and wondering if it was had by Russia in the last presidential election. The loss of public faith in American beliefs and institutions is perhaps even more damaging than the revelations of Wikileaks, the cyber-intervention which had eviscerated America’s moral argument for military intervention. And the picture is evolving too rapidly for normal comprehension.
A decade ago, the American-Israeli Stuxnet worm compromised Iran’s uranium enrichment facility at Nanatz by commanding its centrifuges to tear themselves apart. But later, a sloppily coded update spread the infection to India, Pakistan, Indonesia, and even America itself. Loss of state control over the electronic genie, and the boomerang effect, are two features of future warfare that the authors draw attention to.
The rise of Anonymous in the years since Stuxnet, the Wikileaks gunship tape, the Sony and Ashley Madison hacks, Russian digital warfare against Ukraine, Georgia and Estonia, Bitcoin mania as colourful as the tulip craze, terrorists using encrypted smartphone communications as a great equaliser, and the dreary regularity with which attacks on military and banking networks are reported in the press — such is the variety of forms in which cybersecurity issues present themselves. Now, there’s the question of the validity of Trump, which first raised its head on counting day. It is impossible to understand the varied implications of cyber-conflict without recourse to analogy, and a few in this book are extremely useful.
Particularly interesting is Oxford cybersecurity scholar Florian Egloff’s parallel with the age of privateers and freebooters, which coincided with the age of exploration. They were used as irregular forces by European governments, which found it cheaper to use them to interdict foreign merchant shipping than to raise naval fleets for the purpose, and they persisted until a naval deal at the Paris Congress of 1856, convened to settle the Crimean War. They could exist because the high seas were defined as nobody’s territory, and similarly, hackers get away with blue murder because the internet is decentralised and without borders. Egloff draws attention to the fact that governments lost control over their privateers. Sir Walter Raleigh, the El Dorado seeker who brought potatoes, chillies and tobacco to the world, had to be hanged partly because he persisted in privateering in violation of private treaties with Spain. Captain Kidd, recruited to the interests of empire, eventually trod on thin air at Wapping for looting an Armenian ship bearing goods from India.
In the modern age, relations between government and private enterprise are more complicated. The internet was a defence technology released to corporations, which now dominate the space. On the other hand, exploits have become a standard way for lone hackers to advertise their CVs to governments, in the hope of being hired in order to contain their own tribe.
The rules of engagement have become equally confusing, the only real guideline being the non-binding Tallinn Manual of 2013, which examines the question of jus ad bellum and human rights in the digital age. Cyberweapons are attractive because it is morally easier for governments to invoke sub-lethal force. Smart weapons opened up a new age of interventionism on the plea that they reduce collateral damage. It is easier on the nerves of politicians to authorise a drone strike than it is to put boots on the ground, and bring back bodybags. Similarly, a government would not earn much censure for setting loose a cyberweapon to cripple stock markets or the power grid of an adversary, because it is a nonlethal act. Nevertheless, its human cost could be immense. Artificial intelligence will change the picture again, and protocols are sought governing AIs which wield lethal force.
Besides, since the internet is without borders, attacks could ripple beyond the target nation, and could even come back home to roost. England, which used its naval superiority and global communications infrastructure in colonial times to compromise the merchant shipping of adversaries, had to back off because resulting slowdowns affected the butcher, baker and candlestick-maker at home.
The book is designed to set you thinking, and the only drawback is its reluctance to engage with the unknown. The internet is essentially organic but unlike the life sciences, its future phylogeny is hard to predict. Social media has triggered serious political change in recent years. Its future trajectory is unclear but needs to be anticipated, and the political turmoil over Facebook in the US could serve as a model.
And there’s Bitcoin, which has just punched through the $11,000 cloud deck, but which the next wave of computing could undermine. Quantum computing, still at least half a decade away, would make it laughably easy to crack the cryptography on which Bitcoin rests (the same goes for all your passwords), and the first mover would theoretically be able to spend all the Bitcoin ever minted. There is concern about this, though it is pointed out that algorithms would develop to keep pace with change, just as nuclear war was prevented for 70 years by effective launch codes and preventive protocols. However, money is based on scarcity. The value of Bitcoin depends on the difficulty of performing the computation to add to the blockchain. If quantum computers slash computation time, the currency would be devalued, and concerns about theft would become meaningless.
Such imponderable uncertainties will be commonplace in the digital world of the near future, and will condition the global battle for digital supremacy. Digital conflict is not a simple matter of intelligence-gathering or compromising the command and control architecture of an adversary. The big challenges and opportunities will rise organically, unbidden, and the capability to anticipate them will make all the difference.