Book Review: Cyber War by Richard A. Clarke and Robert K. Knake

The book Cyber War by Richard A. Clarke and Robert K. Knake is a wakeup call targeting our elected representatives and military leaders.  It should also be a wakeup call to all those people and business owners who neglect security issues in their IT infrastructure.

The book begins by providing background on how we have come to the point in history where nearly anyone from nearly anywhere in the world can launch a cyber attack on people, businesses and governments on the other side of the planet at nearly the speed of light. Clarke highlights known cases of cyber attacks, sabotage, and theft and how it is dramatically changing the security landscape for countries and businesses around the world.

Clarke’s main concern is that the US has approached cyber war using primarily offensive minded thinking in much the same way that they thought about atomic weapons in the post WWII ear. Indeed, the US has some of the best cyber warriors in the world, but what should be the policy of how and where to use such forces? What would be the result of a first strike type cyber assault on another nation? How would the US defend itself from similar attacks launched from afar and from within the US? How do we escalate or deescalate a cyber conflict? When would escalation lead to a shooting war? Clarke argues that these are questions that everyone from the top brass to the average civilian should be thinking about given the grave risks that cyber attacks now pose to everyone.

Clarke makes the case that the US is the most technologically advanced nation on earth and has the most to lose should a serious cyber conflict erupt. He then points out that the US does not now have a clear policy regarding cyber warfare. The free and open Internet therefore ensures that anyone from anywhere can launch an attack at anytime with the knowledge that the US government has limited capacity to defend against the attack. In fact, the government does not currently have a sound policy or the ability to intervene should critical infrastructure such as financial markets and the power grid come under cyber attack.  It is therefore left to private companies to protect their own networks and infrastructures from what, in some cases, could amount to attacks from foreign regimes, criminals or terrorists.

In other words, if a cyber war breaks out you, and I and everyone else are effectively on our own! Unlike many other “the sky is falling” books, Clarke also brings specific recommendations and policies, that if adopted, would help reduce the risk of cyber war starting and escalating and limit the amount of damage such a conflict might have on the home front.

Overall, I found this book an excellent and well written account of where we stand with regards to cyber war at in early 2012. Hopefully it’s timely publication will precipitate a serious discussion in the halls of congress, and wake up some small business owners to the issue of IT security before it’s too late.