This book review summarizes the key points of the book "Cyber War: The Next Threat to National Security and What to Do About It" by Richard Clarke and Robert Knake. The summary is as follows:
1. The book aims to warn Americans about the growing threat of cyber war and proposes a "Defensive Triad" strategy to protect critical infrastructure.
2. The first half documents evidence of current cyber attacks and outlines vulnerabilities in the US cyber defenses. The second half proposes the Defensive Triad of monitoring internet traffic, securing critical infrastructure like the power grid, and improving military cyber defenses.
3. While the authors are experts, the book provides no citations to support facts, leaving
Cyberpower and National SecurityRelated titles.docxaryan532920
Cyberpower and
National Security
Related titles fRom Potomac Books
Asymmetrical Warfare: Today’s Challenge to U.S. Military Power
by Roger W. Barnett
The Future of War : Organizations as Weapons
by Mark D. Mandeles
Information Operations: Warfare and the Hard Reality of Soft Power
edited by E. Leigh Armistead
Information Warfare: Separating Hype from Reality
edited by E. Leigh Armistead
Leading at the Speed of Light: New Strategies for
U.S. Security in the Information Age
by Daniel M. Gerstein
Nontraditional Warfare: Twenty-first Century Threats and Responses
by William R. Schilling
Terror on the Internet: The New Arena, the New Challenges
by Gabriel Weimann
Center for teChnology and national SeCurity PoliCy
Edited by Franklin D. Kramer,
Stuart H. Starr, and Larry K. Wentz
PotomaC BookS, inC.national defenSe univerSity PreSS
WaShington, d.C.
Cyberpower and
National Security
Copublished in the United States by National Defense University Press and Potomac Books,
Inc. The opinions, conclusions, and recommendations expressed or implied within are those of
the authors and do not necessarily reflect the views of the Department of Defense or any other
agency of the Federal Government. This publication is cleared for public release; distribution
unlimited. Portions of this book may be quoted or reprinted without further permission, with
credit to both National Defense University Press and Potomac Books, Inc.
Library of Congress Cataloging-in-Publication Data
Cyberpower and national security / edited by Franklin D. Kramer, Stuart H. Starr, and Larry K.
Wentz. — 1st ed.
p. cm.
Includes bibliographical references and index.
ISBN 978-1-59797-423-3 (pbk. : alk. paper)
1. National security—United States. 2. Information technology—Government policy—United
States. 3. Cyberspace—Government policy—United States. 4. Cyberterrorism—United States—
Prevention. I. Kramer, Franklin D., 1945– II. Starr, Stuart H. III. Wentz, Larry K.
UA23.C929 2009
355.3’43—dc22
2009003301
Printed in the United States of America on acid-free paper that meets the American National
Standards Institute Z39-48 Standard.
Potomac Books, Inc.
22841 Quicksilver Drive
Dulles, Virginia 20166
First Edition
10 9 8 7 6 5 4 3 2 1
List of Illustrations ix
Preface xiii
Introduction xv
Part I. Foundation and Overview
1 Cyberpower and National Security: Policy Recommendations
for a Strategic Framework
Franklin D. Kramer 3
2 From Cyberspace to Cyberpower: Defining the Problem
Daniel T. Kuehl 24
3 Toward a Preliminary Theory of Cyberpower
Stuart H. Starr 43
Part II. Cyberspace
4 A Graphical Introduction to the Structural Elements of Cyberspace
Elihu Zimet and Edward Skoudis 91
5 Cyberspace and Infrastructure
William D. O’Neil 113
6 Evolutionary Trends in Cyberspace
Edward Skoudis 147
7 Information Secur ...
61Shackelford & Bohm - Securing North American Critical Infrasimisterchristen
61Shackelford & Bohm - Securing North American Critical Infrastructure
Securing North American Critical
Infrastructure:
A Comparative Case Study in
Cybersecurity Regulation
Scott J. Shackelford, J.D., Ph.D. * & Zachery Bohm**
Abstract: The United States and Canada are interdependent along a number of
dimensions, such as their mutual reliance on shared critical infrastructure. As a result,
regulatory efforts aimed at securing critical infrastructure in one nation impact the other,
including in the cybersecurity context. This article explores one such innovation in the
form of the 2014 National Institute for Standards and Technology (“NIST”)
Cybersecurity Framework. It reviews the evolution of the NIST Framework, comparing
and contrasting it with ongoing Canadian efforts to secure vulnerable critical
infrastructure against cyber threats. Its purpose is to discover North American governance
trends that could impact wider debates about the appropriate role of the public and private
sectors in enhancing cybersecurity.
Ta b l e of C o n t e n t s
I. Introduction........................................................................................................... 61
II. Unpacking the Cyber Threat Affecting North American Critical
Infrastructure............................................................................................................ 63
III. U.S. Approaches to Securing Critical Infrastructure: Enter the NIST
Framework............................................................................................................... 65
IV. An Introduction to Canadian Critical Infrastructure Cybersecurity Law
and Policy................................................................................................................. 66
V. Conclusion........................................................................................................... 69
I. In t r o d u c t io n
Neither the United States nor Canada is a stranger to cyber attacks. These
have increasingly targeted both the private and public sectors to steal valuable
intellectual property, such as state and trade secrets. In one instance, the
Canadian government reported a major cyber attack in 2011 that forced the
Finance Department and Treasury Board, Canada’s main economic agencies, to
disconnect from the Internet.1 Hundreds of systems within the United States
* Assistant Professor of Business Law and Ethics, Indiana University; Senior Fellow, Indiana
University Center for Applied Cybersecurity Research; W. Glenn Campbell and Rita Ricardo-
Campbell National Fellow, Stanford University Hoover Institution.
** Senior, Indiana University School of Public and Environmental Affairs.
62 CANADA-UNITED STATES LAW JOURNAL [Vol. 40, 2016]
Department of Commerce have similarly been forced offline due to cyber attacks
in recent years.” In total, more than 40 million global cyber attacks were reported
in 2014, representing a nearly 50% increas ...
Cyberpower and National SecurityRelated titles.docxaryan532920
Cyberpower and
National Security
Related titles fRom Potomac Books
Asymmetrical Warfare: Today’s Challenge to U.S. Military Power
by Roger W. Barnett
The Future of War : Organizations as Weapons
by Mark D. Mandeles
Information Operations: Warfare and the Hard Reality of Soft Power
edited by E. Leigh Armistead
Information Warfare: Separating Hype from Reality
edited by E. Leigh Armistead
Leading at the Speed of Light: New Strategies for
U.S. Security in the Information Age
by Daniel M. Gerstein
Nontraditional Warfare: Twenty-first Century Threats and Responses
by William R. Schilling
Terror on the Internet: The New Arena, the New Challenges
by Gabriel Weimann
Center for teChnology and national SeCurity PoliCy
Edited by Franklin D. Kramer,
Stuart H. Starr, and Larry K. Wentz
PotomaC BookS, inC.national defenSe univerSity PreSS
WaShington, d.C.
Cyberpower and
National Security
Copublished in the United States by National Defense University Press and Potomac Books,
Inc. The opinions, conclusions, and recommendations expressed or implied within are those of
the authors and do not necessarily reflect the views of the Department of Defense or any other
agency of the Federal Government. This publication is cleared for public release; distribution
unlimited. Portions of this book may be quoted or reprinted without further permission, with
credit to both National Defense University Press and Potomac Books, Inc.
Library of Congress Cataloging-in-Publication Data
Cyberpower and national security / edited by Franklin D. Kramer, Stuart H. Starr, and Larry K.
Wentz. — 1st ed.
p. cm.
Includes bibliographical references and index.
ISBN 978-1-59797-423-3 (pbk. : alk. paper)
1. National security—United States. 2. Information technology—Government policy—United
States. 3. Cyberspace—Government policy—United States. 4. Cyberterrorism—United States—
Prevention. I. Kramer, Franklin D., 1945– II. Starr, Stuart H. III. Wentz, Larry K.
UA23.C929 2009
355.3’43—dc22
2009003301
Printed in the United States of America on acid-free paper that meets the American National
Standards Institute Z39-48 Standard.
Potomac Books, Inc.
22841 Quicksilver Drive
Dulles, Virginia 20166
First Edition
10 9 8 7 6 5 4 3 2 1
List of Illustrations ix
Preface xiii
Introduction xv
Part I. Foundation and Overview
1 Cyberpower and National Security: Policy Recommendations
for a Strategic Framework
Franklin D. Kramer 3
2 From Cyberspace to Cyberpower: Defining the Problem
Daniel T. Kuehl 24
3 Toward a Preliminary Theory of Cyberpower
Stuart H. Starr 43
Part II. Cyberspace
4 A Graphical Introduction to the Structural Elements of Cyberspace
Elihu Zimet and Edward Skoudis 91
5 Cyberspace and Infrastructure
William D. O’Neil 113
6 Evolutionary Trends in Cyberspace
Edward Skoudis 147
7 Information Secur ...
61Shackelford & Bohm - Securing North American Critical Infrasimisterchristen
61Shackelford & Bohm - Securing North American Critical Infrastructure
Securing North American Critical
Infrastructure:
A Comparative Case Study in
Cybersecurity Regulation
Scott J. Shackelford, J.D., Ph.D. * & Zachery Bohm**
Abstract: The United States and Canada are interdependent along a number of
dimensions, such as their mutual reliance on shared critical infrastructure. As a result,
regulatory efforts aimed at securing critical infrastructure in one nation impact the other,
including in the cybersecurity context. This article explores one such innovation in the
form of the 2014 National Institute for Standards and Technology (“NIST”)
Cybersecurity Framework. It reviews the evolution of the NIST Framework, comparing
and contrasting it with ongoing Canadian efforts to secure vulnerable critical
infrastructure against cyber threats. Its purpose is to discover North American governance
trends that could impact wider debates about the appropriate role of the public and private
sectors in enhancing cybersecurity.
Ta b l e of C o n t e n t s
I. Introduction........................................................................................................... 61
II. Unpacking the Cyber Threat Affecting North American Critical
Infrastructure............................................................................................................ 63
III. U.S. Approaches to Securing Critical Infrastructure: Enter the NIST
Framework............................................................................................................... 65
IV. An Introduction to Canadian Critical Infrastructure Cybersecurity Law
and Policy................................................................................................................. 66
V. Conclusion........................................................................................................... 69
I. In t r o d u c t io n
Neither the United States nor Canada is a stranger to cyber attacks. These
have increasingly targeted both the private and public sectors to steal valuable
intellectual property, such as state and trade secrets. In one instance, the
Canadian government reported a major cyber attack in 2011 that forced the
Finance Department and Treasury Board, Canada’s main economic agencies, to
disconnect from the Internet.1 Hundreds of systems within the United States
* Assistant Professor of Business Law and Ethics, Indiana University; Senior Fellow, Indiana
University Center for Applied Cybersecurity Research; W. Glenn Campbell and Rita Ricardo-
Campbell National Fellow, Stanford University Hoover Institution.
** Senior, Indiana University School of Public and Environmental Affairs.
62 CANADA-UNITED STATES LAW JOURNAL [Vol. 40, 2016]
Department of Commerce have similarly been forced offline due to cyber attacks
in recent years.” In total, more than 40 million global cyber attacks were reported
in 2014, representing a nearly 50% increas ...
36044 Topic Emerging threats and counter measuresNumber of Pa.docxrhetttrevannion
36044 Topic: Emerging threats and counter measures
Number of Pages: 1 (Double Spaced)
Number of sources: 2
Writing Style: APA
Type of document: Essay
Category: Computer Science
Language Style: English (U.S.)
Order Instructions: Attached
Chapter 1 provided a high-level overview of the need for a national framework for protecting critical infrastructure. For some additional reading, take a look at the latest Presidential Order that relates to strengthening cybersecurity that relates to critical infrastructure:
https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/
After reading chapter 1 and looking at the link above, you're ready to participate in the first discussion.
Let’s look at a real-world scenario and how the Department of Homeland Security (DHS) plays into it. In the scenario, the United States will be hit by a large-scale, coordinated cyber attack organized by China. These attacks debilitate the functioning of government agencies, parts of the critical infrastructure, and commercial ventures. The IT infrastructure of several agencies are paralyzed, the electric grid in most of the country is shut down, telephone traffic is seriously limited and satellite communications are down (limiting the Department of Defense’s [DOD’s] ability to communicate with commands overseas). International commerce and financial institutions are also severely hit. Please explain how DHS should handle this situation.
You must do the following:
1) Create a new thread. As indicated above, please explain how DHS should handle the situation described in the preceding paragraph.
2) Select AT LEAST 3 other students' threads and post substantive comments on those threads. Your comments should extend the conversation started with the thread.
ALL original posts and comments must be substantive. (I'm looking for about a paragraph - not just "I agree.")
.
Final Paper Draft Outline – Week 7 For the second to last.docxcharlottej5
Final Paper Draft Outline – Week 7
For the second to last homework, you need to submit an outline of your final paper. What does
that mean? You need to read the article “Writing for College: What is an Academic Paper” and
conceptualize what the paper assignment for this course is about:
https://depts.washington.edu/owrc/Handouts/What%20is%20an%20Academic%20Paper.pdf
Next, you need to read the “Final Paper Minimum Requirements” to get a sense of how you shall
start creating the paper. Think of a topic that you are interest the most – it can be a critical paper,
project, applicative hacks – and then apply the instructions from the first two sources indicated.
The draft outline needs to answer:
• what is your topic,
• what are your main sections in the paper,
• what are the preliminary sources you will use,
• how you plan to write in each of these sections/use the sources.
The APA, IEEE, or MLA is required for this assignment. Why? You can just use the same
document to proceed with actually writing the paper, project report, or the white paper of the
hack. You can find the formatting guidelines in the “Paper Guidelines” module in D2L.
Once you have finalized your homework, please take a look at the document named “How to
Read an Academic Paper” that is also attached together in the same D2L module as the other
two. Make sure you read it – it is an excellent and critical tool that you will need in reading the
academic sources you plan to build upon in your paper.
Risking Security: Policies and Paradoxes
of Cyberspace Security
Ronald J. Deibert
University of Toronto
and
Rafal Rohozinski
University of Toronto
Conceptualizations of cyberspace security can be divided into two related
dimensions, articulated as ‘‘risks’’: risks to the physical realm of computer
and communication technologies (risks to cyberspace); and risks that arise
from cyberspace and are facilitated or generated by its technologies, but
do not directly target the infrastructures per se (risks through cyberspace).
There is robust international consensus, growing communities of practice,
and an emerging normative regime around risks to cyberspace. This is less
the case when it comes to risks through cyberspace. While states do collabo-
rate around some policy areas, cooperation declines as the object of risk
becomes politically contestable and where national interests vary widely.
These include the nature of political opposition and the right to dissent
or protest, minority rights and independence movements, religious belief,
cultural values, or historical claims. The contrast between the domains has
led to contradictory tendencies and paradoxical outcomes.
Globalization is generating new security challenges. Modern societies confront a
myriad of risks that threaten economic prosperity, undermine the safety and
security of citizens, and cause significant disruption to society and politics. These
risks range from empowered and mili.
2 pgapa format 3 sourcesThe threat posed by cyber actomitziesmith74
2 pg
apa format
3 sources
The threat posed by cyber actors is significant and growing. Do you agree with the Director of National Intelligence that Cyber issues have become as important as terrorism as an intelligence priority?
Reading
Clapper, James R., “U.S. Intelligence Community: Worldwide Threat Assessment”
Statement for the Record
, February 9, 2016 (see section on Cyber and Technology). pp. 1-4. Click
here
.
McWhorter, Dan, “Exposing One of China’s Cyber Espionage Units,”
Mandiant Intelligence Center Report
(February 19, 2013), pp. 1-2. Accessed at:https://www.fireeye.com/blog/threat-research/2013/02/mandiant-exposes-apt1-chinas-cyber-espionage-units.html.
Office of the National Counterintelligence Executive. Foreign Spies Stealing US Economic Secrets in Cyberspace (October 2013). Pages 1-10. Click
here
.
Reveron, Derek S.
Cyberspace and National Security: Threats, Opportunities, and Power in a Virtual World
, Edited by Derek S. Reverson. Washington, DC: Georgetown University Press, 2012. (Chapter 4). Pages 57-71.
Singer, Peter.W., “The Cyber Terror Bogeyman,”
The Brookings Institut
e (November 1, 2012). pp. 1-4. Accessed at: https://www.brookings.edu/articles/the-cyber-terror-bogeyman/:
Symantec.
Internet Security Threat Report
(ISTR), 2015. pp.1-120. Click
here
.
...
WMD Proliferation, Globalization, and International Security.docxambersalomon88660
WMD Proliferation, Globalization, and International Security:
Whither the Nexus and National Security?
Strategic Insights, Volume V, Issue 6 (July 2006)
by James A. Russell
Strategic Insights is a bi-monthly electronic journal produced by the Center for Contemporary
Conflict at the Naval Postgraduate School in Monterey, California. The views expressed here are
those of the author(s) and do not necessarily represent the views of NPS, the Department of
Defense, or the U.S. Government.
For a PDF version of this article, click here.
Introduction
Throughout the 1990s, the United States national security establishment gradually espoused the
idea of a growing threat posed by the proliferation of a variety weapons and weapons
technologies that could cause mass casualties to combatants and noncombatants alike. Nuclear
weapons had long occupied the rhetorical space used by policy makers to describe weapons that
could kill on a mass scale, but gradually the result was that the term “weapons of mass
destruction” was reinvigorated and quickly became an accepted term in the lexicon of national
security policy. The term is believed to have surfaced in the media in the aftermath of the German
bombing of Guernica, the Basque seat of power, in April 1937. It reappeared periodically during
World War II in reference to the indiscriminate killing of civilians by aircraft.[1] Today, the term is
defined in U.S. Code Title 50 as “any weapon or device that is intended, or has the capability, to
cause death or serious bodily injury to a significant number of people through the release,
dissemination, or impact of toxic or poisonous chemicals or their precursors; a disease organism;
radiation or radioactivity."[2] For the purposes of this analysis, the term is defined as weapons
that can inflict mass casualties on combatants and noncombatants using nuclear and radiological
devices, long range missiles, and lethal chemical- and biological agents.[3]
Arguably, the kick-off to the more recent formal shift in emphasis in the U.S. national security
bureaucracy came in September 1993 when President Clinton told the United Nations General
Assembly:
One of our most urgent priorities must be attacking the proliferation of weapons of mass
destruction, whether they are nuclear, chemical or biological; and the ballistic missiles
that can rain them down on populations hundreds of miles away… If we do not stem the
proliferation of the world’s deadliest weapons, no democracy can feel secure.[4]
Following the speech, President Clinton signed Presidential Directive 18, which ordered the
Department of Defense to develop a new approach in addressing the proliferation of weapons of
mass destruction. At the time of the initiative, the United States was particularly concerned with
the prospect of thousands of unsecured nuclear warheads in the former Soviet republics—the
problem of “loose nukes.”
In late 1993, Secretary of Defense Les Aspi.
WMD Proliferation, Globalization, and International Security.docx
Kurnava+Book+Review (1)
1. American Military University
Book Review
Of
Cyber War: The Next Threat to National Security and What to Do About It
Authored by
Richard Clarke and Robert Knake
By
CPT Matthew C. Kurnava
Arlington, VA
April 03, 2016
2. 1
In 1982, Robert Schnell’s book The Fate of the Earth hit bookstores across the nation. This
book was not like other books. This book affected the American people in its view of
impending nuclear war like no other book before it. It urged the reader to act and to confront the
issues of nuclear proliferation head on. (Knopff 1982) The book envisioned the world after the
events of a nuclear holocaust. It spoke about what a nuclear holocaust was physically, morally,
and politically. It was remarkable and it affected the way people thought about the nuclear
proliferation and what needed to be done. (Knopff 1982)
Authors Robert Knake and Richard Clarke face a similar problem, a war is looming in
the United States and most Americans are unaware of the capabilities of the weapons of this war
and the effects it could have for the future of the United States. This war does not take place on
a physical battle ground, but within a virtual one. Cyberspace is the battleground, cyber warriors
and hackers are the players and the weapons have the ability to shut down critical infrastructure
from anywhere in the world. This war is a cyber war. Cyber War: The Next Threat to National
Security and What to Do About It, is Knake and Clarke’s venture into revealing this war to its
reader and then propose a solution that could help protect the United States from being shut
down from cyber-attacks.
Summary
It is important to note on what grounds the authors have to speak with authority on their
topic. Although the book was written in 2012, their current profiles reveal a vast amount of
experience in cyber security.
Richard A. Clarke served as a Pentagon official over several positions and as Assistant
Secretary of State before moving on to work in as a White House official for three presidents.
3. 2
During this time, he was “Special Assistant to the President for Global Affairs, Special Advisor
to the President for Cyberspace, and National Coordinator for Security and Counter-terrorism.”
(Enterprise RAC 2016) He also taught at the Harvard School of Government for five years.
(Enterprise RAC 2016)
Robert Knake served as the director for cybersecurity policy at the National Security
Council from 2011 to 2015. (Council of Foreign Relations 2016) He has vast experience in
cyber vulnerability assessment and Federal Computer Week dubbed him the ‘White House’s
Cyber Wizard’ for his work on Executive Order 13636”. (Council of Foreign Relations 2016)
The thesis presented by Knake and Clarke in “Cyber War” is developed into two parts.
The first centralizes on the threat to the United States in cyberspace. They elaborate on how this
threat is real and Cyber War is evident. Secondly, the authors provide a solution regarding the
defensive and offensive strategies for the United States in cyberwar that is government centric.
The book can be separated into two parts. Chapters 1-4 :(1. “Trial Runs”, 2. “Cyber Warriors”,
3. “The Battle Space” ,4. “The Defense Falls”) focus on the journey of Cyber Security, its
development and progress, how it has been conducted and its struggles. The authors show
through these chapters their evidence for the Cyber War that they state we are now facing.
Chapters 5-8: (5. “Toward a Defensive Strategy”, 6. “How Offensive”, 7. “Cyber Peace”, 8.
“The Agenda”) focus on how the authors’ vision to the solutions to our offensive and defensive
strategies in cyber war.
The authors define “cyber war” at the very beginning of chapter one, “Trial Runs”. They
define “cyber war” as “actions by a nation state to penetrate another nation’s computers or
networks for the purpose of causing damage or disruption” (Clarke and Knake 2012,6) From
4. 3
this point forward, the authors go through many key incidents that they use as evidence to
support the following:
1. Cyber war is real
2. Cyber war happens at the speed of light
3. Cyber war is global
4. Cyber war skips battlefields
5. Cyber war has begun
(Clarke and Knake 2012, 30-31)
Knake and Clarke summarize the issues with China and the building of their offensive
strategy throughout chapter two, and detail how vulnerable the United States is to these attacks.
Most of the chapter is focused on China and its capabilities and what they have done or can do
in relation to how the United States is vulnerable. They create an aura of “impending doom” to
the American way of life at the hands of the Chinese blackhat. (Clarke and Knake 2012, 54-62)
The battlefield in which the war is played out is outlined in great detail throughout
chapter three “Battle Space”, it provides the reader with detail on the three things that allow a
cyber war to occur: “1. Flaws in the design of the internet, 2. Flaws in the hardware and
software, 3. The move to put more and more critical systems online” (Clarke and Knake 2012,
73-74) The vulnerabilities of the internet are drawn out by the authors as five vulnerabilities.
They detail these vulnerabilities as:
1. ISP Domain Name System
2. The Border Gateway Protocol
3. Internet is mostly open and unencrypted
5. 4
4.has the ability to spread malware
5. It is one network with decentralized design.
(Clarke and Knake 2012, 73-74)
The authors articulate these vulnerabilities in a prose that everyone can understand and
the explanations of these vulnerabilities seem to “pop” out from the rest of the chapter. They
point out that the flaws in the hardware and the software is a result of being produced by many
different companies and that the various software programs can be “easily tricked by hackers.
(Clarke and Knake 2012, 86-96) The rest of the chapter outlines the vulnerabilities of Industrial
Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems that
are dependent upon the Internet and how they are easily accessible. (Clarke and Knake 2012,
96-91) They provide several examples of how a hacker can attack a system and either take
control of the system or destroy it. (Clarke and Knake 2012, 86-96) These critical systems
control our electricity, water treatment facilities, oil refineries, transportation networks and
communication networks. The authors reveal how an attack on these would prove to be critical
to the infrastructure to any city within the United States.
Chapter four, “The Defense Fails”, details the issues that the United States faced
regarding cyber security through the turn of the century to present. The authors provide detailed
accounts of DDOS attacks and the political reactions of these attacks by the three separate
POTUS during this timeframe [Presidents William Clinton, George W. Bush, Barak Obama].
Salient points to take out of this chapter, other than the review of the creation cyber elements
within the Department of Defense and the advancement of policies for cyber defense during this
time, is the authors chart on cyber war strength. (Clarke and Knake 2012, 103-150) This chart is
6. 5
important because it reveals how the authors view the United States in comparison to other
nations. This chart provides the lead in to the second half of the book on how to improve the
United States cyber capability. The chart is as follows.
NATION CYBER
OFFENSE
CYBER
DEPENDENCE
CYBER
DEFENSE
TOTAL
U.S. 8 2 1 11
Russia 7 5 4 16
China 5 4 6 15
Iran 4 5 3 12
North Korea 2 9 7 18
Table 1:(Clarke and Knake 2012, 148)
It is important to note where the authors place the United States in relation to the other
nations. According to their chart, the United States is the lowest scoring nation state in regards
to the data based on their expertise. And it forms the basis of the second portion of the book in
relation to these weighted factors. As the book notes:
When you think about “defense” capability and “lack of dependency” together,
many nations score far better than the U.S. Their ability to survive a cyber war,
with lower costs, compared to what would happen in the U.S., creates a cyber war
gap. The existence of that “cyber war gap” may tempt some nation to attack the
United States. Closing the gap should be the highest priority of U.S. Cyber warriors.
Improving our offense capability does not do that. It is impossible to reduce our
dependence on networked systems at this point. Hence, the only way we can close
the gap, the only way we can improve our overall Cyber War Strength is to improve
our defenses. Let’s look at how we might do that. (Clarke and Knake 2012, 149)
7. 6
This is where I consider the book diverges from a history and review of cyber war over
the past 25-30 years to the authors’ pragmatic solution of the vulnerabilities already pointed out
in the first half of the book. Clarke and Knake have built their work and poised a problem, but
as any experience professional working in the strategic or operational environment can attest, if
you are going to pose a problem then you must provide a solution. The second half of the book
is Clarke and Knake’s magnum opus [emphasis added]and their pragmatic solution begins with
a solution for a defense strategy.
The key point of chapter five,” Toward a Defensive Strategy” is Clarke and Knake’s
defensive solution described as “The Defensive Triad”. The main point of the Defensive Triad
is “using federal regulation to create cyber security requirements.” (Clarke and Knake 2012,
160)
The first part of the Defense Triad would involve scanning traffic over the “backbone”
of the Internet. The backbone as described by the authors is the Tier 1 providers that provide
internet service [ AT&T, Verizon, Quest, Sprint. Level 3 Communications]. (Clarke and Knake
2012, 160) Clarke and Knake propose a scanning of the internet traffic entering the United
States over the backbone. They also understand that this would pose two significant issues:
technological and policy. The technological issue is overcome by current technology. The
second , which relates to civil liberties, the authors propose that the Tier 1 providers complete
deep packet inspections searching for signatures of malware in incoming traffic and that there
be oversight by a “Privacy and Civil Liberties Board” (Clarke and Knake 2012, 162) The
authors then justify this packet inspection by referencing similar technology already used by
Internet Service Providers, the Department of Homeland Security (DHS) and the Department of
Defense (DOD) (Clarke and Knake 2012, 162-167)
8. 7
The second part of the Triad is a secure power grid. (Clarke and Knake 2012,167)
Clarke and Knake suggest that federal regulation be emplaced to mandate “disconnecting the
power generation and distribution companies from the Internet and then make access to those
networks require authentication” (Clarke and Knake 2012,167). This would entail the
government regulating private sector power companies. The authors propose strict regulations
for power companies to gain pathways from the internet to the Industrial Control Systems
(ICS), These regulations would force the companies to secure their cyber systems. (Clarke and
Knake 2012,169-170).
The third part of the Triad is the Department of Defense (DOD). (Clarke and Knake
2012,176). The authors’ premise is that if there is an attack from another nation state, then it
would occur at a time in which there is “heightened tensions” between the U.S. and the enemy
state. This requires that there be significant IT upgrades for the DOD.
The authors premise is that this Triad would mitigate the effects of any cyber-attack
from an enemy nation state. The remaining three chapters focus on how the United States
should move forward with the Triade as its foundations. Chapter six, “How Offensive” focuses
on the offensive strategy that the United States can enact against other nation states with the
Defense Triad emplace. (Clarke and Knake 2012,179-218). Chapter seven, “Cyber Peace”
reviews international laws that cover cyber war and the multilateral agreements that are of
interest to the United States in this area [rules of cyber war at an international level and
prevention of civilian cyber-attacks] (Clarke and Knake 2012,219-256).
The final chapter, “The Agenda”, sums up what needs to be done to prevent a cyber war.
Clarke and Knake state that there must be a public open talk about cyber war as a threat. (Clarke
and Knake 2012,261). They contend that such an attack will be a surprise and not foreseeable,
9. 8
to which I concur. The second point they reference to prevent a cyber war emphasizes the
emplacement of the Defense Triad. (Clarke and Knake 2012,264). The authors state that in
order to prevent a cyber war that cyber-crime needs to be addressed and significantly reduced.
(Clarke and Knake 2012,276). The next point the authors propose is a Cyber War Limitation
Treaty (CWLT) and propose this at the United Nations (U.N.) The fifth element required to
prevent cyber war proposed is more research into the advancement of alternative network
designs that will be more secure. Finally, the authors propose that the POTUS is necessary to be
involved in the process. They propose that he review what Cyber Command has done in an
annual report and promote the Obama Doctrine of Cyber Equivalence in addresses ensuring that
it is known that a cyber-attack by an enemy state will result with a kinetic response from the
U.S. The authors also provide as a grand finale to the book, an example of a speech that the
POTUS would make to the United Nations General Assembly. (Clarke and Knake 2012,276-
279).
Analysis
The authors aimed to write the book in an “informal style that will be both clear and
occasionally entertaining” (Clarke and Knake 2012, xiii). On this effort, they are successful.
While both authors are subject matters of expertise in the area of cyber security, and although
their aim is to write “informally”, this does not exclude them from properly documenting in
some form their facts as presented in the book. There are no citations, no references and no
bibliography, there is no way to validate anything the authors state and the reader is to take what
is said as being fact without question. The reader is to consider that everything stated is valid
without skepticism. The authors’ qualifications possibly present a valid appeal to qualified
10. 9
authority [emphasis added], but there is the possibility that the facts presented may be
inaccurately represented and subjective relative to the viewpoint of the authors. Experts can be
wrong; this is a possibility. The reason we cite sources on what we state in papers and
informational books such as this is to provide validation to our expertise, to support our
arguments. (Princeton 2011).
Without citations, there leaves the reader with a seed of doubt on whether the authors are
100% accurate in all of their factual claims. This is not to say the facts presented in Cyber War
are incorrect, but their validity can be at least questioned. No one wants to “google” parts of a
book just to ensure they are valid. Academic readers want to be certain that the data presented is
supported by validated sources. While the layperson may accept everything stated as valid, the
academic reader will read it with skepticism when no references or citations are presented.
Another issue that is presented is that the authors present a strong appeal to emotion
(argumentum ad passiones), The book is very subversive in doing so, but it does so nonetheless.
The authors appeal to the reader’s emotion by appealing to their fear on what will happen if a
cyberwar is to occur and uses this fear to aid them in selling their points on what to do about it.
Other reviews have also noticed this “chicken little-ism” (Theirer 2010) and the use of scare
tactics (Single 2010), but maybe this is appeal to emotion is necessary in order for the reader to
buy off on the Triad presented in the second half of the book.
The reasoning is sound, that if the authors want the reader to buy into their defense
strategy without any sourcing of their material, then it is probable that an appeal to the reader’s
fear of a pending cyber war would lay the foundation for the reader to accept the governmental
control of the internet. This government control is central to the authors’ Triad, whether by
11. 10
monitoring Internet traffic or using regulation to force companies to obey the government’s
regulations on how to control. (Clarke and Knake 2012, 162-167)
This is a debatable issue, a poll in 2014 conducted by a market research firm, GfK
showed that 80% of respondents wanted the government to do more to protect the U.S. citizen’s
data. (Duncan 2014) However, a 2013 Pew Internet & American Life Project poll showed that
66% of individuals were concerned about their privacy. (Duncan 2014). The issue of privacy
versus protection is not new and there should be a balance. Clarke and Knake attempt to resolve
the qualms of government involvement by saying that there would be a “Privacy and Civil
Liberties Board” (Clarke and Knake 2012, 162), but amidst the amount of governmental control
they give in their Triad, this seems more like an appeasement effort, a red herring to the reader.
With the amount of experience and expertise the authors have, there is a nagging
question on whether the omission of references and appeal to emotion was intentional in order
for the reader to buy into their Defense Triad. It is plausible that this is their underlying intent.
The authors have had experience attempting to reason cyber war into the ears of politicians for
over a decade (Enterprise RAC 2016) and still there has not been a cyber-attack big enough for
the heads of government to react significantly. It is plausible that the authors attempt to
“exaggerate the threat “(Schneier 2013) and use their method of appealing to emotion to
convince the average American citizen of the impending threat of doom of cyberwar would
initiate the action of the voting citizen. or at least get the conversation started.
A large issue with the book is the very definition of cyber war as defined by Clarke and
Knake.) Within Clarke and Knake’s definition is a limitation that serves the purpose of their
book and support their thesis but it is insufficient outside their book. Their definition focuses
solely on the cyber operations of nation vs nation [emphasis added]. There is a reason that the
12. 11
2015 U.S. Law of War Manual does not use the term “cyber war” but uses terms such as “cyber
operations” (DOD 2015) and this is because other activities occur besides solely for “the
purpose of causing damage or disruption” (Clarke and Knake 2012,6) This includes using
cyberspace for logistics and funding in a war. This is referring to the purchase of weapons or
financing a war through the dark- net and it also involves non state actors, which is another
factor that is left out of Clarke and Knake’s definition.
ISIS, is a non-state actor, but they have used the internet to fund war. ISIS has used the
bitcoin as a method of transferring money to their members (Paganini and Pierluigi 2015). This
is not a direct attack causing “damage or disruption” but it is the funding of non-state actors to
build bombs, purchase weapons and commit terrorist acts. (Paganini and Pierluigi 2015)
Terrorists infiltrate the darknet and commit cybercrimes by stealing funds or acquiring them
illegally on the net via phishing or malware, convert the funds to bit coin and then transfer funds
across the ocean to another terrorist cell. A terrorist can receive funds on their cell phone in the
matter of seconds and convert the bitcoin to local currency. These cybercrimes are advance
force operations and all conducted on the dark net. (Paganini and Pierluigi 2015). These
cybercrime operations are not even considered in the definition presented in the book and they
are the cyber- operations of the non-state group the United States is currently at an “unofficial”
(Timm 2015) war with. (Paganini and Pierluigi 2015).
The definition used in the book meets the needs of the book. but it leaves out vital
points including non-state actors and how cyber operations are used besides the use of hacking.
The use of cyber operations in the DOD Law of War manual seems a more appropriate
definition required when considering all the factors within and those not mentioned.
13. 12
16.1.2 Description of Cyber Operations. Cyberspace operations may be understood to be those operations
that involve “[t]he employment of cyberspace capabilities where the primary purpose is to achieve objectives in or
through cyberspace.”5 Cyber operations: (1) use cyber capabilities, such as computers, software tools, or networks;
and (2) have a primary purpose of achieving objectives or effects in or through cyberspace. (DOD 2015,995)
Using this when referencing cyber activities between state versus state, or state versus
non-state actors allows for all aspects of cyber to be involved. Even this definition is not
stagnant as the 2015 Law of War Manual mentions. (DOD 2015,996) This is a good thing,
cyberspace changes exponentially and the definition should be fluid and all encompassing.
Evaluation
Cyber War by Richard Clarke and Robert Knake was a pleasurable read. With Clarkes’s
experience of writing thriller fiction novels [Break Point and The Scorpion’s Gate], much of the
book read with that thriller aura about it. Clarke’s writing style is exciting and it pulls the reader
in quite efficiently.
At times it is done so well that you do not realize you are reading a nonfiction book; the
lack of citations and notations helps with this too. Clarke is able to, with the assistance of
Knake, build an emotional response from the reader and then at the climatically high point in
the book- sells their point to the reader on how to fix the cyber dilemma in the United States.
When evaluating, there is the question on whether Clarke and Knake purposefully left
out the lack of citations and included the appeal to emotion. These authors are very experienced
and educated, therefore, it is probable that the factors pointed out in the analysis were done
intentionally to draw the reader in. A layperson, with no education in cyber operations, would
be sucked into the book just like it was a thriller novel and the authors would have the reader
eating out of the palms of their hands. There are few books on cyber war and with this intent,
14. 13
not only would it bring awareness, it would bring it with a lightning strike to a reader unfamiliar
with cyber operations.
There are negative reviews of the book by different sources throughout the Internet. A
google search of the book will pick these up. However, these reviews are unwarranted. The
critics did not review the book for what it was. What they did not see, is what the intention of
the book is and consider that the authors knew exactly what they were doing. This book is a
psychological book of persuasion to hook the reader on their solution on how to fix the Cyber
dilemma. This is how you can get past the lack of references and the appeal to emotion,
because they were intentional and they wanted to sell their solution to the reader.
However, while it may be a fun read, this type of book would not make it onto my
reading list. The reason is because while the book has many stories by the author of cyber
operations, they could be subjective in nature and they can’t be validated without picking apart
every fact and then fact checking it. It is also a book to persuade the reader to accept their
resolution through fear and walk a thin line on civil rights. It is a subjective view on cyber war
and I would develop a reading list would contain as many objective based facts as possible
which would include citations and lack appeals to emotion.
Conclusion
Cyber War: The Next Threat to National Security and What to Do About It by Clarke
and Knake is a great read if you can get past the lack of references and citations, the appeal to
emotion [fear] to the reader and the policy suggestions that walk dangerously close to civil
liberty infringements. Also, the book limits the definition on cyber war and focuses purely on
nation state versus nation state operations. Cyber Operations include so much more and to not
15. 14
represent the non-state actor’s involvement in cyber warfare as well as all the other layers of
cyber operations is not fair to the reader. This misrepresents cyber operations for the authors’
sake of selling their solution. You can’t claim the sky is falling when you’ve only covered a
portion of the issues. Since this was written, there has been no polices that look even close to
what Clarke and Knake suggest. The newest law passed, the Cybersecurity Information Sharing
Act of 2015 focused on the sharing of information between the private sector, DHS, FBI, NSA
and other intelligence agencies. (CISA 2015) DOD is not the lead, the Triad is not implemented,
and they sky has not fallen in the 6 years since the book was published. There is still a viable
threat but it is not as apocalyptic as Cyber War envisions it.
16. 15
Reference List
Clarke, Richard A. and Robert K Knake. Cyber War: The Next Threat to National Security and
What to Do About It. New York: HarperCollins Publishers, 2012.
Council of Foreign Relations. "Robert K. Knake." The CFR Think Tank. January 4, 2016.
Accessed March 27, 2016. http://www.cfr.org/experts/cybersecurity-homeland-security-
digital-infrastructure/robert-k-knake/b15502.
Cybersecurity Information Sharing Act of 2015. Congress.Gov. Accessed March 31, 2016.
https://www.congress.gov/bill/114th-congress/house-bill/2029/text [114th Congress (2015-
2016)].
Department of Defense. 2015 Law of War Manual. 2015.
Duncan, Geoff. "Can The Government Regulate Internet Privacy?" Web. April 21, 2014.
Accessed March 29, 2016. http://www.digitaltrends.com/web/government-warn-us-data-
breaches/.
Enterprises, RAC. "Richard A. Clarke.". 2016. Accessed March 27, 2016.
http://www.richardaclarke.net/bio.php.
Kaplan, Rebecca. "W.H. Official: ‘Absolutely, We’re at War with ISIS’.". November 22, 2015.
Accessed March 29, 2016. http://www.cbsnews.com/news/white-house-official-absolutely-
war-with-isis/.
Paganini, +Pierluigi. "The ISIS Advances in The Deepweb Among Bitcoin and Darknets."
Breaking News. May 22, 2015. Accessed March 29, 2016.
http://securityaffairs.co/wordpress/36961/intelligence/isis-in-the-deepweb.html.
Princeton. "When to Cite Sources - Academic Integrity at Princeton University.". 2011.
Accessed March 29, 2016. https://www.princeton.edu/pr/pub/integrity/pages/cite/.
Scialabba, George. "The Fate of the Earth. By Jonathan Schell. Alfred A. Knopf, $11.95.". July
15, 1982. Accessed April 1, 2016. http://www.georgescialabba.net/mtgs/1982/07/the-fate-
of-the-earth-by-jonat.html.
Singel, Ryan. "Richard Clarke’s Cyberwar: File under fiction." Security. April 22, 2010.
Accessed March 29, 2016. http://www.wired.com/2010/04/cyberwar-richard-clarke/.
Schneier, Bruce.The Threat of Cyberwar Has Been Grossly Exaggerated - Schneier On
Security. April 28, 2013. Accessed March 29, 2016.
https://www.schneier.com/blog/archives/2010/07/the_threat_of_c.html.
Thierer, Adam. "Book review: Cyber War by Clarke & Knake.". August 6, 2010. Accessed
March 29, 2016. https://techliberation.com/2010/08/06/book-review-cyber-war-by-clarke-
knake/.
17. 16
Timm, Trevor. "Obama’s Speech Reminded Americans That the War with ISIS Is Still Illegal."
The Guardian. December 7, 2015. Accessed March 29, 2016.
http://www.theguardian.com/commentisfree/2015/dec/06/war-with-isis-illegal-obama-
speech.
Turabian, Kate L, Wayne C Booth, Gregory G. Colomb, Joseph M Williams, and University of
University of Chicago Press Staff. A Manual for Writers of Research Papers, Theses, And
Dissertations, Eighth Edition: Chicago Style for Students and Researchers. 8th ed. Chicago:
University of Chicago Press, 2013.