The main idea here is to review Internet technology and its vulnerabilities to informational crimes such as stealing valuable data, taking control over information flows, especially such sensitive as classified data or money flow, and even taking over control via computer network over power grid, transportation and information networks. The auxiliary objectives to the idea to raise awareness of the threat are proposals that authors offer in order to handle these problems.
Why Write a Book about Cybersecurity and Cyberwar? Why Is There Cybersecurity Knowledge and Why Does It Matter? How Did You Write the Book and What Do You Hope to Accomplish?
This introduction is mainly about reasons for writing this book: poor understanding of nature of Cybersecurity, threats caused by its deficiencies, and methods to improve it. The objective is to promote conscious understanding of related issues that would lead to improvement in technology, behavioral patterns, and legal framework for new Internet world.
PART I HOW IT ALL WORKS
The World Wide What? Defining Cyberspace. Where Did This “Cyber Stuff’ Come from Anyway? A Short History of the Interne; How Does the Internet Actually Work? Who Runs It? Understanding Internet Governance; On the Internet, How Do They Know Whether You Are a Dog? Identity and Authentication; What Do We Mean by “Security” Anyway? What Are the Threats? One Phish, Two Phish, Red Phish, and Cyber Phish: What Are Vulnerabihties? How Do We Trust in Cyberspace? Focus: What Happened in WikiLeaks? What Is an Advanced Persistent Threat (APT)?
How Do We Keep the Bad Guys Out? The Basics of Computer Defense; Who Is the Weakest Link? Human Factors;
This chapter contains highly simplified technical details of Internet, TCPIP and how it works functionally. The key point here is that the way Internet designed, it is very difficult differentiate between data and executable code and most important contemporary systems designed execute code that comes with message. This is the root cause of hackerism, data theft, and cyber attacks. However the conclusion author infers is that the weakest link of computer / human interactive system is human, not computer. It is human who fails to setup strong password, divulge information they are not supposed to divulge, get cheated by phishing and other methods of social engineering.
PART H WHY IT MATTERS
What Is the Meaning of Cyber attack? The Importance of Terms and Frameworks; Whodunit? The Problem of Attribution; What Is Hactivism? Focus: Who Is Anonymous? The Crimes of Tomorrow, Today: What Is Cybercrime? Shady RATs and Cyberspies: What Is Cyber Espionage?
How Afraid Should We Be of Cyberterrorism? So How Do Terrorists Actually Use the Web?
What about Cyber Counterterrorism? Security Risk or Human Right? Foreign Policy and the Internet; Focus: What Is Tor and Why Does Peeling Back the Onion Matter? Who Are Patriotic Hackers? Focus: What Was Stuxnet? What Is the Hidden Lesson of Stuxnet? The Ethics of Cyber weapons; “Cyberwar What Are Zeros and Ones good for?” Defining Cyberwar; A War by Any Other Name? The Legal Side of Cyber Conflict; What Might a “Cyberwar” Actually Look Like? Computer Network Operations; Focus: What Is the US Military Approach to Cyberwar? Focus: What Is the Chinese Approach to Cyberwar? What about Deterrence in an Era of Cyberwar?
Why Is Threat Assessment So Hard in Cyberspace? Does the Cybersecurity World Favor the Weak or the Strong? Who Has the Advantage, the Offense or the Defense? A New Kind of Arms Race: What Are the Dangers of Cyber Proliferation? Are There Lessons from Past Arms Races?
Behind the Scenes: Is There a Cyber-Industrial Complex?
This chapter is detailed review of all potential problems that could come from Internet, various viruses, dark net – Tor, and review of potential state led attacks with especial attention to Chinese activities.
PART III WHAT CAN WE DO?
Don’t Get Fooled: Why Can’t We Just Build a New, More Secure Internet? Rethink Security: What Is Resilience, and Why Is It Important? Reframe the Problem (and the Solution): What Can We Learn from Public Health? Learn from History: What Can (Real) Pirates Teach Us about Cyber security? Protect World Wide Governance for the World Wide Web: What Is the Role of International Institutions? “Graft” the Rule of Law: Do We Need a Cyberspace Treaty? Understand the Limits of the State in Cyberspace: Why Can’t the Government Handle It? Rethink Government’s Role: How Can We Better Organize for Cybersecurity? Approach It as a Public-Private Problem: How Do We Better Coordinate Defense? Exercise Is Good for You: How Can We Better Prepare for Cyber Incidents? Build Cybersecurity Incentives: Why Should I Do What You Want? Learn to Share: How Can We Better Collaborate on Information? Demand Disclosure: What Is the Role of Transparency? Get “Vigorous” about Responsibility: How Can We Create Accountability for Security? Find the IT Crowd: How Do We Solve the Cyber People Problem?
Do Your Part: How Can I Protect Myself (and the Internet)?
The final part is pretty much about various options of making Internet more secure. It goes into details of international agreements existing and potential, role of transparency and incentives for good Internet behavior.
Where Is Cybersecurity Headed Next? What Do I Really Need to Know in the End?
This is look at Internet future with cloud, switch to mobile devises, Internet of things, and attempts of all kind of current evildoers like Chinese government and aspiring evildoers like Obama totalitarians to bring Internet under government control.
MY TAKE ON IT:
It is all nice, timely, and important, but I cannot understand why it is not possible to change computer systems in such way that they would run code downloaded exclusively from known source keep it in protected area of memory, and execute on demand, rather then treat all input data as potentially executable code. Obviously such redesign would require a lot of effort and would make system less flexible, but if arriving data allowed only reference to code already registered on computer, all hacking become plainly impossible. I am quite sure that something like this is the work and if it would be not Internet 2.0, then it would be Internet 25.5, but eventually free for all will end and Internet would become more secure then any facility where one could walk in in person in order to cause any harm.