At the time of this writing, one of the biggest stories in the media is that Google and several other large technology companies were attacked by Chinese hackers. Although this seems to have caught almost everyone by surprise, it's no surprise to those of us in the trenches, responding to these types of incidents every day. "Inside Cyber Warfare: Mapping the Cyber Underworld" is by far the best available guide to this highly sophisticated threatscape.
The book's author is Jeffrey Carr, author of the well-known IntelFusion blog ([...]) and founder of Project Grey Goose, both of which provide high quality intelligence analyses on a number of cyberwar-related topics. The book reviews, organizes and expands upon many issues already covered on his blog, but does so in a way that actually adds value. This isn't a retread of old postings; it's an entirely new creation.
I used the term "intelligence analysis", and that's really what this book is: one big dossier on the means, motives, opportunities and identities of some of the major players in the cyber warfare arena. Specifically, this book's focus is on nation-states with known cyberwar capabilities, such as China, Russia and the United States. However, there is also some limited coverage both of other countries (e.g., North Korea) and other actors, such as organized crime.
The first couple of chapters begin by providing some basic background on cyberwar, defining terms, citing recent examples (such as the Russian attacks on Georgian websites in 2008) and discussing the transition from direct action by states to state-sponsored third party actors. This last concept is perhaps the most critical one in the entire book: states rarely do their own dirty work anymore. They tend to work through third parties, which is much less risky because it offers them plausible deniability. This is a major feature of today's cyberwar, and the book does an excellent job explaining why this happens and what the ramifications are for the victims of these attacks. This is a critical theme that carries through much of the rest of the book.
Chapters 3 and 4 focus more on the legalities of cyber warfare, definitions and relevant treaties. In fact, Chapter 4 (Responding to International Cyber Attacks as Acts of War) is one of the standout sections of the book. Written by guest author Lt. Cdr. Matthew Sklerov, USN, this chapter draws on numerous examples of case law and legal opinions to make a compelling case that the best defense against a cyberwar is to actively identify the aggressor and to attack them right back. Readers conditioned to think of legal arguments as dry and boring are in for a real treat, as this is quite a fascinating read.
The next several chapters establish a framework for performing intelligence investigations into the sources and motives behind cyber attacks, then explore several fruitful mechanisms for performing this research, such as by performing reconnaissance on relevant hacker forums, building social network graphs and the ever-popular "follow the money" approach. In doing so, Carr often shows how these mechanisms are really double-edged swords, providing as much or more benefit to the adversary as to the investigator. You can find some of this material elsewhere (Hacking: The Next Generation (Animal Guide) has quite a lot to say about social networks, for example), but in context with the rest of the book, these chapters still work quite well.
Finally, the last few chapters explore the role of cyberwar at the national level. Carr discusses and gives examples of relevant military doctrine from Russia, China and the US, showing how each nation views the key questions from different perspectives. Chapter 13 (Advice for Policy Makers from the Field) is particularly interesting, as three prominent experts each tackle one controversial cyberwar issue and give advice directly to policy makers, using this book as a sort of open letter.
"Inside Cyber Warfare: Mapping the Cyber Underworld" is the best book I've seen for those of us charged with defending against the highest-end threats to information security. It provides a comprehensive intelligence briefing on actors, capabilities, motivations and possible responses to acts of cyberwar. I highly recommend this for government, military and corporate readers who are responsible for either securing their own networks or for setting security policy. The threat is real, and these groups are active. Inside Cyber Warfare is the guide you need to help you understand the context in which your organization operates on the modern battlefield.