Book Review on "The Perfect Weapon By David Sanger"

I recently completed the book The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age. I first heard about it on an NPR show, All Things Considered. The author was being interviewed about the book. He described the audacious hacks of US-Israeli intelligence in the Stuxnet and moved on to more imminent threats and the issues of cyber security.

After reading this line from the cover of the book, I was hooked!

The Perfect Weapon is the startling inside story of how the rise of cyberweapons transformed geopolitics like nothing since the invention of the atomic bomb. Cheap to acquire, easy to deny, and usable for a variety of malicious purposes — from crippling infrastructure to sowing discord and doubt — cyber is now the weapon of choice for democracies, dictators, and terrorists.

Amazon Book Review

So I managed to get one of the first editions of the book from the local library and read it cover-to-cover. It starts off from the story on how the author broke the story about Iran’s centrifuges spinning of control and the hand of US in this effort. It then dwelt on the story of North Korea’s missles simply falling off the sky for no apparent reason and some informed speculations about the cause. Pulling in from an eclectic set of sources the author guides us through the recent wave of cyber attacks, it’s impact and the problems of retaliation. You see, the world of “cyber” is a whole new realm and the laws of warfare are not clear.

Hacker

Apart from the astounding stories of hacks by US, China, Russia and Iran, the book is worth for the pertinent questions it raises. Traditional wars has a set of loosely followed rules like the Geneva convention, concepts of aid workers not being harmed and clearly displaying affiliation. Even during the Cold War, chilly concepts like Mutually Assured Destruction existed. Due to this, there were policies around how the cold war actors would escalate the war and what would be off-limits. However, the world of cyber warfare has no such rules.

To me, these points were stood out:

  • The reason we have some clarity on regular warfare and nuclear warfare is the relative transparency. Armies have tactics of not harming civilians. Nuclear Nations have rules of engagement and esclation. However, cyber warfare has no limits and boundaries.
  • Traditional warfare had clear actors. In the world of bits and bytes, attribution is hard. Even when it is accomplished, proving the link from an action to an event could be difficult.
  • Cyber warfare is a bit of enigma for even the nation’s forces. On the one hand, they use it for offense but, the same group can never assure it’s own resources are protected. Vulnerabilties and trojans can lay buried for many years with no seeming symptom of infection.
  • Engaging in a policy discussion becomes a zero sum game. To start a discussion, a nation will have to disclose the kind of attacks it is capable of. By exposing this, the other actors can immediately take corrective action and close the loop-hole. So there is no motivation to disclose the tactics and not much of hope on starting a negotiation.
  • Cyber wafare is asymmetric. Actors don’t need to spend billions on research or build large armies. Penetrating enemy’s system does not take a very large number of cyber warriors and it is relative cheap.
  • Unlike traditional warfare, cyber warfare can be carried out in the realm of civilan groups. This makes it harder to retaliate. For example, if a so called activist group in Russia attacks US, it cannot consititute as an act of war. So the US government may not be able to openly call out and retaliate against the attack.
  • The relationship of “warriors” and the government gets complicated. In the era of Cold War, the defense department could call for bids to make a missile with a clear intention of building weapons. However, in the world of cyber, the technology generally cross pollinates from private companies to defence purposes. So a drone software used to detect building measurements can be adapted for anti-terrorist strikes. However, the authors could choose not to supply the technology to the government.
  • Finally, the convergence of full encryption, quantum computing and AI could open up a whole can of worms making the discussion even more murky and difficult.

The bottom line, there is a very high chance that we can end up with accidentally triggered cyber warfare that gets escalated beyond control and with repurcussions that goes far beyond the planned action.

It is a chilling thought and something worth pondering over…

Written on August 16, 2018