The book is split into two parts: “Cyber Power” (110 pages) and “Cyber Security Technology” (160 pages). They are very different in nature, likely appealing to two separate audiences.
Part 1’s chapters are coherent and definitely interesting. Chapters 1, 6, and 7 are related. They provide insight into the objectives and specific targets of cyberwarfare. Chapters 2 and 5 are about the nature of cyberwarfare and war, especially what makes it different from non-cyber warfare. The remaining two chapters, 3 and 4, attempt to provide ideas for the governance of cyberwarfare.
Chapter 1 is “The Modern Strategies in the Cyber Warfare.”
The battlespace is hybrid, with cyberwarfare but one form of waging war. Information processing’s impact on the importance of cyber are manyfold: networking, time shortening, increase in the amount of data to cope with, autonomous and robotic systems, artificial intelligence (AI), and cognitive computing. The C5ISR (command, control, communications, cyber, intelligence, surveillance, reconnaisance) model further stresses the importance of cyber. Yet another driver can be found by looking at the observe-orient-decide-act (OODA) loop, where cyberwarfare can be used to attack or protect knowledge gathering, decision making, and communications.
Chapter 2 is “Cyber Capabilities in Modern Warfare.” Using the term “cyberwar” risks establishing the impression that it is similar to other acts of war. A comparison table between conventional and cyber conflicts over 20 aspects makes clear it is not. Furthermore, questions are raised about the possibility of deterrence and what cyber dominance might mean. Deterrence is strongly linked to attribution, which is hard, and dominance requires being able to point to a clear winner, which is equally hard. Cyber does not replace conventional and might be labeled “weapons of mass disruption.” Cyberwar has three unique characteristics: intelligence collection, stealth maneuvers, and the surprise effect. The operational advantages over classic war are the ability to achieve asymmetry, offsetting numerical advantage, with the option to execute a deep strategic strike remotely.
Chapter 3 is “Developing Political Response Framework to Cyber Hostilities.”
Cyberpolitics should produce a framework for proportionate response, but no clear idea of what “proportionate reaction” means currently exists. As the chapter states, answering the question “‘is a cyberattack an act of war’ is a political decision.”
The purpose of an architecture should enhance the quality of the strategy implementation. To maintain the required agility, chapter 4 proposes an “utterly simplified architecture” to support strategic governance. The chapter proposes three steps to create such an architecture: (1) the framework model for describing the strategic operating environment (the society); (2) a model enabling the construction of the architecture model; and (3) the construction of a simplified architecture model, based on enterprise architecture models, for the management and governance aspects. The result is an activity-based matrix that considers strategic, operational, and tactical domains, and for each domain, the support, production, and effect aspects. The final step is putting the planned activities in the right cell of that matrix. Examining aggregated activity frequencies in this matrix provides insight into the distribution of the effort across the domains and aspects.
Chapter 5 is “Cyber Deterrence Theory and Practice.”
Deterrence is known from nuclear cases, but the idea does not fit cyber. Immateriality, supranationality, non-state actors, the difficulty of attribution, and, finally, the poor credibility of retaliation make deterrence an unfit approach for cyber.
The principle behind deterrence is that the means are too powerful and too risky to use in view of credible retaliation. Ignorance of other parties’ capabilities fuels the cyber arms race. As a bad example: 14 percent of the United Kingdom (UK) national cybersecurity strategy documents concern deterrence.
Chapter 6, “Jedi and Starmen--Cyber in the Service of the Light Side of the Force,” zooms in on an example of the Russian strategy to use social media trolls to influence adversaries. Those who dare expose the practice are heavily attacked via such media as well. The case study presents a Finnish reporter exposing Russian trolls on social media, and then being targeted thereafter. The chapter also analyzes the motivation of the reporter, which is less relevant to the general theme of the book.
Chapter 7 is “Alternative Media Ecosystem as a Fifth-Generation Warfare Supra-Combination.” Not long ago, the presence of an alternative news ecosystem might have been surprising. Today, the spread of “alternative information” is all too familiar. Furthermore, the security and military dimension of alt-news may be underestimated, as pictured in a nice graph of an alternate news ecosystem. It presents five generations of warfare and links these to the OODA cycle. More particularly, the novelty of the 5th generation is its additional focus on interfering with the “observe” aspect, a key option of cyber warfare. This provides targeted aggression against societal subprocesses, and enables the promotion of concealed political agendas.
Part 2, “Cyber Security Technology,” begins with chapter 8, “Data Stream Clustering for Application-Layer DDoS Detection in Encrypted Traffic.” The application layer must be considered encrypted, and decryption runs into confidentiality problems, for example, privacy issues. The chapter proposes a system for application-level DDoS detection without decryption based on anomaly detection, though using traffic characteristics and unencrypted elements. Key challenges addressed are the requirements for early detection and the handling of large volumes. The authors use limited time slots, extract n-grams out of the collected data per “conversation,” plus frequency calculations, and compare these with safe traffic data. The tests on three types of DDoS show promising results.
Chapter 9 is “Domain Generation Algorithm Detection Using Machine Learning Methods.” Both command and control servers and phishing sites require domain addresses. To avoid the easy blocking of attacks by blocking the domain, attackers use dynamically generated domain names (also called domain fluxing). This chapter uses anomaly detection to expose such domain names. It compares multiple methods, especially focusing on unsupervised approaches with minimal learning effort, with good test results.
All organizations face the problems of selecting a control framework as-is, or adapted, or combine frameworks (some of which have about 1400 controls). The hardest part is tailoring and filtering to fit the organization. Chapter 10, “Tailorable Representation of Security Control Catalog on Semantic Wiki,” discusses a semantic wiki approach based on the Extensible Markup Language (XML) version of the National Institute of Standards and Technology (NIST) controls. Based on the ontology and the XML input, they show how to generate relevant web pages based on the selection of semantic parameters. Comparable exercises must have been done in many ways, multiple times.
Passwords can be obtained, or their hashes cracked, in a multitude of ways. The next chapter, “New Technologies in Password Cracking Techniques,” focuses on intelligent brute-force approaches, meaning the intelligent prioritization of attempts. These approaches are probabilistic context-free grammars and Markov models. The underlying assumption is that human password generators produce somewhat predictable results. It is known that any guidance on how to produce strong passwords enhances predictability.
Chapter 12, “Survey of Cyber Threats in Air Traffic Control and Aircraft Communication Systems,” focuses on a specific key protocol for air traffic control, ADS-B: automatic dependent surveillance-broadcast. In short, this is a protocol for wireless communication (quite logical) between aircrafts and ground stations, with the airplanes providing key flight information. As the messages contain the data without any security elements present, the conclusion is obvious.
Injection vulnerabilities are a major application vulnerability. Despite being a class of vulnerabilities, their remediation is focused on subclasses, like for SQL injection or for cross-site scripting (XSS), using lexical and syntactical checks. This chapter, “Stopping Injection Attacks with Code and Structured Data,” proposes going to the heart of the matter: the mismatch between the intended structure and the actual structure of the serialized representations (often character strings) created after inserting parameters possibly containing malicious data. The generic solution goes like this: given the syntax, parse, insert parameter values, parse, and compare the results. The author includes the generic weakness of the approach: the security parser must act the same as the real parser. Performance and complexity are other concerns.
The next chapter, “Algorithmic Life and Power Flows in the Digital World,” fits better in the first part. It considers a more general topic than cyberwar, namely the importance of security and resilience of “power” flows, of which information is but one consideration amongst many, for instance, energy, maritime traffic, people, financial, and space flows. The author discusses three concerns: disruption of the flows, control at the source, and control at the consumption. The title refers to the ever-increasing power of algorithmic decisions, even overriding human controls, in ever more domains, with at best unclear basis and decision processes.
“Honeypot Utilization for Network Intrusion Detection” represents solid work and data. However, the honeypot data does not reveal major new insights and the introduction could be much shorter. Not much more to say about this one.
Finally, the last chapter of Part 2, “Security Challenges for IoT-Based Smart Home Appliances,” demonstrates how the use of wireless connections for connecting smart home appliances is a single point of failure for complete control over the appliance software. Access to the WiFi network or even impersonation of the WiFi access point are sufficient to break into the system and own those devices. From there, lateral movement into other home systems is a probable escalation.
Note that Part 2 is very different from Part 1 in that it is technology oriented. It is a strange idea to combine the two parts in one book. Even Part 2’s own chapters exhibit rather different degrees of depth, complexity, and novelty. Part 2’s link with the first part is minimal, except for chapter 7.