Book Review: The Perfect Weapon by David Sanger

A well-researched book about cyber-weapons and the need to build deterrence to save the interconnected world we live in

David Sanger book about world states getting super powers via cyber does not open new doors — rather it points to emergency exists and mark the holes made in the international communication system built by libertarian minds using military funds.

Ultimately the push to develop nationwide communication systems came after the fear of nuclear attack by the Soviet Union on the United States — and now military has a comeback to misuse the pathways built by international hardware manufacturers, coercing them to leave trap doors to instal hidden tranceivers or install malware used for covert tracking of users.

Where the threat of nuclear strikes is managed and diminished through a web of agreements — these methods are part of the open warfare: Cyber-attacks are by default part of the covert planning and execution — they are not brandished in the open — and here lies a huge slow-ticking bomb.

Where the nuclear threat was deferred and somewhat disarmed first by open demonstration of its destructive capabilities and then by dialogue with counter parties willing to establish a framework to use — and not use these doom devices, cyber weapons are hidden — their power lies in their obscurity. They are part of the foreign intelligence and advanced military capabilities that those developing them don’t want to disclose.

Such “dialed down” cyberweapons are now used by nations every day, not to destroy an adversary but rather to frustrate it, slow it, undermine its institutions, and leave its citizens angry or confused.

As the US has established itself as a dominion with pillars including its military bases connected to military networks, its economic relationship with numerous countries, allies and partners, with its financial system becoming a de-facto standard to move money, IP and goods — upstarts decided to use cyber as asymmetry weapon to raise the cost of maintaining this colossus in order for it to crumble.

Using the inherent qualities of cyber-weapons: one cannot say definitely who stood behind one, unless it’s catastrophic enough to constitute an open act of war: and the US was one of the first to demonstrate such capabilities with Iranian Olympic Games — to slow down the Iranian uranium enrichment program:

In short, to stop the Bomb, America’s new cyber army had made a bomb — a digital one.
… It was fine to try to slow Iran’s progress, said Dagan. But if Israel attempted to destroy the country’s nuclear facilities in an overt attack, it would ensure a nuclear Iran. There had to be a better way.

The arbitrage and asymmetry:

Where nuclear program required massive resources to develop and them maintain, cyber allows small countries to catchup and use the asymmetry in developing and deploying cyber weapons — a lucrative disruptive innovation that they would seldom agree to disband this.

It is also arbitrary: similar tactics can be used to slow down an undemocratic adversary, but also to damage infrastructure of a major democracy: in an era of international law principles are becoming eroded by moralistic actions supported by covert actions. Social media framing these actions — and the way one can manipulate public opinion exacerbate the problem of using cyber methods to directly attack, obfuscate and stun.

Large and small powers have gradually discovered what a perfect digital weapon looks like. It is as stealthy as it is effective.

Iran struck back at the US after Olympic Games: “You have to think of their pyramid of weapons.” He formed his thumbs and forefingers to illustrate — showing the three sides of a triangle. “We’re used to thinking nuclear on top, then bioweapons, then maybe chemical weapons and just ordinary firearms. But they’ve put cyber on the top — above all of that.”
Before long Kim Jong-il himself started sounding like a cable-television pundit on the subject of cyberattacks: “If warfare was about bullets and oil until now,” Kim allegedly told top commanders in 2003, according to Kim Heung-kwang, “warfare in the twenty-first century is about information.”

The way forward:

US is wide open expecting rising powers to attack its infrastructure: the vastness of space, the intricacy of networks and the scale of US global activity makes it an easy target: the reliance on private efforts to push innovation forward invited hackers to attack US infrastructure for private gain as well as economic advantage: only Obama effort led to a stall of IP theft from Chinese, promised as part of accord with Xi Jinping.

Still,

…one-third of the 1.4 million people with top-secret clearances in 2012 were private contractors. (And yes, the background checks for those contractors are often performed by other contractors.)
… if the United States wanted to create cyber deterrence it was going to have to show a bit of its capability.

A way forward is for companies themselves to lead the way and agree on commercially viable and technically sound ways to secure information flows: a number of steps in terms of GDPR, end to end encryption is being done — the Internet thrived as a commercial global network and should remain that way — putting user inalienable right for privacy at the centre — with architecture of networks built around these tenets.

There are several ways to accomplish that goal, all of them with significant drawbacks. But the most intriguing, to my mind, has emerged under the rubric of a “Digital Geneva Convention,” in which companies — not countries — take the lead in the short term. But countries must then step up their games too.