by Alexander Klimburg
Did you know that in order to guard China’s cyberspace known as the Great Chinese Firewall, more people are employed manning it than are currently serving in the People’s Liberation Army, the largest military on earth? Or, that software code can be much more complex than some forms of life?
For those of us who would like to grasp the “cyberspace beast” by its horns, along with the technical realities and policy solutions which form the construct of the cyber realm, Dr. Alexander Klimburg’s book, ‘The Darkening Web: the War for Cyberspace’ (Penguin, 2017), is an essential textbook for both beginners and seasoned practitioners. As the book’s introduction clearly states “this is a book about security, and in particular international security,” with the chapters rooted in the security interests of nations and the “ongoing debate on cyberspace and international relations.”
From the Soviet Pipeline Attack, considered to be the first cyberattack conducted during the early 1980’s, (challenged by experts, but which the author is inclined to believe happened), to the 2007 Estonia cyber attack (aka Cyber War 1), it’s clear that governments are “inherently capable of doing evil.” Keeping that probability in perspective, the cyber domain becomes the fifth dimension of military warfare, which already includes the domination of air, land, water and space.
Does total domination of military operations on all spheres require that a country which attracts the largest attention of cyber criminals possess the best cyber defense capabilities? No. Despite the US spending somewhere between three and ten times more than what all EU member states and Switzerland invest in their cyber domain, the US still ranks behind Israel and a number of EU countries in cyber defense (2012 McAfee Poll). This is significant in demonstrating that investing vast sums of money in cyber security doesn’t always make it the most effective option.
Over the course of the book, a number of prominent cyber attacks, largely conducted by the superpowers against their foes are analyzed by the author, with personal insight collected from various intelligence actors and professionals working in the field. Examples include the catastrophic results of the OPM breach (US Office of Personnel Management) between 2013–2015 which targeted the sensitive background investigation records of millions of federal employees and contractors. In response to pressure from the US government in the form of an indictment and possible sanctions, the Chinese authorities arrested a group of cyber criminals for the breach. Similarly, Stuxnet (aka Operation Olympic Games), allegedly a joint Israeli-US cyber campaign, had targeted and destroyed thousands of centrifuges employed in Iran’s uranium enrichment processes. Could the malware have been designed to be more violent? Yes. It could have potentially destroyed the centrifuges with a much more catastrophic effect.
‘The Darkening Web’ is divided into six parts with the first three focusing on defining the terminology of security in cyberspace, the history of US Cyber command and its operations in this realm. The author’s record of the legislative environment surrounding cyberspace prior to and after the September 11, 2001 attacks against the United States is impressive. The post 9/11 period is especially significant as it dramatically upended the US national security landscape, resulting in a massive increase in defense spending and accelerating overall developments in the cyber domain. In this period, US intelligence gathering and its cyberattack capabilities grew to become “more advanced than the generous assessment,” becoming deployed in areas which continue to challenge civil rights advocates.
Throughout the book, Klimburg sharpens the reader’s understanding of transnational security paradigms affiliated with the cyber domain. Besides his own vast professional experience as an adviser to a number of governments and organizations on cybersecurity strategies, he builds upon ideas created by the likes of General Michael Hayden, the former head of the National Security Agency, his interactions with the infosec community and civil society.
Although Klimburg’s enterprise dwells on important themes in the cyber domain and challenges the current norms (or their lack of) in global cyber governance, the book has its limitations. Sharp critiques of the increasing ability of the Russian government to control its internet environment and public life are only too comparable to the exploitation activities of the United States. The US too has conducted espionage activities against its own citizens and foreign governments, as is evidenced through the existence of the Prism program revealed by Edward Snowden and of Vault 7, released by Wikileaks. Yes, criticizing the leadership could be a punishable offense in China, while in the United States, whistleblowers and sources who enable journalists to uncover unconstitutional & disgraceful acts are prosecuted under the Espionage Act.
Disparaging the capabilities of rivals as is evidenced particularly through the reading of the chapters devoted to China, underlines the exceptionalism of the West and gives credence to the accusations of the “unfair system of internet governance,” an opinion held by the emerging powers. Cyber dominance is a desire upheld by countries across the world but apparently according to the author should solely be entrusted to liberal democracies. The rise of Russia and more so that of China has led to a state of “absolute insecurity” in the Western system, easily discerned from a close reading of the book.
However, Klimburg’s book serves as a warning of an impending “cyber doom,” a competition between superpowers who seem only too eager to accuse each other of conducting propaganda and information warfare. The author suggests that unless there’s a global consensus to cooperate towards achieving technical security, the real losers will be the netizens. The lives of netizens could proceed towards a “panopticon like” system, which like the movie “the Matrix” could very likely be backed by internet monitors “working in step with each other” towards a common nightmare like scenario.