Book Review | The Darkening Web: The War for Cyberspace
by Alexander Klimburg
Were you aware that the number of people employed to guard China’s cyberspace, known as the Great Chinese Firewall, exceeds the current number of people serving in the People’s Liberation Army, the largest military on earth? Additionally, did you know that software code can be significantly more complex than certain life forms?
Dr. Alexander Klimburg’s book, ‘The Darkening Web: the War for Cyberspace’ (Penguin, 2017), is a must-read for those seeking to understand the complexities of the cyber realm, including its technicalities and policy solutions. It is an essential textbook for beginners and seasoned practitioners alike who want to tackle the “cyberspace beast” head-on. The book’s introduction clarifies that its focus is on international security, with each chapter delving into the security concerns of nations and the ongoing discussions on cyberspace and international relations.
‘The Darkening Web’ is organized into six parts, with the initial three parts focusing on defining security terms related to cyberspace, the history of US Cyber command, and its operations in the cyber realm. The author provides a thorough account of the legislative environment surrounding cyberspace before and after the September 11, 2001 attacks on the United States. It becomes apparent that the post 9/11 period was especially significant as it transformed the US national security landscape, resulting in a significant increase in defense spending and accelerating overall developments in the cyber domain. During this period, US intelligence gathering and its cyber attack capabilities advanced beyond expectations, with deployment in areas that continue to challenge civil rights advocates.
Starting from the Soviet Pipeline Attack in the early 1980s — considered as the first-ever cyber attack (although some experts challenge its existence), to the 2007 Estonia cyber attack (dubbed as Cyber War 1), its evident that governments are capable of evil deeds. With this possibility in mind, the cyber realm has become the fifth dimension of military warfare, joining air, land, water, and space in the domain of military dominance.
Reading the first half of the book I wondered whether having the best cyber defense capabilities is necessary to achieve complete military dominance across all domains? Not necessarily. Despite the United States spending three to ten times more than all European Union member states and Switzerland combined on their cyber domain, it still lags behind Israel and several EU countries in cyber defense, as shown by the 2012 McAfee Poll. This suggests that investing a large amount of money in cybersecurity does not always guarantee the most effective results.
The author goes on to analyze a range of notable cyber attacks carried out by major powers against their enemies; from gathering personal insights through intelligence experts and professionals in the field. One of the attacks he examines is the OPM breach, which occurred between 2013 and 2015. The OPM breach resulted in the compromise of sensitive background investigation records of millions of federal employees and contractors. The Chinese authorities responded to pressure from the US government, including the threat of sanctions and indictments, by arresting a group of cyber criminals allegedly responsible for the breach.
Another notable example of a cyber attack is that of Stuxnet, also known as Operation Olympic Games, which was a purported joint Israeli-US cyber campaign aimed at destroying thousands of centrifuges used in Iran’s uranium enrichment program. Although the malware had the potential to cause more significant damage, luckily it did not.
While The Darkening Web: The War for Cyberspace addresses critical issues in the cyber domain and challenges current global cyber governance norms, it has certain limitations. Although Klimburg criticizes the Russian government’s increasing control over its internet environment and public life, he lags in comparing it to the United States’ own exploitative activities. The US has engaged in espionage against its citizens and foreign governments, as evidenced by the Prism program leaked by Edward Snowden and the release of Vault 7 by Wikileaks. While its probably very real that criticizing the leadership in China can result in punishment, in the United States, whistleblowers and sources who enable journalists to uncover unconstitutional and disgraceful acts are liable to be prosecuted under the Espionage Act of 1917.
The author’s chapters on China reveal a tendency to belittle the capabilities of other countries, which reinforces the idea of Western exceptionalism and lends support to the claims of emerging powers regarding the unfairness of the current system of internet governance. The book suggests that only liberal democracies should be entrusted with cyber dominance, despite the fact that this desire is shared by many countries. The rise of Russia and China has created a sense of “complete insecurity” in the Western system, which becomes evident upon a thorough examination of the text.
Klimburg’s book issues a cautionary statement about an impending “cyber doom,” wherein superpowers compete by accusing each other of conducting propaganda and information warfare. The author highlights that unless there is a worldwide agreement to collaborate towards achieving technical security, the ones who will suffer the most are the netizens. The lives of netizens could move towards a “panopticon-like” system, where internet monitors “working in step with each other” could pave the way for a dystopian reality, similar to that of the critically acclaimed cult movie “The Matrix.”
Lastly, this book enhances the reader’s comprehension of transnational security concepts associated with the cyber realm. Klimburg draws from his extensive professional background as a cybersecurity consultant for numerous governments and organizations, as well as the perspectives of individuals such as General Michael Hayden, the former director of the National Security Agency, and his engagement with the information security community and civil society.
