The most authoritative books are often those that rely on primary sources. While there’s nothing wrong with secondary, or even tertiary sources, the nature of a primary source makes for a much better reference. In The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age (Crown 978-04-5149789), author David E. Sanger, national security correspondent for the New York Times, is also the primary source in many of the stories. In story after story, he details how he spoke with the specific person. His expertise on the topic combined with his first-hand knowledge makes this a compelling read.
Sanger details the rise, danger and importance of cyberwarfare. Every year, the US Office of the Director of National Intelligence creates a worldwide threat assessment of the US intelligence community for Congress. In 2007, cyberattacks were not even on the list. Twelve years later, cyberattacks are one of the greatest threats to the security of the United States, and that is what this book is about.
US computer network are the biggest worldwide targets to. From government to commercial systems, there’s a colossal amount of data that is readily available to adversaries of the United States. Everything from national secrets, intellectual property, trade secrets, trillions of dollars of research and development, personal data, and everything in between, is at times but a few clicks and hacks away. Given that the US is the world’s biggest target, the fact that there are not corresponding information security controls in place has made these hacks often like child’s play. Consider the ease in which John Podesta, chairman of the 2016 Hillary Clinton presidential campaign was hacked. That in turn effected political history, and that will give you a taste of what we are up against.
If the US and private sector had put adequate information security controls in place a book like this wouldn’t be needed. But due to the poor state of security, Sanger’s fascinating book is a wake-up call that will hopefully awake those organizations from their information security slumber.
In chapter after chapter, Sanger paints the US as a sitting duck for foreign attackers. Perhaps the most devastating attack detailed is the 2015 US Office of Personnel Management (OPM) breach, where over 21 million personnel records were obtained by Chinese government sponsored hackers. Much of the breach was the downloading of government Standard Form 86, the questionnaire for National Security positions. This is a 127-page form for government employees, which contains an extensive amount of highly personal information.
One of the key points Sanger emphasizes is that many of the attackers used methods that were far from cutting edge. Too many US government and commercial networks were (and are) so poorly secured, that sophisticated attacks were not even necessary. Sanger in fact quotes Dr. Andy Ozment, former White House Senior Director for Cybersecurity of the National Security Council who cautioned that “it is dangerous to confuse sophistication with effectiveness”.
The book is not necessarily an indictment of the US Government’s ineffective approach to securing its networks. But if there is any denunciation of an individual, that would be against former President Barack Obama. Sanger details Obama’s repeated failures to do anything meaningful against US adversaries, especially Syria and Russia. He notes Obama’s refusal to call out the Russian government for their attacks on US systems, including those of the Pentagon and Congress. The poor state of US government security is not fully Obama’s fault, but his indecisiveness and inaction against its adversaries is a large part of it.
In chapter after chapter, Sanger details how China, Russia and other adversaries have deeply penetrated US networks. The truth be told, the US is pretty much doing the same things against its adversaries, but that is not the gist of the book.
Sanger also provides fascinating insights into the offensive capabilities of the US. From cyberattacks against the North Korea nuclear missile program to Stuxnet and more.
Cyberwarfare, is as the title notes, is the perfect weapon. It is fast, cheap and often undetectable. The US has long been a victim, and it is somewhat ironic given that it has perhaps that largest and most robust cyberwarfare program in place.
Sanger does a superb job of detailing the issues and threats. As to the answers and suggestions of how to get out of this information security predicament, it’s no secret what needs to be done.
For those looking to Washington for help, don’t. Sanger writes that in 2019, it is still not clear who in the federal government, if anyone, is responsible for defending the country and economy from these sophisticated cyberattacks.
For those looking to get a first-hand view of the world of cyberweapons and how information security effects geopolitics, The Perfect Weapon is a near perfect read.