A point Richard Stiennon makes a number of times in There Will Be Cyberwar: How The Move To Network-Centric War Fighting Has Set The Stage For Cyberwar; is that cyber Pearl Harbor is the wrong metaphor. He feels a more appropriate metaphor is cyber 9/11.
At 135 pages, the book is a quick and enthralling read. And at the end you are left wondering if just perhaps, there has already been a cyber 9/11.
Much of the book describes the working of network-centric warfare (NCW). The main theory of NCW is to remove the fog of war via a sensor grid and a combination of precision-guided weapons, intelligence, surveillance and reconnaissance, and command and control. It’s that move to NCW that Stiennon believes has set the stage for an inevitable cyberwar.
The book details how the US has spent billions in a run up to NCW, but seems to have forgotten that its underlying infrastructure (Windows, GPS, drones, etc.), were all built on insecure software. With that, the Pentagon has had numerous wake up calls, from malware on top secret networks, the Snowden debacle and more. Yet the reality is that the Internet and most military networks, as the book points out in detail, are quote porous.
Much of the book deals with China, and their overt and covert attempts to penetrate US systems, networks and any intellectual property they can get their hands on.
Chapter 8 on Assurance is a particularly fascinating chapter. While China has made it eminently clear that their goal is world domination, US firms and the US government have no qualms about outsourcing the manufacturing of key components to China.
A both fascinating and horrifying point the book makes is that the US does not have a comprehensive program to certify that integrated circuits going into US weapons systems don’t contain malicious circuits. While DARPA is working on such a program, it’s still in its infancy; leaving US systems and military equipment at risk.
The book brings to light a fact about the Hainan Island incident; the April 2001 incident of a midair collision between a Navy EP-3E and Chinese J-8II fighter. The result was that the crew of the EP-3E were not able to sanitize all of their equipment in time, which enabled the Chinese to ultimately reverse engineer the secret operating system used on the plane. By doing that, the Chinese has a road map for decrypting Navy classified intelligence and operational data.
A cyber 9/11 is inevitable, and as There Will Be Cyberwar shows, it might just be closer than we think.