We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book Review by Canon Committee Member, Steve Winterfeld: Information Warfare: Chaos on the Electronic Superhighway (1994) by Winn Schwartau
Executive Summary
So why am I recommending a book from 20 years ago? Because Information Warfare: Chaos on the Electronic Superhighway shows both how far we have come and how little things have changed. Books like this and Bruce Schneier’s Secrets and Lies from 15 years ago stand the test of time and still have something to contribute. This was one of the first books that really laid out the concepts of how economic and military warfare would evolve online.
Information Warfare shows both those foundational ideas on cyber warfare and how some of the issues that are hot now might fade into the background. This book belongs in the Canon due to the foundational and timeless issues it addresses for our industry. It is a quick read and provides critical perspective for anyone serious about strategic issues around cyber warfare.
Review
For context, in the mid-1990s, we had flip cellphones, personal digital assistants (PDAs), U.S. President Bill Clinton and Russian President Boris Yeltsin signed the Kremlin accords, the movie Sneakers was in theaters, DEFCON Conference started, and Kevin Mitnick was arrested. As the threat of apocalyptic global warfare was receding into history, it was being replaced by economic warfare. In the information age, that quickly became information warfare.
Information Warfare is not a technical, how-to guide but rather talks about the strategy and methods involved in information warfare. It is organized as a series of topics, starting with the large picture of Econo-Politics and information’s role in it; then goes from Internet infrastructure issues down to malicious code. Next comes predictions about hardware and chip vulnerabilities, use of electromagnetic eavesdropping, high-energy radio frequency (HERF) guns and electromagnetic pulse (EMP) weapons. Then comes the introduction to the hacker culture at the time, the military perspective, and the categories to frame discussion about info war (i.e., personal, corporate and global). Finally there is a review of defensive techniques for each of the types of warfare and his view on a National Information Policy: A Constitution for Cyberspace and an Electronic Bill of Rights – both of these are still very relevant.
He missed on whether or not techniques like Electromagnetic Pulse, HERF and EMP would become commonly used. In other areas like economic impacts leading to cybercrime, military implications of the Internet, and Cryptography becoming a commercial capability (at the time NSA had declared crypto software like DES to be a weapon), he was right on target.
While the early chapters covered the political landscape of the day, and focused on terrorism heavily, the ideas (while dated) are still applicable today. The discussion on phone phreak hackers stealing long distance reminds us that the hackers have always changed their focus based on business models – now banks are online, so they can go directly to the source. The conversations with some hackers of the time shows how they have evolved from hobbyist to full time. Interestingly while he doesn’t use the present-day term “Internet of Things (IoT),” he does foreshadow the concept.
Conclusion
Information Warfare should be read by anyone who wants a strong background in strategic and military around the concepts and principles of information/cyber warfare. While the use of the term “information warrior” is ubiquitous for both hackers and government agents, their activities and methods still ring true today. Also the national policy debates presented are still going on. Finally defending the digital device is still relevant. This is a quick read that provides understanding around how long the “cyber warfare” issues we are dealing with today have been around.