“Strategic Cyber Security” (which is available for download) is a book that states from the very beginning that computer security has evolved from a technical discipline to a strategic concept. To this end the author tries to examine four strategic choices: IPv6, Sun Tzu‘s “Art of War“, Cyber Attack Deterrence and Cyber Arms Control. The book is written for those people who read executive summaries. As such it can be seen as a long (very long) executive summary that often repeats itself. I cannot count the times Eligible Receiver is mentioned in the book, but it is now imprinted in my brain.
There is no technical coverage of IPv6 in the book. As such, discussion of IPv6 is limited to the vast address space that it offers which will give the opportunity to eliminate NAT, thus having better attribution capabilities on unauthorized connections. It also shows big faith on IPSec deployment as a means of stopping cyber attacks. The concerns about privacy invasion with the deployment of IPv6 are also mentioned, but not specifically. In fact most such concerns can easily be debunked by now. As a purely technical solution, I feel that IPv6 does not mix well with the three other choices that are examined in the book, given the fact (that the author also notes) that IPv4 will be with us for a long (very long) period of time.
I had thought of drawing parallels between the “Art of War” and cyber security a number of times, the last being when von Clausewitz was mentioned in Daily Dave. Ten specific points are discussed which do not fit to the cyber domain.
Thanks to the book I got to learn a few things about Deterrence Theory. Deterrence is based on two axis: Denial and Punishment. Denial means that those who control the strategic technology will deny you access to it, while punishment means that should you develop said strategic advantage countermeasures for other strategic players will be enforced.
The final choice discussed in the book, is the examination of whether a Cyber Arms Treaty can have some positive results (It so happens that there’s a wikileak relevant to the matter. If others exist, a more systematic treatment of these should take place). To examine the possible success or failure of such an agreement, the highly successful Chemical Weapons Convention is used. From the comparison there seems to be little room for success for limiting the development and use of “cyber arms”.
I found chapter 10 of the book the most interesting. It makes use of the Decision Making Trial and Evaluation Laboratory (DEMATEL) method in order to compare rank the four strategic choices. Unfortunately it is not very easy to locate online material about the original DEMATEL method, however there’s lots of available literature (and a lot of it by the Chinese) on DEMATEL variations used in health, agriculture and other areas.
To me learning about DEMATEL was the one thing I got from the book. The rest of it while interesting, was not equally appealing.