Cyber War: The Next Threat to National Security and What to Do about It by Richard A. Clarke and Robert K. Knake. HarperCollins, 2010, 290 pp.
A few years back, the US Air Force presented me with a professional development opportunity that proved to be a tremendous personal challenge. I received orders to become the director of war-fighting integration in SAF/XC, the communications and computers directorate in the Pentagon. The SAF/XC job piqued my interest in this fascinating new domain through which we project airpower in defense of our nation.
This interest is what inspired me to select Cyber War as my first book off the Chief’s 2011 Reading List. Former White House national security coordinator Richard A. Clarke and Council on Foreign Relations international security fellow Robert K. Knake have written a book that is remarkably readable and remarkably relevant. I highly recommend this fine work to anyone who wants to learn more about “the next threat to national security and what to do about it.”
There are three big takeaways in this book. First, and perhaps most significant for the citizenry of this country to comprehend, is the fact that cyber war is so much more than just a military security matter; it is a genuine national security issue that demands a fully coordinated “whole of society” strategy, one developed and executed by all the key players in government and the private sector. The authors rightly acknowledge the challenges posed by any governmental role in dealing with private-sector vulnerabilities, but they come down hard on the side of increased federal regulation in a domain originally conceived and birthed as open and free. While any proposal for more government involvement often generates potent antibodies among those associated with both ends of the political spectrum, Clarke and Knake present a compelling case that is worthy of further debate.
The second big takeaway is the authors’ “hard to argue with” assertion that cyber war presents a greater threat to our United States than it does to any other nation. This observation flows naturally from the recognition that cyber dependence equals cyber war vulnerability. From sea to shining sea, people enjoy the ease and power of e-mail, Google, Facebook, and other “net goodies” to be found in fluffy, friendly cyber clouds. But as Clarke and Knake note, we have critical infrastructures throughout the 50 states and US territories that are frighteningly net dependent with no non-net backups; their main concern being (say it with me; say it loudly; let me hear you say it; all together now) our nation’s electric power grid. (Peruse the last chapter to appreciate the aforementioned parenthetical comments.)
The third big takeaway is the most sobering of all. The cyber problem set is evolving more rapidly than the cyber solution set. Put another way, we lag behind, and are falling even further behind each passing nanosecond, due to the lightning quick pace of change in the information age. As you turn the pages in Cyber War, this reality will eventually sink in and drive you to beg for answers to the question “So what can we do about it?” And that is where the authors do not let their readers down. Clarke and Knake propose an innovative six-step agenda to address this rapidly emerging national security threat.
That agenda begins with a call for open, informed public dialogue about cyber war, or as the authors describe it, “thinking about the unseeable.” Because this threat is not as visible as a Cold War mushroom cloud or a hot war attack by terrorist-piloted airplanes, cyber war is something that some people would rather not think or talk about. But just as “hope is not a strategy,” neither is “wishing it away.” The second step defines a defensive triad that focuses on securing the Tier 1, or backbone, Internet service providers (ISP), the electric power grid, and the Defense Department’s networks and cyber-dependent weapon systems. The third step advocates a more aggressive approach to combating cyber crime. When one contemplates a “fee for service” use of the tools of cyber criminality by, say, the perpetrators of 9/11, one fully understands why this particular step is on the agenda.
The fourth “must do” is adoption by the United Nations of a cyber war limitation treaty. Clarke and Knake detail what the first CWLT would look like, but I leave that for you to discover on your own. Suffice to say, this proposal recognizes the importance of some form of international agreement on behavioral norms in the cyber realm. Step five simply highlights the need for research on more-secure network designs, with an emphasis on tomorrow’s software fixes for today’s software glitches that make us so vulnerable to cyber war. The sixth and last step reemphasizes the authors’ earlier observation that cyber war is a national security threat that demands presidential involvement. Entitled “It’s POTUS,” this final section concludes with some proposed remarks for our president to deliver at a future UN General Assembly session. As Clarke and Knake conclude, “It could be a beautiful speech, and it could make us safer.”
Cyber War also includes an interesting discussion on rethinking deterrence strategy. The interesting twist is that the authors focus less on the oft-mentioned attribution difficulties and more on the challenges associated with achieving a cyber “demonstration effect” similar to that provided by nuclear tests during the twentieth century. Such a demonstration effect would serve to underscore both key ingredients of successful deterrents— capability and will—but may not be feasible in the cyber era.
Clarke and Knake also describe the importance of “resilience” in the face of cyber attack. I found this portion particularly interesting in light of what I perceive to be an encouraging shift in DoD strategy away from a “Maginot Line” defense mentality toward a mind-set of “mission assurance.” Interestingly, this new idea for handling cyber war mirrors a concept we still exercise in operational readiness inspections when under simulated attack from nuclear, biological, chemical, and other life-threatening weapons—a concept known as the “ability to survive and operate.”
Whether you consider yourself an expert or a novice, you will find Cyber War to be informative and well worth your time. While the contents are alarming, I do not believe that the authors are alarmists. Richard Clarke and Robert Knake have issued and justified a strong call for action. It is a call which I believe our great nation ignores at its own peril.
Lt Gen David S. Fadok, USAF
Commander and President, Air University