Richard Stiennon

Very interesting book about how, before they are released into the wild, various software and software-controlled systems need to be designed in a security-first way to avoid creating multiple back-doors that can be utilized by opposition in the future.

What is true for banks and other users of modern IT infrastructure is also true when it comes to military. And exposure of plethora of military systems to open networks creates special types of risks where control of these systems can be taken over using almost the same means used by today's cyber criminals when accessing the bank systems or personal electronic data.

After a very good introduction to Internet and how military started to adopt it, especially rise of Network Centric Warfare approach, author starts to meander in the middle of the book and then moves to basically describing how large corporation ITs handle the threats coming from the cyberspace. I say meander because what starts like description of very palpable danger when it comes to all networked weapon systems and how they can be intercepted and hijacked, comes down to very narrow approach to handle all the known and unknown/predicted threats. While this might apply to IT infrastructure of command and control, I think it is very unlikely same mechanisms would work for control of weapon systems, especially in the field. Military hardware always walks the thin line between the danger and level of it, criticality you might say. If danger is one off, it does not play much of a role in the long term, and let us not forget all cyber threats are one-offs. Once identified (since to be successful these means are always very narrow and custom built) although they might cause losses they are quickly handled and wont pose any threat in the future. Field conditions further complicate things because on the battlefield you do not want to open system but then you also need to receive information from somewhere and be able to function even in case of heavy jamming.

While entry chapter is rather dramatic I am glad that author shows that any cyber operation will be in role of support not in direct action (all the ships destroyed in first chapter are destroyed by missiles and torpedoes, not just by the fact their GPS is not working).

Other excellent point author talks about is the way hardware (chips, motherboards, electronics in general) can be secretly modified to enable third parties to seriously affect the actual planes and vehicles using them. Methods of controlling the logistic supply chains to prevent this were very interesting and something new to me.

Interesting book, that starts with the very intriguing field of hijacking high technology weapons but then does not provide any insights how that problem could be solved and goes back to more standard IT infrastructure protection that is applicable only for standard company/corporate computer network protection (basically command and control military counterpart). It is not downplaying the seriousness of this danger but I was truly waiting to see what would be the author's suggestion for the in the field handling of weapon hijacking and interference (there is also excellent chapter on cyberwar and electronic warfare).

Interesting, recommended.… (plus d'informations)