When Brookings Institution scholar Peter W. Singer set out to write a book on cybersecurity, he knew that he didn’t want to produce the normal, wonky think-tank fare.
Books on the topic had so far fallen into two general categories: manuals for the information technology crowd, and the “sky is falling,” alarmist books designed to whip up fear about cyberwars.
Singer and co-author Allan Friedman, another Brookings fellow, wanted to produce something in between.
“We wanted to explain how it works, why it matters and what we can all do in a language that makes it easily accessible,” Singer said in an interview. “We are hugely dependent on this world, and yet we don’t well understand it.”
In the title, Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press), the emphasis is on the word “everyone,” Singer said.
“Cyber is a topic that is of crucial importance and interest whether you are a general, judge, lawyer, reporter, professor or just a parent,” he added.
One of the main points of the book is that a cyberwar is a low probability scenario. The same is true for using the Internet as a vector for a terrorist attack that could cost lives.
The truth is that there have so far been zero deaths or injuries caused by a so-called cyber-terrorist attack, he pointed out. That isn’t to say that this couldn’t happen, it’s just that it draws attention from the ongoing and very real threat of cyberespionage waged against U.S. companies in an effort to steal their intellectual property.
“Death by a thousand cuts is the real threat,” he said.
The news that hackers based in China, the so-called “advanced persistent threat,” are making off with trade secrets is now well known. But some industries do a better job than others on instituting protections, he said.
Action doesn’t always follow concern, he said, especially when it comes to Congress.
“Congress is most definitely deeply concerned about cybersecurity. They have held an average of 60 hearings a year on it. Congress — not all that stunningly — has not taken any form of action. We haven’t passed major cybersecurity legislation since 2002, which is five years before anyone had even heard of an iPhone,” he said.
Recent revelations from leaker Edward Snowden on the collection of phone records by the National Security Agency, and the creation of backdoors in popular software, isn’t helping move the legislation along, he said.
On one hand, the NSA leaks are making the general public more aware of cybersecurity issues. That isn’t a bad thing, according to Singer.
On the other hand, it is “poisoning the water” for cybersecurity legislation.
“It took an already complex issue and made it more complex. It looks like Congress is going to punt again. And that’s bad. Because there are so many non-NSA related things that need to happen,” Singer said.
There are unintended consequences of what the NSA is doing. Singer pointed to a Forrester Research Inc. report released in August that said the programs could result in $180 billion in lost revenues for U.S. companies as customers seek safe havens for their data stored in cloud services.
“That is why they (U.S. companies) are peeved. For very good reason,” Singer said.
It also gives ammunition to those who want to curb Internet freedom, particularly nations that want to control information.
“We have lost our moxie. We have lost our swagger on Internet freedom,” Singer said.
Authoritarian regimes want control of the Internet transferred to the International Telecommunications Union, where governance would be “one state, one vote.” Then they can control the flow of traffic, easily block websites they don’t like, and take other restrictive measures.
“If we don’t watch out, the Internet that we have all grown to know and love, and that has been the force of so much economic, political and social progress, could not be the same in a couple of years,” Singer said.Photo Credit: Oxford University Press