Cybersecurity Canon Candidate Book Review: “Cyber Warfare –Truth, Tactics and Strategies" by Dr. Chase Cunningham
Cybersecurity Canon Candidate Book Review: “Cyber Warfare –Truth, Tactics and Strategies by Dr. Chase Cunningham.”
Book review by: U.S. Army Major General (Retired) John Davis, VP Public Sector, Palo Alto Networks.
Bottom Line: Cyber Warfare –Truth, Tactics and Strategies is a magnificent book and I believe it belongs in the Canon Hall of Fame. This book is of interest to the entire cybersecurity community, in both the public and private sectors, as well as to every global citizen who has an interest in what’s happening with both cyber and broader information warfare in the digital age and why it’s important to understand.
Cyber Warfare –Truth, Tactics and Strategiesis a book that clearly deserves to be in the Cybersecurity Canon Hall of Fame. This book provides a contemporary “PhD level” education about a topic that truly has the potential to fundamentally change the way we perceive our world and, as a result, act to combat the dark underbelly of what’s increasingly happening in our modern digital age. It’s written by an authority who’s “been there and done that,” from his extensive experience working in the U.S. military, intelligence and law enforcement cyber communities, to his current day expertise across the global industrial cyber landscape.
While Dr. Cunningham states up front that his intended audiences are engineers, leaders or professionals with either a responsibility for cybersecurity or interest in this field, I believe it is of even greater benefit. This book provides essential information in easy to understand language to a much broader audience who needs to understand what’s happening and what’s potentially at risk... from the very technical community, to the executive leadership levels across both public and private sectors, to the individual digital citizen that needs to wake up to the reality they are seeing on their device screens.
This book is on my personal “must read” list for people in the cybersecurity community, as well as the general public, when they ask me what they should be reading. Importantly, this book broadens the traditional discussion about the cyber topic and includes excellent insight into how traditional cyber tactics and capabilities intersect with modern day tactics and capabilities (mis/disinformation, distortion of truth, use of divisive and inflammatory techniques and use of social media) in the overall information warfare campaigns being waged by various adversaries to achieve desired outcomes in their own best interests.
The book explains what has happened in today’s fast moving and complex cyber age by focusing on recent cyber related events, the threats behind them and the current complementary information warfare trends that present significant challenges for any defense against these dangers.
Additionally, the book explains what is possible today for governments, industry and the average citizen to effectively manage the growing risks from these modern threats. It gives clear insight, using easy to understand language (*although there are some pockets of very technical topics and terminology, Cunningham’s effective use of footnotes allows the non-technical reader to get more insight as desired), about the enormous challenges and potentially catastrophic consequences we all face from cyber threats.
Finally, the book provides much needed practical advice about what to do to combat the onslaught we all face from today’s modern cyber threats. I really enjoyed the elegant, simple structure of the book. The book uses an approach that outlines the truth about the cyber threat we are facing, an explanation about the specific tactics that are being employed against us, and then provides concepts for how to think about the problem in a more strategic way as well as guidance and modern best practices for tackling the problem. Each chapter starts with a major topic summary up front, followed by the details within the various categories of the chapter topic, and then concludes with a concise recap of the most important take-aways from the issue covered.
Additionally, and perhaps because of my own military background, I found Cunningham’s use of his own and other traditional military experiences to provide analogies for a way to think about cyber threats and the defenses against them to be very useful.
The book starts with a brief history of cyber threats and explains how we arrived at today’s state of play with advanced digital threats and complex information age techniques and capabilities. The author then takes the reader on a journey with several “how to really understand the problem” chapters that explain changes in the way that cyber threats have evolved as well as the evolution of today’s information environment. These changes have resulted in a situation where what used to work in defending against these threats simply cannot work today.
To darken the picture further, he next devotes several chapters to describe emerging tactics and trends, including a host of new terms, techniques and capabilities that everyone must understand in order to find a better way to manage the growing risks and potentially catastrophic consequences.
These new, emerging categories include terms such as Mobile Ransomware, DeepFakes, DeepMasterPrints, DeepVoice, ReadFakes, False Flags, Hoaxing and how all of these new threats are being integrated into both Cyber Warfare Campaigns as well as Influence Attacks (or using social media platforms for malicious purposes).
Having set the stage by making the case that dramatic changes in the nature of warfare demand commensurate changes in our strategic approach to defend against these new threats, the second half of his book contains chapters that talk about strategy, planning, innovations, enablers, force multipliers and some key tools and techniques that have demonstrated success against this new form of information age combat. Included in these “how to really fix the problem” chapters are best practices and technical solutions such as application whitelisting, zero trust networking and architecture, micro-segmentation, and follow-on concepts (and solutions) for fixing the problem of passwords.
The book ends with something I consider very valuable. Cunningham calls it his “5 Laws” for survivability in cyber warfare. Here, he brings everything that precedes it to a “nice, tight shot group” as we would say in military terminology. These five laws, in my view, are simply the resulting wisdom from the sum of his considerable experience, and not only an excellent set of best practices but a smart roadmap for those looking to battle these new threats effectively.
I always loved the old adage, “don’t bring me a problem unless you bring me a solution.” These five laws provide some solutions and are great advice for anyone engaged in the information age... which is everyone!
In summary, Cyber Warfare –Truth, Tactics and Strategies by Dr. Chase Cunningham provides a great view of the dangers we face from modern cyber threats, the evolving tactics employed by these threats and a more strategic approach to combating these new threats. It provides clear insight about the serious potential consequences to national (and international) security, economic prosperity, and public safety from these new cyberthreats.
Best of all, from my perspective, this book tells a positive story about some effective, practical best practices that can be used right now to fight this battle.