Penguin supports copyright. Copyright fuels creativity, encourages diverse voices, promotes free speech, and creates a vibrant culture. Thank you for buying an authorized edition of this book and for complying with copyright laws by not reproducing, scanning, or distributing any part of it in any form without permission. You are supporting writers and allowing Penguin to continue to publish books for every reader.
Names: Klimburg, Alexander, 1976- author.
Title: The Darkening Web: The War for Cyberspace / Alexander Klimburg.
Description: New York: Penguin Press, [2017] | Includes bibliographical references and index.
Identifiers: LCCN 2017008579 (print) | LCCN 2017016551 (ebook) | ISBN 9780698402768 (ebook) | ISBN 9781594206665 (hardcover) | ISBN 9780735223882 (international edition)
Subjects: LCSH: Internet and international relations. | Information societyPolitical aspects. | Cyberspace Government policy. | Information warfareRisk assessment. | InternetPolitical aspects. | Computer crimePrevention. | Security, International. | Power (Social sciences)
Classification: LCC JZ1254 (ebook) | LCC JZ1254 .K56 2017 (print) | DDC 327.0285/4678dc23
NOTE ON TERMS
Everything is ambiguous in cyberspace. We cant even agree on how to spell the very word itself, so it shouldnt be a surprise that we have difficulties in defining it. Spelling, as always, is a reflection of ones preferences: those who spell cyber space as two words are implying that the domain is not an entirely separate or unique entity, just as writing cyber security as two words implies that it is just another form of security, like maritime security, and not special at all. Those, like myself, who believe that cyberspace has unique identifiers that make it like a physical domain (like airspace or the seas) spell it as one word, just as the contentious term cybersecurity written as a single noun implies something new, rather than an extension of the old. The term cybersecurity is given an in-depth treatment on account of its overall rejection among some parts of the civilian technical community.
Also, in some cases choosing the single-word noun form is a necessary delineation from other terms. For instance, I use the term cyberattacks throughout this book, which is an admittedly ungainly attempt to bring together two highly conflicting standards: the insistence of some professionals (and most of the media) on referring to any violation of data confidentiality, integrity, and availability as a cyber attack, and the rigorous dismissal of the term attack by international lawyers, who insist that there must be widespread death and destruction for this term to be properly used. In this context, the prefix cyber is sometimes used as a stand-alone shorthand, as is common among government intelligence and security professionals, to indicate the general area of practice associated with national security affairs and cyberspace. As is also explained in the text, there is a difference between the Internet and an internetthe former being the worldwide Internet we know today, the latter simply any inter-networked computer arrangement. Similarly, the terms cyberspace and the Internet are sometimes used interchangeably as is common practice, although the difference between the two is repeatedly made clear throughout the text.
The military and intelligence communities are big on capitalizations and abbreviations. While I follow some of these communities naming conventions, I have abandoned others for the sake of readabilityfor example, the traditional practice of writing the code names of military and intelligence operations in all caps, including official cyber operations (like OLYMPIC GAMES).
INTRODUCTION
As Hermes once took to his feathers light,
When lulled Argus, baffled, swoond and slept,
So on a Delphic reed, my idle spright
So playd, so charmd, so conquerd, so bereft
The dragon-world of all its hundred eyes
John Keats, A Dream, After Reading Dantes Episode of Paolo and Francesca
T here is an ancient Indian parable, best reinterpreted in an old New Yorker cartoon, of what an elephant must feel like to a roomful of blind men trying to describe it. One man would feel the trunk and identify a snake, another would feel its sides and identify a wall, another would feel the legs and identify a tree, and still another would feel the ears and identify a fan, and so on. The image has always been popular with those who seek to describe the Internet, for the difficulty of grasping the entire cyberspace beast is tremendous, and the way you approach it inadvertently defines the way you see it. Some observers may concentrate on the economic impact of cyberspace, others on the socially transformative aspects, yet others on the technological development itself, or on the behavior of cyber criminals. This is a book about security, and in particular international security.
A very great number of people probably dont spend much time thinking about security and cyberspace. When the word cybersecurity (itself a contentious term, as we shall see) comes up, most of us probably think of cyber crimethe danger that our credit card or banking data may be stolen, or our devices infected with a virus, or our social network profiles hijacked. A slightly smaller section of the population may think about rampant cyber espionage pitting states against each other in a constant struggle, with governments and businesses hacked on an almost-daily basis. Others may be concerned with the prospect of catastrophic cyberattacks (another contentious term) on critical infrastructure, most notably the power grid. And some may also wonder how the Internet itself can be governed, how human rights can be guaranteed while at the same time ensuring a basic level of data security for the average user. Although these seem like disparate issues, they are all connected.
Security in cyberspace is in itself a vast subjecta whole new elephant to analyze, with each attempt to grapple with the beast inherently bearing the risk of overemphasizing that particular component. This book is oriented toward one part of that bodythe tusks, if you willthat represents the security interests of nation-states and their governments in cyberspace. It is rooted in the ongoing debate on cyberspace and international relations conducted today in both research organizations and governments worldwide. This book is therefore largely concerned with how governments perceive and address what are loosely referred to as international cybersecurity issues and how they are framing this new domain as a means to project power.
The aspirations of states in cyberspace, together with the technical realities of this new artificial world, are creating significant risks for human welfare writ large. These risks are associated with new means to not only inflict large-scale destruction in interstate conflict and war but also do catastrophic damage to liberal democratic societies through a subtle reframing of information overall as a weapon. Ultimately, we face the small but real prospect that in the not-too-distant future the Internet, a fabulous artifice of human civilization largely perceived today as a domain for advancing freedoms and prosperity, could become instead a dark web of subjugation.