Strategic Warfare in Cyberspace
by Gregory Rattray
MIT Press 2001
ISBN 0-262-18209-2 LoC U163.R29 2001. 517 pages. $49.95 Acronyms. Index. Annotated bibliography and extension notes for chapter.

Reviewed by  Robert Bruen   January 9, 2002 

Generally speaking computer security professionals do not concern themselves with warfare between nation states. Their focus is probably on the next virus or network scan. However, now that the Internet is truly global and information technology is deeply embedded in almost all important infrastructures, computers are now both targets and weapons for governments. The military has used computer technology for all sorts of things for many years, but has only recently begun to take seriously the new role of technology in warfare. The computer as a weapon has a great number of interesting implications beyond just hacking a web site, some of them created by the fact that they are cheap, with a global reach. Unlike large military hardware costing tens of millions of dollars to buy and maintain, computers and network connections are cheap. All that someone needs in expertise, time and will. The military is used to waging war by superior firepower, by being the biggest, baddest guy on the block. The history of warfare is filled with examples of why this approach was not enough, things like disease and the weather have probably caused more casualties than the weapons themselves.

Rattray is a member of the Air Force which sets the stage for his viewpoint on how cyber warfare ought to be studied and brought into the military mindset. He presents a detailed study of the development of the US strategic airpower during the first part of the 20th century to provide the lessons for how the US might develop cyber warfare. There are two basic questions of new ideas work their way into the military, or any organization for that matter. First is how does happen? And second is how does happen here? The first question is the generalized problem and the second is the general problem with modifications that are specific to the local organization. The military may be the ultimate local problem, but they have demonstrated that they can evolve.

Integrating strategic information warfare into the military by members of the military appears to be no easy task. This book is scholarly tome which provides convincing arguments as to why and how it should happen. Information warfare as an idea has been around for over a decade, but we have yet to see much beyond isolated attacks on web sites. The status quo will be shifting relatively soon. A denial of service attack such as NATO experienced after the US bomb the Chinese embassy during attacks on parts of the former Yugoslavia a few years ago are not really major events when compared to attacks which are possible.

As the military begins to gear up for the future, it is in the interest of security professionals to have some insight into how the military works and will adapt to the new possibilities of war in cyberspace. This book is an excellent path to that insight. It is always of interest to observe how different disciplines implement ideas that are familiar to you in unfamiliar ways. Since international warfare has been with us since civilization began, there is little hope it will be eliminated in the age of information. It will be simply transformed.

This is a highly recommended book that will expand how you think about computer and network security.