According to the observation commonly attributed to Mark Twain, "history doesn't repeat itself, but it does rhyme."
Though the issues we face today are never exactly the same as the ones we faced in the past, there is of course much we can learn from them. That common understanding, according to Brookings Institute researchers and authors Peter W. Singer and Allan Friedman, applies to cyberspace, which we tend to mistakenly think of as unique and unprecedented, bringing new problems that require a whole new set of solutions.
See also: Who Wins in the Battle for Power on the Internet?
In their new book released Friday, Cybersecurity and Cyberwar: What Everyone Needs to Know, Singer and Friedman tackle issues that are as popular as they are poorly understood.
Cybersecurity, cyberwar, cyberterrorism, are all often repeated terms. Few, however, seem to know exactly what they mean. The book, in fact, opens with a senior U.S. Defense Department official referring to such critical issues as "all this cyber stuff."
But lest we are too quick to ridicule — it's of course natural to wonder what some of this "cyber stuff" actually is. To demystify the terms, Singer and Friedman answer a series of questions, some as simple as, "How does the Internet actually work?" Some more sinister like, "Shady RATs and Cyberspies: What is Cyberespionage?"
So how does history rhyme in the world of Internet security? The authors argue that cyberspace is no different than the world's oceans of the 1600s. The seas then were used for both commerce and communication, and no nation had complete control over them.
That lack of regulation led to the rise of privateers, pirate-like groups who were not part of a government's navy but fought alongside it, with the state's permission — much like today's nationalist hackers, such as the Syrian Electronic Army.
Initially, governments gave legitimacy to privateers to fight wars, and these sea-borne mercenaries played an important role in various battles. But later, in times of peace, when governments needed to assert more control over the seas, privateers and pirates started to fall out of favor. Countries finally agreed to the Paris Declaration of 1856, which abolished privateering and made nations responsible for the actions of any group operating under its jurisdiction. That forced governments to stop turning a blind eye to privateers.
Singer and Friedman think something similar could be done to curtail nationalist hackers, cybermilitias, and even criminal hacker groups who operate in havens like Romania, Ukraine, or Russia.
If we make countries responsible for these groups' cyberattacks, Singer and Friedman argue, then governments will start clamping down on them. The question of how you do that remains, however, and the authors posit that adapting old rules to these seemingly new situations is the best approach to solving the issues (i.e., treating modern-day hacker groups like privateers, thus banning them and making countries accountable for their actions).
That's one of the main takeaways from the book's almost 300 pages, in which the authors answer questions with authority, drawing from previous research and news reports, but also use quirky anecdotes to entertain the reader and drive the point home. (Janet Napolitano, for instance, the former head of the Department of Homeland Security, one of the main government agencies in charge of cybersecurity, doesn't use email.)
The book argues that cybersecurity affects all of us, from the casual user whose identity can be stolen online to the power plant that can be hacked, removing power from large swathes of cities. Yet both the average netizen and government officials alike have much to learn about the basic concepts of cybersecurity.
This confusion is encompassed in the word "cyberattack," which is commonly used to describe everything from Anonymous hacktivists defacing websites to Stuxnet, the cyberweapon that the U.S. and Israel reportedly used to slow down Iranian nuclear centrifuges.
"They'll talk about them as if they're all one and the same thing," says Peter W. Singer, in an interview with Mashable, referring to both politicians and even the media. "It's a lot like talking about kids with fireworks, a mugger with a pistol, a terrorist with a bomb, James Bond with his Walther PPK, and a Soviet cruise missile as all the same thing because they use the chemistry of gunpowder. They're not."
Cyberattacks, as Singer and Friedman explain in the book, can be put into three main categories: availability attacks, which try to block access to a network or a site (the classic Anonymous-style denial of service attack); confidentiality attacks, in which hackers try to steal data or monitor information inside protected networks; and integrity attacks, where hackers try to sabotage or disrupt physical devices or infrastructure controlled online (Stuxnet is the perfect example).
While all these attacks are carried over the Internet, technically "cyberattacks," that doesn't make them the same.
The most important thing Singer and Friedman want us to understand is that yes, the Internet can be a scary place, inhabited by malicious hackers wielding cyberweapons. But it's also the place where you can find answers to almost every question you've ever imagined, in just a few seconds; a place where you can meet and become friends with people across the globe. And we shouldn't be scared.
"The prospect of entering such a dangerous online world likely would have reduced us to tears and spurred pleas to our parents not to make us go into cyberspace," the authors write in the book, reminiscing about their first days with a computer. "Today, we wouldn't have it any other way. Our journey into the world of cyberspace has given us, and the rest of humanity, fantastic powers that were then unimaginable."
To keep it that way, to preserve the Internet's amazing potential, we'll have to accept some risks and learn how to combat them. Its open nature is what makes the Internet vulnerable.
Some things can be fixed and improved, but, as Singer and Friedman repeatedly warn, there are no silver bullets, no one-size-fits-all solutions. The two lay down a comprehensive list of potential changes that include establishing an organization like the Centers for Disease Control for cyberspace, teaching kids about cybersecurity, or passing legislation to improve public-private cooperation.
All these, they argue, are good options, but nothing will make the Internet a completely safe haven, and that's perfectly OK. Online, just like in real life, we have to trade in some security to secure net freedom.
More than anything else, the book is a reality check. Not only are there no easy solutions, but the situation isn't as dire as some might have you believe. In other words, we don't need to focus on "Cyber Pearl Harbors" or "Cyber 9/11s."
"It's not the Pearl Harbor but the death by a thousand cuts that we should be spending more time and energy on," Singer says, referring to the constant theft of intellectual and industrial property.
If you're completely ignorant about malware and cyberattacks, this is the book for you. And if you think you know a lot about these topics, this is still the book for you. It's thorough, exhaustive, and easy to read. And it eloquently simplifies every complicated issue, challenging widespread notions about cybersecurity and cyberwar.
In this extremely approachable book, Singer and Friedman may have very well told us all we need to know about cybersecurity and cyberwar. Now it's up to us all to work together to make the Internet a better place.
Have something to add to this story? Share it in the comments.
Image: Mashable, Will Fenstermaker