few weeks ago, I found myself in a café in Ballston, part of Arlington, Virginia. It is ground-zero for the cyber-industrial complex that has sprung up around Washington D.C. While enjoying a cup of coffee, I overheard two gentlemen speaking in what would sound like an arcane language to those not au fait with cybersecurity-ese. They bandied about phrases like “resilience,” “cyber hygiene,” “attack surfaces,” “threat vectors,” “machine learning,” and more. Had I been playing cybersecurity bingo, I would have easily won. These were all delivered in rapid succession, presumably as part of a pitch they were about to make to one of the Department of Defense-affiliated offices in the area.
The conversation crystalized Matt Potter’s new book “We Are All Targets” for me, as it focuses not on the top-down origins of cyber war, but the bottom-up bubbling of what has come to define the concept. But, I’ll come back to that in a moment.
“We Are All Targets” is, first and foremost, a book that would be the result of Hunter S. Thompson penning an episode of “Mr. Robot,” the brilliant show led by Rami Malek as the hacker/vigilante Elliot Alderson. It’s gonzo journalism at its finest; a globe-trotting account presenting an almost counter-culture narrative of the emergence of cyber war and what it means in practice. Indeed, Potter’s publishers would do well to try and get Malek to reprise his role for the audiobook. Potter has a wry, subversive sense of writing, which is particularly refreshing in what is far too often an arid and technical subject. He joins Nicole Perlroth’s “This is How They Tell Me the World Ends” in bringing this fascinating subject to vivid life.
For many in the West—policymakers and practitioners, alike—the story of cyber war is one of the Department of Defense and National Security Agency squaring off against state hackers from Russia, China, and North Korea. It is a very Western, and particularly American origin story. How could it not be? The United States is home to Silicon Valley and the largest IT companies in the world. The Department of Defense gave birth to the foundations of the internet and is indirectly responsible for the modern information age. Cyber war is, therefore, merely an electronic continuation of politics by other means; a way of asserting your political will on that of your adversary. It’s Carl and Marie von Clausewitz with email.
While that may not be wholly inaccurate, it’s not wholly accurate or the entire story as Potter presents. If you’re detecting a bit of puckishness in this piece, thus far, you’re bang on the money, and it is due in no small part to Potter’s thoroughly enjoyable prose and sense of story-telling. A dry recitation of the evolution of cyber war, this most certainly is not.
Potter’s “We Are All Targets” is one of the more interesting entries into the cyber war genre in that he doesn’t start in Washington D.C. or Silicon Valley (and I must thank him for that), but in Yugoslavia of all places (after he recounts his opening encounter with an MI5 officer and representative of military intelligence). In Potter’s telling, the antecedents of the challenges of today—networked adversaries, meme warfare, online dis- and mis-information—all can be traced to Yugoslavia, its collapse and disintegration, and the wars that followed.
Indeed, the war in Kosovo, one that is almost wholly forgotten in the United States, is arguably the first cyber war in Potter’s telling. But this is getting ahead of the argument for the moment. Yugoslavia is rarely thought of as a source of computing innovation, but that is precisely what Potter shows it to be. Rather than fearing computing as an enemy of the communist state and regime control, the country saw it as a competitive advantage and as part of the unique course it was charting away from Moscow’s dominion.
It developed its own indigenous computing industry, leveraging IBM microprocessors, and encouraged a culture of hacking and creativity. Hackers became celebrities of a sort with magazines popping up extolling their exploits and hacks. The very absence of Big Tech in Yugoslavia and its disconnection from the global information economy spawned an innovation and creativity out of necessity. Potter’s hackers didn’t know the rules because for them, there were no rules.
These chickens came home to roost after the collapse of Yugoslavia and the wars that followed. Here, the regime of Slobodan Milošević in Belgrade, Serbia, seized upon the country’s prior investments in computers and networking, and unleashed a cyber army against the West, one for which the Department of Defense and NATO were ill-prepared. As classified documents kept appearing on the open internet, such as the ones that brought MI5 to Potter’s door, NATO assumed there was a human spy in their midst, failing to realize that their networks were breached and were leaking like a sieve. NATO and the United States were not expecting a cyber war, let alone “pings of death” from a distributed network of attackers from both in Serbia and around the world that hacked official websites, spread mis- and dis-information, spammed memes, and more.
Potter is perhaps a bit too certain that the cyber challenges of today would not have occurred without the hacker collectives of Belgrade; that dis- and mis-information, trolling, conspiracy theories would not have emerged without Kosovo and all that followed. The very openness of the internet was destined to create a counter-culture, and its apparent weaknesses would almost certainly have been seized upon by someone, somewhere.
In Potter’s telling, these tools, tactics, and techniques migrated to Russia and China. Moscow became a nexus of cyber-criminality with the state tolerating hacking so long as it benefited the state and targeted adversaries outside of Russia. For China, an indigenous hacking culture developed where hackers became celebrities with marketing and profit potential, as well as state utility. This diffusion of cyber talent and capabilities, and the West’s challenges in responding highlights a central truth of the cyber world not just then, but today as well—cyber offense always outplays cyber defense, and the defenders are always playing catch-up to the attackers.
This highlights a central challenge for the United States, in particular, in responding to cyber warfare: an industrial-era monolith attempting to grapple with what is truly an information-age challenge. As Potter writes, “Yet America’s solution has always been more investment in technology. Where its foes were networked, insurgent, and unpredictable, America’s response was to turn to technological silver bullets.” Billions upon billions of dollars were allocated by the federal government for cyber defenses and protections. Firewalls, virus checkers, active defenses, machine learning, and more—all of the buzzwords overheard at that café in Arlington—were all promised to address the challenges of cyber vulnerabilities.
The irony is that even for all the maturation in understanding the challenge and threat of cyber war, it was still largely assumed to be a top-down challenge, about bringing down networks and paralyzing the country with a “cyber Pearl Harbor.” Yet, the lessons that should have been learned from as far back as the Kosovo war was that it wasn’t the bolt from the blue that took down the grid, but the slow accretion of attacks and the erosion of trust. It is as though the West is so fixated on the heart attack itself, it misses the risks of high blood pressure within the system.
It was slow coming, but the “penny had finally dropped,” for the United States and the West. Says Potter: “Cyber war was not about the protection of military infrastructure or the ability to degrade the enemy’s weapons. It was about degrading the enemy’s ability to function at all—through information war, direct assaults, draining resources through the sowing of chaos, terror, mistrust in institutions, and economic damage.”
While the penny may have dropped, it is far from clear that the United States is prepared for the world today, let alone the world to come. Machine learning, AI, ChatGPT, and more are all slated to change the character of cyber war in the years to come. Automated propaganda, adversarial generated dis- and mis-information at the speed of social media, and video and audio deepfakes will make it easier to sow confusion and discord, and even create malware.
Potter’s book offers an interesting, novel look at the evolution of cyber war, from that of the adversarial upstart. Starting at Kosovo is indeed interesting and thought-provoking—it’s not all about Washington (shocking as it may be for some within the D.C. bubble). For all the buzzwords and all the jargon circulating the Beltway—the shorthand for the highway encircling the greater Washington D.C. area—there will be and are upstarts that do not enjoy the resource advantages of the United States and will be seeking to exploit the weaknesses of America’s networks. It’s critical to understanding how those adversaries work and think to avoid strategic surprise. Sometimes it takes a gonzo-journalist to make that truth evident.
a global affairs media network
Cyber War, From the Bottom Up
Image by Gerd Altmann from Pixabay
February 11, 2023
The story of cyber wafare is typically West-centric. This ignores both the surprising roots of cyber war and the bottom-up, percolating nature of cyber threats, writes Joshua Huminski in his review of Matt Potter's latest book, "We Are All Targets."
A
few weeks ago, I found myself in a café in Ballston, part of Arlington, Virginia. It is ground-zero for the cyber-industrial complex that has sprung up around Washington D.C. While enjoying a cup of coffee, I overheard two gentlemen speaking in what would sound like an arcane language to those not au fait with cybersecurity-ese. They bandied about phrases like “resilience,” “cyber hygiene,” “attack surfaces,” “threat vectors,” “machine learning,” and more. Had I been playing cybersecurity bingo, I would have easily won. These were all delivered in rapid succession, presumably as part of a pitch they were about to make to one of the Department of Defense-affiliated offices in the area.
The conversation crystalized Matt Potter’s new book “We Are All Targets” for me, as it focuses not on the top-down origins of cyber war, but the bottom-up bubbling of what has come to define the concept. But, I’ll come back to that in a moment.
“We Are All Targets” is, first and foremost, a book that would be the result of Hunter S. Thompson penning an episode of “Mr. Robot,” the brilliant show led by Rami Malek as the hacker/vigilante Elliot Alderson. It’s gonzo journalism at its finest; a globe-trotting account presenting an almost counter-culture narrative of the emergence of cyber war and what it means in practice. Indeed, Potter’s publishers would do well to try and get Malek to reprise his role for the audiobook. Potter has a wry, subversive sense of writing, which is particularly refreshing in what is far too often an arid and technical subject. He joins Nicole Perlroth’s “This is How They Tell Me the World Ends” in bringing this fascinating subject to vivid life.
For many in the West—policymakers and practitioners, alike—the story of cyber war is one of the Department of Defense and National Security Agency squaring off against state hackers from Russia, China, and North Korea. It is a very Western, and particularly American origin story. How could it not be? The United States is home to Silicon Valley and the largest IT companies in the world. The Department of Defense gave birth to the foundations of the internet and is indirectly responsible for the modern information age. Cyber war is, therefore, merely an electronic continuation of politics by other means; a way of asserting your political will on that of your adversary. It’s Carl and Marie von Clausewitz with email.
While that may not be wholly inaccurate, it’s not wholly accurate or the entire story as Potter presents. If you’re detecting a bit of puckishness in this piece, thus far, you’re bang on the money, and it is due in no small part to Potter’s thoroughly enjoyable prose and sense of story-telling. A dry recitation of the evolution of cyber war, this most certainly is not.
Potter’s “We Are All Targets” is one of the more interesting entries into the cyber war genre in that he doesn’t start in Washington D.C. or Silicon Valley (and I must thank him for that), but in Yugoslavia of all places (after he recounts his opening encounter with an MI5 officer and representative of military intelligence). In Potter’s telling, the antecedents of the challenges of today—networked adversaries, meme warfare, online dis- and mis-information—all can be traced to Yugoslavia, its collapse and disintegration, and the wars that followed.
Indeed, the war in Kosovo, one that is almost wholly forgotten in the United States, is arguably the first cyber war in Potter’s telling. But this is getting ahead of the argument for the moment. Yugoslavia is rarely thought of as a source of computing innovation, but that is precisely what Potter shows it to be. Rather than fearing computing as an enemy of the communist state and regime control, the country saw it as a competitive advantage and as part of the unique course it was charting away from Moscow’s dominion.
It developed its own indigenous computing industry, leveraging IBM microprocessors, and encouraged a culture of hacking and creativity. Hackers became celebrities of a sort with magazines popping up extolling their exploits and hacks. The very absence of Big Tech in Yugoslavia and its disconnection from the global information economy spawned an innovation and creativity out of necessity. Potter’s hackers didn’t know the rules because for them, there were no rules.
These chickens came home to roost after the collapse of Yugoslavia and the wars that followed. Here, the regime of Slobodan Milošević in Belgrade, Serbia, seized upon the country’s prior investments in computers and networking, and unleashed a cyber army against the West, one for which the Department of Defense and NATO were ill-prepared. As classified documents kept appearing on the open internet, such as the ones that brought MI5 to Potter’s door, NATO assumed there was a human spy in their midst, failing to realize that their networks were breached and were leaking like a sieve. NATO and the United States were not expecting a cyber war, let alone “pings of death” from a distributed network of attackers from both in Serbia and around the world that hacked official websites, spread mis- and dis-information, spammed memes, and more.
Potter is perhaps a bit too certain that the cyber challenges of today would not have occurred without the hacker collectives of Belgrade; that dis- and mis-information, trolling, conspiracy theories would not have emerged without Kosovo and all that followed. The very openness of the internet was destined to create a counter-culture, and its apparent weaknesses would almost certainly have been seized upon by someone, somewhere.
In Potter’s telling, these tools, tactics, and techniques migrated to Russia and China. Moscow became a nexus of cyber-criminality with the state tolerating hacking so long as it benefited the state and targeted adversaries outside of Russia. For China, an indigenous hacking culture developed where hackers became celebrities with marketing and profit potential, as well as state utility. This diffusion of cyber talent and capabilities, and the West’s challenges in responding highlights a central truth of the cyber world not just then, but today as well—cyber offense always outplays cyber defense, and the defenders are always playing catch-up to the attackers.
This highlights a central challenge for the United States, in particular, in responding to cyber warfare: an industrial-era monolith attempting to grapple with what is truly an information-age challenge. As Potter writes, “Yet America’s solution has always been more investment in technology. Where its foes were networked, insurgent, and unpredictable, America’s response was to turn to technological silver bullets.” Billions upon billions of dollars were allocated by the federal government for cyber defenses and protections. Firewalls, virus checkers, active defenses, machine learning, and more—all of the buzzwords overheard at that café in Arlington—were all promised to address the challenges of cyber vulnerabilities.
The irony is that even for all the maturation in understanding the challenge and threat of cyber war, it was still largely assumed to be a top-down challenge, about bringing down networks and paralyzing the country with a “cyber Pearl Harbor.” Yet, the lessons that should have been learned from as far back as the Kosovo war was that it wasn’t the bolt from the blue that took down the grid, but the slow accretion of attacks and the erosion of trust. It is as though the West is so fixated on the heart attack itself, it misses the risks of high blood pressure within the system.
It was slow coming, but the “penny had finally dropped,” for the United States and the West. Says Potter: “Cyber war was not about the protection of military infrastructure or the ability to degrade the enemy’s weapons. It was about degrading the enemy’s ability to function at all—through information war, direct assaults, draining resources through the sowing of chaos, terror, mistrust in institutions, and economic damage.”
While the penny may have dropped, it is far from clear that the United States is prepared for the world today, let alone the world to come. Machine learning, AI, ChatGPT, and more are all slated to change the character of cyber war in the years to come. Automated propaganda, adversarial generated dis- and mis-information at the speed of social media, and video and audio deepfakes will make it easier to sow confusion and discord, and even create malware.
Potter’s book offers an interesting, novel look at the evolution of cyber war, from that of the adversarial upstart. Starting at Kosovo is indeed interesting and thought-provoking—it’s not all about Washington (shocking as it may be for some within the D.C. bubble). For all the buzzwords and all the jargon circulating the Beltway—the shorthand for the highway encircling the greater Washington D.C. area—there will be and are upstarts that do not enjoy the resource advantages of the United States and will be seeking to exploit the weaknesses of America’s networks. It’s critical to understanding how those adversaries work and think to avoid strategic surprise. Sometimes it takes a gonzo-journalist to make that truth evident.
