Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Cyber Warfare – Truth, Tactics, and Strategies
Cyber Warfare – Truth, Tactics, and Strategies

Cyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare

eBook
€8.99 €19.99
Paperback
€24.99
Audiobook
€8.99 €21.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Cyber Warfare – Truth, Tactics, and Strategies

The Perimeter Is Dead

For the past 30-plus years, the overarching plan to secure networks and digital infrastructure was one that was predicated on the concept of perimeter-based security. Most organizations across the globe subscribed to the concept and plan that if the walls were high enough and the outward boundaries of the network were hard enough, then the enemy would not be able to "get in." Entire global architectures have been built and deployed to leverage that concept and billions of dollars have been spent to engage in "defense in depth" and the "castle and moat" methodology of security. It has all been for naught.

The perimeter-based model of security has categorically failed to keep pace with the evolution of the internet, the proliferation of devices and accesses, and the explosion of cloud computing and an increasingly mobile and Bring Your Own Device (BYOD) workforce. There is no perimeter anymore. The moment a user can...

A scenario detailing holes in the model

Consider the following scenario. A user who works from home and has administrative rights on their machine (as most do, especially when it is their own personal device) allows their child to use that device because they need it for homework. The little tyke jumps on their parent's overly powerful, overly app-heavy, non-managed device and, instead of going to a safe homework site, they maneuver to what they thought was a seemingly innocuous site that they heard about at school.

This young user wants to see whatever this site has to offer, but in order to do that they must download a plugin on their parent's browser and an app that the site says they need to use the content on the site (remember the child can execute this operation because they have administrative privileges on this machine) – so they do.

Everything on the site works fine, no malware alerts are noted (because the malware they downloaded is new and has no...

A global perimeter falls

Another example of how the technical alignment of the perimeter-based model helps proliferate exploitation and is woefully ineffective at combatting current threat actions comes from an analysis of what happened to the shipping giant Maersk.

In 2017, a Ukrainian company with software used for accounting – the Linkos group – was operating as normal. Unbeknownst to the IT leaders and users at this company, the servers that were connected to hundreds of clients and responsible for updating their accounting software were the launching point for the initial proliferation of the NotPetya ransomware attack.

The Linkos group, which did nothing "wrong" other than be located in a country that was actively being targeted by the military wing of the cyber operations branch of the Russian government, had been the victim of months of covert exploitation conducted to gain a military advantage in the region.

The Russian cyber warfare...

Even compliant organizations' perimeters fail

The Equifax breach offers yet another case study in the dissolution and ineffective nature of the current state of security practices for enterprises. Even those that have spent millions on security and are fully aware of both the location of and the implications of their data security plans will fail epically when any instance of weakness is found in their perimeter-based security model.

Consider the technical and managerial aspects of the Equifax breach. The company had a large budget for their security team, all required and compliance mandated solutions were in place, and broad scope security monitoring and analytics were in place. And yet the entirety of the data repositories for the company, and more than 140 million Americans and over 800,000 UK citizens, was exploited over the course of a near year-long incursion.

The initial impetus for the infection occurred thanks to a vulnerability in the public-facing...

Governments' perimeters fail

Even governments can fall victim to the scourge of this failed approach to security. The US Office of Personnel Management, or OPM, is one of the most critical agencies within the US Federal system. This entity is basically responsible for housing the total collection of all human resource records for every person that is employed by the US Federal Government. This includes millions of current and past Federal employees' and military members' personal information, as well as the results and data for every security clearance investigation that is used by the DoD to validate access for its most secretive agencies and programs. One would think that with this type of data, and knowing the extreme value of this data, the agency would be one of the most secure within the DoD. Not so.

As with Equifax and Maersk, the OPM breach was architected from the start, decades ago in OPM's case, to be unprepared, and built to fail should...

Users, BYOD, and the obliteration of the perimeter

The power that is afforded to users, devices, and applications has exponentially increased over the last half-decade and with the proliferation of that power comes an ever-increasing multi-faceted patchwork of potential future failures for all infrastructures. Add the increasing complexity and reliance that the cloud offers and the problem of maintaining control and management of all those moving parts, which all exist by default outside of the boundaries of any perimeter, and things go from bad to worse at light speed.

In the past, it was a necessity for users to physically be present at their place of employment for them to have any connectivity or access to network systems, and in many cases, even computer technology. Over the last two decades, the reduction in cost of personal computing devices, and the power that those devices wield, has benefited the user population but has confounded infrastructure security. The...

Applications add to insecurity

When one realizes the flaws that VPN technology introduces to the enterprise perimeter security model, one can see there are certainly issues with that approach. Adding to that issue, but also closely coupled with remote work and the BYOD movement for the workforce, is the issue of application security. Applications are what everyone, everywhere, on every device, uses to interact with and access the tools they need to do their jobs and conduct tasks in their daily lives. These applications are in many cases built with a focus on speed to production in mind, not security. That fact means that many of those applications that are used are basically built to be insecure.

According to a study jointly conducted by the Ponemon Institute and IBM, more than 50% of enterprises have 0% of their security budget aimed specifically at application security (Ponemon Institute, 2016). Over 40% of enterprises do not scan the code that runs their applications for...

Authentication methods failed

The password: the single most prolific means of authentication for enterprises, users, and almost any system on the planet is the lynchpin of failed security in cyberspace. Almost everything uses a password at some stage. Basically, every application that is used, as well as every VPN, and even every machine on the planet uses a password for its means of authentication, as do administrative tools and internetwork shares and firewall systems. Everything, everywhere, has a password.

While that seems like a relatively simple and useful means of implementing security via authentication, passwords are only secure if they stay unknown to those who aren't the user of that password.

Over the past half-decade, almost every major instance of repository for usernames and passwords has been breached at one time or another. In 2019, an independent researcher released a list of over 700 million known breached emails and usernames that could...

IoT devices poke holes in any perimeter

Internet of Things (IoT) devices are now some of the most prolific network-enabled assets on the planet. Over 6 billion of these devices are known to be currently connected to the internet as of 2019. All these 6 billion devices are web-enabled, app-enabled, require passwords for authentication, and are usually developed and built in nations that are known to have adversarial ties to government hacking organizations. In other words, they are guaranteed to have some level of insecurity from the day they roll off the manufacturing floor. And most, if not almost all, enterprises have some form of an IoT device in their network somewhere.

Whether it's a smart TV, smart thermostat, wireless printer, internet-enabled camera, or some other device somewhere in an enterprise, it is a certainty that an IoT device exists in that infrastructure.

The use of proprietary wireless signals and protocols within IoT devices is the main avenue...

You can't fix stupid, or evil

In a perfect world, no human would ever touch a network. Machines would do everything and humans would simply benefit from those interactions. Machines operate logically and solely with a focus on function. They aren't easily tricked and are not typically open to influence via social means. But, for the time being, we don't live in that science fiction world where machines do everything for us. We still have users, and those users touch our networks, and their actions and issues introduce avenues of exploitation that can cripple what might have been a secure network. We must consider the following:

  • The most secure network is the one that no human ever touches. The second that a human puts their fingers onto a keyboard, the threat of compromise via human means, social engineering, phishing, and other standard methods becomes a reality. While technology is relatively binary in nature, humans are not. We are open to influence, fear...

Conclusion

The perimeter-based security model is outdated and has unequivocally failed to secure businesses and enterprises across the planet. However, it is not because the basic concept of a secure edge is a failure. It is instead the proliferation of technology combined with the interconnected nature of current infrastructures that make this approach to security so ineffective. The very connectivity that is a boon for mankind, enabling business and everyday life, is its own worst enemy. A failure within one perimeter eventually will lead to a failure in many, and on and on it goes.

While the perimeter-based model of security has proven itself inefficient and a purveyor of failure, there are now issues far beyond those high walls that will afflict cyberspace for the coming decade. The time to understand what those items are and explore how they might be used for malevolent purposes is now, before they become problems that expand beyond the bounds of any...

References

  1. Brandom, R. (2017, October 3). Equifax CEO blames breach on a single person who failed to deploy patch. Retrieved from theverge.com: https://www.theverge.com/2017/10/3/16410806/equifax-ceo-blame-breach-patch-congress-testimony
  2. Constantin, L. (2019, October 30). Credential stuffing explained: How to prevent, detect and defend against it. Retrieved from csoonline.com: https://www.csoonline.com/article/3448558/credential-stuffing-explained-how-to-prevent-detect-and-defend-against-it.html?utm_source=twitter&utm_medium=social&utm_campaign=organic
  3. Government Accountability Office (GAO). (2018, August 1). Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach. Retrieved from gao.gov: https://www.gao.gov/assets/700/694158.pdf
  4. Greenberg, A. (2018, August 22). The Untold Story of NotPetya, the Most Devastating Cyberattack in History. Retrieved from wired.com: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed...
Left arrow icon Right arrow icon

Key benefits

  • Define and determine a cyber-defence strategy based on current and past real-life examples
  • Understand how future technologies will impact cyber warfare campaigns and society
  • Future-ready yourself and your business against any cyber threat

Description

The era of cyber warfare is now upon us. What we do now and how we determine what we will do in the future is the difference between whether our businesses live or die and whether our digital self survives the digital battlefield. Cyber Warfare – Truth, Tactics, and Strategies takes you on a journey through the myriad of cyber attacks and threats that are present in a world powered by AI, big data, autonomous vehicles, drones video, and social media. Dr. Chase Cunningham uses his military background to provide you with a unique perspective on cyber security and warfare. Moving away from a reactive stance to one that is forward-looking, he aims to prepare people and organizations to better defend themselves in a world where there are no borders or perimeters. He demonstrates how the cyber landscape is growing infinitely more complex and is continuously evolving at the speed of light. The book not only covers cyber warfare, but it also looks at the political, cultural, and geographical influences that pertain to these attack methods and helps you understand the motivation and impacts that are likely in each scenario. Cyber Warfare – Truth, Tactics, and Strategies is as real-life and up-to-date as cyber can possibly be, with examples of actual attacks and defense techniques, tools. and strategies presented for you to learn how to think about defending your own systems and data.

Who is this book for?

This book is for any engineer, leader, or professional with either a responsibility for cyber security within their organizations, or an interest in working in this ever-growing field.

What you will learn

  • Hacking at scale – how machine learning (ML) and artificial intelligence (AI) skew the battlefield
  • Defending a boundaryless enterprise
  • Using video and audio as weapons of influence
  • Uncovering DeepFakes and their associated attack vectors
  • Using voice augmentation for exploitation
  • Defending when there is no perimeter
  • Responding tactically to counter-campaign-based attacks

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 25, 2020
Length: 330 pages
Edition : 1st
Language : English
ISBN-13 : 9781839214486
Category :
Concepts :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Feb 25, 2020
Length: 330 pages
Edition : 1st
Language : English
ISBN-13 : 9781839214486
Category :
Concepts :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 120.97
Cybersecurity – Attack and Defense Strategies
€62.99
Cybersecurity Attacks – Red Team Strategies
€32.99
Cyber Warfare – Truth, Tactics, and Strategies
€24.99
Total 120.97 Stars icon
Banner background image

Table of Contents

12 Chapters
A Brief History of Cyber Threats and the Emergence of the APT Designator Chevron down icon Chevron up icon
The Perimeter Is Dead Chevron down icon Chevron up icon
Emerging Tactics and Trends – What Is Coming? Chevron down icon Chevron up icon
Influence Attacks – Using Social Media Platforms for Malicious Purposes Chevron down icon Chevron up icon
DeepFakes and AI/ML in Cyber Security Chevron down icon Chevron up icon
Advanced Campaigns in Cyber Warfare Chevron down icon Chevron up icon
Strategic Planning for Future Cyber Warfare Chevron down icon Chevron up icon
Cyber Warfare Strategic Innovations and Force Multipliers Chevron down icon Chevron up icon
Bracing for Impact Chevron down icon Chevron up icon
Survivability in Cyber Warfare and Potential Impacts for Failure Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(20 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Edward F. Moses II Apr 21, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
SummaryThis book is a nice, high-level summary of the most current attack types, threat actors, protection strategies, and insights in Cybersecurity. The author begins with a history of common attacks, breaches, and attacker motivations. He makes the subject matter easily relatable whether you are a "layman" simply interested in the world of Cybersecurity or a seasoned IT veteran wanting to catch up on the latest trends in a single source. That being said, the target audience can be those with little knowledge of IT or Cybersecurity, as the book does not dive too deeply into the technical arena. However, there is enough technical information to keep those of us with decades of experience interested. The author is sure to define many of the acronyms the proliferate in this industry.The author covers many of the historic hacks and events that lead up to our current Cybersecurity setting. Antivirus, Advanced Persistent Threats (APT), and Stuxnet are just a few of the attacks covered. He then goes on to discuss problems plaguing modern network infrastructures, such as BYOD and protecting the perimeter using the traditional "Defense-in-Depth" methods. The Internet of Things (IoT) is also discussed in detail. He follows this with new trends in attack vectors, ransomware, artificial intelligence/machine learning (AI/ML), and DeepFakes. For those that would like to see more technical information, such as tools, the author includes some overviews of offensive and defensive Cybersecurity tools such as Infection Monkey, SNAP_R, and various open source intelligence (OSINT) tools.Overall, this is great for novices and experts alike to get quickly caught up with the latest trends. This book is highly recommended and it will quickly catch you up with past events, current strategies, and future trends.
Amazon Verified review Amazon
Chicago2305 Jul 07, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I have been working in Cyber Security for many years, I constantly read books that have similar titles. This is not a garden variety cyber security book. Chase Cunningham is an authority in this field and his thought leadership is evident throughout its' pages. I could not put it down, and may have lost a little bit of sleep after reading about what the nation states are doing but I would rather know this information than not know it.Keep on writing Dr. Cunningham, very well done Sir! Tina Gravel
Amazon Verified review Amazon
Andrew Lochart Mar 23, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is a great book. I enjoyed it very much and I learned a lot from it.The book is comprehensive and is laid out very logically, with chapters that first cover the history of cyber attacks, then discusses emerging vulnerabilities and attacks (eg: autonomous cars, drones, social media disinformation, deep fakes, and much more).He then shifts to talking about what organizations can do to prepare themselves for the emerging attacks. He starts with strategic planning, then gets into some of the nitty gritty of what tools and techniques can help. Anyone familiar with the research that Cunningham does at Forrester will be unsurprised to read here about micro-segmentation, software defined networks (SDN), and his profound hope that we will all eventually #KillThePassword.This is not a perfect book. I wish his editors had been more diligent about weeding out some excess verbiage that crops up in places. Also, I found it jarring that he mentions only two security vendors and their products by name, in a book that otherwise seems to take pains not to promote any. Both vendors, have, as far as I know, fine reputations. But it feels off that these two should get such visibility.But these are niggles, to be sure, in what is otherwise a knowledgable, comprehensive book. It was clear and understandable to a non-practitioner like me, but I think that those who are hands-on with cyber security will find much here that is new and informative. I recommend the book very highly.
Amazon Verified review Amazon
Wade R. Alt Mar 25, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Really enjoyed this book. Dr. Cunningham has such a command of this topic, combined with his excellent story telling skills made this a pleasure to read while learning a great deal. A must read for any cyber executive - a book I'll expect my team to read.
Amazon Verified review Amazon
S. Ryan Mar 31, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Sophisticated analysis given in accessible and engaging way -This book is packed with tons of information and real world examples of cyber attacks, plus a range of high level, powerful strategies and specific tactics for how to address the cyber security challenges we face today and the looming challenges of the future. The author's military background and cyber security expertise add credence to the analysis along with many interesting military anecdotes. (full disclosure: I work at a technology advisory firm with the author, but I genuinely enjoyed this book and think you will too).
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.