Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Cyber Warfare – Truth, Tactics, and Strategies
Cyber Warfare – Truth, Tactics, and Strategies

Cyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare

eBook
€8.99 €19.99
Paperback
€24.99
Audiobook
€8.99 €21.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Cyber Warfare – Truth, Tactics, and Strategies

The Perimeter Is Dead

For the past 30-plus years, the overarching plan to secure networks and digital infrastructure was one that was predicated on the concept of perimeter-based security. Most organizations across the globe subscribed to the concept and plan that if the walls were high enough and the outward boundaries of the network were hard enough, then the enemy would not be able to "get in." Entire global architectures have been built and deployed to leverage that concept and billions of dollars have been spent to engage in "defense in depth" and the "castle and moat" methodology of security. It has all been for naught.

The perimeter-based model of security has categorically failed to keep pace with the evolution of the internet, the proliferation of devices and accesses, and the explosion of cloud computing and an increasingly mobile and Bring Your Own Device (BYOD) workforce. There is no perimeter anymore. The moment a user can...

A scenario detailing holes in the model

Consider the following scenario. A user who works from home and has administrative rights on their machine (as most do, especially when it is their own personal device) allows their child to use that device because they need it for homework. The little tyke jumps on their parent's overly powerful, overly app-heavy, non-managed device and, instead of going to a safe homework site, they maneuver to what they thought was a seemingly innocuous site that they heard about at school.

This young user wants to see whatever this site has to offer, but in order to do that they must download a plugin on their parent's browser and an app that the site says they need to use the content on the site (remember the child can execute this operation because they have administrative privileges on this machine) – so they do.

Everything on the site works fine, no malware alerts are noted (because the malware they downloaded is new and has no...

A global perimeter falls

Another example of how the technical alignment of the perimeter-based model helps proliferate exploitation and is woefully ineffective at combatting current threat actions comes from an analysis of what happened to the shipping giant Maersk.

In 2017, a Ukrainian company with software used for accounting – the Linkos group – was operating as normal. Unbeknownst to the IT leaders and users at this company, the servers that were connected to hundreds of clients and responsible for updating their accounting software were the launching point for the initial proliferation of the NotPetya ransomware attack.

The Linkos group, which did nothing "wrong" other than be located in a country that was actively being targeted by the military wing of the cyber operations branch of the Russian government, had been the victim of months of covert exploitation conducted to gain a military advantage in the region.

The Russian cyber warfare...

Even compliant organizations' perimeters fail

The Equifax breach offers yet another case study in the dissolution and ineffective nature of the current state of security practices for enterprises. Even those that have spent millions on security and are fully aware of both the location of and the implications of their data security plans will fail epically when any instance of weakness is found in their perimeter-based security model.

Consider the technical and managerial aspects of the Equifax breach. The company had a large budget for their security team, all required and compliance mandated solutions were in place, and broad scope security monitoring and analytics were in place. And yet the entirety of the data repositories for the company, and more than 140 million Americans and over 800,000 UK citizens, was exploited over the course of a near year-long incursion.

The initial impetus for the infection occurred thanks to a vulnerability in the public-facing...

Governments' perimeters fail

Even governments can fall victim to the scourge of this failed approach to security. The US Office of Personnel Management, or OPM, is one of the most critical agencies within the US Federal system. This entity is basically responsible for housing the total collection of all human resource records for every person that is employed by the US Federal Government. This includes millions of current and past Federal employees' and military members' personal information, as well as the results and data for every security clearance investigation that is used by the DoD to validate access for its most secretive agencies and programs. One would think that with this type of data, and knowing the extreme value of this data, the agency would be one of the most secure within the DoD. Not so.

As with Equifax and Maersk, the OPM breach was architected from the start, decades ago in OPM's case, to be unprepared, and built to fail should...

Users, BYOD, and the obliteration of the perimeter

The power that is afforded to users, devices, and applications has exponentially increased over the last half-decade and with the proliferation of that power comes an ever-increasing multi-faceted patchwork of potential future failures for all infrastructures. Add the increasing complexity and reliance that the cloud offers and the problem of maintaining control and management of all those moving parts, which all exist by default outside of the boundaries of any perimeter, and things go from bad to worse at light speed.

In the past, it was a necessity for users to physically be present at their place of employment for them to have any connectivity or access to network systems, and in many cases, even computer technology. Over the last two decades, the reduction in cost of personal computing devices, and the power that those devices wield, has benefited the user population but has confounded infrastructure security. The...

Applications add to insecurity

When one realizes the flaws that VPN technology introduces to the enterprise perimeter security model, one can see there are certainly issues with that approach. Adding to that issue, but also closely coupled with remote work and the BYOD movement for the workforce, is the issue of application security. Applications are what everyone, everywhere, on every device, uses to interact with and access the tools they need to do their jobs and conduct tasks in their daily lives. These applications are in many cases built with a focus on speed to production in mind, not security. That fact means that many of those applications that are used are basically built to be insecure.

According to a study jointly conducted by the Ponemon Institute and IBM, more than 50% of enterprises have 0% of their security budget aimed specifically at application security (Ponemon Institute, 2016). Over 40% of enterprises do not scan the code that runs their applications for...

Authentication methods failed

The password: the single most prolific means of authentication for enterprises, users, and almost any system on the planet is the lynchpin of failed security in cyberspace. Almost everything uses a password at some stage. Basically, every application that is used, as well as every VPN, and even every machine on the planet uses a password for its means of authentication, as do administrative tools and internetwork shares and firewall systems. Everything, everywhere, has a password.

While that seems like a relatively simple and useful means of implementing security via authentication, passwords are only secure if they stay unknown to those who aren't the user of that password.

Over the past half-decade, almost every major instance of repository for usernames and passwords has been breached at one time or another. In 2019, an independent researcher released a list of over 700 million known breached emails and usernames that could...

IoT devices poke holes in any perimeter

Internet of Things (IoT) devices are now some of the most prolific network-enabled assets on the planet. Over 6 billion of these devices are known to be currently connected to the internet as of 2019. All these 6 billion devices are web-enabled, app-enabled, require passwords for authentication, and are usually developed and built in nations that are known to have adversarial ties to government hacking organizations. In other words, they are guaranteed to have some level of insecurity from the day they roll off the manufacturing floor. And most, if not almost all, enterprises have some form of an IoT device in their network somewhere.

Whether it's a smart TV, smart thermostat, wireless printer, internet-enabled camera, or some other device somewhere in an enterprise, it is a certainty that an IoT device exists in that infrastructure.

The use of proprietary wireless signals and protocols within IoT devices is the main avenue...

You can't fix stupid, or evil

In a perfect world, no human would ever touch a network. Machines would do everything and humans would simply benefit from those interactions. Machines operate logically and solely with a focus on function. They aren't easily tricked and are not typically open to influence via social means. But, for the time being, we don't live in that science fiction world where machines do everything for us. We still have users, and those users touch our networks, and their actions and issues introduce avenues of exploitation that can cripple what might have been a secure network. We must consider the following:

  • The most secure network is the one that no human ever touches. The second that a human puts their fingers onto a keyboard, the threat of compromise via human means, social engineering, phishing, and other standard methods becomes a reality. While technology is relatively binary in nature, humans are not. We are open to influence, fear...

Conclusion

The perimeter-based security model is outdated and has unequivocally failed to secure businesses and enterprises across the planet. However, it is not because the basic concept of a secure edge is a failure. It is instead the proliferation of technology combined with the interconnected nature of current infrastructures that make this approach to security so ineffective. The very connectivity that is a boon for mankind, enabling business and everyday life, is its own worst enemy. A failure within one perimeter eventually will lead to a failure in many, and on and on it goes.

While the perimeter-based model of security has proven itself inefficient and a purveyor of failure, there are now issues far beyond those high walls that will afflict cyberspace for the coming decade. The time to understand what those items are and explore how they might be used for malevolent purposes is now, before they become problems that expand beyond the bounds of any...

References

  1. Brandom, R. (2017, October 3). Equifax CEO blames breach on a single person who failed to deploy patch. Retrieved from theverge.com: https://www.theverge.com/2017/10/3/16410806/equifax-ceo-blame-breach-patch-congress-testimony
  2. Constantin, L. (2019, October 30). Credential stuffing explained: How to prevent, detect and defend against it. Retrieved from csoonline.com: https://www.csoonline.com/article/3448558/credential-stuffing-explained-how-to-prevent-detect-and-defend-against-it.html?utm_source=twitter&utm_medium=social&utm_campaign=organic
  3. Government Accountability Office (GAO). (2018, August 1). Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach. Retrieved from gao.gov: https://www.gao.gov/assets/700/694158.pdf
  4. Greenberg, A. (2018, August 22). The Untold Story of NotPetya, the Most Devastating Cyberattack in History. Retrieved from wired.com: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed...
Left arrow icon Right arrow icon

Key benefits

  • Define and determine a cyber-defence strategy based on current and past real-life examples
  • Understand how future technologies will impact cyber warfare campaigns and society
  • Future-ready yourself and your business against any cyber threat

Description

The era of cyber warfare is now upon us. What we do now and how we determine what we will do in the future is the difference between whether our businesses live or die and whether our digital self survives the digital battlefield. Cyber Warfare – Truth, Tactics, and Strategies takes you on a journey through the myriad of cyber attacks and threats that are present in a world powered by AI, big data, autonomous vehicles, drones video, and social media. Dr. Chase Cunningham uses his military background to provide you with a unique perspective on cyber security and warfare. Moving away from a reactive stance to one that is forward-looking, he aims to prepare people and organizations to better defend themselves in a world where there are no borders or perimeters. He demonstrates how the cyber landscape is growing infinitely more complex and is continuously evolving at the speed of light. The book not only covers cyber warfare, but it also looks at the political, cultural, and geographical influences that pertain to these attack methods and helps you understand the motivation and impacts that are likely in each scenario. Cyber Warfare – Truth, Tactics, and Strategies is as real-life and up-to-date as cyber can possibly be, with examples of actual attacks and defense techniques, tools. and strategies presented for you to learn how to think about defending your own systems and data.

Who is this book for?

This book is for any engineer, leader, or professional with either a responsibility for cyber security within their organizations, or an interest in working in this ever-growing field.

What you will learn

  • Hacking at scale – how machine learning (ML) and artificial intelligence (AI) skew the battlefield
  • Defending a boundaryless enterprise
  • Using video and audio as weapons of influence
  • Uncovering DeepFakes and their associated attack vectors
  • Using voice augmentation for exploitation
  • Defending when there is no perimeter
  • Responding tactically to counter-campaign-based attacks

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 25, 2020
Length: 330 pages
Edition : 1st
Language : English
ISBN-13 : 9781839216992
Category :
Concepts :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Feb 25, 2020
Length: 330 pages
Edition : 1st
Language : English
ISBN-13 : 9781839216992
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 120.97
Cybersecurity – Attack and Defense Strategies
€62.99
Cybersecurity Attacks – Red Team Strategies
€32.99
Cyber Warfare – Truth, Tactics, and Strategies
€24.99
Total 120.97 Stars icon
Banner background image

Table of Contents

12 Chapters
A Brief History of Cyber Threats and the Emergence of the APT Designator Chevron down icon Chevron up icon
The Perimeter Is Dead Chevron down icon Chevron up icon
Emerging Tactics and Trends – What Is Coming? Chevron down icon Chevron up icon
Influence Attacks – Using Social Media Platforms for Malicious Purposes Chevron down icon Chevron up icon
DeepFakes and AI/ML in Cyber Security Chevron down icon Chevron up icon
Advanced Campaigns in Cyber Warfare Chevron down icon Chevron up icon
Strategic Planning for Future Cyber Warfare Chevron down icon Chevron up icon
Cyber Warfare Strategic Innovations and Force Multipliers Chevron down icon Chevron up icon
Bracing for Impact Chevron down icon Chevron up icon
Survivability in Cyber Warfare and Potential Impacts for Failure Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(20 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Edward F. Moses II Apr 21, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
SummaryThis book is a nice, high-level summary of the most current attack types, threat actors, protection strategies, and insights in Cybersecurity. The author begins with a history of common attacks, breaches, and attacker motivations. He makes the subject matter easily relatable whether you are a "layman" simply interested in the world of Cybersecurity or a seasoned IT veteran wanting to catch up on the latest trends in a single source. That being said, the target audience can be those with little knowledge of IT or Cybersecurity, as the book does not dive too deeply into the technical arena. However, there is enough technical information to keep those of us with decades of experience interested. The author is sure to define many of the acronyms the proliferate in this industry.The author covers many of the historic hacks and events that lead up to our current Cybersecurity setting. Antivirus, Advanced Persistent Threats (APT), and Stuxnet are just a few of the attacks covered. He then goes on to discuss problems plaguing modern network infrastructures, such as BYOD and protecting the perimeter using the traditional "Defense-in-Depth" methods. The Internet of Things (IoT) is also discussed in detail. He follows this with new trends in attack vectors, ransomware, artificial intelligence/machine learning (AI/ML), and DeepFakes. For those that would like to see more technical information, such as tools, the author includes some overviews of offensive and defensive Cybersecurity tools such as Infection Monkey, SNAP_R, and various open source intelligence (OSINT) tools.Overall, this is great for novices and experts alike to get quickly caught up with the latest trends. This book is highly recommended and it will quickly catch you up with past events, current strategies, and future trends.
Amazon Verified review Amazon
Chicago2305 Jul 07, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I have been working in Cyber Security for many years, I constantly read books that have similar titles. This is not a garden variety cyber security book. Chase Cunningham is an authority in this field and his thought leadership is evident throughout its' pages. I could not put it down, and may have lost a little bit of sleep after reading about what the nation states are doing but I would rather know this information than not know it.Keep on writing Dr. Cunningham, very well done Sir! Tina Gravel
Amazon Verified review Amazon
Andrew Lochart Mar 23, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is a great book. I enjoyed it very much and I learned a lot from it.The book is comprehensive and is laid out very logically, with chapters that first cover the history of cyber attacks, then discusses emerging vulnerabilities and attacks (eg: autonomous cars, drones, social media disinformation, deep fakes, and much more).He then shifts to talking about what organizations can do to prepare themselves for the emerging attacks. He starts with strategic planning, then gets into some of the nitty gritty of what tools and techniques can help. Anyone familiar with the research that Cunningham does at Forrester will be unsurprised to read here about micro-segmentation, software defined networks (SDN), and his profound hope that we will all eventually #KillThePassword.This is not a perfect book. I wish his editors had been more diligent about weeding out some excess verbiage that crops up in places. Also, I found it jarring that he mentions only two security vendors and their products by name, in a book that otherwise seems to take pains not to promote any. Both vendors, have, as far as I know, fine reputations. But it feels off that these two should get such visibility.But these are niggles, to be sure, in what is otherwise a knowledgable, comprehensive book. It was clear and understandable to a non-practitioner like me, but I think that those who are hands-on with cyber security will find much here that is new and informative. I recommend the book very highly.
Amazon Verified review Amazon
Wade R. Alt Mar 25, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Really enjoyed this book. Dr. Cunningham has such a command of this topic, combined with his excellent story telling skills made this a pleasure to read while learning a great deal. A must read for any cyber executive - a book I'll expect my team to read.
Amazon Verified review Amazon
S. Ryan Mar 31, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Sophisticated analysis given in accessible and engaging way -This book is packed with tons of information and real world examples of cyber attacks, plus a range of high level, powerful strategies and specific tactics for how to address the cyber security challenges we face today and the looming challenges of the future. The author's military background and cyber security expertise add credence to the analysis along with many interesting military anecdotes. (full disclosure: I work at a technology advisory firm with the author, but I genuinely enjoyed this book and think you will too).
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.