BOOK REVIEW: Dawn of The Code War: Americas Battle Against Russia, China, and the Rising Global Cyber Threat
By: John P. Carlin with Garrett M. Graff, Public Affairs, New York, 2018
Reviewed by Peter M. Tran
In 1789, Benjamin Franklin wrote in a letter that “Our new Constitution is now established, and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death and taxes.” Fast forward 229 years to 2018, and my contention would be in our current transformed cyber world, nothing is certain now except death, taxes and cyber-threats. This is exactly what John P. Carlin and Garrett M. Graff convey in an authentic, technical and true-to-life book. Dawn of the Code War takes us through what, at first glance, would appear to be yet another fictional cold war spy thriller, but don’t judge this book by its cover.
Carlin and Graff give Richard A. Clarke’s “Cyber War – The Next Threat to National Security and What to Do About It” a run for its money, with a superb view into how “freaks and geeks” became this next century’s invisible enemy through the weaponization of the Internet. The book squarely makes the case that “cybersecurity isn’t a wonky IT issue,” as Carlin puts it, and provides the details of some of the most impactful nation state cyber-attacks of the last decade. The book describes how the resulting federal law enforcement and intelligence community investigations from the attacks on the Pentagon, Office of Personnel Management (OPM), Sony and Equifax have created the cyber industrial complex. We are taken through the hacker, “Do It Yourself” (DIY) culture where the proliferation of off-the-shelf dark market tools makes you wonder if there will soon be a hacking aisle at your local Home Depot.
What Carlin and Graff uniquely take us through, is how code has become king in new conventional warfighting. Crime has taken a back seat to net-centric warfare, cyber terrorism, and geopolitical and economic trade craft through social media manipulation (#fakenews), where the adversary can hide in plain sight with each attack. From al-Qaeda to ISIL, China, Ukraine and the Syrian Electronic Army, the modern cyber adversarial lines start to blur as the book pivots and explains how not all hackers are created equal, and how Silicon Valley-born technological innovations may be used against us, as nation state hackers master data analytics, artificial intelligence and machine learning to counter our own detection methods.
The book marks what Carlin and Graff call the “end of innocence” for information technology as we know it and uses the circa 2000 “I Love You” virus as a perfect example to illustrate that term. Through this end of innocence, we are given the vantage point of seeing the code war evolve through the eyes of the FBI and CIA cyber operational and intelligence functions. The investigative tactics, and the various nation state cat and mouse games which ensued, continued to frustrate prosecutors and politicians alike, with one of the most notorious series of cyber incidents involving Google, and other heavy hitting names, under code name Operation Aurora.
Advanced and persistent, Carlin and Graff take us through how the playing field is never equal, in part because nation states such as China and Russia don’t play by the same rules of engagement. The rise of the term “Advanced Persistent Threat” (APT) begins to mean more than characterizing attack sets, and as we read on, each chapter sheds deeper insight into the techniques, tools and procedures (TTPs) used by our opponents. The style, flare and arrogance of hackers such as the “Comment Crew”, “Ugly Gorilla”, “Black Vine” tell us much about our adversaries.
The book progresses like a linear accelerator raising a reasonable doubt about whether an equal attack surface the United States can play on, even exists. It becomes more evident to the reader that every public and commercial enterprise is a data-driven business, and the interdependencies between governments and the private sector globally, feeds a code war. Carlin and Graff leave us with a better understanding of where we are now, the hard lessons learned, and what our nation and the world needs to firmly grasp in order to address the known unknowns needed to defend against, and win, the code war.
Dawn of the Code War earns a solid three out of four trench coats.
Peter M. Tran is a former NCIS Special Agent and globally recognized information security, cyber defense technology, security operations expert. He is Vice President and Head of Global Cyber Defense and Security Strategy at Worldpay. His expert commentary has been featured on NBC, CBS, Fox News, Fox Business, Reuters TV, Sky News, The Wall Street Journal, Boston Globe, Los Angeles Times, USA Today, Harvard Business Review, MIT Technology Review and Fast Company and elsewhere. Follow him @ptrancyber.
For real-time cyber analysis, Read The Cipher Brief’s Terrorists Stalk Dark Web for Deadlier Weaponry