[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Buchbesprechung: "Information Warfare" von Michael Erbschloe
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Aus dem neuen Risks Digest. RB
http://catless.ncl.ac.uk/Risks/22.30.html
Date: Tue, 8 Oct 2002 12:42:20 -0800
From: Rob Slade <rslade -!
- sprint -
ca>
Subject: REVIEW: "Information Warfare", Michael Erbschloe
BKINFWFR.RVW 20020721
"Information Warfare", Michael Erbschloe, 2001, 0-07-213260-4, U$29.99
%A Michael Erbschloe
%C 300 Water Street, Whitby, Ontario L1N 9B6
%D 2001
%G 0-07-213260-4
%I McGraw-Hill Ryerson/Osborne
%O U$29.99 800-565-5758 905-430-5134 fax: 905-430-5020
%P 315 p.
%T "Information Warfare: How to Survive Cyber Attacks"
In both the preface and the introduction, the author makes a point of
stating that this book is different from others in the field, that it
does
not simply use the old military paradigm to analyze information warfare,
and, as a result, will be more useful to business. It is, therefore,
rather
startling to find, in chapter one, background basics that stick strictly
to
the military model. Everything is presented purely from the perspective
of
single attacker and single defender, and it's definitely black hat
versus
white. The model thus constructed is weak in several areas, and would
not
seem to be able to even address a number of issues. For example,
writers
such as Dorothy Denning (cf. BKINWRSC.RVW) postulate the potential harm
that
can arise from corrupted data and other misinformation, which may be
used
for purposes ranging from propaganda to degrading decision systems. And
what do we do about business situations, where today's colleague may be
tomorrow's competitor? Chapter two uses profligate verbiage to list a
few
points about economic impacts that will come as no surprise whatsoever
to
anyone with the slightest background in business impact analysis. In
chapter three, Erbschloe turns to fiction. He proposes a scenario in
which
a gang of cyber-terrorists causes one trillion dollars worth of damage.
In
doing so, the author demonstrates that a) his experience in information
warfare is limited to viruses, b) his experience with viruses is limited
to
Loveletter, and c) he believes all the movie stereotypes about
"hackers."
Black hat communities are seldom as cosmopolitan as the one proposed.
They
are never as original: multiple viruses based on the model used would
quickly be caught by generic means. It is also a lot easier to write
simple
virus variations than it is to break into specific targeted systems for
specific targeted information.
We are told, in chapter four, that in order to fight against the
information
warfare threat, all governments and militaries must get together. (Can
we
hear a chorus of "And do it my way!" swelling in the background?) Then
we
have a relay of military strategies in chapter five. Supposedly chapter
six
turns to corporate strategies, but with the emphasis on terrorists and
the
FBI, we seem to be back to the military again. A number of tables are
used
to assert that terrorists and rogue criminals are interested in
attacking
various industries. (Proof of these statements seems to be singularly
lacking.) Chapter eight lists companies proposed to be in the
"information
warfare" reserve: able to provide expertise in the event of an attack.
In
light of the recent business debacles, these lists unintentionally
provide
some of the most humorous reading in the book. (For those who know the
security problems of some of these companies, the lists are even
funnier.)
Tellingly, the material on the civilian "casualties" of infowar, in
chapter
nine, is the most restricted in the book. Chapter ten seems to move
into
fiction again. Erbschloe, without much in the way of evidence, says
that
the "geek in the basement" brigade is now about to turn pro, en masse.
(He
also states that we are going to have a skilled and active black hat
population of 600,000 by 2005.) The statement, in chapter eleven, that
we
need more skilled law enforcement people is unsurprising, and also
unhelpful. The conclusion, in chapter twelve, that we need more money
and
attention for security is equally useless.
This is a verbose reiteration of minor points that are evident to anyone
with any background in security, let alone specialists in the
information
warfare field. Mind you, the book was probably not intended for
experts.
However, readers with no knowledge of data security are likely to be
misled.
They will feel that they have been taught about information warfare.
They
haven't.
copyright Robert M. Slade, 2002 BKINFWFR.RVW 20020721
rslade -!
- vcn -
bc -
ca rslade -!
- sprint -
ca slade -!
- victoria -
tc -
ca p1 -!
- canada -
com
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.