The importance of cybersecurity issues is evolving. Progressive computerization and digitization mean that more and more of our affairs, parts of life, and even businesses, depend on technology. In one way or another. Technology and digitization are a great social good. But we have to be aware of the risks. What are the implications of technology controlling, or running, the entire world – our lives, entire countries, key goods, and infrastructures?
That’s the topic of my book Philosophy of Cybersecurity (or Amz, preorders possible now already), published by an academic publishing house Routledge/CRC (preorders start tomorrow).
Cybersecurity today is not only a matter of security of information and computer systems.
Cybersecurity is a matter of security on a scale of entire societies. That's why it's worth sorting this topic out. Hence the idea for the book. The book covers the subject of cybersecurity very broadly.
Why the term "Philosophy"? It’s not a treatise! Rather, it's about knowing how to think about threats, risks, and cybersecurity in today's, and tomorrow's world. This book is therefore a kind of essential equipment. It equips the consciousness. For example, it indicates what kind of content or news is important and what kind of content is not so important (or what kind of content or news is not important at all, is noise).
Philosophy of Cybersecurity considers the user's perspective (me, you), but also system issues.
This is a book for everyone. It is meant to be accessible It is for a wide audience. This is one of the main goals. To make it accessible, understandable. Yet, this is expert material concerning a complex issue. Therefore, there is plenty of interesting content for experts, academic researchers, lecturers, as well as students of technical fields such as computer science, but also those including social sciences, as well as in areas such as international relations, diplomacy, strategy, and security studies. Employees, officers, or officials at various types of institutions, bodies, and centers – will also find it very informative. To be frank – it may also be useful to policymakers. After all, today, technology and cyber security are matters of state strategy and policy. Finally, this book is perfect for anyone who would like to understand and be able to appreciate the evolution of cybersecurity in recent decades and acquire awareness of threats and the necessary grounds to counteract them (how to protect yourself).
Perhaps it will be the first cybersecurity book you'll understand?
It talks about such detailed basics as, for example, what a good password is, and why it is considered so today. But also about systemic issues like healthcare cybersecurity (challenges, why is it so difficult to secure, could people die as a result of cyberattacks?), critical infrastructure (can a cyberattack blow up elements of the power system?), countries (countries have already been hacked, including Poland).
It is also about the fact that cyberspace is not a "gray zone" without any rules. I logically explain what cyberwar is. Whether it threatens us. Under what circumstances cyberattacks could lead to a broader war? About what such an initiation might look like. It considers cyber espionage, not only cybercrime. It lays out realistic (based on scientific and technical) scenarios of cyber operations causing (1) physical destruction, (2) lethal effects, and (3) starting a war.
The last point is that cyberwar gained importance due to the war in Ukraine. This is tackled in the book directly, analytically, and expertly. The rank and importance of these actions are explained, also against the background of broader military activities. I also explain the possible signals leading to the later armed conflict, as signified by cyber operations, and cyber-enabled information operations. Including how some mainstream press caught the bite.
This is a book written with a thorough understanding of the subject acquired over the past 20 years, observing the changes taking place in the world.
Why this book now?
Well, one reason may be the mode of work during the pandemic. Another is the meeting of the US and Russian presidents (Biden, and Putin) in Geneva in 2021. This is a kind of turning point for cybersecurity from the policy side. It is now not possible to consider this topic without referring to the framework of inter-state disputes. Nobody expected such a turn of events 20-30 years ago. That's why this book was created. And it's the right time for it. The Russian war in Ukraine, and the relevance of the cyber/info layer - provide other important contexts.
Tackling the topic in such a unique way is appropriate. The Philosophy of Cybersecurity treats cybersecurity very broadly. From technology, through aspects of law (European, U.S., international), diplomacy, military, and security matters, even in the matter of conflicts, geopolitics, political science, and international relations. Because these are important in the current times, and its needs. It's described in such a way that it's all interconnected. As a curious detail, the book contains an escalation ladder with cyber operations, and I strived to make this thought model realistic.
In sum, and a sense, this is the first book of this kind.
I hope that when I look at the book content in 10 years, or so, I will consider it still holding up well. In that sense, it is a textbook and written to age well.
In short, this is a solid position. Writing it was lots of work. Of course, including the work in previous years to gain this knowledge and experience. But also to arrange the content properly. Because with this type of book, it is not so that you simply "sit down and write".
I'm also very grateful (and humbled), to the reviewers: Michal Zalewski, Frank Bajak, Bruce Schneier, Tim Stevens, Edward Lucas. Thank you!