Chapter 1 summarizes the dramatic but unexpected societal and international security changes that have accompanied the introduction of the Internet. It also provides a quick introduction to packet-based switching that underpins the Internet as well as the World Wide Web, which transformed the Internet from a technical wonder into a very useful societal tool. It lays out the principle challenges of cybersecurity, considers malicious actors and motivations, and begins to consider the roles governments play in making cyberspace safer.

Chapter 9 takes up artificial intelligence (AI) and ethics. Beginning in Ancient Greece with the first autonomous machines, this chapter presents a brief history of AI. It then examines excessively ambitious expectations in the twentieth century for the potential for AI and the adverse consequences for research funding that resulted, now dubbed the “AI Winter.” New technologies, especially those with the elevated expectations of AI, often draw a lot of positive speculation, some of it misplaced. The chapter also reviews technologies that were explored in developing AI, such as logic, symbol manipulation, problem solving, expert systems and machine learning based largely on artificial neural networks. It also examines “adversarial attacks” in which very slight changes in an input can change the classification of an image. The applications of AI technologies to robots are discussed and caveats issued for their use. These include ethical issues that arise with the use of lethal autonomous weapons systems. The chapter closes with a discussion of the application of AI technologies to cybersecurity.

Chapter 3 briefly contrasts classic telephone circuit-switched communication with the more flexible packet-switched Internet. It introduces the domain name system(DNS) , which is in effect the telephone directory for the Internet, and describes how domain names are translated into binary addresses. DNS explains basic internet communication protocols, that is, how computers “talk” to one another by sending packets of bits over the Internet and describes the algorithms that route packets along different paths between sources and destinations. Packet routing helps to make packet communication robust in the face of network disruptions, such as might occur during a military conflict. The chapter also details a variety of encryption methods, focusing on public-key cryptography, which is widely used for secure communications that enable shopping online, banking transactions, and privacy. It also introduces digital signatures, the equivalent of a human signature, for authentication of the sender of messages. Finally, it examines threats to secure public-key cryptography.

Chapter 10 draws conclusions and proposes ways to improve security in cyberspace. As the preceding chapters make clear, information and communications technology is the latest tool humans developed that has widespread impact on economic and social development on earth and will be critical as humans start to setup colonies in the solar system. Just like other tools, information technology holds both the promise of a better future and the prospect for increasing misery unless digital divides narrow and people adapt to new economic realities brought about by technological change. Engineering and scientific principles underlie the Internet, and we cannot overlook that humans write code, develop algorithms, and manufacture the hardware that create cyberspace with all its benefits and risks. To structure thinking about the future directions of cybersecurity, we propose three questions. First, whose Internet is it? Next, how should we think about cybersecurity? The final question is, what role should governments play in responding to significant cyber events?

Chapter 5 considers strategy as the art of planning. The term is widely used in government, business, and society to describe an organization’s overall goals, the ways the goals could be achieved, and the resources necessary for success. There are important differences around the world regarding how policymakers view their roles in cyberspace. In market-oriented democracies, government roles are largely limited, and corporations dominate. Software is produced free of government regulation, telecommunication companies operate within a government’s technical guidelines but are profit-driven, and the market for hardware and their information and communications technology supply chains are largely open and global. In authoritarian countries, cyberspace is not free and is highly regulated for the benefit of the government rather than society or corporations or individual users. The chapter considers how strategic principles are applied by different governments and cyberspace and offers a case study of organizing the military for cyberspace.

Chapter 2 introduces the reader to the hardware and software of modern computers. It begins by putting computation in a historical context, thereby showing that computation has been a concern of humanity for millennia. Unsurprisingly, modern computers have been foreshadowed by much older calculating devices designed to meet human needs. The chapter also examines operating systems for the efficient management of computer resources and hardware and software abstractions helpful to understanding computers, such as file systems, virtual memories, and high-level programming languages. The important topics of password security, social engineering, and malicious software are introduced as well as techniques to find and remove malware. Although one might expect that hardware would not exhibit security vulnerabilities, that is false. This is illustrated by a subtle bug introduced in the 1990s to make computers run faster by allowing some instructions to be executed out of order but only shown in 2018 to be a serious security hazard.

Chapter 8 explores the application of international law and norms in cyberspace. It examines law that governs use of force in international politics, the types of weapons that can be developed and used in armed conflict, how combatants engage in conflict on the battlefield, and when individuals can be held criminally accountable for violating these rules. Some governments classify a cyber operation as equivalent to a use of force or form of warfare only if it produces physical destruction or death, while others declare a cyber operation to be an attack when the targeted system loses its ability to function. Finally, the chapter considers how to develop and encourage the adoption of cyberspace norms for governmental behavior and set expectations for states to regulate illicit cyber activity within their borders.

Chapter 7 focuses on the impact of international cooperation in cyberspace. By design, the Internet is global, and engineering ignores sovereignty concerns such as citizenship, borders, and domestic law. However, running against domestic regulation and the consequent possible internet fragmentation are several international efforts to cooperate in cyberspace through various stakeholder and multilateral models that include the United Nations, European Union, and the North Atlantic Treaty Organization (NATO). The latter, composed of 30 countries in North America and Europe, issued a communique in 2021 pushing back against authoritarian uses of the Internet calling for a free, open, and peaceful cyberspace. In 2022, 60 countries, including many NATO members, adopted ”A Declaration for the Future of the Internet.” Applying human rights in cyberspace was among the principles adopted. To explore these issues, the chapter reviews forms of internet governance enabling technical, legal, and policy cooperation across boundaries.

Chapter 4 explores the human dimensions of cybersecurity. Steps that nation-state attackers use to penetrate an organization through phishing and social engineering are described as well as responses that defenders can take to protect themselves. These include hardening facilities, controlling remote access, educating security personnel and users on security hazards, using reputational services, and running an effective security operations center. Because people play a central role in cybersecurity, the chapter also examines limitations on human judgment, captured in the phrase “cognitive biases,” where preconceived notions and biases shape how we organize and respond to challenges. The chapter closes with discussions of applications of economics to cybersecurity and cybersecurity risk evaluation.

Cyberspace is woven into the fabric of modern life. It transcends boundaries, is dynamic, offers low barriers to entry, affords a certain amount of anonymity, enables mass surveillance by governments and corporations, and is essential for just about everything. Within just the past few decades, people everywhere have become as dependent on this online world for their daily activities as they are dependent on the physical world for human activities. The introductory chapter defines cyberspace, considers the importance of cybersecurity, and offers an overview of each chapter.