INTRODUCTION -- Why Write a Book about Cybersecurity and Cyberwar? -- Why Is There a Cybersecurity Knowledge Gap, and Why Does It Matter? -- How Did You Write the Book and What Do You Hope to Accomplish? -- PART I HOW IT ALL WORKS -- The World Wide What? Defining Cyberspace -- Where Did This “Cyber Stuff” Come from Anyway? A Short History of the Internet -- How Does the Internet Actually Work? -- Who Runs It? Understanding Internet Governance -- On the Internet, How Do They Know Whether You Are a Dog? Identity and Authentication -- What Do We Mean by “Security” Anyway? -- What Are the Threats? -- One Phish, Two Phish, Red Phish, Cyber Phish: What Are Vulnerabilities? -- How Do We Trust in Cyberspace? -- Focus: What Happened in WikiLeaks? -- What Is an Advanced Persistent Threat (APT)? -- How Do We Keep the Bad Guys Out? The Basics of Computer Defense -- Who Is the Weakest Link? Human Factors -- PART II WHY IT MATTERS -- What Is the Meaning of Cyberattack? The Importance of Terms and Frameworks -- Whodunit? The Problem of Attribution -- What Is Hactivism? -- Focus: Who Is Anonymous? -- The Crimes of Tomorrow, Today: What Is Cybercrime? -- Shady RATs and Cyberspies: What Is Cyber Espionage? -- How Afraid Should We Be of Cyberterrorism? -- So How Do Terrorists Actually Use the Web? -- What about Cyber Counterterrorism? -- Security Risk or Human Right? Foreign Policy and the Internet -- Focus: What Is Tor and Why Does Peeling Back the Onion Matter? -- Who Are Patriotic Hackers? -- Focus: What Was Stuxnet? -- What Is the Hidden Lesson of Stuxnet? The Ethics of Cyberweapons -- “Cyberwar, Ugh, What Are Zeros and Ones Good For?”: Defining Cyberwar -- A War by Any Other Name? The Legal Side of Cyber Conflict -- What Might a “Cyberwar” Actually Look Like? Computer Network Operations -- Focus: What Is the US Military Approach to Cyberwar? -- Focus: What Is the Chinese Approach to Cyberwar? -- What about Deterrence in an Era of Cyberwar? -- Why Is Threat Assessment So Hard in Cyberspace? -- Does the Cybersecurity World Favor the Weak or the Strong? -- Who Has the Advantage, the Offense or the Defense? -- A New Kind of Arms Race: What Are the Dangers of Cyber Proliferation? -- Are There Lessons from Past Arms Races? -- Behind the Scenes: Is There a Cyber-Industrial Complex? -- PART III WHAT CAN WE DO? -- Don’t Get Fooled: Why Can’t We Just Build a New, More Secure Internet? -- Rethink Security: What Is Resilience, and Why Is It Important? -- Reframe the Problem (and the Solution): What Can We Learn from Public Health? -- Learn from History: What Can (Real) Pirates Teach Us about Cybersecurity? -- Protect World Wide Governance for the World Wide Web: What Is the Role of International Institutions? -- “Graft” the Rule of Law: Do We Need a Cyberspace Treaty? -- Understand the Limits of the State in Cyberspace: Why Can’t the Government Handle It? -- Rethink Government’s Role: How Can We Better Organize for Cybersecurity? -- Approach It as a Public-Private Problem: How Do We Better Coordinate Defense? -- Exercise Is Good for You: How Can We Better Prepare for Cyber Incidents? -- Build Cybersecurity Incentives: Why Should I Do What You Want? -- Learn to Share: How Can We Better Collaborate on Information? -- Demand Disclosure: What Is the Role of Transparency? -- Get “Vigorous” about Responsibility: How Can We Create Accountability for Security? -- Find the IT Crowd: How Do We Solve the Cyber People Problem? Do Your Part: How Can I Protect Myself (and the Internet)? -- CONCLUSIONS -- Where Is Cybersecurity Headed Next? -- What Do I Really Need to Know in the End? -- ACKNOWLEDGMENTS -- NOTES -- GLOSSARY – INDEX.