Note: I read this book a couple of years ago and wrote this review at that time. I didn't share it then, so I've decided to share it now. This is a review of the 2011 edition of the book. I understand there is a revised edition that was released in 2013, but I've not read that edition yet.
This is a book that is equally interesting and terrifying at the same time. As someone that works in the information security field, I had not considered the full impact to geo political stability resulting from the advances in information technology and the rapid growth of Internet connected systems.
The author’s description of how the overwhelming technological superiority of the US Military forces in the first Gulf war in 1991 stunned the world was somewhat novel to me. As someone that participated in the conflict on the ground (I was a soldier in the 82nd Airborne division, part of the US Army’s XVIII Airborne Corps), I had not previously recognized the connection between the ‘91 Gulf war and cyber warfare. The demonstration of the US Armed Forces advanced capabilities is explained as the catalyst behind Chinese and Russian cyber warfare development. Realizing that they would not be able to defeat the US military in a conventional military conflict, the Chinese began to seek ways in which they could counter the significant military technological advantages of the US. The standing doctrine of the time, overwhelming numerical superiority (in terms of soldiers), was realized to be no longer a compelling advantage in the face of the advanced technology of the US Military.
The book describes the development of cyber offensive capabilities as a way to disable an opponents ability to conduct military operations, and this is the point at which the book begins to become frightening in the description of the vulnerabilities of our western way of life. The vulnerabilities in critical infrastructure for highly networked nations and the potential threats that could disrupt our way of life are truly scary.
But the technological advances brought about by networked information technology are not just threatening our critical infrastructure, they are also fundamentally changing the ability of nations to gather intelligence as well as “leveling the playing field” by bringing advanced capabilities that were once reserved only to wealthy nation states to groups with no specific national identity (“hacktivist” groups, organized crime, terrorist networks etc.)
The fact is that much of our society depends upon private infrastructure which is now threatened by both foreign nation states and non state actors. There is no government agency currently responsible for protecting private infrastructure; not the US Military, nor the NSA, nor the DHS. This new era requires a new strategy.
The book concludes with some recommendations for both the government and private industry.
I enjoyed reading this book and hope you found this summary helpful. I’d enjoy knowing your thoughts on this summary or the book if you’ve already read it.
Regards,
Andrew
Below you’ll find some excerpts from the book that I found particularly Interesting as well as some of my own thoughts from various chapter.
Chapter 4 Degrading Defense
page 81:
“Policies regarding information systems that are not expressed technically are little more that blather. No one pays attention. If you don’t want people to be able to run unauthorized P2P on your system, you must design and build your system so that such software cannot be run, or that it pinpoints exactly where it is. “
page 82:
“...some of these penetrations are technologically shrewd, but often they target the weakest link in any computer system -- the user. Defense workers, including in the military, are just as impatient with security practices and just as susceptible to phishing attacks as everybody else. Like workers everywhere, they are also adept at subverting security rules and mechanisms designed to keep their systems healthy. As we’ve seen repeatedly, when convenience butts heads with security, convenience winds even in war zones.”
Chapter 5: Dancing in the Dark
This chapter describes the serious threat to public utilities, especially electricity.
US Power Generators are manufactured overseas. Replacement generator procurement would take many months.
It is possible to cause physical damage to electrical grid components using computer systems. Tests have shown that generators can be severely damaged or destroyed by manipulating their control systems.
Chapter 7: June 2017
Historically, cyber war capabilities have been reserved to technologically advanced nation states, however, the rapid growth of technology and the amount of technological power that can be obtained by individuals is changing the balance.
page 154:
“In a word, advanced network operations will cease to be the special province of a few advanced states. Non-state actors, who cannot be deterred with threats of cyber retaliation, have crashed the party.”
page 156:
“A nation that puts its faith in a potential adversary’s benign intentions rather than its own strength and capabilities is a nation that is psychologically and practically incapable of defending itself.”
Chapter 8: Spies in a Glass House
Alleged Assassination of alleged Hamas weapons buyer in Dubai. This seemed almost too much like a spy movie to be true.
Impact of technology on the ability to conduct a truly covert operation.
Wikileaks: “a new era of “transparency”, forced upon us by non state actors.”
Chapter 9: Thinking about Intelligence
page 209:
“Transparency exposes the government's secrets in the same way that it exposes corporate secrets and invades personal privacy - and for the same reasons of ready electronic access. Electronic information is liquid, and liquid leaks. Apart from the technology, our culture also disposes us toward transparency and inures us to the exposure of information that not long ago would have been carefully and successfully hidden. Advertisements for adult diapers or remedies for sexual dysfunction, and an eager willingness to parade one's marital failures on television are enabled by a profound cultural change. Whether you call this change an increase in candor or a decrease in shame - or both - is irrelevant. The change cannot seriously be doubted, and it makes us disinclined to keep secrets, or even to take secrecy seriously as a useful value in human affairs. to the extent we are in a a post-privacy world, we are also in a post-secrecy world.”
“Transparency and network anarchy have disoriented us.”
Chapter 10: Managing the Mess
Private sector recommendations:
- Clean up your act
- Control what’s on your system
- Control who’s on your system
- Protect what’s valuable
- Patch rigorously
“Yet studies have shown that many penetrations of commercial systems take place through unpatched vulnerabilities. In 71 percent of those cases a patch had actually been available but not used for more than a year. Firms that behave this way are like drivers who leave the keys in their car overnight on a city street with the windows open. They shouldn’t be surprised when it’s gone in the morning.”
- Train everybody
- Audit for operational effect
- Manage overseas travel behavior
Great review! Now I want to read this book. Internet, cloud technologies became integral part of our everyday life. 5 years ago it was frightening to me, now it is not and I take it for granted. I feel safe using, for e.g. data room or a cloud, even for my company's corporate information.
ReplyDelete