We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book Review by Canon Committee Member, Christina Ayiotis: @War: The Rise of the Military-Internet Complex (2014) by Shane Harris
Shane Harris takes us on a journey from the Iraq War “surge” (arguably the first cyber war) to the almost weekly hacks of 2014 to demonstrate the rise of a military-Internet complex and the prescience of Eisenhower’s admonition regarding the power of a military-industrial complex. Harris ends @War by reminding us that only “an alert and knowledgeable citizenry” ensures “security and liberty may prosper together.” (EMPHASIS ADDED)
Harris is a first-rate storyteller providing just enough context (and detail) to enable readers to easily follow the evolution of cybersecurity and cyberwarfare, and to make them feel like they personally know the important players. As a member of this Inside the Beltway Cyber Community (who knows at least one third of the people cited or referenced in the book), I think he’s done a terrific job of accurately representing them and their viewpoints. While not very technical, this book should still appeal to the technical community interested in understanding the bigger picture in which they operate. I’d actually make @War required reading in high school and college—the next generation needs to better understand all things cyber, and the implications of future technological capabilities, as well as their own role and the risks inherent in an increasingly interconnected, wired world.
It is particularly difficult to review a book that has already been reviewed by professionals at major news outlets and Think Tanks (not to mention Amazon or goodreads). I will not regurgitate what they’ve already said—I encourage all to read those very good reviews. My bent is looking at the book’s value as part of the Cybersecurity Canon. Since I take a broad view of the definition of cybersecurity professional, I consider @War to be foundational, enabling those who comprise the cybersecurity community to better understand the larger geopolitical and economic context in which they live and work. The headlines of the past few years provide the outline of a story and @War fills in many of the details. This is a book that any cyber professional can have family members and friends read; once read, they can all have lively, informed discussions on the hot topics of surveillance, espionage, power grabs, etc.—it is that readable and engaging.
By starting the book with the story of a war hero’s success using signals intelligence (SIGINT), Harris predisposes the reader to want to use such techniques to succeed in other contexts. (Most do not know this backstory regarding reduced IED deaths in Iraq, though they probably should—it solidified the “new” way wars are fought.) He doesn’t shy away from highlighting the dubious legal validity of certain data-gathering processes and provides much historical context (sometimes from the 2013 “unauthorized disclosures”). He pinpoints exactly when “[t]he military-Internet complex was born.”
Harris chronicles in detail how the Cyber Army was built, including the role of the private sector. He persuades us that the Internet has become militarized and is now a legitimate battlefield. His detailed account of the creation and evolution of U.S. Cyber Command, including its complicated relationship with the NSA, is important in understanding how the military-Internet complex came about and is evolving. The internecine feuding between the various branches of government responsible for cybersecurity is worthy of its own soap opera.
The book gives great context to understand today’s major controversies around encryption, bug bounties, and surveillance programs/capabilities negatively impacting U.S.-based technology multinationals. Harris covers the established players, as well as the disruptive upstarts. He drills down into various scandals from Hunton & Williams’ proposed cyber propaganda operation that “killed” HBGary to LabMD’s FTC woes because of Tiversa.
Finally, Harris provides unprecedented detail on the role private sector entities play in the “business of defense”—whether it’s the commoditization of cyber services for both government and private sector customers (Lockheed’s “Cyber Kill Chain”) or how threat intelligence services and marketing strategies can influence U.S. policy (Mandiant’s APT1 Report—“The government would never have been so bold as to come out with such a report.”).
My only criticism is on the editing front—there should have been no typos (and, in acronym-obsessed D.C., there should not have been a “HIPPA”-like mistake regarding the important classified Presidential Policy Directive).
This book tells a compelling story about where cybersecurity is headed, given the “rise of the military-Internet complex,” and enables cybersecurity professionals to understand their place in the ecosystem. It should be part of the Cybersecurity Canon, as well as required reading for students and CEOs alike. Technological capability is evolving exponentially, and we all need to be prepared to meet the challenges and opportunities presented—@War will help on that front.
POSTSCRIPT ON “ACKNOWLEDGEMENTS”
As someone who believes in the importance of expressing gratitude (early and often), I was struck by how thoughtful and heartfelt Harris’ three-and-a-half pages of acknowledgements are. Cyber as a discipline and a profession is ever-evolving; understanding it requires having many diverse, trusted relationships. Properly and creatively recognizing and appreciating them is an art form.
 As a cyber-professional/corporate attorney/former GWU Adjunct Professor of Information Policy, I can attest to the importance of books that read like best-selling thrillers.
 Shane Harris, @War: The Rise of the Military-Internet Complex (Houghton Mifflin Harcourt 2014), p. 31.
 Ibid., p. 116.
 Ibid., p. 117.
 Ibid., p. 199.
 Ibid., p. 207.