We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book Review by Canon Committee Member, Ben Rothke: America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare (2011) by Joel Brenner
Speak to a civil engineer, and it won’t take long until the conversation turns to the sorry state of America’s infrastructure. The civil engineer will let you know that far too many bridges, canals, roads and highways, dams, tunnels, and more are in dangerous condition due to neglected maintenance. Much of America’s infrastructure is highly vulnerable, given that it’s over 50 years old and long overdue for an overhaul.
In America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare, author Joel Brenner, an attorney who was the senior counsel at the NSA until 2009, takes the conversation to a different infrastructure, namely the digital and network world. Brenner’s premise is that, since much of the digital world and information superhighway haven’t been adequately secured, much of the U.S. digital and critical infrastructure remains vulnerable to hackers, foreign governments, terrorists and numerous other threats and adversaries.
In this 250 page call to action, Brenner lays out, in detail, the dangers the U.S. faces to its freedom and national security if action is not taken – and taken quickly.
In the movie Field of Dreams, a farmer repeatedly hears a voice whispering, “if you build it, he will come,” which leads the main character to build a baseball diamond. In the digital world, the reality is such that, if you don’t secure it, they will come and take your data and intellectual property. America the Vulnerable lays out the case that an insecure digital infrastructure almost begs adversaries to comes and attack it, which in turn places the entire nation at risk.
This book is 4 years old, and, while many of the events may have been yesterday’s news, the underlying message Brenner evangelizes is still highly relevant as our digital infrastructure is woefully insecure. Unless this changes, the number of attacks and breaches will only increase in both scope and magnitude.
A quick and fascinating read, Brenner does a great job of telling the story for the reader without a strong technical background. While there is a lot of finger pointing that could be done, Brenner rises above that and focuses on the issues and problems, rather than laying blame.
China plays a leading role in the book. While they have long denied any notion of state-sponsored hacking, even with evidence to the contrary, the book details China’s long view: namely, its attempt to regain its role as a world power. The book notes that China had the world’s largest economy for eighteen of the past twenty centuries. The two exceptions were those of America’s youth and rise to power. The last 200 years has seen a decrease in this dominance, but the book notes that China does not regard Western domination as normal. With that, China has made it a priority to reestablish its place in the international order. And a large part of the reestablishment process includes taking data and intellectual property from U.S. firms.
Part of the problem is that, while China has made it a priority to reestablish itself and that approach includes hacking, the U.S. has not conversely created a unified approach to dealing with the myriad digital threats. The U.S. response has been heavily fragmented. Part of the reason for this is that, as a democracy with 50 states, it’s much harder to create a unified security response. As a totalitarian state, China has it much easier. Perhaps that’s why they have been able to remotely download terabytes of data from U.S. Department of Defense networks on numerous occasions. The book also quotes, then NSA Director and a U.S. Army four-star general, Keith Alexander that, as far back as 2010, the U.S. found that their classified networks had been penetrated by China.
In every chapter, Brenner lays out the case and provides many examples of the problem of how vulnerable the U.S. is. Brenner is no Chicken Little, and, if anything, in the four years since the book was published, the information security sky has indeed been falling.
The underlying issue that Brenner so eloquently and clearly writes about is that, in the rush to get the U.S. into the digital age and to wire nearly everyone, every business, and every school to the Internet, it has created a network that is highly porous and vulnerable to attack.
This is not simply about networks ordering Girl Scout cookies; this is the critical infrastructure of the U.S. at risk, including everything from the networks that control the financial system and energy grid, to keeping planes in the sky, and much more.
In chapter after chapter, Brenner describes somewhat of a bleak future. Chapter 10 closes with a number of recommendations for both the government and private sector. While many of them are a good start, the reality is that a much more aggressive approach needs to be taken to stem the tide. The truth is that it’s much easier to write about the problem than detail comprehensive solutions.
The sound you hear is that of petabytes of proprietary and highly confidential data being stolen out from under our network noses – silence. This data is quietly being stolen, and the victims include many of the Fortune 1000, along with countless individuals. How big this breach is in the data dam is debatable; what’s eminently clear is that something must be done – and done quickly.
Like the good attorney that he is, Brenner has laid out the case in America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare. It’s now up to our leaders and cybersecurity professionals to take action to stop the flow. If not, the consequences could be terrible.
Brenner has written an important book, and, while its stories may be a few years old, its message remains quite relevant.