Sorry about the delay; I haven’t had much after-work time to write a proper review. I hope I will still be able to publish once per week after this one…
As promised, this time I will write a book that concerns my academic background/interest for the past year: cyber security. This book helped me wade through the intricacies of the field when I first decided to sign up to the domain. It has helped me understand all the buzzwords and the essentials of cyber security, not from a technical perspective but rather as a multidisciplinary field. My encounter with this book was uncanny: I was sitting at a train when someone came in with this book in his hand. The cover intrigued me and made me run a quick Google search. In two or three days, I was already holding it.
It turned out to be euros well spent. Thanks to it, I survived my first cyber security lecture, aced my first cyber security course, and graduated on cyber security.
About the authors: P.W Singer and Allan Friedman both held reputable positions at Brookings Institution, an established think tank based in Washington, D.C. At the time of writing the book, Singer served as founding director of the Center for the 21st Century Security and Intelligence at Brookings. He now serves as Strategist at New America. After having served as Research Director of the Center Friedman now acts as Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce. Both authors are active on Twitter via @peterwsinger and @allanfriedman.
Title: Cybersecurity and Cyberwar: What Everyone Needs to Know
Author: P.W. Singer and Allan Friedman
Categories: Computer security; Computer networks; Cyberspace; Cyberterrorism; Information warfare
The book is conveniently divided into three big chunks, which intuitively guide the reader on a journey starting with presumably little to no knowledge of cybersecurity and cyberwar to help them finish with knowledge on what they need to know on the two matters.
In Part I, How It All Works, the authors begin by defining the important buzzwords that are often mentioned in security. It’s basically Cybersecurity 101 in printed form. They begin by explaining what cyberspace is and how the Internet is set up and governed; what is meant with identity and authentication; the famous CIA (Confidentiality, Integrity, and Availability) triad; the concept of security, threats, and vulnerabilities, as well as explaining WikiLeaks, Advanced Persistent Threat (APT), and human factors in security. Don’t waste your ink underlining all the different definitions listed here – a comprehensive glossary is placed conveniently at the end of the book so you can return to these definitions from time to time.
If you made it through Part I, good, because the authors are just getting started. Part II is the longest part of the book, in which they begin to draw upon application of the aforementioned concepts and paste some real-life examples to make the circle round. It’s called Why It Matters, and to convince you why cybersecurity is a thing you should care about, all kinds of cyberattacks are elucidated here. I’m not judging them of trying to evoke fear among the readers, but hey if it works, why not? You can find explanations on hacktivism (e.g. activities done by Anonymous or similar groups), cybercrime, cyberespionage, cyber counterterrorism, cyberweapons, and…. cyberwar.
In the last part, What Can We Do? you are prompted with questions that are framed towards rethinking Internet governance from various perspectives. Examples are weighing the possibilities of redesigning the Internet from a technical perspective, building a set of legal frameworks to govern the Internet, how private parties can be involved in such effort, studying the incentives of the different cyberspace actors and finally how we as individuals (should) play our roles and protecting ourselves. The authors top off the book by looking at key trends (in 2014, mind you) that might influence aspects of cybersecurity. These are cloud computing, Big Data, mobile revolution, demographic shift of Internet users, and finally Internet of Things. Now these trends are no longer trends; they’ve become reality. Two weeks ago, we heard that the Internet of Things played a huge role in a gargantuan DDoS attack (distributed denial of service, where a server is flooded with very high illegitimate traffic to render it unavailable for usual services) that swept out the entire Internet. Nevertheless, if you don’t know a thing about cybersecurity, you want to understand it, and you have several hours to spend, grab this book.
Apart from the fact that there are three parts that make up this book, I find the book to be highly unstructured. There are no chapter numbers or subchapters to help you navigate your way with ease. I suggest the idea behind it is that the authors want you to follow the book logically and not topically – which is a valid argument to help people understand the connections between the topics. However, readers who may only want a sip from the cup may find difficulty picking which side to drink from. That aside, I highly compliment the 250+ footnotes that accompany the notes; they really make the claims rigorous. Beware that this book is very compact – the font size is smaller than usual and the margins are rather tiny. Invest some good hours in reading this book and you’ll get the most of out it. If possible, do it in fewer than five sitting so you don’t miss out on the connection between the subchapters.
Sorry for the rather short post, I’ve moved heaven and earth to get this post up for publication…
I already have another cybersecurity book ready for review. I’m also close to finishing a highly acclaimed biography. However, the next book I’ll review will be on the dangers of social media from a spirituality viewpoint. Please stay tuned – I hope to be able to come back next week!
’till next time,