Categories
Cyberinfrastructure Education Reading Technology

Latest Read: Click Here to Kill Everybody

Click Here to Kill Everybody, Security and Survival in a Hyper-connected World by Bruce Schneier. He is a fellow at the Berkman Klein Center for Internet & Society at Harvard University, lecturer in Public Policy at the Harvard Kennedy School, and board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project. He is also an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org.

Click Here to Kill Everybody Security and Survival in a Hyper-connected World by Bruce Schneier

Consequently, Bruce details many key issues in computer security that require the leadership and legislative pen of Congress. I certainly could not have picked a better time to read this book. My review is certainly just scratching the surface of his book. Bruce has communicated a much needed story for every consumer.

Above all, consider the 2021 Colonial Pipeline ransomware attack, the 2016 attacks upon our voting infrastructure, or even China’s digital espionage stealing almost every aspect of American innovation.

Do you think the internet is still growing in size? It is not the number of people, but rather the millions of new devices that pose increased risks. Therefore Bruce is calling for policies to protect these devices, knows as the Internet of Things (IoT). Examples of cyber attacks upon automobiles, electric and nuclear plants, medical devices and even airplanes is certainly proof that we are at greater risk.

A different era of industrial controls

Above all, cyber risk originates from different time in history. Besides, in the 1950s did consumers in South America have access to the internet? Any talented programmer in South America had no means to hack conventional hydroelectric dam controllers. However, today this is a reality. So then, the programmatic controls for any damn in American could not have envisioned this threat:

former National Cybersecurity Center director Rod Beckstrom summarized it this way: (1) anything connected to the Internet can be hacked; (2) everything is being connected to the Internet; (3) as a result, everything is becoming vulnerable.
p. 27

At the same time, we really don’t have to look forward, but rather back at the innovations created in the 1950s and 1960s that launched the connected internet.

Encryption

For many readers Bruce’s insights to encryption is worth the read alone. While cloud deployments bring security at scale, the economy of cloud is also driving business forward. His encryption lessons are addressing metadata, third party data storage and IoT devices that lack end to end encryption. Food for thought when you go shopping for services to store your data.

In addition, Bruce suggests US companies should be protected from foreign cyber attacks. This is a more powerful position today due to ransomware. Besides, the topic of backdoors for law enforcement can be fully exploited by those same foreign governments. Russia’s phishing attack upon the Hillary Clinton campaign is certainly proof we need protection. Bruce echos the lessons from Nicole Perlroth’s This Is How They Tell Me the World Ends.

Vengeance?

On the other hand, Bruce addresses the term ‘hacking back’ as a type of active cyber defense. In fact, his position is that this position is a bad idea. Above all, Bruce clearly states vengeance will not work to your advantage. He addresses five points to challenge hacking back:

  1. It’s difficult to know for sure who is attacking you.
  2. It could create an international incident and lead to cyber war.
  3. It’s ripe for abuse; organizations could stage being attacked as an excuse to attack competitors.
  4. Hostilities could easily escalate. Third parties could trick to organizations into battling.
  5. There’s no evidence it improves security or deters attacks.
Scratching the surface

In conclusion, Let’s follow Bruce’s advice and merge technology with policy to protect our country and privacy of our citizens. For all those reasons, Click Here to Kill Everybody is a worthy read.


Talks at Google | Click Here to Kill Everybody

The Aspen Institute | Book Launch

The Berkman Klein Center | Click Here to Kill Everybody

The Disruptors | Bruce Schneier Interview

SIS CSINT | Data, Surveillance & Internet Security