Required reading. I was shocked.

This covers the last 20 years of cyber warfare and one of the best things about this book is setting a record of a lay of the land: major hacks, players, and gov’t operations that got buried too quickly under the flood of jargon, inferior reporting, and more visible news.

My favorite hack was Stuxnet, an offensive operation that strung together several zero-day exploits that targeted Iranian nuclear centrifuges, spinning them just enough to knock them out of commission while leaving nuclear engineers none the wiser. This program was started during the Bush era as an attempt to pacify Israel and keep air force jets on the ground. It was successful.

Of course human error is always the weakest link in security, and it makes for hilarious stories. Like the time Iranian hackers thought they were opening the floodgates at the Arthur R. Bowman Dam in Oregon, but they got a bit lost and hit the twenty-foot Bowman Avenue Dam in New York, which keeps a babbling brook from flooding neighborhood basements. “Not exactly Hoover.” Another story that had me cackling was the time Russia scattered infected USB drives around the parking lot of a US military base, hoping someone would pick one up and plug it in. Someone did, and when the Pentagon found out, their solution to prevent future “attacks” was to squirt superglue into USB ports.

On a more sobering note, I think all Americans need to know what their government is and isn’t capable of (namely: protecting nuclear weapons and controlling the outcomes of their own cyber attacks). Every major piece of critical infrastructure in the US has already been hacked by hostile governments, including hundreds of hospitals, universities, power plants and the grid, dams, and nuclear arsenals. Not to mention intellectual property theft and corporate espionage resulting in the losses of billions of dollars of research outputs every year, voting registrations, and the generalized societal chaos that most of us experience on a daily basis on social media.

Tech lingo is very hard to understand, but I’m so thankful for diligent reporters like Nicole Perlroth, who didn’t actually come from a tech background btw—she learned how things work by asking questions after she was assigned the tech beat. Her work deserves to be respected and even more important, protected; imagine being personally disliked by governments and black market dealers around the world. At the end of the book are some guidelines for cyber security policy that should be adopted by organizations, governments, and individuals. It is easy to understand and sound advice, with case studies from other countries that prove its effectiveness. I hope decision makers will listen and act.

Ein Buch, das man nicht lesen sollte, wenn man nachts noch gut schlafen möchte.

I found the book's topic really interesting but a couple of things didn't work for me and I had to bail out.

I recognize that I'm a tough audience for this type of book because I've been in and/or adjacent to cybersecurity at different points of my career. There were many words spent on explanations of topics that I already know a lot about. But when a new topic was presented that I wanted to know more about, the level of technical detail wasn't high enough for me.

My bigger complaint though is that the author tends to sneer at and stereotype hackers and security experts as a group as pale, basement-dwelling, friendless nerds with one breath and then, on the next page, lionize a specific hacker or programmer as a self-made genius who found their niche and is feeding and clothing their entire Eastern European village with bug bounties. Her subjects come off as characters or even caricatures.

Maybe the most interesting book I’ve ever picked up.