catherineabarrett's review against another edition
4.0
Not a page turner by any means, but it was interesting, and serves as a great primer for people like me who work in Defense but feel a little clueless about the world of cybersecurity. You won't be an expert when you finish it, but you'll have a good base to build off.
smoralesjr's review against another edition
5.0
Good overview for those without a security or information assurance background. Otherwise it's a bit too high level. Parts are repetitive as the author likes to reiterate points from earlier chapters throughout the book.
auggiexu's review
informative
slow-paced
5.0
This is well-written, and aimed at the layperson. The terms and concepts are clearly defined. The book is written logically, almost like a textbook. It’s a highly informative read.
I always enjoy
Singer’s books, he’s got a sharp mind. He’s great at analyzing current trends, placing them into historical context, and then laying out possible future trajectories.
I always enjoy
Singer’s books, he’s got a sharp mind. He’s great at analyzing current trends, placing them into historical context, and then laying out possible future trajectories.
skitch41's review
3.0
Not too long ago I read the book [b:@War: The Rise of the Military-Internet Complex|20448184|@War The Rise of the Military-Internet Complex|Shane Harris|https://d.gr-assets.com/books/1391614131s/20448184.jpg|31478474] by [a:Shane Harris|3140424|Shane Harris|https://s.gr-assets.com/assets/nophoto/user/u_50x66-632230dc9882b4352d753eedf9396530.png], which was a great book and brought home to me the rising influence of private cybersecurity and cyberwarfare interests over the government's internet policies. Though I enjoyed that book a lot, I must admit that it was relatively biased in its coverage. In contrast, this book is a far more balanced look at the issues of cybersecurity and cyberwar. Co-written by [a:P.W. Singer|4773028|P.W. Singer|https://d.gr-assets.com/authors/1366682908p2/4773028.jpg], who wrote [b:Wired for War: The Robotics Revolution and Conflict in the 21st Century|6098718|Wired for War The Robotics Revolution and Conflict in the 21st Century|P.W. Singer|https://d.gr-assets.com/books/1427166989s/6098718.jpg|6275882] one of my favorite books, this book takes a question and answer approach to the topic. For example, a subsection will say something like "What is cybersecurity?" and the authors will spend the next few pages answering the question. In that way it is also a very accessible book for people as you don't need to read the whole book, but rather find the topic(s) you don't quite understand and read about it. This also helps make the book very balanced as it is more about giving readers an exhaustive look at all issues related to cybersecurity and cyberwar. Yet, this also means that it lacks a narrative drive to it. Though the authors try to make the subject more accessible through pop culture anecdotes and illustrations, it still can read like a reference book. Still, if you are interested in this topic, this is probably the fairest and most exhaustive book out there that is most accessible to the public.
ericwelch's review
5.0
Singer and Friedman argue that cyber knowledge needs to be a requirement in schools. All the kids are now in cyberspace yet there is little formal education about the insecurity of simple passwords, the importance of OS updates, and problems inherent in social networking as a mechanism to reveal personal information. Most common password="password" and the 2nd most common is "123456". Common words are easily hack-able. One high level executive told his IT people he only wanted a one letter password, that he was too busy to be bothered to type in a long one. By the end of the day he had labelled himself to everyone in the corporation as a really stupid person and one who didn't care about security.
With complexity comes vulnerability. BMW had designed a high tech car and when authorities in Paris couldn't figure out why only a certain new model of BMW was being stolen they reviewed CCTV cameras and discovered how the thieves could hack into the car's software, unlock the doors, reprogram a blank key and just drive off, all in the pace of five minutes. Terrorists use social networking to get their word out and often with the unwilling connivance of the West. One terrorist cell was using a web hosting company located in Texas to promote their campaign. The hosting company had sixteen million web pages, had not seen the offending pages, and did nothing until someone happened to point out to them what they were doing.
Humans are often the weak link in the chain. In a famous "candy drop" attack, malevolent actors left flash drives around a military base. Sure enough, a soldier picked one up and inserted it in his machine to see what was on it. It took the Army 14 months to clean up the damage to all its machines. People will often just give out their passwords to official sounding individuals who may or may not be really who they say they are. In another example, some soldiers in Iraq took pictures inside their helicopters and posted them to a picture website. There was nothing classified in the pictures but each picture contained locational information in the meta-data and terrorist were able to destroy the helicopters in a mortar attack by knowing their exact location. Emails, pictures, virtually everything that moves on the Internet has meta-data attached to it and just a routine search of social sites can reveal all sorts of information about people they would rather not have known
Just defining what is or is not an attack can be problematic. The authors identify several types. What the response should be may depend on the severity or the result. Often even experts can't agree on what constitutes an attack. How about denial of service attacks. If it simply interferes with gamers ability to finish a game it's not as serious as preventing banks from interacting with their customers or delivering a utility. Is stealing someone's identity in a confidentiality attack just as serious as stealing the plans of a new fighter jet? In one war game sponsored by the U.S. the opposition team changed the shipping labels on shipments intended for troops and they received toilet paper instead of ammunition and MREs.
NSA surveillance practices have caused tension throughout the world. In one instance, the Dutch, were about to refuse any access to cloud services in the Netherlands to U.S. companies. Some foreign countries have now begun to institutionalize the Internet as a basic human right. Authoritarian regimes, on the other hand, see internet freedom as a threat to their governments. Censorship is seen as a tool for stability. In Thailand it's against the law to defame the monarch; in Britain it's a hobby. Cultural differences abound. Internet governance is still up for grabs.
A really interesting book, aimed at the informed layperson. The problem with books of such currency is that they really lack timelessness because of the speed with which the technology changes so the reader has to assume the possibilities have advanced far beyond what the author has explained.
With complexity comes vulnerability. BMW had designed a high tech car and when authorities in Paris couldn't figure out why only a certain new model of BMW was being stolen they reviewed CCTV cameras and discovered how the thieves could hack into the car's software, unlock the doors, reprogram a blank key and just drive off, all in the pace of five minutes. Terrorists use social networking to get their word out and often with the unwilling connivance of the West. One terrorist cell was using a web hosting company located in Texas to promote their campaign. The hosting company had sixteen million web pages, had not seen the offending pages, and did nothing until someone happened to point out to them what they were doing.
Humans are often the weak link in the chain. In a famous "candy drop" attack, malevolent actors left flash drives around a military base. Sure enough, a soldier picked one up and inserted it in his machine to see what was on it. It took the Army 14 months to clean up the damage to all its machines. People will often just give out their passwords to official sounding individuals who may or may not be really who they say they are. In another example, some soldiers in Iraq took pictures inside their helicopters and posted them to a picture website. There was nothing classified in the pictures but each picture contained locational information in the meta-data and terrorist were able to destroy the helicopters in a mortar attack by knowing their exact location. Emails, pictures, virtually everything that moves on the Internet has meta-data attached to it and just a routine search of social sites can reveal all sorts of information about people they would rather not have known
Just defining what is or is not an attack can be problematic. The authors identify several types. What the response should be may depend on the severity or the result. Often even experts can't agree on what constitutes an attack. How about denial of service attacks. If it simply interferes with gamers ability to finish a game it's not as serious as preventing banks from interacting with their customers or delivering a utility. Is stealing someone's identity in a confidentiality attack just as serious as stealing the plans of a new fighter jet? In one war game sponsored by the U.S. the opposition team changed the shipping labels on shipments intended for troops and they received toilet paper instead of ammunition and MREs.
NSA surveillance practices have caused tension throughout the world. In one instance, the Dutch, were about to refuse any access to cloud services in the Netherlands to U.S. companies. Some foreign countries have now begun to institutionalize the Internet as a basic human right. Authoritarian regimes, on the other hand, see internet freedom as a threat to their governments. Censorship is seen as a tool for stability. In Thailand it's against the law to defame the monarch; in Britain it's a hobby. Cultural differences abound. Internet governance is still up for grabs.
A really interesting book, aimed at the informed layperson. The problem with books of such currency is that they really lack timelessness because of the speed with which the technology changes so the reader has to assume the possibilities have advanced far beyond what the author has explained.
landturn's review
challenging
informative
Frustrating and relatable they are, but the risk to consumers by phishing or municipalities by ransomware wasn't my reason for reading Cybersecurity and Cyberwar. Without a doubt, Singer and Friedman delved into cyber vulnerabilities before the data breaches on Experian and Target or threats on Atlanta and Baltimore. My interest was instead on the remote attacks on a nation's critical infrastructure, like the current tit-for-tat between Iran and Israel.
Cybersecurity and Cyberwar delivers on such defenses. Additionally, it might suggest that the stateside consumer has better defense from cybercrime than Washington and the Pentagon do cyberwar from abroad. As Singer and Friedman acknowledge, the breakdown of Internet architecture like computer networking can get technical. However, the two make lots of pop culture references and offline analogies for understandability.
https://landturn.com/reviews/cybersecurity-and-cyberwar
Cybersecurity and Cyberwar delivers on such defenses. Additionally, it might suggest that the stateside consumer has better defense from cybercrime than Washington and the Pentagon do cyberwar from abroad. As Singer and Friedman acknowledge, the breakdown of Internet architecture like computer networking can get technical. However, the two make lots of pop culture references and offline analogies for understandability.
https://landturn.com/reviews/cybersecurity-and-cyberwar
petezilla's review
4.0
Solid review of cybersecurity issues. Not as much on cyber war - read "Ghost Fleet" for that...
More...