Thursday, June 21, 2018

@War review

I finished Shane Harris' book on Cyber Warfare recently and felt obligated to write a review about it on GoodReads. Given I spent the time writing it up, thought it might be worth sharing here for those following my blog who share an interest in the cyber security/warfare communities.


A thorough introduction to the world of cyber warfare from the perspective of a journalist surveying published media from mid 2005-2015 time frame. Some sampled private discussions and insights into behind the scenes discussions and classified projects. A good read for someone new to the field to catch up quickly. 

Unfortunately the author spends a significant amount of time pontificating on concerns that have been excessively debated elsewhere and attempting to seem moderate while making clear his opinions where the concerns lie... and unfortunately basing his conclusions on rumors he heard from self-proclaimed "experts". One example is the "thousands of exploits" the NSA is hoarding. This claim appears to be based on a single unquoted individual, and appears inconsistent to the other information in his book. (Pointing to a budget of $25M to acquire exploits, and price tags of $50,000-$1,000,000 would imply a catalog of 25-500 (dozens or hundreds, not thousands)) Much hand wringing is spent on NSA surveillance, defense-industrial relations, foreign government spying, and other topics that have been extensively discussed in the media over the last decade and a half.

Speculation is rampant in the book regarding what's happening behind closed doors and allegations are made without the editorial self-control that a reputable paper would employ. As someone with two decades of experience in this community, this reviewer recalls numerous relevant events that were not included and significant portions of the book devoted to commonly discussed events from various media sources (with a few interesting exceptions). In fact, the acknowledgements section credits many of the content writers of those stories from the news sources covering cybersecurity/cyber warfare (Michael Riley, Nicole Perlroth, Kim Zetter, etc.)  who actually interviewed the original sources and wrote about the events as they happened (or as they were uncovered!)

Books such as "Countdown to Zero-Day" by Kim Zetter provide a much deeper look that is more technically accurate and better sourced and represent a good alternative for a reader looking to gain insight into the technical and political aspects of the cyber warfare complex through a single (large) operational lens. 

@War is a good option if one has no prior exposure and views it as a breathless description of the events of the last 10-15 years in the US cyber warfare community from a non-technical observer doing his best to share what he's read about and been told as an outsider.