We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book Review by Canon Committee Member, Robert Clark: Dark Territory: The Secret History of Cyber War (2016) by Fred Kaplan
Executive Summary
The author, Fred Kaplan, claims the idea for Dark Territory: The Secret History of Cyber War came up before Edward Snowden. His intent was to write a history of what has broadly come to be called “cyber war.” When I review material for the Cybersecurity Canon, I am always concerned with, did I understand it well enough? Is it too technical for me to review and fully understand? Should I consult other reviewers to get their take on the material? Ironically, I had to do the same for this book, which covered much of where I’ve spent my cyber-operational law life. This time I had to ask, am I being too critical since I was in the fray?
As Peter Singer points out, quoting Rudyard Kipling, “If history were taught in the form of stories, it would never be forgotten.” Dark Territory takes this approach in trying to tell what it calls in its subtitle: “The Secret History of Cyber War.” From this perspective, it is a good, light, entertaining read covering more the history of the U.S. government’s efforts at developing cyberspace operation as opposed to the advertised peek into the “secret history of cyber war.” I concur with Singer’s conclusion that the book “packs in a great deal of material, yet also not enough. It is a readable and informative history of policy formulation. But the overall darkness from which the book takes its title remains to be lifted.”
Cybersecurity Canon candidate books are supposed to be essential to the cybersecurity practitioner. As a practitioner I don’t think this is a “must read.” If one wants to enjoy a light history lesson, then this is the book for that person. A more in-depth, albeit less-entertaining read would be, Hacked World Order: How Nation’s Fight, Trade, Maneuver and Manipulate in the Digital Age by Adam Segal, which covers much of the same information. (Review to come shortly.)
About the People
Fred Kaplan is a Pulitzer Prize winning journalist and currently a columnist for Slate. To research and write this book, Kaplan interviewed more than 100 people who played a role in this story, many of them several times, with follow-ups in email messages and phone calls. They ranged from cabinet secretaries, generals and admirals (including six directors of the National Security Agency) to technical specialists in the hidden corridors of the security bureaucracy (not just the NSA), as well as officers, officials, aides and analysts at every echelon in between. All of these interviews were conducted in confidence; most of the sources agreed to talk to him only under those conditions, though it should be noted, he claims almost all of the book’s facts come from at least two sources in positions purported to know.
Review
I like movies. Those of you that know me know I can be annoying by quoting movies and working pictures and quotes into my legal presentations. So when Kaplan begins his book with President Ronald Reagan settling in after a busy day in June 1983 and watching the recently released WarGames, starring Matthew Broderick as a tech-wiz teenager who unwittingly hacks into the main computer at NORAD, the North American Aerospace Defense Command, I’m thinking I will definitely enjoy this book (particularly since I believe WarGames still holds a top spot in the hacker community!) Kaplan picks up this “hacking theme” a few days later in the White House. The President was in a meeting with the Secretaries of State, Defense and Treasury, the Chairman of the Joint Chiefs of Staff and 16 senior members of Congress. They were there to discuss a new nuclear missile and the prospect of arms talks with the Russians. When Reagan began to give a detailed account of the plot of WarGames, eyes rolled, but the President asked John Vessey, Chairman of the Joint Chiefs, “Could something like this really happen?” One week later, General Vessey returned with a startling answer, “Mr. President, the problem is much worse than you think.”
Thus begins Kaplan’s historical look at the U.S. developing its policies and organizations on information operations, computer network operations, information assurance, computer network defense, computer network exploitation, computer network attack, information warfare, cyberspace operations—oh well, you get the idea, a lot of Washington, D.C. terms and acronyms.
Subsequent to this beginning chapter, “Could Something Like This Really Happen,” Kaplan hits me with another movie quote from Sneakers: “It’s All About the Information,” one I constantly quote; then, as mentioned above, he dives into entertaining stories highlighting some of the government’s biggest computer intrusions, including Solar Sunrise, Moonlight Maze and Buckshot Yankee. Kaplan’s stories on these are entertaining, capturing the players and their personalities.
But this is what makes it a good, light, fast read as opposed to a must read. While it’s nice that he conducted hundreds of interviews with people from various levels, the research is light. It’s no Zetter’s work on “Zero Day” or Sanger’s work in “Confront and Conceal,” both of which shed much more light on this subject then Kaplan’s Dark Territory. Moreover, there are errors in his work, and I admit I’m nitpicking, but one that always jumps out at me is when authors state, “DHS is responsible for securing the government.” DHS is not responsible to secure any domain except DHS’ information systems; each department and agency is responsible for its own domain, subject to oversight and regulations from OMB and DHS. (By the way, Hacked World Order also gets this wrong.) So aside from some mistakes and me nitpicking, the research is light, particularly when compared to the works mentioned above.
Conclusion
In conclusion, if you want a light-hearted look at the history of U.S cyber intrusions and the resulting polices and organizations that were developed as a result, Dark Territory: The Secret History of Cyber War is the book for you. You will know more about this subject after reading it, especially if you cannot currently decipher JTF-CND, JTF-CNO, JTF-GNO or JFCC-NW. Is it Canon-worthy? I think it makes the cut for the Canon list; just don’t look for it to become a “hall of fame” addition.