We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book Review by Canon Committee Member, Brian Kelly: Cybersecurity and Cyberwar: What Everyone Needs to Know (2014) by P. W. Singer and Allan Friedman
Cybersecurity and Cyberwar is part of a series of books entitled “What Everyone Needs to Know,” written by leading authorities in their given fields. Each volume in the series offers a balanced and authoritative primer on complex current events. Authors P. W. Singer and cyber expert Allan Friedman provide an easy read for new readers to the topic of cybersecurity and cyberwar while also being an informative and resourceful reference book for more seasoned cyber professionals.
Cybersecurity issues affect us as individuals, as businesses and as a nation. Every aspect of our lives fundamentally depends on the internet. The book is structured around the key questions surrounding cyberspace and its security: how it all works, why it matters, and what can we do?
I found Cybersecurity and Cyberwar: What Everyone Needs to Know to be an enjoyable read, filled with engaging (funny) stories and illustrative anecdotes. Readers are taken on an entertaining tour of the important issues, history and characters of cybersecurity, from the Anonymous hacker group and the Stuxnet computer virus to the cyber units of the Chinese and U.S. militaries.
The book is divided into three main sections: Part I: “How It All Works” provides an overview of the internet, its history, and how it works; Part II: “Why It Matters” lays out a framework and taxonomy for “cyber” and “cyberattacks,” and then moves to an examination of the various threats (from criminals to nation-states to patriotic hackers), covering both how and why attacks are carried out; and finally, Part III: “What Can We Do?” is a section on what can be done from both a personal and public policy level.
For readers without a military or public policy background this book will provide a common base of knowledge around cybersecurity issues. As cybersecurity practitioners, having a common base of knowledge will allow us to cooperatively engage in a dialogue and much-needed conversation around how to approach, understand and deal with the important policy implications of cybersecurity and cyberwar.
Cooperation is a key theme and takeaway from the book, focusing on how difficult, yet necessary, cooperation is for addressing cybersecurity issues. Today we talk in terms of “threat intelligence sharing.” The authors suggest that a governance model based on the U.S. Centers for Disease Control and Prevention could serve to encourage cooperation, disseminate information and recommendations, and mobilize rapid responses as needed. Understanding, communication and cooperation in cybersecurity are truly what everyone needs to know.
As cybersecurity professionals, we face new challenges, questions and threats in cyber daily. The subtitle of this book is "What Everyone Needs to Know," and that changes rapidly in cyberspace. Two plus years after this book was published, policymakers and members of the public alike still know little about the nature and seriousness of these threats. I recommend this as a must read from a foundational perspective of both cybersecurity and cyberwar for cybersecurity practitioners – and everyone else.