Just finished reading Zero day by Mark Russinovich.
The story revolves around Jeff Aiken, a former government analyst and now one of the top computer security professionals in the world.
The story begins with, what at first seems like a regular assignment for Jeff. One of the local law firm has been hit by a nasty virus and almost all of the servers are in un-bootable state. Their data has been wiped clean. ( off of their servers ).
A spate of computer related accidents all over the world, leads Jeff and his partner to believe that this issue could be much more widespread. An oil tanker crashes onto the shore, a flight almost crashed into the ground and a nuclear power plant almost went into a melt-down state. All issues were computer related and all of them exhibited the same symptoms, like the one Jeff and his partner had been trying to fix.
The plot revolves around characters that are international in scope. The bad guys want nothing short of waging a full scale cyber-attack against the world.
About the writer: Russinovich has a background in computer-security and he's done a good job of putting context around the story.
The story builds up quite rapidly and it keeps you engaged. But, I found the ending to be a little unrealistic. Don’t read the next couple of lines if you haven’t read the book and well if you don’t want the experience to be ruined for you.
See, Jeff Aiken and his partner Daryll, they took it upon themselves to find the guy who has been unleashing malware that is wreaking all this havoc. Knowing very well, that there is an assassin on the loose. Someone who is systematically going around and killing people who have knowledge or suspicion about this act.
You’d expect that there would be co-ordination and some kind of a tactical unit would have been dispatched to mitigate such an enormous threat. But, if you hypothesize that something like this could be real and that there aren’t proper protocols to mitigate such a threat. Well, that’s extremely unnerving.
Overall, the book does an important job of bringing attention to a very critical area of focus. Yes, this the book is fiction, but the threat of cyber-terrorism is very real.
Somebody, somewhere could launch a series of code, that could effectively send us back to the dark ages. If that is not scary, then I am not sure what is.
Also, it’s not difficult to hypothesize that a bunch of bad guys would want to create weapons, digital of a nature. Weapons that would have the propensity of unleashing chaos and destruction upon the world. There’s all sorts of craziness out there. Again, it would be foolish to assume that unprotected systems would always remain safe.
Coming back to the book, I’m glad to see that individuals like Mark Russinovich have taken it upon themselves to raise awareness about such critical and important area.
Need to make a series (tv or movie) revolving around the cyber-security theme. Clearly, we need more young kids to defend the infrastructure. Think defence.
Originally published on Feb 14, 2013
It seems like cyber-security is one of those issues that seem to keep falling off the wayside.
So, even with trillions of dollars worth of information leeched. State secrets stolen, Intellectual property theft, Fortune 1000 companies infiltrated. It's mind boggling to wonder, why this issue does not get the attention it deserves.
So I put on my Analyst hat and decided to peer into the issue from the historical perspective. As in, what has really happened in the past couple of decades. Here's what I was able to unearth:
It was during the late 90′s that President Bill Clinton invited some of the top hackers in the United States to the White House. The President reached out to the hacker community with a clear intent of starting an open and honest dialogue. His message to this group of elite hackers was simple. United States faces cyber threats from all fronts, known and unknown and he wanted their help in helping safeguard these digital assets.
U.S. President Bill Clinton announced a $1.46 billion initiative to improve government computer security. The plan would establish a network of intrusion detection monitors for certain federal agencies and encourage the private sector to do the same. [link]
June: The Bush administration files a bill to create the Department of Homeland Security, which, among other things, will be responsible for protecting the nation’s critical IT infrastructure.
During the annual RSA conference, Michael Chertoff, Secretary of the US Department of Homeland Security (DHS), has a simple request: “Send some of your best & brightest employees to help the government’s efforts.” [link]
Accoring to ICS-CERT, U.S. critical infrastructure companies saw a dramatic increase in the number of reported cyber-security incidents between 2009 and 2011. In fact, the rate of increase on critical infrastructure alone was a staggering 2200%. [link]
Cyber Security advisor Richard Clarke warned that most of the major companies (within United States) are being regularly infiltrated by foreign hackers employed to steal R&D.
Obama signs a Cyber Security executive order. But it’s mostly relegated to information sharing. No comprehensive plan when it comes to safeguarding critical assets and/or a strategy to prevent a wide scale cyber attack. And/or creating a separate network for critical infrastructure.
Between the ever increasing rate of hacking incidents, state sponsored acts of cyber espionage, as well as a growing number of attacks against critical infrastructure. It’s pretty evident here that something needs to be done. However, I am wondering:
Overall, the issue is finally getting addressed. But I suspect and I really hope that I am wrong. But I suspect that:
Whether it is cyber defence or any other kind of defence, the need is clear. The ability to provision efficient and advanced technologies in order to mitigate and prevent attacks of all kinds. Amongst other things, there is a huge need to leverage systems-thinking in order to overcome these issues. The names of men like Vannevar Bush and Frederick Terman comes to mind.
The inability to provision a new kind of intelligence and a new framework for military and governance could be very costly.
These are trying times. Crisis come and go, but there are a couple of on-going developments in the world that are extremely delicate in nature. At the same time, these crisis’s invariably provide a window of opportunity for instilling change. As someone once said, “A crisis is a terrible thing to waste”.
Now, much can be said about the overall state of geopolitics, the economy in general and how it’ll continue having ripple effects on everything else.
That being said, there are a couple of key areas that need our utmost attention. And these areas should not be ignored at any cost.