In a way, this is possibly the scariest book that I’ve ever read! While physical threats to countries around the world are bad enough, digital threats are several times so. While I was familiar with the superficial aspect of cyber espionage, the book fleshes it out in detail and reveals the extent to which it is used, both by bad state actors as well as the supposedly more ethical governments against their own citizens. It covers the early days of hacking when the Russians used the typewriters in the US embassy in Moscow to obtain information to Project Olympic (the joint efforts by the US and Israel to bring down Iran’s nuclear capabilities), to the more recent attack on Ukraine’s infrastructure by Russian hackers and Russia’s interference in US elections.
By going light on the technical aspects and focusing on stories, Perlroth has made the book easy to read. It is also structured in a way that makes the narrative easy to follow and it covers the key actors involved in cyber espionage using zero-days (backdoors to control software and hardware that can be exploited) — the hackers (both the good and the bad actors), the brokers, the buyers, and the ones that try to prevent it.
Perlroth raises two important issues in the book. The first one concerns the zero-day buyers. How do we prevent them falling into the wrong hands? At the same time, is it even okay if they are sold to the “right people”? For example, can the usage of the Stuxnet worm by America and Israel to damage Iran’s nuclear capabilities be justified and where will the line of interference in other nations be drawn? And the second is the dilemma that governments face when they are aware of zero-days — do they turn them in to the vendors so that they can be patched or do they exploit it against their enemies but with the risk that the latter might exploit them as well.
Cyber espionage gets scarier as more and more devices get connected to the Internet. Apparently, 127 new devices are being plugged into the Internet in the US every second. Our homes, cars, offices, financial systems, transport infrastructure, power infrastructure, basically everything impacting our day-to-day lives can be manipulated. Also, unlike traditional arms, any country can afford cyber arms. There is a large economical cost too, with some estimating annual cyber losses to be more than two trillion dollars. But the scariest part for me was the lack of a significant moral compass in all the players involved — “nobody in this trade ever seemed to take a stance” as Perlroth puts it.
Perlroth suggests, naively in my view, that the solution is to increase focus on security in multiple ways while building hardware and software. That is easier said than done given the fierce race among companies to go-to-market and security issues can never be eliminated completely in any case. The only solution perhaps is a global cyber treaty where companies promise not to attack civilians and critical infrastructure during times of peace, a digital Geneva Convention of sorts!
Pros: Extremely interesting content, easy-to-read
Cons: Some parts belabour points and consequently drag