I’ve been on a cybersecurity reading kick lately and reading about cybersecurity can be depressing. You learn about damaging hack after damaging hack, endless systemic security issues, and global problems that seem intractable. As an IT consultant that works to fix systems and secure them it’s disheartening. After reading about cybersecurity problems I wanted to read about solutions, and the best thing about “Click Here to Kill Everybody: Security and Survival in a Hyper-connected World” by Bruce Schneier is that over half of the book is devoted to potential solutions.
Schneier is a cryptographer and security expert and, as a public-interest technologist, he works at the intersection of security, technology, and people. He believes that people who understand technology need to be part of public policy discussions and need to work to promote the public good. He has written extensively about security; this is his 13th book.
Published in September 2018, “Click Here to Kill Everyone” examines the dangerous trend of more and more poorly secured systems being connected to the Internet; systems that are increasingly able to have a direct impact on the physical world. As embedded computers get cheaper, manufacturers put them into more and more products, and these products are connected to the Internet, often with little or no thought put into security. The Internet of Things is only part of the issue:
“Take the Internet of Things. Start with the IoT or, more generally, cyberphysical systems. Add the miniaturization of sensors, controllers and transmitters. Then add autonomous algorithms, machine learning, and artificial intelligence. Toss in some cloud computing, with corresponding increases in capabilities for storage and processing. Don’t forget to include Internet penetration, pervasive computing, and the widespread availability of high-speed wireless connectivity. And finally, mix in some robotics. What you get is a single global internet that affects the world in a direct physical manner. It’s an Internet that senses, thinks, and acts.”
(Schneier, 2018, p. 7)
Schneier coins the term “Internet+” to describe this new system of systems. This term doesn’t seem to have caught on, but it’s a convenient way to refer to the Internet of the near future. Not every internet-connected device is capable of causing physical damage, but the book is full of examples of hacks that have already been demonstrated against systems with the potential to kill, such as cars and medical devices. And even if a system doesn’t physically impact the world, it could do so indirectly. For example, webcams with security vulnerabilities could be taken over en masse and made into a botnet, then used for DDOS attacks to knock other critical systems offline. Schneier’s “Click Here to Kill Everybody” near-future scenario specifically references the idea of a biological 3D printer being used to print a killer virus.
In Part I of the book Schneier details the current cybersecurity situation and future trends. It covers topics like why computers are hard to secure, why patching is failing as a paradigm, and why attack is currently easier than defense. Throughout the text Schneier supports his arguments with plenty of examples, and there is an extensive notes section at the end of the book with references. The notes are not foot notes, which helps keep the text streamlined and easy to read. This is important because it’s packed with ideas.
Part II of the book is devoted to solutions. Schneier argues that it’s going to take government to solve the security problems posed by the Internet+. Schneier doesn’t put everything on government, though. He also details the role for industry and individuals. He puts forth a persuasive argument which I found myself agreeing with. However, I’d also be interested to read a dissenting argument from someone that thinks private industry has a larger role to play. Aside from his proposed solutions, Schneier includes a chapter on what’s likely to actually happen in the near future, and I found the realistic view of things to be helpful.
While Schneier notes that much of the book has a pessimistic tone, I didn’t really see it that way. I’ve certainly read cybersecurity works that go far heavier on the doom and gloom. Even though he describes plenty of scary scenarios, I never got the sense that he was trying to terrify the reader into action, which you sometimes encounter when reading about security. He lays out problems without hysteria or hyperbole.
The scope of the book is broad, Schneier covers a ton of ground in 226 pages. It could have easily been much longer, but the level of detail was well thought out, as Schneier focused on big-picture stuff without getting stuck on the fine details. I did wish there was more discussion about the impact of AI on security. Schneier does discuss AI throughout the book here and there, but with AI set to play such a huge role in security in the future I wanted more content around it.
“Click Here to Kill Everybody” is accessible to a general audience, but you may get a bit more out of it if you have some IT and security knowledge. Nontechnical readers will occasionally need to look up a security term.
I highly recommend this book to anyone interested in learning more about security. This is the first of Schneier’s books that I’ve read, and I enjoyed it so much that I’ll be reading more of his work in the future. Next on my list are “Liars and Outliers” and “Data and Goliath”.
Are you interested in improving your security? Contact iuvo Technologies today to see how we can help!