Bruce Schneier's Click Here to Kill Everybody Reveals the Looming Cybersecurity Crisis
The US government and Silicon Valley have designed and created an insecure world to maximize political control and corporate profit, but in the cyberphysical world we now live in, where cars, planes, trains and nuclear power plants are connected to the internet, that deliberate insecurity must be reversed—for safety reasons, or people are going to start dying, Bruce Schneier argues in his new book, Click Here to Kill Everybody (W.W. Norton & Company, 2018).
The days of “going online” are over. We now live on the internet. The merger of meatspace and cyberspace is well underway, and today cybersecurity is the security of all the things, including the things that can kill us. This new world demands we rethink the economic and political incentives that have us teetering on the brink of disaster, Schneier believes.
Concise at 225 pages, and well-argued, Click Here to Kill Everybody seeks to bridge the gap between engineers and policymakers, “whose arguments pass through one another like angry ghosts,” Schneier writes, quoting British solicitor Nick Bohm. Engineers need to better understand the ethical and policy implications of the code they write, and policymakers need to better understand how technology works, and what is and is not possible.
Security pros and policymakers will both find surprises in Schneier’s view of the problem from 30,000 feet. Each chapter feels like it could be a separate 500-page tome, but Schneier is clearly not interested in writing an encyclopedia. Rather, he offers a thought-provoking high-level view of the looming cybersecurity crisis.
If every Congressional staffer kept a copy of this book handy for when their boss asks, “What is this cyber thing anyway?” we would probably get dramatically better legislation. If corporate executives—in all industries—spent an evening or two dwelling on Schneier’s reflections on how to prevent a cybersecurity catastrophe, they might make better decisions about the long-term security posture for their respective organizations.