The Security Book Everyone in Government Must Read in 2019

  • Luke Fretwell
  • GovFresh
  • December 23, 2018

If we're ever going to get security right, technologists must embrace the need for policy and government leaders must do the same with technology, which is why Bruce Schneier's Click Here to Kill Everybody: Security and Survival in a Hyper-connected World is the 2019 must-read book for every government leader, elected and administrative.

Specific security prescriptions range from standards and principles to the creation of a new federal agency, a National Cyber Office, that would advise and hold other agencies accountable, but also manage government-wide security efforts, such as the NIST Cybersecurity Framework.

Click Here to Kill Everybody is accessible to anyone who wants to learn about the problems and potential solutions of our increasingly Internet connected world, without feeling overwhelmed by the nuances and technological details that leave most people paralyzed with confusion.

Key excerpts:

"The admittedly clickbait title of this book refers to the still-science-fictional scenarios of a world so interconnected, with computers and networks so deeply embedded in our most important technical infrastructures, that someone could potentially destroy civilization with a few moue clicks. We're nowhere near that future, and I'm not convinced we'll ever get there. But the risks are becoming increasingly catastrophic."
"It's easy to discount the more extreme scenarios in the chapter as movie-plot threats. Individually, some of them probably are. But collectively, these are classes of threat that have precursors in the past and will become more common in the future. Some of them are happening now, to a varying degree of frequency. And while I certainly have the details wrong, the broad outlines are correct. As with fighting terrorism, our goal isn't to play whack-a-mole and stop a few particularly salient threats, but to design systems from the start that are less likely to be successfully attacked."
"All the blame shouldn't fall on the technology. Engineers already know how to secure some of the problems I've mentioned. Hundreds of companies, and even more academic researchers, are woking on new and better security technologies against the emerging threats… And while nothing is a panacea, there really isn't any limit to engineers' creativity in coming up with novel solutions to hard problems.… My pessimism stems primarily from the policy challenges. The current state of Internet security is a direct result of business decisions made by corporations and military/espionage decisions made by governments… What we've learned from the past few decades is that computer security is more a human problem that a technical problem. What's important is the law and economics, and the psychology and sociology — and what's critical is the politics and governance."
"I'm not optimistic in the near term. As a society, we haven't even agreed about any of the big ideas. We understand the symptoms of insecurity better than the actual problems, which makes it hard to discuss solutions. We can't figure out what the policies should be because we don't know where we want to go. Even worse, we're not having any of these big conversations. Aside from forcing tech companies to break encryption to satisfy law enforcement, Internet+ security isn't an issue that most policy makers are concerned about — apart from the occasional strong words. It's not debated in the media. It's not a campaign issue in any country I can think of. We don't even have a commonly agreed-upon vocabulary for talking about these issues."

Categories: Click Here to Kill Everybody

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.