News in the Category “Click Here to Kill Everybody”
"It's not really about our data and our privacy—that's the old world. The old world was somebody hacked my spreadsheet and got my data. The new world is someone hacked my embedded pacemaker and killed me."
— Bruce Schneier
If we're ever going to get security right, technologists must embrace the need for policy and government leaders must do the same with technology, which is why Bruce Schneier's Click Here to Kill Everybody: Security and Survival in a Hyper-connected World is the 2019 must-read book for every government leader, elected and administrative.
Specific security prescriptions range from standards and principles to the creation of a new federal agency, a National Cyber Office, that would advise and hold other agencies accountable, but also manage government-wide security efforts, such as the NIST Cybersecurity Framework.
Click Here to Kill Everybody is accessible to anyone who wants to learn about the problems and potential solutions of our increasingly Internet connected world, without feeling overwhelmed by the nuances and technological details that leave most people paralyzed with confusion.
"The admittedly clickbait title of this book refers to the still-science-fictional scenarios of a world so interconnected, with computers and networks so deeply embedded in our most important technical infrastructures, that someone could potentially destroy civilization with a few moue clicks.
Ben's Book of the Month: Review of "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World"
Perhaps the most meaningless term in information security is though leader. I know what it is supposed to mean, but many people who consider themselves information security thought leaders are anything but that. Nonetheless, if there is anyone who is a thought leader in the true sense of the term, it's Bruce Schneier. Schneier has written on near every aspect of information security.
Policy-makers must get to grips with "the internet of things." I'm recommending this book to them
Oh no! Another book with a terrifying, it's-the-end-of-the-world title. They're in vogue at the moment. Sadly, for us mere mortals, Click Here to Kill Everybody is by Bruce Schneier, who is one of the world's top cyber-security experts, and not someone given to exaggeration.
More than 40 years ago, Bill Gates and Paul Allen founded Microsoft with a vision for putting a personal computer on every desk.
No one really believed them, so few tried to stop them. Then before anyone realized it, the deed was done: Just about everyone had a Windows machine, and governments were left scrambling to figure out how to put Microsoft's monopoly back in the bottle.
This sort of thing happens again and again in the tech industry.
The US government and Silicon Valley have designed and created an insecure world to maximize political control and corporate profit, but in the cyberphysical world we now live in, where cars, planes, trains and nuclear power plants are connected to the internet, that deliberate insecurity must be reversed — for safety reasons, or people are going to start dying, Bruce Schneier argues in his new book, Click Here to Kill Everybody (W.W. Norton & Company, 2018).
The days of "going online" are over. We now live on the internet.
Schneier (Data and Goliath), a fellow at the Berkman Center for Internet and Society at Harvard University, provides a clear perspective on the threat posed by the evolution of the internet into what is commonly referred to as the “internet of things.” As “everything is becoming a computer... on the Internet,” with even pedestrian items such as light bulbs or refrigerators collecting, using, and communicating data, the convenience and efficiency of such “smart” technology comes at the cost of increased vulnerability to the schemes of crafty hackers. Horror stories, such as a vehicle’s controls being taken over remotely, are not new, but Schneier’s vast experience enables him to tie together many strands and put them in context. For example, after discussing the inherent security issues with software (there are “undiscovered vulnerabilities in every piece”), Schneier goes on to observe that such flaws are only part of the problem; he convincingly demonstrates that a major, if not the main, reason, for an insecure internet is that its “most powerful architects—governments and corporations—have manipulated the network to make it serve their own interests.” Schneier concedes that his book has “a gaping hole” in not explaining how his nuanced recommendations for increasing security and resilience could become policy, but it is a useful introduction to the dimensions of the challenge.
Electronic security expert Bruce Schneier's studiously terrifying new book Click Here To Kill Everybody: Security and Survival in a Hyper-connected World, is a concerted counter-playbook to the end of human civilization, and the deaf ears it will fall upon have been deadened by two completely erroneous assumptions: that an unregulated Internet is better than a regulated one, and that Internet problems only affect people on the Internet.
Ninety percent of Schneier's readers have more than one "smart" electronic device, be it a cellphone or a tablet or a laptop or a new-model automobile. And ninety percent of that ninety percent have the same personal password for all of those separate devices and haven't changed that password in years. Virtually every single one of Schneier's readers who choose to download his book instead of buying a printed copy in a bookstore leaves a wide and easily-followed data-trail back to themselves.
FIX THE INTERNET BEFORE IT FIXES US — Technologist Bruce Schneier is out with his latest book and his most alarming title yet: "Click Here to Kill Everybody." In fact, it's one of the most ominous in the entire cybersecurity canon. Even in his introduction, Schneier admits to hyperbole, yet writes the title isn't without merit since "we're already living in a world where computer attacks can crash cars and disable power plants — both actions that can easily result in catastrophic deaths if done at scale."
So, OK, it's scary. In this outing, published last week, Schneier digs into the dangers posed by the rapid spread of internet connectivity into all our things. But since he doesn't think the marketing term "internet of things" is encompassing enough, he coined his own term: Internet+.
The great and memorable title of Bruce Schneier's latest book, Click Here to Kill Everybody, certainly caught the eye of those in my household—my children kept trying to touch the button on the front cover to 'kill everybody'! (Indeed, the book's attention-grabbing title may make me a little wary about reading it openly on the Tube or while going through airport security.)
Of course, the book is not really about how to kill everybody, but rather how, from an ethical standpoint on the part of tech, and a moral standpoint on the part of government, we appear to be sleep-walking into a scenario where something, whether by accident or design, could possibly 'click here' and kill everyone.
My advance reading copy wasn't quite ready for publishing, but as it stood the book was divided into three approximately equal sections:
- The first section describes the issues of computing, IOT, and an Internet of the future.
- The second section describes the things technologists and policy makers should consider in order to bring about the changes needed for the Internet of the future.
- Finally, as with Schneier's previous book, the third section contains copious notes.
In the introduction ('Everything is a Computer'), Bruce describes three situations: hacking a car; hacking the power supply; and hacking printers (conventional, 3D and bioprinters). For each of these he expands on the potential issues: death of multiple passengers; wide-scale human and economic damage; etc.
If I were still doing radio shows, I would happily welcome Bruce Schneier back as a guest. He's a security expert who I first spoke with when he revealed the uselessness of the TSA's screening procedures at airports, which he labelled "security theater." Since then, he's made multiple appearances with me.
Bruce has just published a new book, Click Here To Kill Everybody: Security and Survival in a Hyper-connected World, and asked me to review it.
As in his previous works, Bruce sees the holes that exist in the digital world and explains the risks of having so many more things connected as part of the Internet of Things, from thermostats to refrigerators to manufacturing equipment to your kid's dolls.
Pervasive connected devices mean we REALLY can't afford shitty internet policy
Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.
Click Here... describes a world where all the bad policy decisions of PCs and laptops and phones are starting to redound onto embedded systems in voting machines and pacemakers and cars and nuclear reactors. He calls this internet-plus-IoT system the "Internet+" and the case he makes for its importance is by turns inspiring and devastating.
That's because Schneier, more than the average policymaker or marketing blowhard, has a pretty good idea of what the actual benefits of these systems can be.
Big Brother is watching and scheming and up to no good—and, writes security technologist Schneier (Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, 2015), it looks like he's winning.
By way of an opening gambit, the author posits three scenarios in which hackers take over machines and computer systems, from printers to power plants, both to demonstrate their ability to do so and to show how the interdependence of the web can easily be put to work against us. In one of those scenarios, real-world to the core, Russian hackers came into a Ukrainian power plant through a malware backdoor, "then remotely took control of the center's computers and turned the power off." That's not just a threat to life, but it also erodes trust in social and economic systems, the basis for civil society. In another scenario, which gives the book its title, a "bio-printer" is hacked to "print a killer virus"—and does.
Click Here to Kill Everybody: Security and Survival in a Hyper-connected World Bruce Schneier W. W. Norton (2018)
Hardly a day now passes without reports of a massive breach of computer security and the theft or compromise of confidential data. That digital nightmare is about to get much worse, asserts security technologist Bruce Schneier in Click Here to Kill Everybody, his critique of government inertia on Internet security.
The burgeoning threat, writes Schneier, arises from the rapid expansion of online connectivity to billions of unsecured nodes.
The early architects of the internet did not want it to kill anybody. In cyber security expert Bruce Schneier's new book, David Clark, a professor at the Massachusetts Institute of Technology, recalls their philosophy: "It is not that we didn't think about security. We knew that there were untrustworthy people out there, and we thought we could exclude them".
Schneier describes how the internet, developed as a gated community, is now a battleground where these untrustworthy people cause great harm: harnessing computers to kill by crashing cars, disabling power plants and perhaps, soon enough, using bioprinters to cause epidemics.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.