In spite of the volume and sophistication of recent cyber-attacks, there are still plenty of folks who scoff at the notion of “cyberwar.” It is not unusual for military types to assume the role of doubting Thomas by dismissing cyber-attacks as “weapons of mass disruption.” They go on sarcastic quips saying that a brief blackout or ATM network outage doesn’t really qualify as a national security event.
Having spent the last dozen years of my life in the cybersecurity domain, I vehemently disagree with this minimalist notion but it is truly difficult to describe what might happen. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke does a good job of painting a picture of a cyber-attack on critical infrastructure in his 2010 book Cyberwar, but his account is only a few pages long. Daniel Suarez tells a gripping story in Daemon and Freedom, but this is more of a science fiction thriller than a more likely view of reality.
This week, I completed another book, Matthew Mather’s 2013 book, Cyberstorm, and I now have a much deeper and emotional understanding of what a real cyber-attack on critical infrastructure might look like.
The book follows the progression of a cyber-attack on the United States through the eyes of a New York City resident, Michael Mitchell, and his friends and family living in an apartment building in Chelsea (Manhattan). What starts as “mass disruption” continually degrades into a scary (and sometimes hard to read) description of human survival. Somewhere between the Matthew Broderick film War Games and the dystopian Golding novel, Lord of the Flies. As such, the book is entertaining, informative, educational, and very frightening.
To be clear, Cyberstorm is not a description of software vulnerabilities, hacker culture, or Stuxnet-like malware. I can recommend plenty of other books that fit this genre. Rather, this book chronicles the slow and steady destruction of society as told in a firsthand and personal account that any urbanite, business person or parent can empathize with. While this is a story about people rather than strictly technology, Mather does weave technology into the story in a number of creative ways throughout the book. And just when the story seems to reach the limits of credulity, Mather does a great job of tying everything together and explaining what happened and why. To do so, he brings the right elements of cybersecurity, geopolitical issues, and critical infrastructure.
Palo Alto Networks’ CTO Rick Howard believes that one can gain a great deal of infosec knowledge by reading fiction and non-fiction on the subject. In fact, Rick has created a cybersecurity canon, which he describes as, “a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in a cybersecurity professional’s education.” I plan to reach out to Rick and suggest that he add Cyberstorm to his list. Mather’s book shatters the myth of cyber-attacks as “weapons of mass disruption” through a well written and heartfelt tale of what could really happen.