y fSummary
The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats by Richard A. Clarke and Robert K. Knacke is a follow up to their 2010 novel Cyber War: The Next Threat to National Security and What to Do about It.
This novel discusses the history, workings, and risks of cybersecurity related technologies and problems faced in 2019, many of which are still in the fore-front in 2021. Each chapter covers a cybersecurity event, policy, or technology generally painting a history starting with the Petya randsomware attack of late 2016 and ending in quantum computing announcements of late 2019. The perspective is from government cyber security policy makers with a technical background.
Topics discussed are:
- Petya, NotPetya, StuxNet, and Wannacry attacks
- Cloud Computing / AWS GovCloud
- Spectre/Meltdown and Venom attacks
- Separation of internet and state
- Hack back
- Efficacy of US cyber regulations in both private and public sectors
- AI and machine learning
- Quantum computing
- 5G / IoT
- ICS / SCADA
- Personal cyber security
My Reaction
This novel is a great problems facing modern (as of 2021) cybersecurity professionals. It does a good job of briefly describing recent attacks & emerging concerns while also explaining why these events were so important. I personally struggled through the beginning chapters because it was a rehash of content covered in many other novels, but I did gather some insights.
This novel is laid out very well and doesn’t fall victim to many of the issues of other cybersecurity novels. It gives a “so what” about events, makes recommendations about what can be done to fix problems, and doesn’t ignore the wide breadth of concerns cybersecurity professionals current have to contend with. It uses language that is slightly more technical that most but feels approachable for non-technical readers.
I found the insights about how organizations need dozens of security software suites but no company is making a useful all-in-one suite very topical and is a personal frustration. I was hoping the authors would suggest a solution to this, but they did not.
The authors are very wary about letting government having a role in cybersecurity for private organizations. They outline the dangers of a government run cyber defense screen, encryption backdoors, and “clipper chips” very well. However, the authors also paint a picture that cyber defenders are starting to gain an advantage over attackers which I personally disagree with. It is true that networks who properly implement a full system security plan are much safer than they use to be, attackers continue to develop novel attacks, social engineering methods, and zero-days that get around even the best plan.
Recommendation
I recommend this book as essential reading for all information technology professionals and hobbyists. If you only want to read one book on cybersecurity, this might be the right one to choose. I especially recommend that cyber policy makers read this to understand current and emerging threats as well as solid recommendations for defending against them.