Ebook Click Here to Kill Everybody Security and Survival in a Hyperconnected World Bruce Schneier Books

Product details Paperback 336 pages Publisher W. W. Norton & Company; 1 edition (October 8, 2019) Language English ISBN-10 0393357449

Click Here to Kill Everybody Security and Survival in a Hyperconnected World Bruce Schneier Books Reviews

• I'm a big fan of Bruce Schneier and follow his blog for many years. I bought this book immediately after its release and finished it in less than a week.
  
  Pluses
  - It is a very good review of what was happening in IT/Internet/IoT security field during the last few years, with all main events mentioned, everything is thoroughly source-referenced and explained (the Notes part takes one quarter on the book)
  - Even despite some dryness in delivery style, the factual part on the book is very interesting to read, the story catches you in a good sense
  - Information is (mostly) packed in high-density way, the book is pretty short (~200 pages) and to the point, while at the same time it can be easily read by non-professionals in the field.
  
  Minuses
  - The proposal/prediction parts look less focused comparing to the factual part and to the standard one may expect from the work of this caliber.
  - It is hard to say what exactly happened here, but it seems like the author either tried to squeeze as many conclusions as possible in limited amount of pages or he simply did not plan to analyse current IoT security trends that much at all. In too may places it goes like "Something is definitely going to happen, and it may be either A, B or C." Full stop. Huh? That's it? "The weather tomorrow is going to be nice. Or bad. Or it may be raining, but sunny and cloudy weather is also possible". Well, if you know nothing about the different weather phenomena, this is a lot of new and interesting information. If you read this to know what going on the weather front - sorry, but this information is useless.
  - (spoiler) The same applies to the chapters about government role in Internet security. Once again, author provides a lot of very precise facts on what happened in the past in the area, how government regulation in the security field came to be what they are now and what to expect in the nearest future and how all these will probably be unable to solve any existing challenges - very thoughtful analysis and based on solid factual evidence. So, what's the author's proposed solution - "Let's create new government agency". Not even "I think it's going to end up in creating new government agency", no, "To solve this, we need a new agency" Even though you just showed how exactly it will not work? I don't get this logic at all. And this is kind of culminating point of the book, if there is one. Very disappointing.
  
  Conclusion (tl;dr) - if you happen to be working in IT or IoT security field, you will probably get very little new information from this book, both the factual one and analysis. If you are somebody who are new to the field, you may find parts of the book interesting or even more like revelations.
  The conclusions part of the book is somewhat blurry, less focused and does not sound really convincing. Given the quality of the source material and knowing Mr. Schneier reputation, I was expecting more insights into what's going in the industry than this book has delivered.
• The title is a tad too clickbait-y (mine probably as well) but this is still the Bruce you admire and respect, with a clear message and scrupulous work. Long story short the book warns us of unrelenting expansion of Internet into physical world - the Internet of Things - not coupled with adequate security practices. We are dangerously close to a situation where hackers are able to cause real, tangible damage on massive scale. Bruce discusses how all of this came about, what dangers we are facing, and what we can collectively do to improve the course of things.
  
  By “improving”, I mean not only preventing cyber crime, but also protecting privacy and data generated from our actions in the Internet. In a tone set a few years ago in “Data and Goliath”, the author argues that security is weakened by Western governments’ propensity for mass surveillance, unlocked by Internet’s central role in our social lives and economic activities. What Snowden revealed, still holds true. Cryptography is painted by the officials as a tool of criminals. Proponents of privacy-strengthening techniques are labeled as “weak on terrorism”. Elite hackers are employed by governments to find vulnerabilities in systems and networks - not to fix them, but to enable surveillance, espionage and attacks.
  
  Another major factor is security being non-trivial to implement properly and not valued in the economy. Stakeholders prefer to have higher profits now, rather than spend on security which may - or may not - help in the future in case of a cyber attack. Security breaches are treated as PR issues, software companies are in vast majority avoiding any liabilities resulting from faulty programming. Most customers are not thinking of security features, making their purchases on the cheap. Production cycles are increasingly shorter, with little space for security testing. This short-term thinking leads to Internet connecting untold millions of devices which are exploitable.
  
  Bruce does not believe that market forces can nudge companies towards more secure products. From their perspective, being insecure brings almost no financial harm. Since we are in an equilibrium, where shoddy security is beneficial for most players (and consumers are largely indifferent), the only way out is to change the rules of the game. In other words, policymakers should step up and enforce higher security standards in software, similarly to what historically happened in the automobile, aircraft or pharmaceutical industries.
  
  The book is broad in scope - broader than “Data and Goliath” - and its purpose is to form a basis for discussion on the role of digital security in our lives (not only IoT, but the Internet in general). You can be certain that any article you read, concerning security, can be related to concepts pictured herein. It truly serves as “a lay of the land”.
  
  My main takeaway is the author’s notion that security is not a problem of technology. Solutions exist. The problem lies in the incentives of people and organizations - as is, in my opinion, with many issues troubling the world today - and correcting those requires concerted effort. We can do better!
• This is by far the best single resource I've found to date on IoT security--what the problems are, how we got to this point, what needs to be done, and why it matters. I've read more books, standards, guidelines, articles, and other text on this topic during the past year than I could remember, and this is the only one I've seen that pulls it all together into a cohesive narrative with the proper level of alarm and a realistic plan of action. I've worked in the security industry for 20 years, and I'm already recommending this book to my colleagues.
• The many commonsense ideas that Schneier shares and promoted in Click Here to Kill Everyone are pervading an incredible amount of the ideas and discussions I'm having with other people. It literally has been life-changing for me. I find myself making well-reasoned arguments that when I think about it can be sourced to this book. Everyone involved thinks I'm making some master statement and that I'm smart...and all I'm really doing is promoting what Schneier wrote. I find myself wanting to say, "Read Bruce Schneier's latest book...it's all in there!" And I do, when it's appropriate. I'm not talking about just between friends or on discussion blogs, but in real meetings by serious groups looking to better secure the Internet. Schneier has the plan for how to significantly improve computer security, from a policy and legislative side figured out. Click Here to Kill Everyone is the blueprint for making that happen.
• If you are following Bruce Schneier's blog etc., other blogs and keep yourself up to date then this book is not adding anything new. I didn't finish the book, stopped somewhere in the middle as I felt it is not adding anything new to my understanding. It is probably useful for people that have very little info sec experience.