Tuesday, August 2, 2016

Glass Houses

Glass Houses: Privacy, Secrecy, and Cyber Insecurity in a Transparent World
© 2011, 2013 Joel Brenner
320 pages



Glass Houses, originally titled  America the Vulnerable, outlines some of the major ways that private citizens, corporations, and the government itself are exposed to attack through digital measures, and closes with measures to strengthen defenses. While not as sweeping as Future Crimes,  Brenner offers a different kind of insider perspective -- the NSA's.  Brenner was formally the head of counterintelligence, and thus his work primarily concerns itself with national security.  He argues that an ordinary citizen's desire for privacy, and the government's own need for secrecy, are essentially the same. (And what about a citizen's desire for privacy from the NSA?)

*chirp*

Brenner isn't nearly as fear-inducing as writers like Marc Goodman,  but his piece stands out because of his role within the government. While arguing for better data hygiene, he also criticizes the still-disjointed approach of D.C. to cybersecurity.  There are several 'cyber' organizations within the aegis of the government, but all of them have completely different priorities, and none of them truly cover civilian infrastructure that the government relies on. One of the early points Brenner makes is that not only is everyone utterly exposed  to digital threats --  hacking tools are cheap,   marketable, and encouraged by governments  in China and Russia --  but the boundaries between public and private are increasingly gone. Corporations are now under attack by national governments, and the United States relies more and more on private services  for essential functions.   Brenner likens the current division of cyberdefense --  one on military security, one on collecting information about foreign states and securing the information of the government --  to that which prevailed in the armed services before World War 2.  Then, the Army and Navy departments were separate, and rivals:  they are both contained within the Department of Defense and officers commonly serve tours in connection to other branches.

While Brenner doesn't argue for militarization of non-military departments, he does maintain that closer cooperation is vital. The president's cybersecurity 'czar' does nothing but ineffectually urge everyone to work together, a la Gladhands in West Side Story.  Brenner's specific policy recommendations don't involve creating a new Cyber Homeland Security department, though; instead, his measures are more subtle. He suggests that antitrust laws that discourage ISPs and cybersecurity firms from working  more closely together  be relaxed, and that the federal government use its buying power to insist on more security from the equipment and software it uses, dictating to the market a la Wal-Mart. Such a demand will filter through to the consumer market shortly enough.  He also echoes the advice of other books:  disconnecting the control networks of energy companies from the public Internet (Richard Clarke, Cyber War), and companies practicing deliberate and methodical digitial hygiene (various, incl. Swiped).  Companies whose networks contain vital information, for instance, should forbid the use of outside flashdrives, and issue instead encrypted drives which are collected and purged periodically.

Unless the current Dear Leader candidates have savvier advisors than themselves, the outlook of the United States' cybersecurity remains fairly grim.  Glass Houses is effective citizen awareness -- not technical, not long, and with quasi-fictional 'scenarios' to illustrate how a cyberattack might look, and how the mere threat of it might alter foreign policy -- that stands out especially  for the look into the American intelligence community.  It's unusual to read a book from the NSA's perspective,given their secrecy and recurring roles as uber-villain in  other books about data security, but aside from the unapologetically hostile attitude toward Julian Assange, there's nothing too partisan.  I appreciated Brenner's prudent recommendations, which are more about incentives and pressure and less about outright coercion.

Related:





No comments:

Post a Comment