![]() He and other pundits highlight the fact that this is not an either-or decision. As Bruce Schneier points out, this is a false argument: “The debate isn't security versus privacy. The Snowden case is just the last one in a series of privacy-versus-security trade-off debates that the United States and other countries have made in the past twenty years. If that is not the perfect summation of the fallout from the Edward Snowden investigation, I don’t know what is. The right sees computer security as necessary to protect national secrets my leftie friends worry about an invasion of their privacy.” As Stoll is wrapping up the book, he concludes, “After sliding down this Alice-in-Wonderland hole, I find the political left and right reconciled in their mutual dependency on computers. There’s also the second persistent problem. And as we’ve been discussing for months now here at Palo Alto Networks, what we’ve learned about what the government will share versus what data they will collect is going to continue to be a source of hand-wringing and also a catalyst for the increased use of techniques such as SSL/encryption. To be fair, the US government today is getting better at this information-sharing thing, but leaders are a long way from implementing a free-flowing information exchange. Stoll consistently ran into government bureaucracy: human-government vacuum cleaners who were eager to take any and all information that Stoll had in regard to his investigation but who were also unwilling to share anything that they knew in return. It is these interactions with the government that Stoll runs squarely into one of those persistent problems that we still have in the security community today, and one we still talk about at each and every cybersecurity conference I attend. How Stoll gets his head around those two philosophies is fun to read. In the book, he describes himself as a “mixed-bag of new-left, harmless non-ideology,” yet he routinely called, cajoled, and coordinated leaders and administrators in the NSA, the CIA, the FBI, and other government and military organizations-bastions of the near and far right. The interesting dichotomy at play in the book though is how Stoll deals with government authorities. As the story unfolds, the reader also gets a fascinating glimpse at how the Internet looked just before it exploded into the commercial, informational and cultural juggernaut that it has become today. The book documents Stoll’s journey as he tries to get help from the US and German governments to do something about this serious threat that nobody wants to own. By tracking down a miniscule computer-accounting error, Stoll unraveled an outsourced, Russian-sponsored, international cyber-espionage ring that leveraged the Berkeley computers to break into US military and government systems across the United States. Like Cary Grant and Jimmy Stewart before him, Stoll is minding his own business when he stumbles upon a bit of a mystery that, when it all plays out, is much larger than he is. Joe Average-Man - in this case, Stoll as a hippie-type systems administrator keeping the computers running at the Lawrence Berkeley National Laboratory just outside San Francisco - is in the right place at the wrong time. The story itself reads like an Alfred Hitchcock movie. But besides being a window back through time to the beginning of our modern Internet age, Stoll’s book highlights many of the security problems that still plague us today. He answered immediately and that forever made me a fan. Stoll a note explaining how much I enjoyed his book. Back in those days, authors put their email addresses in their books, and when I finished reading it, I sent Mr. It was my introduction to the security community and the idea that somebody had to protect these new-fangled gadgets called computers. Clifford Stoll published it in 1989, and the first time I read it, I devoured it over a weekend when I should have been writing my grad school thesis. It reads like a spy novel, and the main characters are quirky, smart, and delightful. And even if you are not a cybersecurity professional, you will still get a kick out of this book. Rereading it after 20 years, I was pleasantly surprised to learn how pertinent that story still is. More than 20 years after it was published, it still has something of value to say on persistent cybersecurity problems like information sharing, privacy versus security, cyber espionage and the intelligence dilemma. If you are a cybersecurity professional, you should have read this by now. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |