Joel Brenner’s new book, America the Vulnerable – Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare (The Penguin Press, 2011), is another book of the genre of Richard Clarke’s several volumes of non-fiction, such as his most recent book, published with Robert Knake, Cyber War: The Next Threat to National Security and What to Do About It (Ecco, 2010) and a couple of novels, including Breakpoint (Putnam, 2007).
In these works, we get the real inside scoop about the frightening threats to, and vulnerability of, our critical agencies and sectors and about terrifying cyber events that have taken place within government. This is not the speculative hearsay often seen elsewhere. Among other influential positions, Brenner was senior counsel at the National Security Agency. So he really knows what was going on.
Brenner’s book describes the horrific state of affairs in the cyber world at great length and then prescribes, in a final chapter, a set of mitigation strategies. The recommended approaches depend on the responsiveness of government, collaboration between the public and private sectors, and the like, which are neither forthcoming in the current economic environment nor likely to gain much traction even in more prosperous times. In all such appeals for action, the problem is that those who get it don’t have the power to fix it; and those with the power don’t get it.
Unfortunately, those, such as Brenner, who raise issues regarding the Nation’s cyber vulnerability and the need to do something about it, are mild-mannered, well-meaning intellectual types, who are highly respected by those of us who care about protecting the U.S. against cyber attacks from within or from abroad. However, they generally have difficulty generating an appropriate level of concern, enthusiasm and action. The go-get-’em tough guys are mostly into kinetic attacks and responses and many of them seem to have little understanding of the cyber world. As described in my March 29, 2010 column “Cybergeddon … Ho Hum” (see … http://www.bloginfosec.com/2010/03/29/cybergeddon-%e2%80%a6-ho-hum/), I was particularly affected by Vice Admiral Michael McConnell’s testimony that nothing substantive will be done by the government until we experience a “catastrophic event.” This is not a happy situation,