Privacy & Individual Rights
Commerce, Security, & the Law
Net Culture, Art, & Literature
International Affairs & National Security
Ethics, Rhetoric, & Metaphysics
Science Fiction Other Resources
Other Book Review Sites
As the Cold War came to an end, and the world’s then two great powers realized that they no longer had to fight each other in the military arena, they suddenly had to accept that the new battleground would be the field of business. What makes a great power today is more its economic clout than its military might. While the old way of doing things depended greatly on espionage to obtain secrets from other nations, and be one step ahead, the new economic competition called for a similar type of espionage, but this time focused on obtaining business intelligence and trade secrets. Many of the old spies were put out to pasture, but new ones quickly filled their shoes, armed with new tools that allowed them to spy from the safety of non-descript office buildings anywhere in the world.
The world’s economic system revolves increasingly around information. And, to transport this information from one point to another, the Internet is the ideal conduit. “However,” say the authors, “high-technology also makes the information- and technology-based nations and businesses more vulnerable.” The authors present and discuss several scenarios showing how information can be stolen, and what the results may be. They even suggest such prank-like activities as a hacker stealing “sales and stock-dividend forecast files and replacing them with files estimating trip the sales and dividend”, and wonder what the SEC would say if this information were published. Alas, in a period dominated by examples of corporate greed and lying, this seems to be the least of any company’s worries; so many of them do just that.
This book claims to present and discuss how netspionage can threaten companies and nations, and how to protect against it. The authors see this book as a “virtual boot-camp”, providing basic training on net-enabled espionage. But most of this book is a series of commonplaces, describing basic security issues, all of which have been better presented in the many books on computer security published in the past few years. The information provided here has no added-value, and the authors limit themselves to the absolute fundamentals. The case studies presented in chapter 9 are even banal; they are all simple hacking exploits—copying source code (which they mistakenly say led to reverse-engineering; this is a process of “unbuilding” something, which is unnecessary when you have the source code for a program); intercepting e-mail messages; copying files from hacked networks; and making unauthorized bank transfers.
But these are banal exploits; they probably happen every day. And the authors’ coining of a new word, netspionage, to describe this, ends up meaning nothing more than hacking. Before reading this book, one may have the feeling, from reading its blurb, that it is dealing with a higher level of hacking, but this is not the case. The solutions offered for protecting information are little more than common-sense (though I will admit that many business executives do not even have this much common-sense concerning their information systems): they suggest such basic protection measures as classifying information, using ID badges, having vendors and employees sign NDAs (since when has that stopped information from leaking?), and using formal security policies and procedures. They do not mention one concrete measure for physically protecting a computer network: the word firewall does not appear in this book once. They do mention the need to use “secure faxes”, and, in the same paragraph, say, “As a minimum, strong-encryption products should be employed.” It seems that the authors are a bit confused; while secure telephones and faxes are based on encryption, they make it seem as though they are suggesting the encryption of the content of faxes, and everybody knows that is ludicrous, right?
One of the drawbacks to this book is that it reads like a collection of lectures that the authors merely pasted together. This can be seen in the sketchy information that is repeated often throughout the book, and the illustrations—clearly PowerPoint slides from their lectures, with the usual hokey graphics often seen in such presentations—that could have been touched up to look more professional. In addition, the writing is mediocre; it is on par with most corporate writing, but no better. Sure, the content is more important than the presentation, but for a book this expensive, the reader could expect a bit more effort from the authors and editors.
In summary, this is a poor book, one that deals with only introductory questions of security. It mentions almost nothing about protecting data or access to computer networks, and the authors, in spite of their experience—at least on paper—come off as tyros in this area. Is this book meant just as a teaser, to lead executives to purchase the authors’ more expensive consulting services? Perhaps. But they are doing an injustice, beating around the bush talking about banalities when the threat is real.
Kirk McElhearn (firstname.lastname@example.org) is a freelance writer and translator living in a village in the French Alps. You can find out all about him at his web site, http://www.mcelhearn.com.