Friday, August 14, 2015

Top Ten Books Policymakers Should Read on Cyber Security

I've been meeting with policymakers of all ages and levels of responsibility during the last few months. Frequently they ask "what can I read to better understand cyber security?" I decided to answer them collectively in this quick blog post.

By posting these, I am not endorsing everything they say (with the exception of the last book). On balance, however, I think they provide a great introduction to current topics in digital security.

  1. Cybersecurity and Cyberwar: What Everyone Needs to Know by Peter W. Singer and Allan Friedman
  2. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter
  3. @War: The Rise of the Military-Internet Complex by Shane Harris
  4. China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain by  Jon R. Lindsay, Tai Ming Cheung, and Derek S. Reveron
  5. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier
  6. Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door by Brian Krebs
  7. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman
  8. Chinese Industrial Espionage: Technology Acquisition and Military Modernisation by William C. Hannas, James Mulvenon, and Anna B. Puglisi 
  9. Cyber War Will Not Take Place by Thomas Rid
  10. The Practice of Network Security Monitoring: Understanding Incident Detection and Response by Richard Bejtlich (use code NSM101 to save 30%; I prefer the print copy!)



Anonymous said...

Some great books there - even #10 :). I will have to give the Lindsay/Cheung/Reveron book a look, as I had not heard of that one. I would also recommend "#CyberDoc No Borders - No Boundaries" by Sample/Swetnam for the national doctrine arena.

Anonymous said...

I fully get the scope of the question, but come on. I am surprised at no mention of Security Metrics or IT Security Metrics. Both are far more practical and useful than 9 of the books on this list. IMHO most of the books listed can and have been summarized in editorials and newspaper/magazine articles. Also, the majority of these books do little if anything to promote solutions and instead promote FUD. 1 & 10 are the only ones worth owning. Honestly, it reads as if it was designed for military brass /executive studies student who don't have clue and possess zero technical skills but want a job (not a career) in cyber. You can do better than this. If you really want to help these people tell them retire or go back to school and start over again at the beginning. Policymakers/Executives that don’t get cyber by now have no business being in leadership positions in the first place. Just reading a few books does not and cannot make someone proficient in cyber. You are doing them and everyone subordinate to them a disservice.

Richard Bejtlich said...

The last comment shows I try to publish differing opinions here, so long as they are not crude...

John Curry said...

I think it is a good list. Thanks for doing it.

Alessandro Mazzarisi said...

Thanks for the list