book

We Have Root

by Bruce Schneier

September 2019

Beginner

304 pages

8h 22m

English

Wiley

Read now

Unlock full access

Cyberconflicts and National SecurityCounterterrorism Mission CreepSyrian Electronic Army CyberattacksThe Limitations of IntelligenceComputer Network Exploitation vs. Computer Network AttackiPhone Encryption and the Return of the Crypto WarsAttack Attribution and Cyber ConflictMetal Detectors at Sports StadiumsThe Future of Ransomware
Hacking AirplanesReassessing Airport Security
Hacking Consumer DevicesSecurity Risks of Embedded SystemsSamsung Television Spies on ViewersVolkswagen and Cheating SoftwareDMCA and the Internet of ThingsReal-World Security and the Internet of ThingsLessons from the Dyn DDoS AttackRegulation of the Internet of ThingsSecurity and the Internet of ThingsBotnetsIoT Cybersecurity: What’s Plan B?
The NSA’s Cryptographic CapabilitiesiPhone Fingerprint AuthenticationThe Future of Incident ResponseDrone Self-Defense and the LawReplacing Judgment with AlgorithmsClass Breaks
Candidates Won’t Hesitate to Use Manipulative Advertising to Score VotesThe Security of Our Election SystemsElection SecurityHacking and the 2016 Presidential Election
Restoring Trust in Government and the InternetThe NSA Is Commandeering the InternetConspiracy Theories and the NSAHow to Remain Secure against the NSAAir GapsWhy the NSA’s Defense of Mass Data Collection Makes No SenseDefending Against Crypto BackdoorsA Fraying of the Public/Private Surveillance PartnershipSurveillance as a Business ModelFinding People’s Locations Based on Their Activities in CyberspaceSurveillance by AlgorithmMetadata = SurveillanceEveryone Wants You to Have Security, But Not from ThemWhy We EncryptAutomatic Face Recognition and SurveillanceThe Internet of Things that Talk about You behind Your BackSecurity vs. SurveillanceThe Value of EncryptionCongress Removes FCC Privacy Protections on Your Internet UsageInfrastructure Vulnerabilities Make Surveillance Easy
More on Feudal SecurityThe Public/Private Surveillance PartnershipShould Companies Do Most of Their Computing in the Cloud?Security Economics of the Internet of Things

Human-Machine Trust FailuresGovernment Secrecy and the Generation GapChoosing Secure PasswordsThe Human Side of HeartbleedThe Security of Data DeletionLiving in a Code Yellow WorldSecurity Design: Stop Trying to Fix the UserSecurity Orchestration and Incident Response
Government Secrets and the Need for WhistleblowersProtecting Against LeakersWhy the Government Should Help LeakersLessons from the Sony HackReacting to the Sony HackAttack Attribution in CyberspaceOrganizational DoxingThe Security Risks of Third-Party DataThe Rise of Political DoxingData Is a Toxic AssetCredential Stealing as an Attack VectorSomeone Is Learning How to Take Down the InternetWho Is Publishing NSA and CIA Secrets, and Why?Who Are the Shadow Brokers?On the Equifax Data Breach
Our Newfound Fear of RiskTake Back the InternetThe Battle for Power on the InternetHow the NSA Threatens National SecurityWho Should Store NSA Surveillance Data?Ephemeral AppsDisclosing vs. Hoarding VulnerabilitiesThe Limits of Police SubterfugeWhen Thinking Machines Break the LawThe Democratization of CyberattackUsing Law against TechnologyDecrypting an iPhone for the FBILawful Hacking and Continuing VulnerabilitiesThe NSA Is Hoarding VulnerabilitiesWannaCry and VulnerabilitiesNSA Document Outlining Russian Attempts to Hack Voter RollsWarrant Protections against Police Searches of Our Data
Chapter 1: Crime, Terrorism, Spying, and WarChapter 2: Travel and SecurityChapter 3: Internet of ThingsChapter 4: Security and TechnologyChapter 5: Elections and VotingChapter 6: Privacy and SurveillanceChapter 7: Business and Economics of SecurityChapter 8: Human Aspects of SecurityChapter 9: Leaking, Hacking, Doxing, and WhistleblowingChapter 10: Security, Policy, Liberty, and Law

Content preview from We Have Root

1Crime, Terrorism, Spying, and War

Cyberconflicts and National Security

Originally published in UN Chronicle, July 18, 2013

Whenever national cybersecurity policy is discussed, the same stories come up again and again. Whether the examples are called acts of cyberwar, cyberespionage, hacktivism, or cyberterrorism, they all affect national interest, and there is a corresponding call for some sort of national cyberdefense.

Unfortunately, it is very difficult to identify attackers and their motivations in cyberspace. As a result, nations are classifying all serious cyberattacks as cyberwar. This perturbs national policy and fuels a cyberwar arms race, resulting in more instability and less security for everyone. We need to dampen our cyberwar rhetoric, even as we adopt stronger law enforcement policies towards cybersecurity, and work to demilitarize cyberspace.

Let us consider three specific cases:

In Estonia, in 2007, during a period of political tensions between the Russian Federation and Estonia, there were a series of denial-of-service cyberattacks against many Estonian websites, including those run by the Estonian Parliament, government ministries, banks, newspapers and television stations. Though Russia was blamed for these attacks based on circumstantial evidence, the Russian Government never admitted its involvement. An ethnic Russian living in Tallinn, who was upset by Estonia’s actions and who had been acting alone, was convicted in an Estonian court for his part ...