Cybersecurity Ignorance Is Dangerous

In one of the biggest tech book launches of 2021, Nicole Perlroth, a cybersecurity reporter at the New York Times, published This Is How They Tell Me The World Ends to cheers from the general public, plaudits from fellow journalists, and a notable wave of criticism from many in the cybersecurity community.

Perlroth's book about the global market in cyberweapons is a riveting read that mixes profound truth on policy with occasional factual errors, and it ultimately achieves its goal of scaring the shit out of anyone who doesn't know much about the topic. But the book might also be read by people who have to act on cybersecurity policy and are unfortunately trusting Perlroth to explain the technical details accurately.

The book fails on that count, and the risk is that policymakers either won't implement the sensible policies she recommends, or that they'll so misunderstand and fear the technology described that they'll overreact and make ill-informed and potentially dangerous policy choices.

In a string of interviews with known and shadowy figures largely from the U.S. cybersecurity journalism and military community, with some credible information security technologists mixed in, Perlroth's book describes the global market for what are known as zero-day vulnerabilities—undisclosed software bugs that can be exploited for access.

She situates cyberespionage as the natural successor to classical espionage. Nearly a third of the book is dedicated to the history of the Cold War and Soviet espionage, truly prescient for a book being released right after the SolarWinds listening operation, a U.S. government data breach in which Russian hackers are suspected. Perlroth's story of Project Gunman, the 1984 counterespionage operation to find how the Soviets had breached U.S. encryption, is riveting....