{"id":104441,"date":"2019-12-20T06:00:26","date_gmt":"2019-12-20T14:00:26","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=104441"},"modified":"2020-04-21T14:16:50","modified_gmt":"2020-04-21T21:16:50","slug":"cyber-canon-threat-vector","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2019\/12\/cyber-canon-threat-vector\/","title":{"rendered":"Cybersecurity Canon Candidate Book Review: Threat Vector"},"content":{"rendered":"<p><b>Cyber Canon Book Review: <\/b>\"Threat Vector\" <span style=\"font-weight: 400;\">by Tom Clancy and Mark Greaney<\/span><\/p>\n<p><strong>Book Reviewed by:<\/strong>\u00a0Rick Howard<\/p>\n<p><b>Bottom line:<\/b><em> <span style=\"font-weight: 400;\">I don't recommend this book for the Cybersecurity Canon Hall of Fame, but it is an excellent novel that gets the cybersecurity details right.<\/span><\/em><\/p>\n<p><strong>Review:<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">I\u2019m a retired Army veteran who grew up reading Tom Clancy novels. Soldiers passed around \u201cThe Hunt for Red October\u201d and \u201cRed Storm Rising\u201d because they were thrilling adventures but also showed understanding of how the military works. They were pro-military and pro-service-to-the-nation. Clancy pretty much invented the techno-thriller genre, or at least put it on the map. As a soldier, it felt good to imagine yourself in a Tom Clancy world.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">He and his collaborators have gone on now to publish scores of these kinds of novels; too many to count. \u201cThreat Vector\u201d caught my eye because \u201ccyber\u201d plays a pivotal role in the story and they largely get the cyber right. Jack Ryan Jr. is the main character in the story and he\u2019s the son of Jack Ryan Sr., who\u2019s the President of the United States (in the previous Clancy books, Jack Ryan Senior was the main hero).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Many times, novelists wave their hands at cyber in a \"Deus ex machina\u201d kind of way to move the story along. For example, a bad guy breaks into the NSA by magically guessing the NSA\u2019s password, which is \u201cpassword.\u201d That is unlikely to happen. I call that the \u201cHarry Potter\u201d cyber. In this book, however, Clancy and Greaney paint realistic scenarios of how \u201ccyber\" might be used by government espionage entities to spy on each other and by the military in acts of war.\u00a0 Some examples include:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Honey Traps<\/b><span style=\"font-weight: 400;\">: This is not necessarily a cyber move, but is illustrative of what is possible if you travel to China. By law, Chinese commercial organizations must do what the state demands. This means that the state has installed surveillance equipment everywhere and, at the very least, Chinese officials closely watch foreigners who travel to the country. At the extreme end, foreigners could get caught in what is known as a \u201choney trap.\u201d In this book, a beautiful Chinese woman lures a married American to her room for sex. Chinese officials break into the hotel room and convince the American to work for them or they will tell his wife.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Malware Analysis<\/b><span style=\"font-weight: 400;\">: In the book, after the Chinese compromise the American with the honey trap, they get him to deliver compromised hard drives to Jack Ryan Jr.\u2019s undercover company front called \u201cThe Campus.\u201d The Campus CTO realizes that an intruder has penetrated his defenses and finds a piece of the malware responsible, so he reverse-engineers it. In other words, he determines what the code did and how it did it. This is exactly what security analysts do when they are researching <\/span><a href=\"https:\/\/www.cyberthreatalliance.org\/playbooks\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">Adversary Playbooks<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Back Door Installation<\/b><span style=\"font-weight: 400;\">: This is a common move by many intelligence agencies in the real world, including the U.S. and China. The idea is to secretly plant technology into common commercial tech, like routers, switches, computers, etc. If they are successful, the intelligence agency can easily use their \u201cback door\u201d to steal intellectual property or to destroy\/degrade operations. When you read headlines saying the U.S. is concerned about the Chinese company Huawei, a commercial producer of networking equipment, back doors are the concern. But the U.S. does it too. For example, according to David Sanger\u2019s book, \u201cThe Perfect Weapon,\u201d President George W. Bush authorized Operation Quantum, which was\u00a0 a multi-pronged cyber operation to \"<\/span><a href=\"https:\/\/www.goodreads.com\/book\/show\/36560496-the-perfect-weapon\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">bore deep into Huawei\u2019s hermetically sealed headquarters<\/span><\/a><span style=\"font-weight: 400;\"> in Shenzhen, crawl through the company\u2019s networks, understand its vulnerabilities, and tap the communications of its top executives.\u201d Sanger writes that they wanted to \u201cexploit Huawei\u2019s technology so that when the company sold equipment to other countries \u2013 including allies like South Korea and adversaries like Venezuela \u2013 the NSA could roam through those nations\u2019 networks.\u201d\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Phone Tracker<\/b><span style=\"font-weight: 400;\">: In the book, Jack Ryan Jr.\u2019s compromised girlfriend installs a software phone tracker onto his phone. This is the reason that co-workers hassle you when you walk away from your work computer without logging off. If bad guys have access to your system, they don\u2019t have to hack at all. So, Junior\u2019s girlfriend simply installed a program on Jack\u2019s phone that allowed the bad guys to track his movements \u2013 think FindMyPhone for cyber espionage purposes.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Social Engineering<\/b><span style=\"font-weight: 400;\">: In any spy story, social engineering plays an important role as part of the spy\u2019s tool kit. In the real world, cyber adversaries use a version of it to trick victims into doing things they shouldn\u2019t like click on a link or visit dodgy websites. This book is filled with examples from both the good guys and the bad guys of human-on-human social engineering.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">\"Threat Vector\" is typical spy-thriller stuff. China threatens to take control of Taiwan and the U.S. objects. For me though, the fun was riding along with how the authors think nation-states will use cyber in future conflicts. \u201cThreat Vector\u201d is not hall of fame material, but if you want a great beach read where the authors get the cyber right, this is a good one to take with you.<\/span><\/p>\n<p><i>We modeled the\u00a0<\/i><a href=\"https:\/\/cybercanon.paloaltonetworks.com\/\"><i>Cybersecurity Canon<\/i><\/a><i>\u00a0after the Baseball or Rock &amp; Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that.\u00a0Please write a review and nominate your favorite.\u00a0<\/i><\/p>\n<p><i>The Cybersecurity Canon is a real thing for our community. We have designed it so that you can\u00a0<\/i><a href=\"https:\/\/cybercanon.paloaltonetworks.com\/nominate-a-book\/\"><i>directly participate in the process<\/i><\/a><i>. Please do so!<\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cThreat Vector,\u201d by Tom Clancy and Mark Greaney, is not a hall of fame candidate, but it\u2019s an excellent novel that gets cybersecurity details right.<\/p>\n","protected":false},"author":43,"featured_media":32398,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4521,6724],"tags":[4270],"coauthors":[791],"class_list":["post-104441","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-canon","category-points-of-view","tag-cybersecurity-canon-review"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/06\/cybersecuity-canon-blog-600x260.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/104441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=104441"}],"version-history":[{"count":1,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/104441\/revisions"}],"predecessor-version":[{"id":104442,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/104441\/revisions\/104442"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/32398"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=104441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=104441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=104441"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=104441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}