{"id":105207,"date":"2020-02-03T06:00:43","date_gmt":"2020-02-03T14:00:43","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=105207"},"modified":"2020-04-21T14:15:55","modified_gmt":"2020-04-21T21:15:55","slug":"cyber-canon-fifth-domain","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2020\/02\/cyber-canon-fifth-domain\/","title":{"rendered":"Book Review: \u201cThe Fifth Domain\""},"content":{"rendered":"<p><strong>Cyber Canon Book Review: <\/strong>\u201cThe Fifth Domain - Defending our country, our companies, and ourselves in the age of cyber threats\u201d by Richard A. Clarke and Robert K. Knake (published July 16,\u00a0 2019)<\/p>\n<p><strong>Book Reviewed by: <\/strong><span style=\"font-weight: 400;\">Helen Patton, Chief Information Security Officer, The Ohio State University; Fred Streefland, CSO NEUR and EEUR, Palo Alto Networks; John Davis, VP and CSO (Federal), Palo Alto Networks.<\/span><\/p>\n<p><b>Bottom Line: <\/b><em>We<\/em><i>\u00a0recommend this book for the Cybersecurity Canon Hall of Fame.<\/i><\/p>\n<p><b>Review:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">We truly believe that \u201cThe Fifth Domain\u201d is a \u201cmust read\u201d for not only every cybersecurity professional \u2013 in both the public and private sectors \u2013 but also for every global citizen who has an interest in what\u2019s happening in the digital age.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The book, which officially published on July 16, 2019, is written by Richard A. Clarke and Robert K. Knake, two very experienced, leading experts on security, cyberspace and terrorism. They clearly show their experience throughout the book and combine the facts with their honest opinions. They give us clear insight, using easy-to-understand language, about the enormous challenges we all face from cyber threats.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cThe Fifth Domain\u201d describes the roles and responsibilities that governments, industry and citizens should have and why these roles are the most practical and effective way of improving the increasingly dangerous situation we face today. Throughout the book, the authors reiterate that we need to shift the balance of power from the attacker to the defender, to enable our institutions to be resilient in the face of changing attack patterns.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is exactly why this book is unique and great to read. It provides the reader with knowledge of and insights into today\u2019s cyberworld. The book is very current and invites the reader to think constantly about how to make improvements within cyberspace.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The book provides an overview of the developments within cyberspace (or the \u201cfifth domain,\u201d as it is identified by the U.S. government), and describes what has happened in the past with attacks like Stuxnet and Wannacry. The authors note that, while cyber may be the \u201cfifth domain\u201d of war, it is the only domain that is man-made, and therefore we are capable of changing it. They also detail cyber events and actors that are not always well-known, which is another reason why every cybersecurity professional should read this book.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Some of our favorite parts of the book involve the important role that responsible cyber threat intelligence sharing at speed and scale plays in the concept of collective defense (including an explanation of the innovative work of industry\u2019s Cyber Threat Alliance). The authors also highlight rapid recovery from and resilience to cyberattacks through an integrated and agile \u201cDevSecOps\u201d model.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The writers show their knowledge about the details of the most impactful cyberattacks in the past and explain why things went wrong (if they went wrong) and how these mistakes could have been prevented, or which lessons learned could be identified and learned. They describe the reactions from the U.S. administration to those events, while sharing their own opinions on what could have been worse, different or better. Of particular interest is a section on why certain types of attacks could happen again and how to mitigate these risks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cThe Fifth Domain\u201d opens with stories of\u00a0 impactful events and builds up the narrative and implications, describing what corporations are and should be doing, followed by what the government should and should not do. It concludes with predictions for the near future of cyberspace.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Clarke served in the U.S. Government for 30 years, including as White House counterterrorism coordinator under Presidents Bill Clinton and George W. Bush and became the first White House official placed in charge of U.S. cybersecurity policy. He is the author of eight books (four of which are non-fiction and four novels). Knake served from 2011 to 2015 in the Obama White House as director of cybersecurity policy at the National Security Council. He is a senior fellow at the Council on Foreign Relations, a senior research scientist at Northeastern University in Boston and an advisor to start-ups, investment firms and Fortune 500 companies.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The writers provide advice and suggestions on how they would have handled these challenges and how both corporations and governments can improve. Both writers are realistic enough to know that many of these improvements probably won\u2019t happen. They discuss these issues without injecting any political bias. Both writers also comment on the actions taken by corporations and don\u2019t \u201cspare\u201d them with their critiques.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In looking to the near future, the book contains a very good description of where we are heading with some very powerful technologies, including software-based advanced analytics like machine learning (ML) and artificial intelligence (AI), quantum capabilities, 5G, and the Internet of Things (IoT) with its connection to internal control systems (ICS) and supervisory control and data acquisition (SCADA) systems. Clarke and Knake describe current and expected developments within these areas and predict how these elements will change cyberspace, both from a defender\u2019s and an attacker\u2019s perspective. When the authors move on to consider future technologies, they provide practitioners ways of thinking about emerging technologies and emerging threats, including ideas that can be immediately applied. They are clear-eyed when talking about emerging technologies, noting where there is substance and where there is still just theory and hype. This pragmatic view will make it easier for cyber defenders to prioritize and incorporate the book\u2019s suggestions into current security programs.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Clarke and Knake conclude this outstanding book with some practical advice and a menu of best practices available to all digital citizens in order to better manage cyber risks and protect themselves from cyber threats. These recommendations include: advice about what\u2019s really important to protect; passwords and multi-factor authentication; identity management; what to do about your banks, stocks and credit cards; best practices for your device security settings; what you should back up and how to do it; and what you should do if you lose a device.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the final words of the authors: \u201cWe must continually adapt and improve capabilities for individual companies, governments and for the ecosystem as a whole. What\u2019s really needed is a shift in mindset. Governments have their roles, but the primary responsibility lies with the private sector. Securing our countries, our businesses and ourselves in cyberspace is far from hopeless. We have the strategy, we have the tools \u2013 now we need to do the hard work. What is missing is national consensus, will and priority setting.\u201d\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Do we need to say more? This is a MUST read book!<\/span><\/p>\n<p><i>We modeled the\u00a0<\/i><a href=\"https:\/\/cybercanon.paloaltonetworks.com\/\"><i>Cybersecurity Canon<\/i><\/a><i>\u00a0after the Baseball or Rock &amp; Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that.\u00a0Please write a review and nominate your favorite.\u00a0<\/i><\/p>\n<p><i>The Cybersecurity Canon is a real thing for our community. We have designed it so that you can\u00a0<\/i><a href=\"https:\/\/cybercanon.paloaltonetworks.com\/nominate-a-book\/\"><i>directly participate in the process<\/i><\/a><i>. Please do so!<\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cThe Fifth Domain\u201d is a \u201cmust read\u201d for not only every cybersecurity professional, but also every global citizen with an interest in the digital age.<\/p>\n","protected":false},"author":152,"featured_media":32398,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4521,6724],"tags":[251,4270],"coauthors":[1503,3633,6968],"class_list":["post-105207","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-canon","category-points-of-view","tag-cybersecurity-canon","tag-cybersecurity-canon-review"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/06\/cybersecuity-canon-blog-600x260.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/105207","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/152"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=105207"}],"version-history":[{"count":4,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/105207\/revisions"}],"predecessor-version":[{"id":105694,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/105207\/revisions\/105694"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/32398"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=105207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=105207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=105207"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=105207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}