{"id":19385,"date":"2016-09-22T09:00:50","date_gmt":"2016-09-22T16:00:50","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=19385"},"modified":"2020-04-21T14:25:11","modified_gmt":"2020-04-21T21:25:11","slug":"the-cybersecurity-canon-dark-territory-the-secret-history-of-cyber-war","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2016\/09\/the-cybersecurity-canon-dark-territory-the-secret-history-of-cyber-war\/","title":{"rendered":"The Cybersecurity Canon: Dark Territory: The Secret History of Cyber War"},"content":{"rendered":"<p><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/09\/PAN_CyberCanon2016_web_banner_500x85.jpg\"><div style=\"max-width:100%\" data-width=\"500\"><span class=\"ar-custom\" style=\"padding-bottom:17%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter size-large wp-image-18778 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/09\/PAN_CyberCanon2016_web_banner_500x85-500x85.jpg\" alt=\"pan_cybercanon2016_web_banner_500x85\" width=\"500\" height=\"85\" srcset=\"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/09\/PAN_CyberCanon2016_web_banner_500x85.jpg 500w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/09\/PAN_CyberCanon2016_web_banner_500x85-230x39.jpg 230w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/09\/PAN_CyberCanon2016_web_banner_500x85-235x40.jpg 235w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/span><\/div><\/a><\/p>\n<p><em>We modeled the Cybersecurity Canon after the Baseball or Rock &amp; Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that.\u00a0Please write a review and nominate your favorite.\u00a0<\/em><\/p>\n<p><em>The Cybersecurity Canon is a real thing for our community. We have designed it so that you can <\/em><a href=\"https:\/\/www.paloaltonetworks.com\/threat-research\/cybercanon\/nominate-a-book\" target=\"_blank\" rel=\"noopener noreferrer\"><em>directly participate in the process<\/em><\/a><em>. Please do so!<\/em><\/p>\n<p><strong>Book Review by\u00a0<\/strong><a href=\"https:\/\/www.paloaltonetworks.com\/threat-research\/cybercanon\/cyber-security-canon-bios.html\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Canon Committee Member, Robert Clark<\/strong><\/a>:\u00a0<em>Dark Territory: The Secret History of Cyber War<\/em> (2016)<em>\u00a0<\/em>by\u00a0Fred Kaplan<!--more--><\/p>\n<h3>Executive Summary<\/h3>\n<p>The author, Fred Kaplan, claims the idea for <em>Dark Territory: The Secret History of Cyber War<\/em> came up before Edward Snowden. His intent was to write a history of what has broadly come to be called \u201ccyber war.\u201d When I review material for the <a href=\"https:\/\/www.paloaltonetworks.com\/threat-research\/cybercanon.html\" target=\"_blank\" rel=\"noopener noreferrer\">Cybersecurity Canon<\/a>, I am always concerned with, did I understand it well enough? Is it too technical for me to review and fully understand? Should I consult other reviewers to get their take on the material? Ironically, I had to do the same for this book, which covered much of where I\u2019ve spent my cyber-operational law life. This time I had to ask, am I being too critical since I was in the fray?<\/p>\n<p>As Peter Singer points out, quoting Rudyard Kipling, \u201cIf history were taught in the form of stories, it would never be forgotten.\u201d <em>Dark Territory<\/em> takes this approach in trying to tell what it calls in its subtitle: <a href=\"http:\/\/www.nytimes.com\/2016\/03\/06\/books\/review\/dark-territory-the-secret-history-of-cyber-war-by-fred-kaplan.html?_r=0\" target=\"_blank\" rel=\"noopener noreferrer\">\u201cThe Secret History of Cyber War.\u201d<\/a> From this perspective, it is a good, light, entertaining read covering more the history of the U.S. government\u2019s efforts at developing cyberspace operation as opposed to the advertised peek into the \u201csecret history of cyber war.\u201d I concur with <a href=\"http:\/\/www.nytimes.com\/2016\/03\/06\/books\/review\/dark-territory-the-secret-history-of-cyber-war-by-fred-kaplan.html?_r=0\" rel=\"nofollow,noopener\" >Singer\u2019s conclusion that the book<\/a> \u201cpacks in a great deal of material, yet also not enough. It is a readable and informative history of policy formulation. But the overall darkness from which the book takes its title remains to be lifted.\u201d<\/p>\n<p>Cybersecurity Canon candidate books are supposed to be essential to the cybersecurity practitioner.\u00a0As a practitioner I don\u2019t think this is a \u201cmust read.\u201d If one wants to enjoy a light history lesson, then this is the book for that person. A more in-depth, albeit less-entertaining read would be, <em>Hacked World Order: How Nation\u2019s Fight, Trade, Maneuver and Manipulate in the Digital Age<\/em> by Adam Segal, which covers much of the same information. (Review to come shortly.)<\/p>\n<h3>About the People<\/h3>\n<p>Fred Kaplan is a Pulitzer Prize winning journalist and currently a columnist for <em>Slate<\/em>. To research and write this book, Kaplan interviewed more than 100 people who played a role in this story, many of them several times, with follow-ups in email messages and phone calls. They ranged from cabinet secretaries, generals and admirals (including six directors of the National Security Agency) to technical specialists in the hidden corridors of the security bureaucracy (not just the NSA), as well as officers, officials, aides and analysts at every echelon in between. All of these interviews were conducted in confidence; most of the sources agreed to talk to him only under those conditions, though it should be noted, he claims almost all of the book\u2019s facts come from at least two sources in positions purported to know.<\/p>\n<h3>Review<\/h3>\n<p>I like movies. Those of you that know me know I can be annoying by quoting movies and working pictures and quotes into my legal presentations. So when Kaplan begins his book with President Ronald Reagan settling in after a busy day in June 1983 and watching the recently released <em>WarGames<\/em>, starring Matthew Broderick as a tech-wiz teenager who unwittingly hacks into the main computer at NORAD, the North American Aerospace Defense Command, I\u2019m thinking I will definitely enjoy this book (particularly since I believe <em>WarGames<\/em> still holds a top spot in the hacker community!) Kaplan picks up this \u201chacking theme\u201d a few days later in the White House. The President was in a meeting with the Secretaries of State, Defense and Treasury, the Chairman of the Joint Chiefs of Staff and 16 senior members of Congress. They were there to discuss a new nuclear missile and the prospect of arms talks with the Russians. When Reagan began to give a detailed account of the plot of <em>WarGames<\/em>, eyes rolled, but the President asked John Vessey, Chairman of the Joint Chiefs, \u201cCould something like this really happen?\u201d One week later, General Vessey returned with a startling answer, \u201cMr. President, the problem is much worse than you think.\u201d<\/p>\n<p>Thus begins Kaplan\u2019s historical look at the U.S. developing its policies and organizations on information operations, computer network operations, information assurance, computer network defense, computer network exploitation, computer network attack, information warfare, cyberspace operations\u2014oh well, you get the idea, a lot of Washington, D.C. terms and acronyms.<\/p>\n<p>Subsequent to this beginning chapter, \u201cCould Something Like This Really Happen,\u201d Kaplan hits me with another movie quote from <em>Sneakers<\/em>: \u201cIt\u2019s All About the Information,\u201d one I constantly quote; then, as mentioned above, he dives into entertaining stories highlighting some of the government\u2019s biggest computer intrusions, including Solar Sunrise, Moonlight Maze and Buckshot Yankee. Kaplan\u2019s stories on these are entertaining, capturing the players and their personalities.<\/p>\n<p>But this is what makes it a good, light, fast read as opposed to a must read. While it\u2019s nice that he conducted hundreds of interviews with people from various levels, the research is light. It\u2019s no Zetter\u2019s work on \u201cZero Day\u201d or Sanger\u2019s work in \u201cConfront and Conceal,\u201d both of which shed much more light on this subject then Kaplan\u2019s <em>Dark Territory<\/em>. Moreover, there are errors in his work, and I admit I\u2019m nitpicking, but one that always jumps out at me is when authors state, \u201cDHS is responsible for securing the government.\u201d DHS is not responsible to secure any domain except DHS\u2019 information systems; each department and agency is responsible for its own domain, subject to oversight and regulations from OMB and DHS. (By the way, <em>Hacked World Order<\/em> also gets this wrong.) So aside from some mistakes and me nitpicking, the research is light, particularly when compared to the works mentioned above.<\/p>\n<h3>Conclusion<\/h3>\n<p>In conclusion, if you want a light-hearted look at the history of U.S cyber intrusions and the resulting polices and organizations that were developed as a result, <em>Dark Territory: The Secret History of Cyber War<\/em> is the book for you. You will know more about this subject after reading it, especially if you cannot currently decipher JTF-CND, JTF-CNO, JTF-GNO or JFCC-NW. Is it Canon-worthy? I think it makes the cut for the Canon list; just don\u2019t look for it to become a \u201chall of fame\u201d addition.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We modeled the Cybersecurity Canon after the Baseball or Rock &amp; Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting &hellip;<\/p>\n","protected":false},"author":40,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[155,4521],"tags":[251,2654,2651],"coauthors":[1286],"class_list":["post-19385","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-2","category-canon","tag-cybersecurity-canon","tag-dark-territory","tag-fred-kaplan"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/19385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=19385"}],"version-history":[{"count":4,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/19385\/revisions"}],"predecessor-version":[{"id":109903,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/19385\/revisions\/109903"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=19385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=19385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=19385"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=19385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}