Black Ice: The Invisible Threat of Cyber-Terrorism

Undoubtfully, the book is written by a journalist, thus it sometimes feels sensationalistic, "newspaperish" and fluffy. Some things (such as the "doomsday" scenario from chapter 1 and "al-Qaeda certified hackers") are "lighter" than others, but all are well-written and fun to read. At times, it feels that the author seeks to replace proving things by quoting many potentially unreliable sources talking about the thing. Thus "such and such ex-government guy said cyberterrorism is real" subtly mutates into "cyberterrorism is real!" Similarly, if a PC was discovered in some hideout or it becomes known that terrorists surfed the web, suddenly the specter of cyber-terror rises high, although the facts themselves can be interpreted in a less ominous manner.

Another subject covered extensively in the book is whether al-Qaeda is really going in the direction of cyberterror. I find the case built by the author somewhat convincing, but not completely compelling. However, if truck bombs against data storage facilities and IT infrastructure as well as EMP weapons are added to the fray (as suggested in the book), suddenly cyberattacks are not about hacking anymore and the damage potential rises dramatically.

As for the conclusion, one of the main points I realized after reading the book is that everything is modern society is so a) interdependent and b) dependent upon computers that a push applied in a certain place from within the "cyber-world" does stand a chance of wrecking something in a "real world". Thus, while cyberterrorism might remain a myth, possibilities of doing damage to physical infrastructure by purely virtual actions will grow and multiply - a scary thought indeed.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

Rating:
Summary: It sounds like a Tom Clancy novel, yet it is real
Review: Dan has an amazing gift as a journalist and also to explain technical material in an approachable manner. I've read or been briefed on a lot of this material at one time or another, but to have it in one place, well laid out, with example after example, really helped me focus on just how vulnerable our country and my organization is. The "shock" value of this material is high, but he took no shortcuts in making his case. Buy the book, read the book, then grab your organization's disaster recovery and business continuity plans and get out your red pen. I promise you will be inspired to improve those plans.

If I had a criticism of the book it would be the ending, it is a bit too much gloom and doom. So, I propose the following alternate ending:

Each of us has the ability and the responsibility to make our environment a bit more resistant to attack. The actions we can take range from reviewing our web pages to make sure we are not giving too much information away to simply running Windows update. Don't let a week go by without doing something, anything, to strengthen your defenses.

Rating:
Summary: Insightful Look at the State of Infrastructure Security
Review: Dan Verton, journalist and author of The Hacker Diaries: Confessions of Teenage Hackers, has written a very enlightening book in Black Ice: The Invisible Threat of Cyber-Terrorism.

The book begins with a fictitious attack that is multi-faceted and very well orchestrated. While it is somewhat sensationalist or alarmist, the point of the story is to show what is possible- not probable. Verton illustrates how cyber-attacks against key communications and critical infrastructure sites can be used in conjunction with conventional attacks to maximize the ensuing damage and confusion.

After capturing your attention with the story of what could be, Verton goes on to describe various government and private sector studies and disaster-preparedness exercises that have proven time and time again what a fragile state the infrastructure is in and how the domino effect of one area can cascade to take out entire regions.

One of the main points of the book is to show how the critical infrastructure is inter-dependent. If a main gas pipeline is destroyed, electrical power plants lose their source of energy. Once the electricity is shut down the telephone, cell phone, Internet and many other industries will shut down. Water treatment facilities will not be able to function. The list goes on and on.

This is an enlightening book that everyone should read. It is important for the powers that be to understand this domino effect and take steps to protect against cyber-terrorism of this sort.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).

Rating:
Summary: Media Hype - Cashing In
Review: Full of hype, lack of research and poor writing. His chapter on wireless security for example has many technical errors. He makes a note that wireless SSIDs are password which is not true. SSID were never designed to be passwords and have no security value whatsoever. I can only imagine that other claims in the book are also poorly researched.

Anyone who witnessed 9/11 knows that its success was attributed to the shear physical and human desctruction and the impact the video of the imploding towers played again and again on tv. I find it hard to believe that the country would be be as terrified if we couldn't access our ATM account. I'll buy the arguement that terrorists could use information warefare to enhance an attack but given limited resources, I'd rather have the money spent on where the real risks lie.

Rating:
Summary: Hype or Fact.
Review: I found Black Ice to provide a broader veiw of a problem I have seen for the past two years. I monitor intrusion detections databases, and have seen the growing number of probes, worms and virusus that open back doors to our computers. I can verify that many of the threats are real. The information on Al Qaeda training was new to me but credable. No this does not give a lot of technical detail. If you want that look for books like SQL Server security by Chip Andrews, David Litchfield, and Bill Grindlay, or set up a snort box and capture packets coming to your DSL or cable modem. What this book does is raise the awareness of readers to a hidden threat that is right under our nose.

Rating:
Summary: A Major Contribution to Homeland Security Scholarship
Review: I've read this book cover to cover and I can honestly say that it was worth every penny. Based on some of the reviews I've seen on Amazon, however, it is clear that Verton is the target of either jealous competitors or people with a political axe to grind and who, having lost the debate, have retreated to the politics of personal destruction.

Verton's writing is crisp and clear. The book is intriguing and fun to read. And his research is very well done and exhaustive. Although the fictional scenarios are a little exaggerated, I took them for what they are -- examples of what could be done, not necessarily what will happen. They are an awareness tool, in my opinion, not a factual prediction of what is to come.

What really makes this book strong is the dozens of interviews with high-level officials, all of whom have been or are now directly involved in national security and cyber security. He also digs up some very serious security threats that few people give him credit for. Verton also draws upon his many years as a journalist covering these issues. That was very useful, to have pointers to all of his reporting in one place. No, he doesn't "quote himself" as one reviewer suggests here. He simply provides references to what other experts have said during previous interviews he conducted over the years.

I agree with the top experts who have endorsed this book. It is one of the best descriptions of the cyber-terrorist threat ever published. And it is written by one of the best. Don't pay attention to the reviewers here who have an axe to grind. They are simply bashing good, hard work with outright lies and distortions.

Rating:
Summary: Packed with revealing interviews and commentary
Review: In Black Ice: The Invisible Threat Of Cyber-Terrorism by Dan Verton investigates how cyber-terrorism could occur, what the global and financial implications are, the impact this has on privacy and civil liberties, and why disrupting the cyber infrastructure of the U.S. is of interest to international terrorist organizations, such as al-Qaeda. Black Ice is packed with revealing interviews and commentary from leading government authorities on national security, including Tom Ridge, James Gilmore, Richard Clarke, CIA and NSA intelligence officials - and even supporters of the al-Qaeda terrorist network.