My friend Sal has written a book! I was lucky enough to get early access to it.
Code, Chips and Control is an in depth look at cyber security. And I do mean in depth - this literally starts at the silicon wafer level! It isn’t just about the trivial logic bugs which so often get exploited; this goes into the geopolitics of supply chains, the physics of satellite hackings, and the history of the way legal systems have developed with respect to computer security.
It is a little unforgiving - there are a lot of obscure acronyms to keep in your head and it dives straight in to the problems with se…
My friend Sal has written a book! I was lucky enough to get early access to it.
Code, Chips and Control is an in depth look at cyber security. And I do mean in depth - this literally starts at the silicon wafer level! It isn’t just about the trivial logic bugs which so often get exploited; this goes into the geopolitics of supply chains, the physics of satellite hackings, and the history of the way legal systems have developed with respect to computer security.
It is a little unforgiving - there are a lot of obscure acronyms to keep in your head and it dives straight in to the problems with semiconductors. This isn’t a book for casual script-kiddies.
That said, Sal has an evocative turn of phrase when describing complex interactions:
To think about this, let’s bring out three chess boards onto a table in our minds. There is a single, invisible player - the adversary - on on side of that board. On the other side of the table there is a lot more commotion.
Governments huddle over one board. Security researchers cluster around another with disclosures, deadlines. Vendors and corporations share a third. The boards share the same table, the same global digital surface, their moves have always have lateral effects.
A public disclosure sacrificed on the researcher’s board becomes a backdoor that that advances a government’s checkmate. A patch delayed on the vendor’s board opens a flank for an adversary’s quiet advance. Disclosure is not a single match between attacker and defender. It is three simultaneous games being played out of sync.
She’s (rightly) scathing about some of the corporate responses that we see to the security challenges of today:
In the modern enterprise, paperwork can be more lethal than malware. The result is a paradox: organizations are better at proving they responded to vulnerabilities than actually responding to them.
There are a few phrases I might get stencilled onto a t-shirt:
Email is not a protocol. It is a confession that the systems cannot speak [to each other].
It’s rather hard to summarise but this is comprehensive survey of multiple aspects of computer security. You get a lot of breadth and a suitable amount of depth - if you can keep up with the pace.
Code, Chips and Control is available now on LeanPub.