If you are a cybersecurity professional or interested in cybersecurity at all, you should be familiar with the Cybersecurity Canon. What is a canon? There are lots of definitions, but the one that applies here is “a sanctioned or accepted group or body of related works.” With this definition in mind, the stated goal of the Cybersecurity Canon is:
“To identify a list of must-read books for all cybersecurity practitioners—be they from industry, government or academia—where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”
I am a proud member of the Cybersecurity Canon committee and recently nominated a book that is well worthy of inclusion: Crypto: How the Code Rebels Beat the Government — Saving Privacy in the Digital Age (2001) by Steven Levy.
OK, I know what you are thinking—2001 is ancient history in terms of technology and cybersecurity, so why would I nominate a book this old? Well, some cybersecurity issues stand the test of time, and this book covers one such topic—data privacy.
+ Also on Network World: Take these security books with you on vacation +
Crypto spans a timeframe from the 1970s through the 1990s when these issues gained broad public visibility. In the late 1970s, Whit Diffie and Marty Hellman came up with a theory that two people with no prior knowledge of each other could establish a confidential communications channel by splitting mathematically related cryptographic keys to encrypt data. Soon afterward, Ron Rivest, Adi Shamir and Len Adleman (RSA) turned the Diffie-Hellman theoretical model into reality by developing the RSA algorithm for asymmetric cryptography.
These events are the well worth understanding because they act as the very foundation of technologies like SSL/TLS that make ecommerce possible. But this book is more than a textbook explaining geeky data privacy technologies such as PKI. It also explores the human side of data privacy by following the persistent, idiosyncratic and brilliant characters that created and commercialized the technology—people like Diffie, Phil Zimmermann (creator of PGP) and Jim Bidzos (former CEO and chief evangelist at RSA).
Balancing data privacy with national security
In addition to the technology, Crypto also digs into the constant battle that has ensued, namely the balance between data privacy and national security and surveillance. Cybersecurity professionals and policy makers should understand that this dichotomy began long before the recent Apple vs. DOJ episode.
Way back in the 1970s, the NSA silenced IBM in exchange for technical help with its early encryption algorithms. Believe it or not, encryption technology was once classified as an armament, so American software companies such as Lotus and Microsoft were not allowed to export any crypto. When privacy advocates pushed back, the NSA and the Clinton administration offered a compromise called the Clipper Chip, whereby government agencies would escrow encryption keys and thus have access to cleartext messages for law enforcement and intelligence purposes. This became an extremely contentious and public debate from 1992 through 1996. Data privacy advocates won this battle, giving us secure communications on one hand while impeding law enforcement and intelligence investigations on the other.
Yes, this book is now 25 years old, but I believe cybersecurity professionals should understand the roots of data privacy technologies and the issues surrounding data privacy that still reverberate today. Besides, Crypto is well written and very entertaining—not quite a beach book for the masses, but certainly one for nerds like me.
Here’s a link to my full book review on the Cybersecurity Canon page. In my humble opinion, Crypto is a great book that deserves to be inducted into the Cybersecurity Canon in 2016.