Not So Fast (book review)

41+lBfFtyxL._SX329_BO1,204,203,200_.jpg

Not So Fast: Thinking Twice about Technology. By Doug Hill. Univ. of Georgia Press, Oct. 15, 2016, 240 pp.

In 2014, I had the good fortune of meeting Doug Hill in the flesh at the first IEEE Conference on Norbert Wiener in the 21st Century (http://21stcenturywiener.org/). It was one of the highlights of the conference for me. I was attracted to Doug because of his outward simplicity but at the same time deep inner profundity. It did not take long for us to get talking of our mutual interests. For instance, we've both been influenced greatly by the French philosopher, sociologist and lay theologian Jacques Ellul [1], popularly known for The Technological Society (1964) [2], [3]. Hill is an investigative journalist by training, an award winning writer [4], with a specialization on the philosophy of technology.

In Not So Fast, Hill wastes no time in getting his point across. Chapter 1 opens: “Let me begin by stating the obvious: We live in an era of technological enthusiasm.” In his book, Hill attempts the impossible and pulls it off. He hits us with the hard facts, one after the other. And we can either take his word for it, or refute him page after page, until we realize, that the evidence is overwhelmingly stacked against us. In effect, Hill tells us “where we are at” with all this techno-deluge, even if we don't wish to admit it. He makes a point of highlighting the technological utopianism we have begun to believe and dream about, only to bring us down crashing the very next moment with the startling realities.

“Lively, fast moving, always entertaining,’Not So Fas’ offers a grand overview of the extravagant hopes and dire warnings that accompany the arrival of powerful new technologies. Blending the key ideas of classic and contemporary thinkers, Doug Hill explores the aspirations of those who strive for the heavens of artifice and those who find the whole enterprise a fool’s errand. This is the most engaging, readable work on the great debates in technology criticism now available and a solid contribution to that crucial yet unsettling tradition.”

—Langdon Winner, author of Autonomous Technology: Technics-out-of-Control as a Theme in Political Thought; Professor, Rensselaer Polytechnic Institute

The book contains quotes from people we all look up to in the tech and business world, representing thousands of hours of research to craftily support the central thesis: “not so fast.” Hill proclaims in no uncertain words, that we have lost control over the very creations we have built to make life better for us. Somewhere along the way we have become emotionally attached to our technologies; rather than being extensions of us, it seems we have become extensions of them.

But for Hill. it's not all about the bling, and high-tech gadgetry. For Hill, it is more than being enslaved into a life of upgrades, although he does question the practices of Silicon Valley - the preoccupation of building the ultimate immortal man who can live forever through AI and some sort of fantastical Singularity [5], [6]. Hill doesn't just stop there. He looks for the underlying causes to why our climate has changed so detrimentally, the very processes that didn't begin with the introduction of smartphones or social media, but of events from hundreds of years ago. Indirectly, Hill entices the reader to scratch beneath the surface and think about the “how” and “why.”

In a somewhat prophetic voice, Hill arrives at the conclusion that if we are going to reverse things that we might as well begin now. What he's really talking about is the mystery of technology. Hill doesn't shun its value but he declares that we have to put it in its place, before it puts us in a place of no return. His is a voice of one crying in the wilderness, but he is not alone. The reader, no sooner reads a few more of Hill's chapters, and finds herself admitting what she's always known: “Technology doesn't always mean progress. In fact, sometimes it has some very ugly intended and unintended consequences.” In short, we gotta be alert and awake. But even more than that!

Hill digs deep and unravels the inherent qualities of technology, and proceeds to make us aware of the happenings around us [7]. Readers will be all the more enlightened to learn about some of Hill's conclusions, through practical examples in everyday life:

  1. The technological imperative. “Our entire way of life - the social fabric in which we live - is utterly, completely dependent on technology,” says Hill. “To free ourselves of that dependence would be so disruptive that economic and social chaos would result.”

  2. Technological momentum. “There's a simpler reason technologies become intractable: it's too hard to change them. We're stuck with the infrastructure we have,” Hill says. “For example, it's not easy to replace a city's sewer system from scratch.”

  3. Convergence and diffusion. “Technologies are communicable; they spread like viruses. They converge with other technologies and diffuse into unexpected areas,” says Hill. “Bronze casting methods first used to make church bells were soon used to make canons, for example. Today automation techniques - robots - are diffusing daily into ever-more industries and applications, from assembly of everything from cars and smartphones to the handling of banking transactions.”

  4. Speed. “Regulation is slow; technologies are fast,” says Hill. “So it is that governments are frequently unable to effectively control technological development. Hundreds of companies today are feverishly working to exploit the commercial potential of nanotechnology and synthetic biology, for example, despite the fact that no one is certain either technology is safe.”

 

“This is the technology criticism I’ve been waiting for - aware of the history of technology criticism and the history of changing attitudes toward technology, and at the same time attuned to contemporary developments. Not So Fast is readable, meticulously sourced, and, above all - nuanced. I recommend it for technology critics and enthusiasts alike.”

—Howard Rheingold, Internet pioneer and author of Tools for Thought, The Virtual Community, Smart Mobs, and “Net Smart”

In his conclusion, Hill isn't very optimistic about where we are at and he certainly doesn't give us any tangible or pragmatic ways to combat the predicament that society finds itself in. And yet, perhaps that has left the door open to a sequel, possibly about a resurgence in technology assessment, about the importance of resistance, and breaking with the belief that technology can do no evil.

Is the path we are on, really that irreversible? Are we headed down a road of inevitabilities, locked-in on auto-pilot? Or are there strategies we might be able to employ right now, as interlinked local communities that make up a collective global consciousness? We have the power, are we willing participants? How much do we care about the future to get involved?

Hill warns: “There's more to turning off machines than hitting a switch… We are deeply, intimately tied to our technologies, in all sorts of practical and emotional ways. To give them up would be literally life-threatening. That's why many experts believe our technologies have become'autonomous.’”

I give this book 5 stars not only because it is masterfully written - the reader feels like they have known Hill for years, a faint voice in the back of their head reaffirming truisms - but because it reveals socio-technical patterns and trends happening all round us. Hill also makes observations about things that others would at best say to leave alone.

“Doug Hill’s insights into technology are both original and profound. I’ve travelled in the highest reaches of the tech world for more than twenty years, and I still learned much from this book. He will be recognized as a leading thinker on technology and its impact on our world. In an industry that too seldom stops to think through the implications of the products we produce, his is a voice we need to hear.”

—Allen Noren, vice president of online, O’Reilly Media

It's time for those brave conversations, about technology in our homes and our schools, about technology in our industrial and military sectors, about what we should be pooling our resources into to ensure environmental sustainability, and about what should be better left alone. Whether hype or hope, we've embraced a pseudo-truth, that our human salvation will come from technology, abandoning myths 2000 years old.

And while Hill does not make reference to this specifically, I think we are unashamedly worshipping at the foot of technology, believing this will be our ultimate destiny, our chance to live forever on earth. And yet, our sensibilities should tell us that eternal life on earth, would be not unlike living in an endless loop, and as spiritual beings, get us nowhere. I return back to those fundamental human principles, are we bettering ourselves, our nature, because we are surrounded by so much technology, or are we just becoming less able to discern the good from the bad, the useful from the useless. And who or what is behind that wheel driving us to our destinies? It's time to get back in control.

Citation: Katina Michael, 2017, Book Review on Doug Hill's "Not So Fast", IEEE Technology and Society Magazine, 36(2), pp. 24-26.

Securing Cyber-Physical Critical Infrastructure (Book Review)

Handbook on Securing Cyber-Physical Critical Infrastructure: Foundations and Challenges

Das, Kant and Zhang have done a brilliant job editing Securing Cyber-Physical Critical Infrastructure, bringing together a who's who list of researchers and practitioners. Das is a University distinguished Scholar Professor of Computer Science and Engineering at the University of Texas Arlington with more than 500 published papers, three books and the editorship at Elsevier's Pervasive and Mobile Computing journal. Kant is a research professor at the Center for Secure Information Systems at George Mason University, Fairfax, VA. Kant comes equipped with many years of academic experience and industry exposure at Bell Labs, Telcordia and Intel, as well as government positions including at the National Science Foundation (NSF). Finally, Zhang, the third editor, was an assistant professor of Computer Science and Engineering at the University of Texas at Arlington from 2006 to 2008 and is currently researching databases and information security/privacy. Zhang received the prestigious NSF CAREER award in 2008.

This 800+ page handbook is divided into eight parts and contains thirty chapters, ideal for either an advanced undergraduate or graduate course in security. At the heart of this handbook is how we might go about managing both physical and cyber infrastructures, as they continue to become embedded and enmeshed, through advanced control systems, and new computing and communications paradigms.

Part I provides theoretical foundations in the area of control theory, game theory and epidemic theory as applied to cyber-physical infrastructure management. Part II focuses on security for wireless mobile networks. Robert Brammer who wrote the foreword of the handbook, emphasized the successes of the New York City Wireless Network (NYCWiN), motivated partly by the events of 9/11. NYCWiN became operational in 2009 and its cyber-physical systems architecture has addressed issues in the control of transport, public health, environmental quality and communications during critical emergencies. Part III covers security for sensor networks which are fast becoming integral for monitoring and controlling cyber-physical systems. These systems provide much of the feedback mechanism, forewarning or alerting to subsystems when things go wrong. As we increasingly become reliant on sensor networks, we need to ensure that they are as secure and reliable.

Parts IV and V position the importance of platform security, and address cloud computing and data security. The section on platform security includes chapters on traditional hardware and software vulnerabilities and presents solutions that could be employed to make it even more difficult for large-scale systems to be penetrated. The section on cloud computing makes sure to emphasize how systems are changing in terms of outsourcing to companies whose core competency is information technology infrastructure, platforms and services. The cloud, mobile devices, and online social networks are particularly creating opportunities for hackers toward data breaches, and this is discussed in detail.

Part VI and VII are on event monitoring and situation awareness, as well as policy issues in security management. These chapters provide approaches to systems monitoring, discovery and tracking patterns of interest in security data streams, discontinuous clustering, sequencing, geo-spatial temporal correlations and other event detections mechanisms. For those seeking examples of how such systems monitoring occur, there are equations, algorithms, proofs, process flows, physical infrastructure layout maps, pictorial evidence, graphs, tables, and example simulation outputs to spend hours and hours exploring further. Finally, policies, access control and formal analysis methods for overseeing security in cyber-physical critical infrastructure are also shown.

The biggest highlight for me personally was the coming together of Parts I–VII in the security issues in real-world systems presented in Part VIII which brings home the relevance and timeliness of this handbook today. Chapters 25–30 could have been a book in their own right for their depth of insight into emerging smart infrastructures – including smart grids, automotive information technology, mobile health care systems, internet infrastructure, emergency vehicular networks, and more broadly unified telecommunications infrastructure using Voice over Internet Protocol (VoIP). It is not too difficult to see the complexities of these big systems needing to interact with each other and the security and privacy concerns this might raise.

As noted by the authors, the handbook could be used to cover courses on security and robustness of computer networks, the security in physical infrastructure, or even the security in cyber infrastructure. Today, we are witnessing a paradigm shift toward autonomous systems, and despite most physical infrastructure being considered legacy, even the old wires and cables are becoming “switched onto” the cyber. An understanding of both these elements is crucial in engineering and maintaining better working and resilient systems for the future.

Citation: Katina Michael, [Book Review]: Handbook on Securing Cyber-Physical Critical Infrastructure: Foundations and Challenges, by S.K. Das, K. Kant, N. Zhang. Elsevier|Morgan Kaufmann, Volume 31, Issue 8, November 2012, p. 1013: DOI: https://doi.org/10.1016/j.cose.2012.07.007

Hacking: The Next Generation (book review)

Hacking: The Next Generation demonstrates just how hackers continue to exploit “back doors”. New ways of working and new ways of communicating have meant that the number of attack vectors continue to rise rapidly. This provides hackers with a greater number of opportunities to penetrate systems using blended approaches while organizations struggle to come up to speed with the latest technology developments and commensurate security capabilities. Dealing with anticipated threats is a lot harder than dealing with known threats.

Dhanjani, Rios and Hardin are skillful in their analysis of hacking in the next generation, providing coverage of classic traditional attacks, as well as emerging threats in the cloud, mobile devices, and social networking. Emphasis is placed on phishing attacks, targeted attacks versus opportunistic attacks, and the well-known but increasingly troublesome insider attacks. The threesome are especially equipped with security-related knowledge – Dhanjani now a senior manager at Ernst & Young was previously the senior director of Application Security and Assessments at Equifax, Rios is a security engineer with Microsoft, and Hardin a security research Lead with McAfee.

On June 6, LinkedIn, the largest professional social network was hacked and 6.5 million unique hashed passwords appeared on a Russian cybercrime forum. Within the first 24 h, it was purported that more than 200,000 passwords had been cracked. And not long after that, dating agency eHarmony and music site Lastfm.com also discovered that passwords of a small fraction of its user base had been compromised. As individuals scramble to remember passwords for a diverse array of online applications, the possibility that anyone having access to the leaked passwords could penetrate personal accounts of other online applications was very high. This book does not shy away from dealing with potential security breaches of this magnitude, and demonstrates how hackers might go about orchestrating such an attack.

Beyond a doubt, all the technical know-how proliferating in the hacker community is cause for concern but the traditional art of social engineering is developing just as fast in complexity and methodological rigor, as shown in this book. Coercion, manipulation and influence are just some of the tools of persuasion used by hackers against employees of organizations. But even more brazen has been the efforts of hackers against executives who may have a wealth of strategic business knowledge but little in the way of street sense when it comes to technology and more specifically non-technical security attacks. In fact, most executives today feel overwhelmed by the amount of organizational communications (and spam) they receive and happily grant their personal assistants access to a number of collaborative applications, including web conferencing, email and social media.

Critical data is also being leaked outside the organization using non-traditional tools, meaning that perimeter-based defense models are just not effective. These data leaks, while difficult to quantify unless penetration testing is regularly conducted, cost organizations significant losses annually. But it is the “unknown” component of these losses which is especially worrying to organizations whose business models dictate an agile workforce through mobile and cloud solutions, connectivity between stakeholders for relationship management, and similar extensions.

What you can expect from this book is to learn new things about hacking that you were not aware of. I personally tested some of the scenarios and cases described in this book with an executive who initially did not believe that these were realistic hacking techniques that hackers would perform but who soon admitted to their possibility and potentiality.

The book is armored with excellent freely available online reference sources, commands that can be literally typed into an operating system, including programming source code, and typical scenarios and role play dialogues, and many supporting illustrations. It is bound to make you think differently about hacking as you might understand it in the new threat landscape.

Citation: Katina Michael, [Book Review] "Hacking: The Next Generation", by N. Dhanjani, B. Rios, B. Hardin. O'Reilly, Computers and Security, Vol. 31, No. 6, Sept 2012, p. 79, https://doi.org/10.1016/j.cose.2012.06.005