This Is How They Tell Me The World Ends

Nicole Perlroth

5/5

"I loved it"

This book was a long but fascinating read, and I ended up giving it a 5/5. This Is How They Tell Me The World Ends goes in 1000 different directions in terms of topics and content, but largely kept my interest throughout its entirety. Primarily, this book is about zero-day vulnerabilities. They’re a little hard to explain, but I actually found a pretty good definition on Wikipedia:

A zero-day (also known as a 0-day) is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack.

—Wikipedia, “Zero-day vulnerability”

Much of the book focuses on the history of zero-day vulnerabilities and exploits, and the threat actors that use them. There’s a lot of interesting history of American and foreign intelligence agencies (e.g. Iran, Russia, China, NK), the Stuxnet and NotPetya attacks, the history of zero-day exploit markets, interviews with high-level cyber personas, and much more. The book makes it incredibly obvious that Nicole Perlroth (the author) has done a lot of research into these things.

If you have a background in cybersecurity, I highly recommend this book. Even if you don’t have that kind of background, Nicole Perlroth does a great job of making the core concepts easily digestible; the focus is on the history, not the technical details of cyber warfare.

I will warn you that this book is not optimistic. I mean, read the title. One of the main points in the book is that the world is just not ready for cyber warfare. Utility companies, militaries, governments, journalists, and practically all organizations are extremely vulnerable to cyberattacks. I facepalmed several times while reading this book at the ridiculous level of vulnerability we find ourselves in. Several nation-states have exhibited both the capability and intent to utilize destructive cyber warfare, and it’s only going to get worse. Only the best of the best software and hardware companies are able to successfully block cyberattacks. Even then, it’s only temporary; even the most secure software is only 1 zero-day away from being compromised, and there are tens of thousands of hackers around the world looking for that next zero-day, ready for a massive payoff when they find it.

The state of the world is best summarized in this paragraph from the epilogue:

But in the two decades since 9/11, the threat landscape as been dramatically overhauled. It is now arguably easier for a rogue actor or nation-state to sabotage the software embedded in the Boeing 737 Max than it is for terrorists to hijack planes and send them careening into buildings. Threats that were only hypothetical a decade ago are now very real. Russia proved it can turn off power in the dead of winter. The same Russian hackers who switched off the safety locks at the Saudi petrochemical plant are now doing “digital drive-bys” of American targets. A rudimentary phishing attack arguably changed the course of an American presidential election. We’ve seen patients turned away from hospitals because of a North Korean cyberattack. We’ve caught Iranian hackers rifling through our dams. Our hospitals, towns, cities, and more recently, our gas pipelines have been held hostage with ransomware. We have caught foreign allies using cyber means to spy on and harass innocent civilians, including Americans. And over the course of the coronavirus pandemic, the usual suspects, like China and Iran, and newer players, like Vietnam and South Korea, are targeting the institutions leading our response.

In the book’s epilogue, the author does make some suggestions on how the situation could improve, and what should be done:

Takeaways