{"id":44886,"date":"2017-10-04T13:00:31","date_gmt":"2017-10-04T20:00:31","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=44886"},"modified":"2021-03-22T08:53:46","modified_gmt":"2021-03-22T15:53:46","slug":"cybersecurity-canon-data-goliath-hidden-battles-collect-data-control-world","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2017\/10\/cybersecurity-canon-data-goliath-hidden-battles-collect-data-control-world\/","title":{"rendered":"The Cybersecurity Canon: Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World"},"content":{"rendered":"<p><div style=\"max-width:100%\" data-width=\"600\"><span class=\"ar-custom\" style=\"padding-bottom:43.33%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"alignnone size-full wp-image-32398 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/06\/cybersecuity-canon-blog-600x260.png\" alt=\"cybersecuity-canon-blog-600x260\" width=\"600\" height=\"260\" \/><\/span><\/div><\/p>\n<p><em>We modeled the\u00a0<\/em><a href=\"https:\/\/cybercanon.paloaltonetworks.com\/\"><em>Cybersecurity Canon<\/em><\/a><em>\u00a0after the Baseball or Rock &amp; Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that.\u00a0Please write a review and nominate your favorite.\u00a0<\/em><\/p>\n<p><em>The Cybersecurity Canon is a real thing for our community. We have designed it so that you can\u00a0<\/em><a href=\"https:\/\/cybercanon.paloaltonetworks.com\/nominate-a-book\/\"><em>directly participate in the process<\/em><\/a><em>. Please do so! <\/em><\/p>\n<h3><strong>Executive Summary<\/strong><\/h3>\n<p><strong>\u201c<\/strong>Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World\u201d is a book meant to scare you, and it does a good job. The book is designed to get our attention and serve as a wake-up call on a number of issues that beg for more robust public discussion. Chief among these issues are mass surveillance from governments and the commercial world, and how this is affecting personal privacy and even public security. More importantly, I believe Bruce Schneier offers some excellent recommendations as to what we should all be talking about and doing when it comes to bringing these critical issues out of the shadows and into the light. Finally, this book offers some ideas that I believe can serve as the basis for the formulation of improved norms of responsible behavior, more effective government and industry policies and regulations, and perhaps more balanced national and international laws relevant to the digital age. As such, this book deserves a place of honor in the Cybersecurity Canon.<\/p>\n<h3><strong>Review<\/strong><\/h3>\n<p>I had the opportunity to visit the Harvard Kennedy School of Government in Cambridge last April to be interviewed by the director of Harvard\u2019s Cybersecurity Project. Prior to my interview, I was able to speak with Bruce Schneier, who was working with Harvard\u2019s Cybersecurity Project at the time, and he was kind enough to provide me with an autographed copy of this book. I was instantly inspired to read and review it for the Cybersecurity Canon. Little did I realize at the time that another Cybersecurity Canon member, Steve Winterfeld, had already <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2015\/10\/the-cybersecurity-canon-data-and-goliath-the-hidden-battles-to-collect-your-data-and-control-your-world\/\">reviewed<\/a> Bruce\u2019s book in October 2015. However, after reading Steve\u2019s wonderful review of the book, I wanted to provide another perspective that I believe is relevant and timely. So, this is an endorsement of Steve\u2019s earlier book review, and it also provides additional thoughts that I hope will generate interest within the professional cybersecurity community.<\/p>\n<p>In Steve Winterfeld\u2019s earlier review, he expertly described how the book is organized into three sections: <strong>the world we are creating<\/strong>, <strong>what\u2019s at stake<\/strong> and <strong>what to do about it<\/strong>. As mentioned in my executive summary, I believe the first two sections were designed to generate alarm about what\u2019s happening and largely hidden from public view, point out the direction in which we\u2019re blindly being led, and educate us about the associated dire consequences unless we change direction and have a more informed public discussion. My assessment is that Bruce intentionally skews the balance a bit between costs and benefits to get our attention in these two sections. I say this because, if you read carefully, he makes a couple of more balanced references to definite benefits to society as a result of the collection and use of our data by governments and the commercial world. Instead of rehashing the first two sections or arguing about whether the balance between security and privacy in surveillance is correctly addressed, I will focus my comments on what I consider to be one of the most foundational and beneficial elements of the book. This is found in the last section, <strong>what to do about it<\/strong>, and begins with Chapter 12, <strong>Principles<\/strong>.<\/p>\n<p>In Chapter 12, Schneier outlines six important principles that I consider an excellent starting point for a much broader public\u2013private discourse about data collection and use than exists today. As he points out in the chapter opening, these are general principles about universal truths involving surveillance, and while it\u2019s easy to agree about the principles, it\u2019s much more difficult applying them to the world in which we live. Still, I took these as foundational elements upon which genuine dialogue that considers all angles can occur. I was also impressed because the six principles tie together three equally critical points of view \u2013 governments, commercial industries and people.<\/p>\n<p>While I cannot adequately cover them in detail in this review, the six general principle categories are: <strong>Security <em>and<\/em> Privacy <\/strong>(as opposed to Security <em>versus<\/em> Privacy); <strong>Security Over Surveillance<\/strong> (meaning this is an \u201ceither\/or\u201d proposition, and the priority must go toward security); <strong>Transparency<\/strong> (how technological and social trends are demanding less government and corporate secrecy); <strong>Oversight and Accountability<\/strong> (focusing on tactical oversight \u2013 which is about doing things right, and strategic oversight \u2013 which is about doing the right things, as well as ensuring penalties for abuse of either); <strong>Resilient Design<\/strong> (including resilience to hardware and software failure, as well as to technological innovation, political change, and coercion); and <strong>One World, One Network, One Answer<\/strong> (deciding whether or not we build our information infrastructure for security, surveillance, privacy or resilience \u2026 because everyone, friend or foe, gets to use that same infrastructure).<\/p>\n<p>There is a lot of current discussion about norms of responsible behavior in the digital environment. The United Nations Group of Government Experts began the process. Presidents Obama and Xi discussed norms in their agreement of 2015. The G7 and, later, the G20 agreed on several norms of responsible behavior. The problem is that these norms are largely about interaction between governments, yet the digital environment is owned, operated and maintained predominantly by the private sector. And of course, nearly everyone on the planet has their hands on devices connected to this environment.<\/p>\n<p>I believe the principles outlined in this book provide a much broader set of foundational ideas that pertain equally to governments, the commercial industries and people \u2013 ideas that could serve as the basis for the formulation of improved norms of responsible behavior, more effective government and industry policies and regulations, and perhaps even more balanced national and international laws relevant to the digital age. In fact, that\u2019s exactly how the book concludes. Each chapter following the principles provides specific recommendations for what governments, commercial entities and ordinary people can talk about and do to better balance the crucial issues surrounding the ways our data is collected and used.<\/p>\n<h3><strong>Conclusion<\/strong><\/h3>\n<p>I think this is a book for just about anyone who is, or should be, interested in what\u2019s happening with the collection and use of our data. It\u2019s written in plain English, easy to read, relatively short, current, relevant and compelling. For the professional cybersecurity community, I think this book is a must-read. Having served most of my life in the U.S. national security community and more than a decade and a half fighting terrorism, I don\u2019t always agree with each point in the book regarding where the right balance is between costs and benefits. However, having been in the commercial cybersecurity industry for almost two years, I have a great deal of respect for the varying views on these increasingly important issues. As far as I\u2019m concerned, this book is an important contribution to a much-needed, much more open dialogue to ensure we are making informed decisions in the digital age.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks Jon Davis reviews \"Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World\" for the Cybersecurity Canon.<\/p>\n","protected":false},"author":152,"featured_media":32398,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4521],"tags":[446,251,4270,4608,2052,1533],"coauthors":[1503],"class_list":["post-44886","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-canon","tag-bruce-schneier","tag-cybersecurity-canon","tag-cybersecurity-canon-review","tag-data-and-goliath-the-hidden-battles-to-collect-your-data-and-control-your-world","tag-john-davis","tag-privacy"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/06\/cybersecuity-canon-blog-600x260.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/44886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/152"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=44886"}],"version-history":[{"count":1,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/44886\/revisions"}],"predecessor-version":[{"id":44889,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/44886\/revisions\/44889"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/32398"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=44886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=44886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=44886"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=44886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}