NOTES

CHAPTER 1

1.Mahesh Sharma, “FireEye Launches R&D Center in Bangalore” ZDNet (March 18, 2013), http://www.zdnet.com/article/fireeye-launches-r-d-center-in-bangalore/; Joel Christie, “Target Ignored High-Tech Security Sirens Warning Them of a Data Hack Operation BEFORE Cyber Criminals in Russia Made Off with 40 Million Stolen Credit Cards” Daily Mail (March 14, 2014), http://www.dailymail.co.uk/news/article-2581314/Target-ignored-high-tech-security-sirens-warning-data-hack-operation-BEFORE-cyber-criminals-Russia-40-million-stolen-credit-cards.html.

2.Ellen Nakashima, “U.S. Notified 3,000 Companies in 2013 about Cyberattacks” The Washington Post (March 24, 2014), https://www.washingtonpost.com/world/national-security/2014/03/24/74aff686-aed9-11e3-96dc-d6ea14c099f9_story.html?utm_term=.c7b28532c00c.

3.Ponemon Institute, http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03094WWEN.

4.Andrew Zolli and Ann Marie Healy, Resilience: Why Things Bounce Back (New York: Free Press, 2012), 6, Kindle ed.

5.John Mulligan, “Written Testimony before the Senate Committee on Commerce, Science, and Transportation” (March 26, 2014), https://corporate.target.com/_media/TargetCorp/global/PDF/Target-SJC-032614.pdf.

6.Michael Riley, Benjamin Elgin, Dune Lawrence, and Carol Matlack, “Misses Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It” Bloomberg (March 17, 2014), http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data.

7.Mulligan, https://corporate.target.com/_media/TargetCorp/global/PDF/Target-SJC-032614.pdf.

8.Robert Hackett, “How Much Do Data Breaches Cost Big Companies? Shockingly Little” Fortune (March 27, 2015), http://fortune.com/2015/03/27/how-much-do-data-breaches-actually-cost-big-companies-shockingly-little/.

9.Maggie McGrath, “Target Profit Falls 46% on Credit Card Breach and the Hits Could Keep on Coming” Forbes (February 26, 2014), http://www.forbes.com/sites/maggiemcgrath/2014/02/26/target-profit-falls-46-on-credit-card-breach-and-says-the-hits-could-keep-on-coming/.

10.Teri Radichel, Case Study: Critical Controls That Could Have Prevented Target Breach SANS Institute (August 5, 2014), 4, https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412.

11.Jeff Williams, “9 Data Breaches That Cost Someone Their Job” CSO from IDG (December 16, 2014), http://www.csoonline.com/article/2859485/data-breach/9-data-breaches-that-cost-someone-their-job.html#slide2.

12.Radichel, 4, https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412.

13.Mulligan, https://corporate.target.com/_media/TargetCorp/global/PDF/Target-SJC-032614.pdf.

14.Riley, Elgin, Lawrence, and Matlack, http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data.

15.Mandiant, “APT1: Exposing One of China’s Cyber Espionage Units,” https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf.

16.Riley, Elgin, Lawrence, and Matlack, http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data.

17.Radichel, 2, https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412; Aorato Labs, “The Untold Story of the Target Attack Step by Step” (August 2014), 4, https://aroundcyber.files.wordpress.com/2014/09/aorato-target-report.pdf.

18.Aorato Labs, https://aroundcyber.files.wordpress.com/2014/09/aorato-target-report.pdf; Radichel, https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412.

19.SAP Ariba, http://www.ariba.com/help/ariba-answers/suppliers/billing-and-payment.

20.Target, “Becoming a Business Partner,” https://vmm.partnersonline.com/vmm/register/becomeBusPartner.do.

21.Angry IP Scanner, http://angryip.org/.

22.Microsoft System Center, Orchestrator, https://technet.microsoft.com/en-us/library/hh237242(v=sc.12).aspx.

23.Margaret Rouse, “Kaptoxa,” TechTarget, http://searchsecurity.techtarget.com/definition/Kaptoxa.

24.Krebs on Security, http://krebsonsecurity.com/tag/target-data-breach/page/2/; Cory Blair, “How an Independent Reporter Broke the Target Security Breach Story, and at What Risk” American Journalism Review (June 16, 2014), http://ajr.org/2014/06/16/reporter-mingles-criminals-cover-cybersecurity/.

25.Krebs on Security, “Cards Stolen in Target Breach Flood Underground Markets,” http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/.

26.Riley, Elgin, Lawrence, and Matlack, http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data.

27.The literature on this is voluminous and growing. See The New York Times https://www.nytimes.com/news-event/russian-election-hacking.

28.Riley, Elgin, Lawrence, and Matlack, http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data.

29.Joshua Cooper Ramo, The Seventh Sense: Power, Fortune, and Survival in the Age of Networks New York: Little, Brown, 2016), 37 and 40.

30.Joel Christie, “Target Ignored High-Tech Security Sirens Warning Them of a Data Hack Operation BEFORE Cyber Criminals in Russia Made Off with 40 Million Stolen Credit Cards” Daily Mail (March 14, 2014), http://www.dailymail.co.uk/news/article-2581314/Target-ignored-high-tech-security-sirens-warning-data-hack-operation-BEFORE-cyber-criminals-Russia-40-million-stolen-credit-cards.html.

31.Andrew Zolli and Ann Marie Healy, Resilience: Why Things Bounce Back (New York: Free Press, 2012), 4–5, Kindle Ed.

32.Justin Wm. Moyer, Dana Hedgpeth, and Faiz Siddiqui, “Southwest Airlines Computer Glitch Causes Cancellations, Delays for Third Day” The Washington Post (July 22, 2016), https://www.washingtonpost.com/news/dr-gridlock/wp/2016/07/21/long-lines-for-southwest-airlines-passengers-at-area-airports/; Susan Carey, “Delta Meltdown Reflects Problems with Aging Technology” The Wall Street Journal (August 8, 2016), http://www.wsj.com/articles/delta-air-lines-says-computers-down-everywhere-1470647527; Bradley Hope, “NYSE Says Wednesday Outage Caused by Software Update” The Wall Street Journal (July 10, 2015), http://www.wsj.com/articles/stocks-trade-on-nyse-at-open-1436450975; Jose Pagliery, “Tech Fail! Explaining Today’s 3 Big Computer Errors” CNN Money (July 8, 2015), http://money.cnn.com/2015/07/08/technology/united-nyse-wsj-down/.

33.David E. Sanger and Nicole Perlroth, “U.S. Said to Find North Korea Ordered Cyberattack on Sony” The New York Times (December 17, 2014), http://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?_r=3; IMDb, “The Interview (2014),” http://www.imdb.com/title/tt2788710/; Kim Zetter, “The Evidence That North Korea Hacked Sony Is Flimsy” Wired (December 17, 2014), https://www.wired.com/2014/12/evidence-of-north-korea-hack-is-thin/.

34.Greg Jaffe and Steven Mufson, “Obama Criticizes Sony’s Decision to Pull ‘The Interview’” The Washington Post (December 19, 2014), https://www.washingtonpost.com/politics/obama-criticizes-sonys-decision-to-pull-the-interview/2014/12/19/77d1ce9a-87ad-11e4-b9b7-b8632ae73d25_story.html.

35.WikiLeaks, “Search DNC Email Database,” https://wikileaks.org/dnc-emails/.

36.Identity Theft Resource Center, “2016 Data Breach Category Summary” (August 9, 2016), http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary2016.pdf.

37.Wade Williamson, “Data Breaches by the Numbers” SecurityWeek (August 31, 2015), http://www.securityweek.com/data-breaches-numbers.

38.Ponemon Institute, 2016 Cost of Data Breach Study: Global Analysis (June 2016), http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03094WWEN.

39.Zolli and Healy, 5.

40.Ibid.

41.Richard A. Clarke, Cyber War: The Next Threat to National Security and What to Do About It (New York: HarperCollins, 2010), 81.

42.Clarke, 83.

CHAPTER 2

1.CyberEdge Group, 2016 Cyberthreat Defense Report Invincea, https://www.invincea.com/wp-content/uploads/2016/03/CyberEdge-2016-CDR-infographic-Invincea-version.png.

2.IBM Security, 2016 Ponemon Cost of Data Breach Study http://www-03.ibm.com/security/data-breach/.

3.UpGuard, “CISO’s Guide to Cyber Resilience,” https://www.upguard.com/ebooks/ciso-guide-to-cyber-resilience, 3.

4.Eugene Kapersky, “Kapersky Lab Investigates Hacker Attack on Its Own Network” Kapersky Lab Daily (June 10, 2015), https://blog.kaspersky.com/kaspersky-statement-duqu-attack/8997/; Kapersky Lab, “Duqu 2.0: Frequently Asked Questions,” http://media.kaspersky.com/en/Duqu-2-0-Frequently-Asked-Questions.pdf. In 2017, allegations of Kaspersky Lab ties to the Russian government emerged; see Nicole Perroth and Scott Shane, “How Israel Caught Russian Hackers Scouring the World for U.S. Secrets,” The New York Times (October 10, 2017), https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html?_r=0, and Shane Harris and Gordon Lubold, “Russia Has Turned Kaspersky Software Into Tool for Spying,” Wall Street Journal (October 11, 2017), https://www.wsj.com/articles/russian-hackers-scanned-networks-world-wide-for-secret-u-s-data-1507743874. In September 2017, the United States government banned federal agencies from using Kaspersky Lab cybersecurity software; see Olivia Solon, “US government bans agencies from using Kaspersky software over spying fears,” The Guardian (September 13, 2017), https://www.theguardian.com/technology/2017/sep/13/us-government-bans-kaspersky-lab-russian-spying.

5.GReAT, “The Mystery of Duqu 2.0: A Sophisticated Cyberespionage Actor Returns,” SecureList (June 10, 2015), https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/.

6.Judith Rodin, The Resilience Dividend: Being Strong in a World Where Things Go Wrong (New York: Public Affairs, 1014), 4.

7.Rodin, 4.

8.Scott Hilton, “Dyn Analysis Summary of Friday October 21 Attack,” Dyn Blog (October 26, 2016), http://hub.dyn.com/dyn-blog/dyn-analysis-summary-of-friday-october-21-attack.

9.Nicky Woolf, “DDoS Attack That Disrupted Internet Was Largest of Its Kind in History, Experts Say” The Guardian (October 26, 2016), https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet.

10.Ibid.

11.Peter Lucas, Joe Ballay, and Mickey McManus, Trillions: Thriving in the Emerging Information Economy (Hoboken, NJ: John Wiley & Sons, 2012), xii.

12.Ibid.

13.Ibid.

14.Steve Mertl, “How Cars Have Become Rolling Computers” The Globe and Mail (March 5, 2016), http://www.theglobeandmail.com/globe-drive/how-cars-have-become-rolling-computers/article29008154/.

15.PC Magazine Encyclopedia “Definition of Tbps,” http://www.pcmag.com/encyclopedia/term/64249/tbps.

16.Woolf, https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet.

17.Joshua Cooper Ramo, The Seventh Sense: Power, Fortune, and Survival in the Age of Networks (New York: Little, Brown, 2016), 51, 52.

18.Ibid. 52.

19.Ibid. Melvin E. Conway, “How Do Committees Invent?” Datamation (April 1968), 31, http://www.melconway.com/Home/pdf/committees.pdf.

20.For an overview of the Tandem approach to digital resilience, see Joel Bartlett, Jim Gray, and Bob Horst, “Fault Tolerance in Tandem Computer Systems,” Technical Report 86.2, Tandem Computers (March 1986), http://www.hpl.hp.com/techreports/tandem/TR-86.2.pdf.

21.Ramo, 53.

22.Natalie Gagliordi, “The Target Breach, Two Years Later,” ZDNet (November 27, 2015), http://www.zdnet.com/article/the-target-breach-two-years-later/.

23.Andrew Zolli and Ann Marie Healy, Resilience: Why Things Bounce Back (New York: Free Press), 16; Kindle Ed.

24.Robert M. May, Simon A. Levin, and George Sugihara, “Ecology for Bankers,” Nature vol. 451 (February 21, 2008), 893, http://www.people.wm.edu/~mdlama/courses/Nature-2008-May.pdf. The Nature article is a comment on a full-length report on the conference: J. Kambhu, S. Weidman, and N. Krishnan, (Washington, DC: National Academies Press, 2007), which was also published as Economic Policy Review 13(2), 2007.

25.Ibid.

26.Ibid.

27.Ibid.

28.Ibid. 893–894.

29.Ibid. 894.

30.Zolli and Healy, 11–12.

31.Ibid. 27.

32.Ibid. 13, 14.

33.Ibid. 22.

CHAPTER 3

1.Quoted in Joshua Cooper Ramo, The Seventh Sense: Power, Fortune, and Survival in the Age of Networks (New York: Little, Brown, 2016), 37.

2.Nicholas A. Christakis and James H. Fowler, Connected: How Your Friends’ Friends’ Friends’ Affect Everything You Feel, Think, and Do (New York: Little, Brown, 2009), xvi.

3.Ewan Clayton, The Golden Threat: The Story of Writing (Berkeley, CA: Counterpoint, 2013), Chapter 1; Kindle ed.

4.The invention of the wheel certainly predates written history and therefore likely predates writing, with most authorities dating the wheel to the late Neolithic period (beginning around 10,200 BCE and ending between 4500 and 2000 BCE). The etymological precursor of the English-language word wheel seems to be Proto-Indo-European, which suggests that people had a word for an object we would recognize as the wheel by about 3500 BCE. See Online Etymology Dictionary, http://www.etymonline.com/index.php?term=wheel.

5.S. A. Murray, The Library: An Illustrated History (New York: Skyhorse Publishing), 17.

6.Roy McLeod, The Library of Alexandria: Centre of Learning in the Ancient World (London: I. B. Taurus, 20014), 70–74.

7.See “List of book-burning incidents,” Wikipedia, https://en.wikipedia.org/wiki/List_of_book-burning_incidents#cite_note-188.

8.T. M. Gladstone, eyewitness account of the Sack of Lawrence, Kansas, http://www.eyewitnesstohistory.com/lawrencesack.htm.

9.Tom Wheeler, Mr. Lincoln’s T-Mails: The Untold Story of How Abraham Lincoln Used the Telegraph to Win the Civil War (New York: HarperCollins, 2006), Introduction, Kindle ed.

10.Lincoln (2012), http://www.imdb.com/title/tt0443272/.

11.Tom Sandage, The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century’s On-Line Pioneers (Sandage, 1998). Sandage is science correspondent for The Economist.

12.A detailed account of this and the rest of Lincoln’s perilous journey is found in Daniel Stashower, The Hour of Peril: The Secret Plot to Murder Lincoln Before the Civil War (New York: Minotaur Books, 2014).

13.International Cable Protection Committee, “Narrative History,” https://www.iscpc.org/information/learn-about-submarine-cables/narrative-history/.

14.The account that follows is based on Paul Marks, “Dot-dash-diss: The Gentleman Hacker’s 1903 Lulz” NewScientist (December 27, 2011), http://www.newscientist.com/article/mg21228440.700-dotdashdiss-the-gentleman-hackers-1903-lulz.html?full=true#.VGoSxPmjPJ8.

15.Frierich L. Bauer, Decrypted Secrets: Methods and Maxims of Cryptology (Berlin and New York: Springer Verlag, 1997), 104–111.

16.The account that follows is based on “The History of Phone Phreaking,” http://www.historyofphonephreaking.org/.

17.Nigel Linge, “How Steve Jobs and Steve Wozniak Started Their Career as Hackers” LifeJacker (April 1, 2014), http://www.lifehacker.com.au/2014/04/how-steve-jobs-and-steve-wozniak-started-their-career-as-hackers/; FiveThirtyEight, “Before They Created Apple, Jobs and Wozniak Hacked the Phone System,” FiveThirtyEight (November 4, 2015), http://fivethirtyeight.com/features/before-they-created-apple-jobs-and-wozniak-hacked-the-phone-system/.

18.Philip Elmer-Dewitt, “Computers: The 414 Gang Strikes Again” Time (August 29, 1983), http://content.time.com/time/magazine/article/0,9171,949797,00.html; Associated Press, “Two Who Raided Computers Pleading Guilty” The New York Times (March 17, 1984), http://www.nytimes.com/1984/03/17/us/two-who-raided-computers-pleading-guilty.html; Associated Press, “Computer User Sentenced” The New York Times (May 1, 1984), http://www.nytimes.com/1984/05/01/us/computer-user-sentenced.html.

19.WarGames (1983), IMDb, http://www.imdb.com/title/tt0086567/.

20.See Kevin Mitnick, Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (New York: Back Bay Books, 2012).

21.Maurice Possley and Laurie Cohen, “$70 Million Bank Theft Foiled,” Chicago Tribune (May 19, 1988), http://articles.chicagotribune.com/1988-05-19/news/8803180387_1_chase-manhattan-bank-wire-transfers-sources.

22.For a contemporary account of the “Morris worm,” see Bob Page, “A Report on the Internet Worm” (November 7, 1988), http://www.ee.ryerson.ca/~elf/hack/iworm.html.

23.Charles P. Pfleeger and Shari Lawrence Pfleeger, Analyzing Computer Security: A Threat/Vulnerability/Countermeasure Approach (Upper Saddle River, NJ: Prentice Hall Professional, 2011), sidebar 3-3, 87.

24.Ronald L. Rivest, “The Early Days of RSA—History and Lessons,” ACM Turing Award Lecture, https://people.csail.mit.edu/rivest/pubs/ARS03.rivest-slides.pdf.

25.Glenn Hurowitz, “Show Me a 50-Foot Wall, and I’ll Show You a 51-Foot Ladder” Grist (November 21, 2008), http://grist.org/article/napolitano-knows/.

26.Identity Theft Resource Center, “2016 Data Breach Category Summary,” http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary_2016.pdf.

27.Greg Saikin, “FBI Issues New Warning on Social Networking Risks” Data Privacy Monitor (June 6, 2012), https://www.dataprivacymonitor.com/online-privacy/fbi-issues-new-warning-on-social-networking-risks/.

28.Kevin Murnane, “How John Podesta’s Emails Were Hacked and How to Prevent It from Happening to You,” Forbes (October 21, 2016), http://www.forbes.com/sites/kevinmurnane/2016/10/21/how-john-podestas-emails-were-hacked-and-how-to-prevent-it-from-happening-to-you/#101ab7fd5c02, and Lisa Vaas, “DNC chief Podesta led to phishing link ‘thanks to a typo,’” Naked Security (December 16, 2016), https://nakedsecurity.sophos.com/2016/12/16/dnc-chief-podesta-led-to-phishing-link-thanks-to-a-typo/.

29.Richard A. Clarke, Cyber War: The Next Threat to National Security and What to Do About It (New York: HarperCollins, 2010), 81.

30.The discussion that follows is drawn from Colin Delany, “How Social Media Accelerated Tunisia’s Revolution: An Inside View,” epolitics.com (February 10, 2011), http://www.epolitics.com/2011/02/10/how-social-media-accelerated-tunisias-revolution-an-inside-view/.

31.Nicole Hong, “Report Says Russian Hackers in DNC Breach Waged Wider Campaign” Wall Street Journal (June 26, 2016), http://www.wsj.com/articles/report-says-russian-hackers-in-dnc-breach-waged-wider-campaign-1466933401.

32.Ramo, 52.

CHAPTER 4

1.See “A History of Storage Cost,” mkomo.com (September 8, 2009; updated 2014), http://www.mkomo.com/cost-per-gigabyte. Note that no manufacturer sold a storage device with a 1 gigabyte capacity in 1980; the cost is extrapolated from the cost of several devices capable of storing 5 to 26 megabytes.

2.Vannevar Bush, “As We May Think” The Atlantic (July 1945), available at http://www.theatlantic.com/magazine/archive/1945/07/as-we-may-think/303881/.

3.Tim Berners-Lee, “Answers for Young People,” W3.org, https://www.w3.org/People/Berners-Lee/Kids.html.

4.Ibid.

5.For the sake of simplicity in this overview of digital networks, we will confine discussion to the four-layer TCP/IP model rather than the seven-layer OSI model. For those interested, however, note that the TCP/IP application layer includes the functions of the OSI application layer, presentation layer, and most of the session layer. The TCP/IP transport layer includes the “graceful close” function of the OSI session layer as well as the OSI transport layer. The TCP/IP internetwork layer corresponds to a subset of the OSI network layer. The TCP/IP link layer includes the OSI link layer and (sometimes) the OSI physical layers as well as some of the protocols of the OSI’s network layers. In short, the two models, while different, do not conflict with each other.

6.Richard A. Clarke, Cyber War: The Next Threat to National Security and What to Do About It (New York: HarperCollins, 2010), 81.

7.Sewell Chan, “Giuliani, 9/11 and the Emergency Command Center, Continued” The New York Times (May 15, 2007), http://empirezone.blogs.nytimes.com/2007/05/15/giuliani-911-and-the-emergency-command-center-continued/?_r=0.

8.The “butterfly effect” was coined by Edward Norton Lawrence, one of the pioneering minds behind chaos theory, in “Predictability: Does the Flap of a Butterfly’s Wings in Brazil Set Off a Tornado in Texas,” a paper presented at the 139th meeting of the American Association for the Advancement of Science on December 29, 1972, http://eaps4.mit.edu/research/Lorenz/Butterfly_1972.pdf.

CHAPTER 5

1.Per the U.S. Debt Clock, http://www.usdebtclock.org/cbo-omb-gop-budget-estimates.html.

2.“Grasping Large Numbers,” The Endowment for Human Development, http://www.ehd.org/science_technology_largenumbers.php.

3.Peter Lucas, Joe Ballay, and Mickey McManus, Trillions: Thriving in the Emerging Information Ecology (Hoboken, NJ: John Wiley & Sons, 2012), xiv.

4.Lucas, Ballay, and McManus, 2, 3.

5.Ibid. 115, 117–118.

6.“Lockheed Martin’s F-35 Lightning II Most Advanced Cockpit,” WordlessTech https://wordlesstech.com/lockheed-martins-f-35-lightning-ii-most-advanced-cockpit/.

7.“The Glass Cockpit: Technology First Used in Military, Commercial Aircraft,” NASA Langley Research Center (June 2000), https://www.nasa.gov/centers/langley/news/factsheets/Glasscockpit.html.

8.“Situational Awareness,” SKYbrary, http://www.skybrary.aero/index.php/Situational_Awareness.

9.Peter Kotz, “Glass-Cockpit Blackout” Plane & Pilot (October 21, 2008), http://www.planeandpilotmag.com/article/glass-cockpit-blackout/#.WEGtD_ArIuU.

10.See, for example, John Zimmerman, “The Great Debate: Are Glass Cockpits Better?” Air Facts (January 3, 2012), http://airfactsjournal.com/2012/01/the-great-debate-are-glass-cockpits-better/; John P. Young, Richard O. Fanjoy, and Michael W. Suckow, “Impact of Glass Cockpit Experience on Manual Flight Skills” Journal of Aviation/Aerospace Education & Research (Winter 2006), 15:2, article 5, http://commons.erau.edu/cgi/viewcontent.cgi?article=1501&context=jaaer; Mike Danko, “NTSB: Glass Cockpits Associated with Higher Rate of Fatal Accidents” Aviation Law Monitor (March 13, 2010), http://www.aviationlawmonitor.com/2010/03/articles/general-aviation/ntsb-glass-cockpits-associated-with-higher-rate-of-fatal-accidents/.

11.Reuters, “U.S. Customs Computer Outage Causes Delays at Some Airports” (January 3, 2017), http://www.reuters.com/article/us-usa-immigration-customs-idUSKBN14N04H.

12.Lucas, Ballay, and McManus, 63.

13.Ibid.

14.Ibid. 64.

15.Koshu Nishiyama Hot Spring website, http://www.keiunkan.co.jp/en/; Chris Morris, “The World’s Oldest Hotel Has Been a Family Business for 1,200 Years” Fortune (January 26, 2016), http://fortune.com/2016/01/26/oldest-hotel-keiunkan/.

16.Kim Gittleson, “Can a Company Live Forever?,” BBC News (January 19, 2012), http://www.bbc.com/news/business-16611040.

17.Arie de Geus, The Living Company: Habits for Survival in a Turbulent Business Environment (Boston: Harvard Business School Press, 2002), 1.

18.Lucas, Ballay, and McManus, 70.

19.Ibid.

20.Ibid.136–137.

21.Ibid. 212.

22.Tom Simonite, “The Seemingly Unfixable Crack in the Internet’s Backbone” MIT Technology Review (August 6, 2015), https://www.technologyreview.com/s/540056/the-seemingly-unfixable-crack-in-the-internets-backbone/.

23.Risk may be defined as the probability of an incident times the consequence of an incident. A nuclear weapons accident has a low chance of occurrence, but a high impact. The same is true of serious commercial airline accidents. They are rare, but their consequence is often a mass causality. An incident that disables the BGP may be rare, but its consequence could be the takedown of a major portion of the Internet.

24.Simonite, https://www.technologyreview.com/s/540056/the-seemingly-unfixable-crack-in-the-internets-backbone/.

25.Jim Cowie, “The New Threat: Targeted Internet Traffic Misdirection,” Dyn Research (November 19, 2013), http://research.dyn.com/2013/11/mitm-internet-hijacking/.

26.Simonite, https://www.technologyreview.com/s/540056/the-seemingly-unfixable-crack-in-the-internets-backbone/.

27.David E. Sanger and Eric Schmitt, “Russian Ships Near Data Cables Are Too Close for U.S. Comfort” The New York Times (October 25, 2015), http://www.nytimes.com/2015/10/26/world/europe/russian-presence-near-undersea-cables-concerns-us.html?_r=0.

28.Ian Traynor, “Russia Accused of Unleashing Cyberwar to Disable Estonia” The Guardian (May 16, 2007), https://www.theguardian.com/world/2007/may/17/topstories3.russia.

29.Jeffrey Carr, Inside Cyber Warfare (N.p.: O’Reilly Media, 2011), Kindle Edition, chap. 7. The organization has been implicated not only in the cyberattacks against Estonia, but also in internal Russian government operations. A February 6, 2009 Moscow Times article revealed, “Anna Bukovskaya, a St. Petersburg activist with the pro-Kremlin Nashi youth group, said she coordinated a group of 30 young people who infiltrated branches” of several “banned” political parties and organizations “in Moscow, St. Petersburg, Voronezh, and six other cities,” for which she was paid 40,000 rubles per month by the government (Carr, chap. 7).

30.John Markoff, “Before the Gunfire, Cyberattacks” The New York Times (August 12, 2008), http://www.nytimes.com/2008/08/13/technology/13cyber.html.

31.Greg Miller, “Undersea Internet Cables Are Surprisingly Vulnerable” Wired (October 29, 2015), https://www.wired.com/2015/10/undersea-cable-maps/.

32.Pelton was tried, convicted, and sentenced to life imprisonment for his espionage. Matthew Carle, “Operation Ivy Bells,” Military.com Remembers the Cold War, http://www.military.com/Content/MoreContent1/?file=cw_f_ivybells.

33.Glenn Greenwald, “NSA Prism Program Taps in to User Data of Apple, Google and Others” The Guardian (June 7, 2013), https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data; Barton Gellman and Laura Poitras, “U.S., British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program” Washington Post (June 7, 2013), https://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html?utm_term=.b6f45edcf604.

34.http://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/.

35.http://www.nytimes.com/2005/02/20/politics/new-nuclear-sub-is-said-to-have-special-eavesdropping-ability.html.

36.Fabian Schmidt, “Tapping the World’s Fiber Optic Cables,” Deutsche Welle (June 30, 2013), http://www.dw.com/en/tapping-the-worlds-fiber-optic-cables/a-16916476.

37.http://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/.

38.Nicky Woolf, “DDoS Attack That Disrupted Internet Was Largest of Its Kind in History, Experts Say” The Guardian (October 26, 2016), https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-miraibotnet.

39.Matt Hamblen, “DDoS Attack Shows Dangers of IoT ‘Running Rampant,’” ComputerWorld (October 25, 2016), http://www.computerworld.com/article/3135285/security/ddos-attack-shows-dangers-of-iot-running-rampant.html.

40.Thomas C. Reed, At the Abyss: An Insider’s History of the Cold War (New York: Ballantine Books, 2004), Kindle Edition, chap. 17. Also see Gus W. Weiss, “The Farewell Dossier: Duping the Soviets,” Central Intelligence Agency, https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/96unclass/farewell.htm. In some circles, this document has raised doubts about Reed’s account, because it reports that the CIA was involved in the installation of “flawed turbines . . . on a [Soviet] gas pipeline,” but makes no mention of sabotaged SCADA software, nor does it even note that the flawed turbines were the cause of an explosion.

41.Fred Schreier, On Cyberwarfare DCAF Horizon 2015 Working Paper No. 7 (Geneva: Geneva Centre for the Democratic Control of Armed Forces, 2012), 107–108; Johnny Ryan, “iWar: A New Threat, Its Convenience—and Our Increasing Vulnerability,” Winter 2007.

42.Clay Wilson, Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress, Congressional Research Service Report for Congress, January 29, 2008, 7–8.

43.Euan McKirdy and Mary Ilyushina, “Putin: ‘Patriotic’ Russian Hackers May Have Targeted U.S. Election,” CNN Politics (June 2, 2017), http://www.cnn.com/2017/06/01/politics/russia-putin-hackers-election/index.html.

44.Sarwar A. Kashmeri, NATO 2.0: Reboot or Delete? (Washington, D.C.: Potomac Books, 2011), 51–52.

45.David Corn, “The NSA Chief Says Russia Hacked the 2016 Election. Congress Must Investigate” Mother Jones (November 16, 2016), http://www.motherjones.com/politics/2016/11/will-congress-investigate-russian-interference-2016-campaign; Elizabeth Gurdus, “We’re Headed for a ‘Cyber Pearl Harbor,’ Says Adm James Stavridis,” CNBC (December 15, 2016), http://www.cnbc.com/2016/12/15/were-headed-at-a-cyber-pearl-harbor-says-adm-james-stavridis.html.

CHAPTER 6

1.Herman Melville, Moby-Dick, or The Whale (1851), chap. 72.

2.Evan Hansen, “Manning-Lamo Chat Logs Revealed” Wired (July 13, 2011), https://www.wired.com/2011/07/manning-lamo-logs/.

3.BBC News, “Chelsea Manning: Wikileaks Source Celebrates ‘First Steps of Freedom,’” BBC News (May 17, 2017), http://www.bbc.com/news/world-us-canada-39947602.

4.Bob Dylan, “Subterranean Homesick Blues,” Bob Dylan website, http://bobdylan.com/songs/subterranean-homesick-blues/.

5.Kelly Dickerson, “12 Ways Matt Damon Uses Science to Survive in ‘The Martian,’” Business Insider (September 16, 2015), http://www.businessinsider.com/science-the-shit-out-of-mars-the-martian-2015-9. “I’m going to have to science the shit out of this” has become an Internet meme. Neil deGrasse Tyson, astrophysicist and director of the Hayden Planetarium, has even tweeted it as his favorite line out of the movie (https://twitter.com/neiltyson/status/610997574808395777?lang=en), and, if you are nerd enough, you can buy any number of T-shirts emblazoned with the phrase. Just google it.

6.“How My FICO Scores Are Calculated,” myFICO, http://www.myfico.com/credit-education/whats-in-your-credit-score/.

7.Vindu Goel and Michael J. de la Merced, “Yahoo’s Sale to Verizon Ends an Era for a Web Pioneer” The New York Times (July 24, 2016), http://www.nytimes.com/2016/07/25/business/yahoo-sale.html.

8.Nicole Perlroth, “Yahoo Says Hackers Stole Data on 500 Million Users in 2014” The New York Times (September 22, 2016), http://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html.

9.Vindu Goel and Nicole Perlroth, “Yahoo Says 1 Billion User Accounts Were Hacked” The New York Times (December 14, 2016), http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html.

10.Pau Szoldra, “The Dark Web Marketplace Where You Can Buy 200 Million Yahoo Accounts Is Under Cyberattack” Business Insider (September 22, 2016), http://www.businessinsider.com/real-deal-market-ddos-2016-9?r=DE&IR=T.

11.Vindu Goel and Nicole Perlroth, “Hacked Yahoo Data Is for Sale on Dark Web” The New York Times (December 15, 2016), http://www.nytimes.com/2016/12/15/technology/hacked-yahoo-data-for-sale-dark-web.html.

12.Scott Moritz and Brian Womack, “Verizon Explores Lower Price or Even Exit from Yahoo Deal” Bloomberg Technology (December 15, 2016), https://www.bloomberg.com/news/articles/2016-12-15/verizon-weighs-scrapping-yahoo-deal-on-hacking-liability; Reuters, “Yahoo Shareholders Approve $4.48B Merger with Verizon” New York Post (June 8, 2017), http://nypost.com/2017/06/08/yahoo-shareholders-approve-4-48b-merger-with–verizon/; Vindu Goel, “Verizon Completes $4.48 Billion Purchase of Yahoo, Ending an Era,” The New York Times (June 13, 2017), https://www.nytimes.com/2017/06/13/technology/yahoo-verizon-marissa-mayer.html?_r=0.

13.Thomas L. Friedman, The World Is Flat: A Brief History of the Twenty-first Century (New York: Farrar, Straus and Giroux, 2005).

CHAPTER 7

1.“Planck Mission Brings Universe into Sharp Focus,” NASA News (March 21, 2013), https://www.nasa.gov/mission_pages/planck/news/planck20130321.html; “Dark Energy, Dark Matter,” NASA Science Beta, https://science.nasa.gov/astrophysics/focus-areas/what-is-dark-energy/.

2.James M. Kaplan, Tucker Bailey, Derek O’Halloran, Alan Marcus, and Chris Rezek, Beyond Cybersecurity: Protecting Your Digital Business (Hoboken, NJ: Wiley, 2015), xxiii.

3.Ibid.

4.Ibid.

5.Ibid.

6.See Kaplan et al., xxiv–xxvi. Only material enclosed in quotations is directly quoted from this source.

7.Kaplan et al., 160–161.

8.A February 26, 2015, FCC ruling favored net neutrality (see Jose Pagliery, “FCC Adopts Historic Internet Rules,” CNN Tech [February 26, 2015], http://money.cnn.com/2015/02/26/technology/fcc-rules-net-neutrality/), but on May 18, 2017, the FCC voted to roll back net neutrality regulations (see Brian Fung, “The Future of Net Neutrality in Trump’s America” Washington Post [April 5, 2016], https://www.washingtonpost.com/news/the-switch/wp/2017/04/05/the-future-of-net-neutrality-in-trumps-america/?utm_term=.97de3a87890c; Paige Agostin, “Trump’s FCC Chief Is Right to Roll Back Net Neutrality Rule” The Hill [May 5, 2017], http://thehill.com/blogs/pundits-blog/technology/332099-ajit-pais-fcc-is-right-to-roll-back-the-regulatory-overreach-of; Alina Selyukh, “FCC Votes to Begin Rollback of Net Neutrality Regulations” The Two-Way: Breaking News from NPR [May 18, 2017], http://www.npr.org/sections/thetwo-way/2017/05/18/528941897/fcc-votes-to-begin-rollback-of-net-neutrality-regulations).

9.Henrik Andersson, James Kaplan, and Brent Smolinski, “Capturing Value from IT Infrastructure Innovation,” McKinsey&Company/Digital McKinsey (October 2012), http://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/capturing-value-from-it-infrastructure-innovation.

10.Kaplan et al., 103.

11.Peter Lucas, Joe Ballay, and Mickey McManus, Trillions: Thriving in the Emerging Information Ecology (Hoboken, NJ: John Wiley & Sons, 2012), 69.

12.The SSAE 16 Guide, http://www.ssae16guide.com/; CSA (Cloud Security Alliance), https://cloudsecurityalliance.org/#.

13.Information Security Forum, Threat Horizon 2018: Lost in a Maze of Uncertainty https://www.securityforum.org/research/threat-horizon-2e-of-uncertainty/.

14.Ibid.

15.Ibid.

16.Ibid.

17.Ibid.

18.Ibid.

19.Kaplan et al., 192–193.

20.Staff, “The COE International Convention on Cybercrime Before Its Entry into Force” Copyright Bulletin (January-March 2004), http://portal.unesco.org/culture/en/ev.php-URL_ID=19556&URL_DO=DO_TOPIC&URL_SECTION=201.html; Council of Europe, “Chart of Signatures and Ratifications of Treaty 185,” http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185/signatures.

21.Council of Europe, “Convention on Cybercrime,” Preamble, opened for signature November 23, 2001, C.E.T.S. No. 185.

22.Jack Goldsmith, “Cybersecurity Treaties: A Skeptical View,” Hoover Institution (2011), 3, http://media.hoover.org/sites/default/files/documents/FutureChallenges_Goldsmith.pdf.

23.Goldsmith, 3–4.

CHAPTER 8

1.See Edwin E. Ghiselli and Jacob P. Siegel, “Leadership and Managerial Success in Tall and Flat Organization Structures,” Personnel Psychology, vol. 25, no. 4 (December 1972), 617–624.

2.Vivian Giang, “What Kind of Leadership Is Needed in Flat Hierarchies?,” Fast Company (May 19, 2015), https://www.fastcompany.com/3046371/what-kind-of-leadership-is-needed-in-flat-hierarchies.

3.Giang, https://www.fastcompany.com/3046371/what-kind-of-leadership-is-needed-in-flat-hierarchies.

4.Eric Dezenhall, “A Look Back the Target Breach,” The Huffington Post (June 6, 2015), http://www.huffingtonpost.com/eric-dezenhall/a-look-back-at-the-target_b_7000816.html, and Kevin M. McGinty, “Target Breach Price Tag: #252 Million and Counting,” MintzLevin Privacy and Security Matters (February 26, 2015), https://www.privacyandsecuritymatters.com/2015/02/target-data-breach-price-tag-252-million-and-counting/.

5.Craig Newman, “Lessons from the War over the Target Data Breach,” NACD Blog (July 27, 2016), https://blog.nacdonline.org/2016/07/lessons-from-the-war-over-the-target-data-breach/.

6.Dana Post, “Cybersecurity in the Boardroom: The New Reality for Directors,” The Privacy Advisor (May 27, 2014), https://iapp.org/news/a/cybersecurity-in-the-boardroom-the-new-reality-for-directors/.

7.“Why Everything Is Hackable,” The Economist (April 8, 2017), 69–71.

8.Ibid. 69.

9.Caleb Barlow, “Where Is Cybercrime Really Coming From?,” TED@IBM (November 2016), https://www.ted.com/talks/caleb_barlow_where_is_cybercrime_really_coming_from?language=en.

10.Ibid.

11.“Why Everything is Hackable,” 69.

12.Ibid.

13.Ibid. 71.

14.Robert S. Mueller, III, Remarks to RSA Cyber Security Conference, San Francisco, March 1, 2012, https://archives.fbi.gov/archives/news/speeches/combating-threats-in-the-cyber-world-outsmarting-terrorists-hackers-and-spies.

15.NACD Online, “Dr. Phyllis A. Schneck, Keynote Cybersecurity,” YouTube (September 20, 1016), https://www.youtube.com/watch?v=I-yIPGpwu1k.

16.EY, “Path to Cyber Resilience: Sense, Resist, React: EY’s 19th Global Information Security Survey 2016–17,” 9.

17.Ibid. 10.

18.Nicole Perlroth, “Hackers Find Celebrities’ Weak Links in Their Vendor Chains” The New York Times (May 7, 2017), https://www.nytimes.com/2017/05/07/technology/hackers-exploit-celebrities-vendor-chains.html?_r=0.

19.Krebs on Security, “Email Attack on Vendor Set Up Breach at Target,” February 2014, https://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/.

20.Barlow, https://www.ted.com/talks/caleb_barlow_where_is_cybercrime_really_coming_from?language=en.