Essential Reading

Secrets & Lies: Digital Security in a Networked World
Bruce Schneier
Wiley Publishing Inc
ISBN: 978-0-471-45380-2

Put simply, everyone who owns (or uses) a computer that is attached to a network should read Secrets & Lies. Schneier himself recommends reading it "through a second time" (p.xxiii), but I'm not sure that even reading it twice will be sufficient to absorb all the lessons and wisdom that the author offers his readers to keep them safe online! Without doubt, this is the finest book on computing (of any type) that I have read to date and throughout I found myself wishing that I had read it when it was first published.

Sure, this seminal treatise on digital security is starting to show signs of age, but then it was originally published in 2000 and the fact that technology has developed so quickly over the intervening decade is a testament to both the simplicity and the enduring relevance of the underlying message: "[s]ecurity is a process, not a product" (p.xxii). As our personal information and virtual existence is increasingly spread across the Internet, this is a lesson that we should all heed. Fortunately, Schneier's uncomplicated approach coupled with his lucid and inclusive prose means that non-technical readers should not be intimidated by the book's four-hundred or so pages and it seems to have been written as much for the layman as for technicians and geeks. Indeed, the book's format and layout are designed to make digital security as accessible as possible and Schneier breaks it into logical sections that provide: the context and justification for digital security (The Landscape); the tools for providing security (Technologies); and how best to deploy these tools (Strategies). However, this is no technical manual - there's very little in the way of direct implementation advice - more, it is a way of thinking about and planning for security and this is the real secret of the book's durability.

Throughout, there are echoes of Schneier's despair with his earlier manuscripts and the lack of hope the early drafts gave his readers (p.396). Nonetheless, this serves only to reinforce the importance of the message and the urgency of the risks. Schneier's epiphany in 1999 (p.397) that led to the resurrection and publication of this book provides us all with the hope that, once we understand the risks and plan our responses, even when those risks are manifest we can mitigate the damage.

Whether you have an interest in network security generally or you are one of the computer security's mystified majority, Secrets & Lies is essential reading.