By Donna Victoria Bell-Tchega
Click Here to Kill Everybody by Bruce Schneier provides valuable insight into how cyber power must first acknowledge vulnerabilities within interconnected systems to achieve global security. The rapid growth of connected devices, from “8.4 billion things attached to the Internet, to an estimated 20 to 75 billion by 2020” (Schneier 5), has reshaped global security, widening the attack surface for cyber threats. With diverse digital-age actors—from state to non-state players—the cyber battlefield has grown increasingly complex. Schneier argues that interconnected networks not only increase these vulnerabilities but also necessitate immediate global policy reform. Cyber power is “the ability to use cyberspace to create advantages and influence events in other operational environments and across the instruments of power” (Nye 3).
Through this book, Schneier illustrates how the interconnectedness of critical infrastructures has made cyber power central to national security. He provides strategic insights for protecting these infrastructures in a digital society while emphasizing the difficulties in countering cyberattacks. Schneier discusses “how everything is considered smart, even objects are becoming smart” (Schneier 4), underscoring our growing reliance on interconnected systems like the Internet of Things (IoT). The IoT’s explosive growth has made both people and critical infrastructures more vulnerable to cyberattacks. While IoT technology offers ease and efficiency, it has also expanded the attack surface, with everyday objects like cars, refrigerators, and fitness trackers collecting personal identifiable information (PII). One minor vulnerability can give an attacker access to larger networks.
Computer scientist and mathematician Robert Wiener coined the term Cybernetics,”the science of communications and automatic control systems in machines and living things.” In Chapter 1 of Schneiner’s book, cybernetics discuss covering devices like thermostats, baby monitors, and smart speakers that now make up the cyber ecosystem. This increased device integration brings complexity and raises security costs, making ongoing vigilance essential. As Schneier states, “The attacker has to find one vulnerability and the defender has to secure the entire attack surface” (Schneier 27), a challenge that puts defenders at a fundamental disadvantage.
Defining cyber warfare presents a significant challenge, varying between state actors and organizations. “Some say cyberwar is coming. Some say cyberwar is here. Some say cyberwar is a term that everyone uses, that no one agrees on, and that has no agreed-upon definition” (Schneier 68). Schneier emphasizes that cyber warfare remains ambiguously defined in international security, which complicates responses to cyberattacks. Cyber law principles such as distinction, precaution, and proportionality could provide a framework for state and non-state actors to address cyberattacks. Schneier’s analysis of cases like the United States’ “limited response” to North Korea’s Sony breach and the 2016 Russian interference in U.S. elections highlights the lack of established international norms and legal frameworks in cyber conflict, restraining national responses (Schneier 71). This ambiguity complicates defense strategies and leaves room for exploitation by bad actors. A major theme in Schneier’s work is the need for policy reform in cybersecurity, especially regarding legacy systems that cannot adequately defend against modern attacks. “The National Institute of Standards and Technologies framework for improving critical infrastructure is a great example of this type of standard. Unfortunately, the NIST cybersecurity framework is only voluntary at this stage, but it’s gaining traction. In 2017 it became mandatory for federal agencies” (Schneier 123).
Schneier calls for extending this framework to private industries, proposing incentives for compliance or penalties for non-adoption. He advocates for a security-by-design approach, embedding cybersecurity at the design phase to minimize vulnerabilities. As we’ve observed, policy follows precedent (Jarmon), and only mandatory frameworks can create a consistent security standard. While governments play a key role, the private sector, which owns much of the critical infrastructure, often prioritizes short-term profitability over security investments. According to tech analyst firm Gartner, 2018 internet security spending was projected at $93 billion, but cost considerations limit consumer and producer willingness to invest in robust security (Schneier 101). Schneier highlights the need for a public-private partnership to address these gaps and establish effective security frameworks.
Schneier’s book proceeds to stress collaboration between consumers and manufacturers in securing IoT products. Schneier argues that consumers, often lacking the necessary knowledge to secure devices, rely on manufacturers to build security into their products. He proposes that cybersecurity experts should educate less-informed users, creating a collective digital security framework. He also emphasizes that cybersecurity must be treated as a public good, requiring investment from both private and public sectors.
Cybercriminal tactics continue evolving, and Schneier’s suggestions underscore the need for consistent security funding and development. Schneier’s discussion of cyber systems’ global interconnectedness, which he refers to as “Internet+,” highlights the urgency of international cooperation. Digital borders cannot protect against malicious threats, as vulnerabilities in one country’s infrastructure can easily impact others. Schneier emphasizes that the growing asymmetry between attackers and defenders makes it difficult to execute proportionate responses. Without international cybersecurity standards, countries lack coordinated responses to prevent and manage cyber threats. He suggests that proactive international collaboration could help prevent escalation into physical conflicts. Ultimately, cyberattacks carry risks to economic stability and diplomatic relations, underscoring Schneier’s call for a globally unified approach to cybersecurity.
Although Schneier supports increased regulation and international collaboration, critics worry that these efforts could hinder innovation or infringe on privacy rights. Schneier addresses these concerns by arguing that the risks of insufficient regulation far outweigh potential drawbacks. He encourages educating the public on cybersecurity practices to help consumers make informed security decisions, ultimately strengthening individual and collective resilience against cyber threats. His analysis suggests that cyber threats pose risks not only to national security but to global stability. As cyberattacks increasingly threaten the global economy and international relations, Schneier’s advocacy for comprehensive policies and international standards offers a reminder that proactive measures, rather than reactive responses, will shape our secure, interconnected future.
*******
Work Cited
Nye, Joseph. “Cyber Power.” Belfer Center for Science and International Affairs, Harvard Kennedy School, May 2010.
Schneier, Bruce. Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. New York, W.W. Norton & Company, 2018.
UCSD Robotics Research. “Chapter 1: Introduction to Robotics.” Accessed October 27, 2024. http://robotics.ucsd.edu/rr_chap01.pdf.
Radical Uncertainty: Decision-Making Beyond the Numbers provides individuals a narrative-oriented framework for addressing risks in a radically uncertain environment. Artificial intelligence has several attractive applications in today’s complex decision-making environment, but John Kay and Mervyn King warn against the abandonment of human judgement. Ultimately, human and non-human approaches to risk management will likely carry biases and repercussions of their own. (Photo credit: Kyle Glenn on Unsplash)
