The Next Space Race: A Blueprint for American Primacy by Richard M. Harrison and Peter A. Garretson, along with some additional contributors, takes on the important, complicated issue of the USA’s space strategy. It deserves consideration on this blog because cybersecurity and cyberwar are critical factors in any discussion of space strategy. Harrison is Vice President and Director of defense technology programs at the American Foreign Policy Council. Garretson, a former Lt Col. USAF, is a senior fellow at the Council and Co-Director of its Space Policy Initiative. With these backgrounds, the authors are well suited to discuss a subject that represents a nexus of military, intelligence, and geopolitical strategies, as well as a zone of vast commercial and technological potential—all of it essential for strategic dominance.

The book is, to a certain extent, a sequel to Scramble for the Skies: The Great Power Competition to Control the Resources of Outer Space, by Garretson and Namrata Goswami. There, the authors posited a struggle for the large national economies to capture the lion’s share of space’s potentially multi-trillion-dollar wealth. The Next Space Race goes into the subtleties of this competition and highlights the realities of the situation and what it will take for the United States to emerge in the winning position. It also points out the potential for smaller spacefaring nations, such as India and Iran, to have an outsized impact on the bigger picture.

The Next Space Race starts by reviewing the commercial potential for space. Already a half trillion-dollar industry, space is poised to become a zone for enormous economic growth. Potential centers of profit include space mining, which would be required to support interplanetary missions and feed demand for rare materials on Earth. Space-based power generation, a solution to global warming, is another massive industry that may become a reality in coming decades.

The authors also highlight the value of space to terrestrial military endeavors. This is not a new topic, but Harrison and Garretson present an ominous view of a future where China, not the US, is in the power position. China, in their view, has a far more comprehensive and ambitious plan for dominance in space, one that encompasses military capabilities in space and commercial exploitation of space resources.

As is the case in a variety of contexts, China’s ability to fuse industrial, military, and government action, without concern for political interference, represents a major threat to American primacy. The US, in contrast, must subject any proposed initiative for space to a political process that has a history of slowing down the implementation of good ideas. The American approach may be better for citizens’ rights and quality of life, but it’s not suited for making big bets on future geopolitical scenarios.

The book presents a comprehensive, multi-component plan for ensuring American primacy in space. This encompasses establishing a rules-based order for international co-existence in space, as well as the developing of space policy and finance tools to operationalize major strategic space programs and industrial projects. Space information services, space transportation and logistics, and power for space systems are all critical for success.

The authors envision several large-scale public/private partnerships to realize these visions. Getting such ideas off the ground, so to speak, will take a high level of political will as well as massive federal budget allocations. Neither looks very promising at this moment, and it’s not clear what will change this picture. The authors refer to the Apollo Program, a massive government spending project driven by cold war competition, as a reference point. Looking at the current state of American politics and governance, it seems unlikely that anything of that scale will ever happen again.

There are several reasons for this, which the authors wisely do not delve into. They want to stimulate productive, across-the-aisle dialogues in which Americans who believe in the future can achieve things in good faith. That’s admirable, and necessary, but probably naïve at this moment.

If one is paying attention, one can see that the US government now does not function very well. Congress has difficulty passing major legislation or forging consensus on large-scale projects. Space is sufficiently speculative that it seems unlikely that we’ll see the kind of ambitious plan outlined in this book coming into existence. What’s more probable is a stumbling series of half measures, driven by commercial interests. These have a funny way of motivating politicians through campaign contributions.

The authors also do not reference a problem hiding in plain sight. Again, this was a wise choice, but any serious dialogue about competing with China needs to address China’s ongoing efforts to influence American policy. As Retired USAF General Robert Spalding argued in his book, Stealth War: How China Took Over While America’s Elite Slept, China is fighting a non-shooting war against the US. This is a war that includes deeply placed, lavishly funded programs that affect American thought and action at numerous levels of government and policy development circles.

With this in mind, it will be impossible to know for sure why a given politician will argue that “We can’t afford this space program” or “This space policy is wrong.” Do they actually believe that, or are they getting too much money from a Chinese PAC to say otherwise?

This may sound cynical and negative, but it’s very real. So is the fact that our previous (and possibly future) president earned millions of dollars, personally, from China as a landlord and hotelier. It may seem gauche to suggest that such a man would be influenced in space policy because of his personal financial gains, but any serious look at American space policy should consider these factors.

Additionally, and this may be the most serious of all obstacles to the plans envisioned in this book, the American public is not remotely aware of the importance of space and is very, very far off from caring enough to vote for politicians who espouse space as a strategic imperative. It’s not 1961 anymore, a time when anything we needed to “beat the commies” would get votes and funding.

The debacle of Trump’s announcement of the Space Force is a cautionary lesson for those who care about space. The creation of the new service branch was the result of a long, careful deliberation at the top levels of the US military, as the authors explain. However, when Trump announced the service, the news was treated as a joke. The public had no idea what was going on and didn’t care. That can tell us all something about the political viability of spending tens of billions of dollars on a space program that may not pay dividends for decades.

I recommend this book if you want to understand that stakes of space and where the US currently sits in the strategic landscape. It’s quite readable, which is an achievement considering the many spheres of thought and action required for an overview of space strategy. The authors do a good job balancing wonkish policy analysis with a sensible narrative. Each chapter encapsulates dozens of policy papers, I suspect. If you want to get a sense of America’s potential, and risks, in space, read this book.

How I Rob Banks (and other such places) by FC (a.k.a. FREAKYCLOWN) achieves something that’s truly rare. It’s a book about security that’s also fun. It reads like a well-wrought crime novel. FC is a renowned ethical hacker who makes his living breaking into buildings whose owners want to test their physical security countermeasures. He’s a penetration tester (pentester) for doors, locks, and security guards, versus firewalls.

FC has a knack for storytelling. He creates suspense. He has a sense of humor. The book comprises over 70 separate anecdotes, which are detailed enough to be fascinating and informative, but understandably scrubbed of client revealing detail.

Still, what he can share about his exploits is eye-opening for anyone involved in security. He’s broken or talked his way into a wide variety of high security places. These include major banks, a fancy private bank for extremely wealthy people, a government intelligence facility and many others.

To achieve these outcomes, FC employs a number of specialized capabilities. For one thing, he’s an extremely talented and experienced social engineer. He can be like a chameleon, blending into the background or assuming any number of suitable personas in order to gain the confidence of people who should be treating him with a lot more suspicion. He also has a bunch of basic burglar skills, like lock picking, knowledge of electronic doors and so forth.

His experiences drive home some important lessons for security architects. One is that security culture is critical. Many times, FC is able to worm his way into a business by befriending employees who don’t get enough attention from the higher ups. Or, he pretends to be a senior executive or government regulator, and carries certain markers of high status, to silently encourage people to open doors for him that need to be locked. He is very good at understanding how people get bored and don’t register anomalies that they should, like someone pushing a cart full of classified documents down a hallway.

One of his biggest criticisms of security systems he encounters is over confidence in a secure perimeter. This is a major issue in cybersecurity as well, especially in this age of ransomware. Too many times, he shares, once he gets through the door, he finds internal security unforgivably lax or complacent. People tend to assume that if he’s inside the building, wearing a (fake) badge, he must belong there. Wrong! In cybersecurity, the countermeasure for this is network segmentation, the setting up of internal barriers to prevent lateral movement. In buildings, it would e more man traps and locked doors.

Another significant takeaway is a warning not to equate cost with quality in physical security. He shares a brilliant account of getting through a special security door that cost almost $100,000. By observing it (standing in a muddy pond for five hours in the middle of the night) he notices that it’s been set to a default mode that opens the door exactly every 30 minutes.

This is an example of FC’s talent for understanding how people actually think and work. He gets that the installers of the door are not security experts, but rather construction people. They don’t know about security. They don’t care about security. They haven’t been instructed about security, so they put the door in to solve their problems, not the customer’s. The expensive door is exposed to breach.

Physical security is a close cousin of cybersecurity. The two go together. Breaking into a building is often a first step to gaining unauthorized access to their network, which he in fact does in this book. Companies that want to test their physical security are wise to make this investment. The book offers a lot of insights that anyone involved in security will find valuable in getting better at his or her job.

The title of Fatima Gholem’s fictionalized account of her time in the finance field, Finance Whore: What is Your Price? lets you know, right out of the gate, that this is not going to be a calm, reasoned account. The book is an indictment of the rancid working conditions in the industry, but also a harsh exercise in self-criticism. Her autobiographical main character, Hannah, is the whore, as she sees it, in a business that turns almost everyone it employs into a whore of some kind.

The book was inspired by Gholem’s first couple of years of work. It’s set during the 2007-2008 financial crisis, which provides an ominous context for the setting. Hannah doesn’t name her employer, or even the European city where’s she working, for obvious reasons. The place is a luxurious hellhole.

Hannah is working in the operational side of the hedge fund business, something I didn’t know much about, and honestly had never thought about before. It’s detailed work, with serious penalties for errors. For example, if you miscalculate the value of an asset, that can result in regulatory trouble or a client lawsuit. Hannah has to check and recheck her work, constantly stressing out about making a mistake. (And, as someone who writes about process automation, I kept wondering why all the workflows were so manual…)

There’s a lot of checking and rechecking. Every 12-hour day is packed with detail overload. The office environment is toxic, with a manager who seems to be conducting an exhaustive master class on how to be a bad boss. He’s such a manipulative control freak, he won’t let Hannah go to the dentist for a painful cavity. She ends up losing a tooth due to his selfishness and (probably illegal) restrictions on her time. As Hannah grows more exhausted and stressed out, he won’t let her take time off that she’s earned, either.

The office is full of creepy corporate climbers. They run the gamut from porn-joking “bros” to scheming, flirting women who show cleavage to get the bad manager’s attention and favoritism. It’s a male-dominated culture, and Hannah goes into squirming detail on just how disgusting and unfair the whole setup is for women in the office. There’s the terrible balancing act of being feminine versus being a cold bitch. Men get to have all the good ideas. Women with graduate degrees are supposed to listen adoringly and look pretty. You feel like punching these jerks in the face.

To let off steam, Hannah starts to drink a little too much. However, if I had to contend with men who nickname their dicks “The NASDAQ,” which is typical for her social life, I’d probably hit the bottle, too. The book’s descriptions of the partying excesses of her cohort of overpaid, over-stressed, and money-obsessed peers are depressing, even if they trigger some guilty voyeuristic thrills. She exposes a truly ugly side to it all, too, with drugs and sexual assaults affecting some of her close friends.

Still, as you read the book, you start to think, why does Hannah call herself a whore? She is simply experiencing through what almost everyone goes through at the start of a career in a demanding field. A medical resident, a first-year law firm associate, a production assistant in Hollywood—to name a few of many career paths with brutal entry phases—would require a similar grind.

There is a reason, however. As she gets further into the work, Hannah feels she is betraying her values. She had envisioned the job as a way to get experience and make money so she could move on to starting her own business or non-profit. A year into it, she realizes this is not happening. She’s miserable. Her health is getting worse. She’s drinking in a problematic way. The money she thought she would save is evaporating into high costs of living. She’s on a treadmill she can’t stand, but isn’t sure how to get off.

As the story progresses, you start to get a sense of how the “ethics” of this industry are affecting someone who has a strong sense of right and wrong. She’s asked to forge a signature on a document. She refuses, because she knows it’s illegal, but her colleague, the one with the arsenal of push up bras and flexible morals, has no qualms about doing such things. She’s the one who will get ahead at the firm, and after a while, Hannah realizes maybe that’s fine with her.

Hannah also reveals, as the story unfolds, some trauma earlier in her life that has made her less than interested in being part of the toxic team dynamics at the office. She’s given many opportunities to be “one of the guys,” so to speak, but it’s not who she truly is. Every time she verges onto behavior like that, she feels herself become more of a finance whore.

Gholem writes well. It’s an engrossing read, full or rich detail and raw emotions. The book is a tad long, but it’s engaging enough to keep you reading along. I definitely recommend it for anyone who is contemplating a high pressure career.

This post contains an affiliate link. If you buy the book mentioned here, I will earn a small commission. This will not affect the price you pay, however.

The Handler, by Jeffrey S. Stephens, takes us into the shadowy, frightening world of international espionage and counterterrorism. It features the exploits of Nick Reagan, an undercover CIA agent and assassin who is not afraid to buck official orders to do what he thinks is right, both for his own sense of honor and his perceived mission to defend the United States from threats.

The book starts out with Reagan trying to ferret out information about a new, untraceable cell phone chip that’s allegedly being manufactured in China on orders from a reclusive Russian billionaire who now lives in Silicon Valley. His mission doesn’t go well, and he has to engineer a bloody, against-all-odds escape from a Chinese secret police interrogation site—but not before bedding a mysterious British blond.

Back in the US, Reagan’s grey-haired mentor and boss tells him to stay away from the Russian chipmaker, but Reagan pursues the matter, nonetheless. He’s worried, as anyone would be, about the deployment of these “Ghost Chips,” which render mobile devices invisible, but also capable of setting off explosives.

In the US, two young Muslim men complete their indoctrination as terrorists and are sent on a mission of death and mayhem by their handler, a mysterious man who runs the American network of a global terror organization. Reagan and his partner, agent Carol Gellos, aided by his lover, CIA analyst Erin David, partly foil the plot. Their intervention saves lives, but one of the suicide bombers still manages to kill and maim innocent people in New York City.

Meanwhile, three American scientists have been kidnapped in Pakistan. They’re interrogated by terrorists who want to know how to trigger the collapse of a large building using seismic shocks from a gas pipeline explosion. Reagan is deployed to find them, but warned not to get in the way of the State Department’s official efforts to negotiate their release. Warnings are for gutless pencil pushers, though, so Reagan proceeds to shoot the leading Emir of the region in the kneecaps and tortures him into giving up the goods.

The handler is preparing a much bigger act of terror, and Reagan and his team are starting to get a whiff of the magnitude of the project. Between the ghost chips and the American scientist abduction, something huge and horrible is in the works. Reagan has to figure it out before it’s too late.

To reveal more would get into spoiler territory. The book moves along at a brisk pace, with suspense and action at every turn. Reagan is a force to be reckoned with, whether it’s in enemy territory, CIA headquarters, elegant Manhattan bistros or the bedroom. If you enjoy spy thrillers, The Handler will be a lot of fun.

From the perspective of technology and policy, which is why a book like this is being reviewed in The Journal of Cyber Policy, Stephens offers an imaginative and disturbing warning. Device tracking is essential for police work and digital forensics. A chip of the kind proposed in the book would badly impair counterterrorism operations.

Similarly, Stephens’ portrayal of the handler and his network seems realistic. He appreciates something that not many commentators seem to get, which is that terrorism requires a substantial support system in target countries. These networks of people, in turn, leave digital trails, which advanced technologies like artificial intelligence can detect—if those responsible have the resources and suitable mindsets to pursue them. There are few (or no) true “lone wolves,” one might say.

My only issue with this book, which I admit may not be an issue for others, is its sometimes heavy-handed political messaging. A spy novel, by definition, must have a geopolitical point of view. However, reading The Handler at times feels like Fox News bingo, with terms like “Sharia law,” “open borders,” “Pledge of Allegiance,” “the current (Biden) administration” popping up with little too much gusto. Reagan (catch that name?) is also a man who is not afraid to go against orders and torture his targets when it suits his mission.

Overall, though, The Handler is a clever page turner that’s worth checking out.

Reading Frank Riccardi’s new book, Mobilizing the C-Suite: Waging War Against Cyberattacks, reminded me of an amusing conversation I had recently with a major player in the edge computing space. He said, “Let me share half a million dollars’ worth of McKinsey consulting in two sentences…” Riccardi, a lawyer and Certified Healthcare Compliance (CHC) professional with C-level cybersecurity experience, offers a similar “cut to the chase” take on dealing with cyber risk.

This compact, readable book gets right into the heart of the matter. American corporations are facing mortal (or at least job-threatening) attacks from organized criminal gangs. In particular, he highlights the devastating potential of ransomware, which can destabilize a business to the point of liquidation. From there, Riccardi springs right into specific recommendations, including multi-factor authentication (MFA), password management, and patching.

As someone who has written about cybersecurity as a corporate management issue for many years, my instinctive reaction to Riccardi’s approach was to think, “No! You can’t be so prescriptive.” Instead, the C-level executive must first establish a cross-organizational team of stakeholders who have to be educated on the theory and practice of frameworks like NIST CSF. This team must then bring in consultants who will construct a threat impact “heat map” that identifies trouble spots and the “crown jewels” digital assets that require the most robust defense, and so forth.

In other words, you need half a million dollars’ worth of McKinsey to get you to where Riccardi takes you in two sentences. This is the implicit message of the book. Yes, you can absolutely do the framework/ stakeholder/risk impact death march. Or, you can save yourself a year and a lot of money and cut right to what they’re going to recommend, anyway, which are better basic cyber hygiene and a few critical countermeasures, e.g., MFA, better passwords, patch management, and employee security training.

The refreshing frankness and detailed prescriptions in this book may not endear it to cybersecurity professionals. But perhaps that’s Riccardi’s intent. He’s aiming for the C-suite, bypassing the framework-obsessed. It may not be as easy battle for him to fight, however.

He’s also going against the grain in today’s paradigm-oriented security world. While he urges C-suite executives to order the implementation of stronger basic measures, those same executives are likely being peppered with presentations urging major investments in secure access service edge (SASE) programs or zero trust initiatives. Who will get the dollars?

Riccardi’s overall point is very well taken, though. Experienced cybersecurity managers understand that some of the worst vulnerabilities arise out of the simplest neglect. Ransomware attacks are effective because so many companies lack MFA, strong passwords, and data backup. Attackers exploit these weaknesses, breeze right in and encrypt the target’s data. Disaster and CEO firings ensue.

As he explains, using humorous and readable stories—like referring to a ransomware attack on a cream cheese maker as a “schmear campaign”—MFA and other simple countermeasures can mitigate so much of the risk. Riccardi also discusses problems like shadow IT, which is the tendency of businesses to bypass the IT department and implement their own, private information systems in the cloud using credit cards. This presents a security nightmare, and it needs to be addressed. Riccardi similarly points to the unwise practice of offshoring data management without adequate controls.

Some of his recommendations, smart as they are, are bound to run into problems of “easier said than done” and “the devil is in the details.” Training employees to be more vigilant about cyber threats, for example, is not so simple, and experts disagree on whether it’s even worthwhile. Patch management can be difficult for older systems, and even basic patch management requires the commitment of people and resources, so it’s vulnerable to budget cuts. Data backup can be effective against ransomware, but most sophisticated ransomware attackers can still destroy data that’s backed up insecurely, and so forth.

Nevertheless, the book offers a great starting point for meaningful, pragmatic dialogues about security. It offers sensible, direct steps c-suite executives can take to improve their companies’ security postures, and protect their own jobs in the process.

Imagine you’re watching the news. The first item concerns “separatists” in some region of the world perpetrating at terror attack. The second item is about a British banker convicted of money laundering. The third item tells of a massive ransomware attack that netted millions for some anonymous hacker. You could be forgiven for not realizing that these are all, in fact, part of a single scheme. The news doesn’t know it. Policy makers barely know it, or if they do, they haven’t figured out a way to deal with it.

Understanding the connections between criminal enterprises and violent non-state actors (VNSAs) is the purpose of a new book, Blood Money – How Criminals, Militias, Rebels and Warlords Finance Violence, by Professor Margaret Sankey of the Air Force War College. With extensive research and case examples, Sankey lays out the byzantine, interlocking worlds of terrorism, criminal organizations, militias and their (un)willing partners in the “legitimate” spheres of banking and global corporate operations.

The book contains a number of fascinating revelations, starting with the fallacy that terror attacks and other forms of “asymmetrical warfare” are cheap for the attacker. While yes, an explosive vest might cost a thousand dollars, the organization that planned the attack and recruited the suicide bomber may actually need tens of millions of dollars a year to operate. Sankey lays out the political and bureaucratic realities of running an international terror group. They have personnel departments, accountants, media arms and so forth. These are big budget operations, and the money has to come from somewhere.

The money comes mostly from criminal activities, according to Sankey. As she explains, affinities between criminal groups and VSNAs—for example between Hezbollah and Lebanese expat criminals around the world—create the fundraising synergies required to keep the VSNA in operation.

This synergy comes with a host of problems for everyone involved. The VSNA may want notoriety. Indeed, its operations may be driven by a desire for global media attention. That’s exactly what a criminal group doesn’t want. They would prefer to operate in the shadows.

The book dedicates chapters to the major areas of criminal-VNSA collaboration. These include fraud rings, smuggling and counterfeiting. Anywhere there can be arbitrage of commodities or goods, there is the opportunity for this kind of activity. For example, manufacturing fake versions of popular consumer products and smuggling them into the US or EU provide opportunities for profit that can fund VNSA projects. Domestic cigarette smuggling to evade taxes is another example she provides.

Sankey also delves into the murky crossover zone that connects the licit and illicit economies. She discusses the problems of “deviant globalization,” wherein the commercial and communication networks that exist to exploit cheap labor and resources in the third world are harnessed to deliver money and stolen goods to the West.

The book also explores some of the weaknesses in the prosecution of these entities. One of the biggest issues, as she explains, is the “silo” approach taken by law enforcement and policy bodies. Terrorism is one category of enforcement. Crime is another. They should ideally be pursued jointly, or at least in a more integrated process.

Another factor limiting effective policy is a tendency for policy makers to view the “Westphalian State,” a term Sankey likes to use, as the primary means of combatting VSNAs. This might be precisely wrong, as the established state, the one with the UN ambassador and the US State Department on speed dial, may in fact be the weakest entity in the entire landscape. The VNSA itself may hold a lot more sway in certain parts of the world.

This book is a useful resource for anyone who wants to mitigate the threats of terrorism, crime and cyberattacks. It offers a roadmap to understanding why and how these assaults on the major Western economies are actually occurring. If policy makers had a better understanding of the issues involved, they might be able to come up with better ideas for solving the problem.