Tuesday, September 18, 2012

Do you accept the Daemon?

Daemon, but Daniel Suarez I recently finished listening to Daemon, a techno-thriller by Daniel Suarez. As a regular listener of several TWiT network shows, I have heard about the book regularly through Audible.com commercials. My catalyst for finally getting Daemon came this summer when Suarez released his latest book, Kill Decision. It seemed more than serendipitous coincidence that his newest book used my last job (signal processing on UAVs) for a topic, while his first book used my current job (blocking malware) for a topic. Thus I had to pick Daemon up, and once I picked it up I could not put it down.

Daemon begins with the death of Matthew Sobol, a fictional game designer. Sobol’s massively multiplayer online games brought his company wild success, and apparently left him with too much free time to think about the world order. He decided to change that order post-mortem by leaving behind a powerful internet daemon. The daemon intricates itself with the world’s information technology systems, obtaining immense power. The story follows many characters, some of which fight the daemon and some of which join the daemon. Both approaches provide thought provoking perspectives.

An interesting case study comes from the daemon’s takeover of Leland, a fictional multi-national financial company. Like many large corporations, Leland depends on a complex IT infrastructure. Recent cuts to the IT budget demonstrate the CEO and board view that infrastructure as an unfortunate operating expense rather than a core intellectual property resource. Those cuts produce vulnerable systems and disgruntled employees, which then facilitate the industrial espionage that introduces the daemon to the system. Once inside, the daemon moves laterally and vertically to compromise the entire system. The chiefs and board recognize the stranglehold too late, and the company becomes part of Daemon Inc. Fiction? Yes. Demonstrates real-world issues? Also yes.

Suarez makes several points through the book about technology and our society. Our world consists of largely monolithic monoculture of interconnected systems. We build layer upon layer on top of insecure technologies at the base. As we squeeze out each inefficiency, we make the entire system less flexible and more brittle. A relatively small number of us really know how the digital world works. Powerful people put their power into technology they do not understand or, even worse, misunderstand. Entire fortunes are made virtually and in the blink of an eye, without any produced good or service. All these set up an environment ripe for a cyber-parasite such as Sobol’s daemon.

Unfortunately, no silver bullet exists for dealing with these issues. Carnegie Mellon lead a study on ultra-large-scale (ULS) systems half-a-dozen years ago. Much excitement surrounded the initial release of the study, but it appears that the research area has languished since then. The study identified “security, trust, and resiliency” as a future topic of interest. Indeed. Those three compose a triumvirate for uptime, with each affecting the others. Any solution for one must consider the other two. Does your plan for server resiliency include security and trust? It should.

I really enjoyed Daemon, and highly recommend it. Many others feel the same way. A few complaints come from those who do not realize this first book only contains the the first half of the story. Picture reading Lord of the Rings and stopping midway through The Two Towers. Fortuitously, the rest of the Daemon story already exists in FreedomTM. I suggest getting both and then disappearing for a couple weeks to finish them. You will not regret it.

Need more info about Daniel Suarez and the ideas from his book? Check out these recent interviews for his Kill Decision book tour: