Want to get paid for a vulnerability similar to this one?
Contact us at: firstname.lastname@example.org
“Learning from the Octopus”, Rafe Sagarin, 2012, 978-0-465-02183-3, U$26.99/C$30.00
%A Rafe Sagarin
%C 387 Park Ave. South, New York, NY 10016-8810
%G 978-0-465-02183-3 0-465-02183-2
%I Basic Books/Perseus Books Group
%O U$26.99/C$30.00 800-810-4145 www.basicbooks.com
%O Audience n+ Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 284 p.
%T “Learning from the Octopus”
The subtitle promises that we will learn “how secrets from nature can help us fight terrorist attacks, natural disasters, and disease.” The book does fulfill that aim. However, what it doesn’t say (up front) is that it isn’t an easy task.
The overall tone of the book is almost angry, as Sagarin takes the entire security community to task for not paying sufficient attention to the lessons of biology. The text and examples in the work, however, do not present the reader with particularly useful insights. The prologue drives home the fact that 350 years of fighting nation-state wars did not prepare either society or the military for the guerilla-type terrorist situations current today. No particular surprise: it has long been known that the military is always prepared to fight the previous war, not this one.
Chapter one looks to the origins of “natural” security. In this regard, the reader is inescapably reminded of Bruce Schneier’s “Liars and Outliers” (cf. BKLRSOTL.RVW), and Schneier’s review of evolution, sociobiology, and related factors. But whereas Schneier built a structure and framework for examining security systems, Sagarin simply retails examples and stories, with almost no structure at all. (Sagarin does mention a potentially interesting biology/security working group, but then is strangely reticent about it.) In chapter two, “Tide Pool Security,” we are told that the octopus is very fit and functional, and that the US military and government did not listen to biologists in World War II.
Learning is a force of nature, we are told in chapter three, but only in regard to one type of learning (and there is no mention at all of education). The learning force that the author lauds is that of evolution, which does tend to modify behaviours for the population over time, but tends to be rather hard on individuals. Sagarin is also opposed to “super efficiency” (and I can agree that it leaves little margin for error), but mostly tells us to be smart and adaptable, without being too specific about how to achieve that. Chapter four tells us that decentralization is better than centralization, but it is interesting to note that one of the examples given in the text demonstrates that over-decentralization is pretty bad, too. Chapter five again denigrates security people for not understanding biology, but that gets a bit hard to take when so much of the material betrays a lack of understanding of security. For example, passwords do not protect against computer viruses. As the topics flip and change it is hard to see whether there is any central thread. It is not clear what we are supposed to learn about Mutual Assured Destruction or fiddler crabs in chapter six.
Chapter seven is about bluffing, use and misuse of information, and alarm systems. Yes, we already know about false positives and false negatives, but this material does not help to find a balance. The shared values of salmon and suicide bombers, religion, bacterial addicts, and group identity are discussed in chapter eight. Chapter nine says that cooperation can be helpful. We are told, in chapter ten, that “natural is better,” therefore it is ironic to note that the examples seem to pit different natural systems against each other. Also, while Sagarin says that a natural and complex system is flexible and resilient, he fails to mention that it is difficult to verify and tune.
This book is interesting, readable, erudite, and contains many interesting and thought-provoking points. For those in security, it may be good bedtime reading material, but it won’t be helpful on the job. In the conclusion, the author states that his goal was to develop a framework for dealing with security problems, of whatever type. He didn’t. (Schneier did.)
copyright, Robert M. Slade 2012 BKLNFOCT.RVW 20120714