funsec mailing list archives

Previous By Date Next
Previous By Thread Next

REVIEW: "Learning from the Octopus", Rafe Sagarin

From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
Date: Mon, 8 Oct 2012 14:51:34 -0800
BKLNFOCT.RVW   20120714

"Learning from the Octopus", Rafe Sagarin, 2012, 978-0-465-02183-3,
U$26.99/C$30.00
%A   Rafe Sagarin
%C   387 Park Ave. South, New York, NY   10016-8810
%D   2012
%G   978-0-465-02183-3 0-465-02183-2
%I   Basic Books/Perseus Books Group
%O   U$26.99/C$30.00 800-810-4145 www.basicbooks.com
%O  http://www.amazon.com/exec/obidos/ASIN/0465021832/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0465021832/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0465021832/robsladesin03-20
%O   Audience n+ Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   284 p.
%T   "Learning from the Octopus"

The subtitle promises that we will learn "how secrets from nature can
help us fight terrorist attacks, natural disasters, and disease."  The
book does fulfill that aim.  However, what it doesn't say (up front)
is that it isn't an easy task.

The overall tone of the book is almost angry, as Sagarin takes the
entire security community to task for not paying sufficient attention
to the lessons of biology.  The text and examples in the work,
however, do not present the reader with particularly useful insights. 
The prologue drives home the fact that 350 years of fighting nation-
state wars did not prepare either society or the military for the
guerilla-type terrorist situations current today.  No particular
surprise: it has long been known that the military is always prepared
to fight the previous war, not this one.

Chapter one looks to the origins of "natural" security.  In this
regard, the reader is inescapably reminded of Bruce Schneier's "Liars
and Outliers" (cf. BKLRSOTL.RVW), and Schneier's review of evolution,
sociobiology, and related factors.  But whereas Schneier built a
structure and framework for examining security systems, Sagarin simply
retails examples and stories, with almost no structure at all. 
(Sagarin does mention a potentially interesting biology/security
working group, but then is strangely reticent about it.)  In chapter
two, "Tide Pool Security," we are told that the octopus is very fit
and functional, and that the US military and government did not listen
to biologists in World War II.

Learning is a force of nature, we are told in chapter three, but only
in regard to one type of learning (and there is no mention at all of
education).  The learning force that the author lauds is that of
evolution, which does tend to modify behaviours for the population
over time, but tends to be rather hard on individuals.  Sagarin is
also opposed to "super efficiency" (and I can agree that it leaves
little margin for error), but mostly tells us to be smart and
adaptable, without being too specific about how to achieve that. 
Chapter four tells us that decentralization is better than
centralization, but it is interesting to note that one of the examples
given in the text demonstrates that over-decentralization is pretty
bad, too.  Chapter five again denigrates security people for not
understanding biology, but that gets a bit hard to take when so much
of the material betrays a lack of understanding of security.  For
example, passwords do not protect against computer viruses.  As the
topics flip and change it is hard to see whether there is any central
thread.  It is not clear what we are supposed to learn about Mutual
Assured Destruction or fiddler crabs in chapter six.

Chapter seven is about bluffing, use and misuse of information, and
alarm systems.  Yes, we already know about false positives and false
negatives, but this material does not help to find a balance.  The
shared values of salmon and suicide bombers, religion, bacterial
addicts, and group identity are discussed in chapter eight.  Chapter
nine says that cooperation can be helpful.  We are told, in chapter
ten, that "natural is better," therefore it is ironic to note that the
examples seem to pit different natural systems against each other. 
Also, while Sagarin says that a natural and complex system is flexible
and resilient, he fails to mention that it is difficult to verify and
tune.

This book is interesting, readable, erudite, and contains many
interesting and thought-provoking points.  For those in security, it
may be good bedtime reading material, but it won't be helpful on the
job.  In the conclusion, the author states that his goal was to
develop a framework for dealing with security problems, of whatever
type.  He didn't.  (Schneier did.)

copyright, Robert M. Slade   2012     BKLNFOCT.RVW   20120714


======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
       [N]obody who understands computers trusts them completely.
                                     - `Radiant,' James Alan Gardner
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: