Cyberjutsu: Cybersecurity for the Modern Ninja

In the contemporary, globalized world, the issue of cybersecurity is more important than ever in relation to both peace and prosperity. Cybercriminals are becoming increasingly professional and resourceful, which means that companies’ intellectual property and individuals’ personal data are at a greater risk than ever before. In Cyberjutsu: Cybersecurity for the Modern Ninja, former NSA developer and current quantum security researcher Ben McCarty sets out a novel approach to protecting data and thwarting cyberattacks.

While conventional wisdom holds that cybersecurity specialists should “think like a hacker,” McCarty’s innovative technique instead recommends that they “think like a ninja.” But why a ninja? Well, the answer to that question is founded both on McCarty’s desire to provide concrete and actionable steps and procedures for IT professionals to apply with regard to cybersecurity and on his deep interest in the ninja scrolls.

Originating in medieval Japan, the scrolls, which were not translated into English until the twentieth century, essentially detail the “on-the-ground training [that ninjas received] in information assurance, security, infiltration, espionage, and destructive attacks that relied on covert access to heavily fortified organizations.” McCarty relates these ancient techniques to the techniques used by modern-day cybercriminals and so allows cybersecurity specialists to understand how their adversaries think. In turn, such understanding allows them to more appropriately prevent and respond to attacks.

Cyberjutsu is not merely a theoretical exploration of an alternative approach to cybersecurity or a historical analysis of ninja tactics; rather, it combines the two issues so as to provide a practical playbook for IT professionals to follow when working on security matters. Each chapter focuses on a different ninja-related topic, beginning with insights derived from the scrolls and then relating those insights to contemporary cybersecurity issues. Based on this analysis, McCarty suggests steps that organizations can take to guard against the relevant cyber threats and also provides a checklist of recommended security settings and specifications. Each chapter also includes a “castle theory thought exercise” in which readers imagine themselves to be the ruler of a castle and consider how to address a particular problem.

Chapter six, which deals with the hours of infiltration, serves as a good example of McCarty’s approach. As the contemporary working world runs on a very similar timetable to medieval Japan, starting with the importance of time in relation to ninjas’ espionage and infiltration activities, McCarty highlights the times during which modern organizations are most likely to be vulnerable to cyberattacks. He then recommends means of developing time-based security controls and anomaly detectors. The castle theory thought exercise involves a potential infiltration of the castle, and nine possible security controls and mitigations are recommended.

Cyberjutsu is an innovative work that is both highly technical and very readable. It’s definitely geared more toward cybersecurity experts than general readers, and it’s packed with ideas, tips, and practical techniques for combating cyber threats. As such, the book is likely to prove an invaluable resource for individuals and organizations looking to improve their cybersecurity practices.