• List Price: $62.95
  • Save: $10.47 (17%)
Only 17 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Cyber Attacks: Protecting... has been added to your Cart
+ $3.99 shipping
Used: Like New | Details
Sold by pbshop
Condition: Used: Like New
Comment: Used - Like New Book from multilingual publisher. Shipped from UK in 10 to 14 business days. Please check language within Amazon's description
Access codes and supplements are not guaranteed with used items.
Sell yours for a Gift Card
We'll buy it for $9.05
Learn More
Trade in now
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Cyber Attacks: Protecting National Infrastructure Hardcover – November 26, 2010

ISBN-13: 978-0123849175 ISBN-10: 0123849179 Edition: 1st

Buy New
Price: $52.48
23 New from $37.60 17 Used from $45.40
Rent from Amazon Price New from Used from
"Please retry"
"Please retry"
$37.60 $45.40

Hero Quick Promo
Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now
$52.48 FREE Shipping. Only 17 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.

Frequently Bought Together

Cyber Attacks: Protecting National Infrastructure + Design and Evaluation of Physical Protection Systems, Second Edition
Price for both: $120.43

Buy the selected items together
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Hardcover: 248 pages
  • Publisher: Butterworth-Heinemann; 1 edition (November 26, 2010)
  • Language: English
  • ISBN-10: 0123849179
  • ISBN-13: 978-0123849175
  • Product Dimensions: 1 x 7.8 x 9.8 inches
  • Shipping Weight: 1.5 pounds (View shipping rates and policies)
  • Average Customer Review: 4.1 out of 5 stars  See all reviews (11 customer reviews)
  • Amazon Best Sellers Rank: #896,447 in Books (See Top 100 in Books)

Editorial Reviews


"Amoroso’s advice takes the art out of the debate onwhether security is art or science. He brings a high level goal oriented approach to practical situations in order for the ‘right’ security decisions to appear obvious to the reader. However, no book is a single solution, and this one is no exception. Some readers may be disappointed not to find comprehensive references for further reading. It is apparent that the book surveys a great deal of literature, but there is no bibliography. Readers may also be disappointed that there is no step-by-step guaranteed path to cyber security solutions. The book provides no procedures or checklists. Nevertheless, those who allow Amoroso to influence their view of the security problem at the level he chooses to present it should more easily be able to recognize cyber security solutions."--Computers and Security

"Ed Amoroso has again given the policy community a thoughtful roadmap. Cyberthreats are becoming more sophisticated, but thankfully Ed is well abreast of the problem and leading with solutions."-John Hamre, Deputy Secretary of Defense (1997-2000), president and CEO of the Center for Strategic and Informational Studies, Washington, DC

"Dr. Amoroso's fifth book Cyber Attacks: Protecting National Infrastructure outlines the challenges of protecting our nation's infrastructure from cyber attack using security techniques established to protect much smaller and less complex environments.  He proposes a brand new type of national infrastructure protection methodology and outlines a strategy presented as a series of ten basic design and operations principles ranging from deception to response.  The bulk of the text covers each of these principles in technical detail.  While several of these principles would be daunting to implement and practice they provide the first clear and concise framework for discussion of this critical challenge.   This text is thought-provoking and should be a ‘must read’ for anyone concerned with cybersecurity in the private or government sector."-Clayton W. Naeve, Ph.D., Senior Vice President and Chief Information Officer, Endowed Chair in Bioinformatics, St. Jude Children's Research Hospital, Memphis, TN

"Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infrastructure balanced against practices that reduce the exposures.  This is an excellent guide to the understanding of the cyber-scape that the security professional navigates.  The book takes complex concepts of security and simplifies it into coherent and simple to understand concepts."-Arnold Felberbaum, Chief IT Security & Compliance Officer, Reed Elsevier

"The national infrastructure, which is now vital to communication, commerce and entertainment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it is possible for botnets to penetrate millions of computers around the world in few minutes, and to attack the valuable national infrastructure. "As the New York Times reported, the growing number of threats by botnets suggests that this cyber security issue has become a serious problem, and we are losing the war against these attacks. "While computer security technologies will be useful for network systems, the reality tells us that this conventional approach is not effective enough for the complex, large-scale national infrastructure. "Not only does the author provide comprehensive methodologies based on 25 years of experience in cyber security at AT&T, but he also suggests ‘security through obscurity,’ which attempts to use secrecy to provide security." -Byeong Gi Lee, President, IEEE Communications Society, and Commissioner of the Korea Communications Commission (KCC)

"Amoroso has laid the much needed foundation for a solid Critical Infrastructure plan. Security professionals now have the basis to apply his ideas to solve an incredibly complex problem. "-Howard Israel, Corporate Security Officer, Fidessa Corporation

"Cyber Attacks: Protecting National Infrastructure is a captivating journey through cyber security policy development for complex infrastructures by one of today’s foremost experts on large-scale network security. It is a must read technological roadmap for anyone interested in what we must do to strengthen our national network security systems."-Ken Xie, CEO, Fortinet, Inc.

"Some of his ideas are controversial and bound to incite debates about privacy and practice. For instance in his book, Cyber Attacks: Protecting National Infrastructure,"  Amoroso suggests using large-scale and coordinated collection of network-traffic data as well as security information from end-user desktops to pinpoint botnet-compromised computers, identify suspicious anomalies and trace attack paths."--Network World Magazine

"In his new book Cyber Attacks: Protecting National Infrastructure, Amoroso takes a hard look at common information security practices that have failed to protect individuals, organizations, and ultimately US critical infrastructure. Amoroso offers a new way of looking at information security and some "common sense" strategies to thwart cyberattackers, who are becoming more sophisticated, organized, and advanced."--Infosecurity Magazine (an Elsevier publication)

"Amoroso offers a technical, architectural, and management solution to the problem of protecting national infrastructure. This includes practical and empirically-based guidance for security engineers, network operators, software designers, technology managers, application developers, and even those who simply use computing technology ikn their work or home. Each principle is presented as a separate security strategy, along with pages of compelling examples that demonstrate use of the principle. A specific set of criteria requirements allows any organization, such as a government agency, to integrate the principles into their local environment…. The book takes the national debate on protecting critical infrastructure in an entirely new and fruitful direction."--The Journal of Law Enforcement, Spring 2011

"What sets this effort apart is that it offers a comprehensive list of local enterprise-level suggestion and remedies as well as a plan that is scalable to protect national level infrastructure.  What's more, the material is well-written and concisely presented.  The author sets out his plan in sufficient detail but without miring the reader in technical details…I highly recommend this book for all intermediate-level and above security practitioners in IT and non-IT positions."--Security Management Magazine, September 2011, p. 168

About the Author

Edward Amoroso is currently Senior Vice President and Chief Security Officer of AT&T, where he has worked in cyber security for the past twenty-five years. He has also held the adjunct professor position in the computer science department at the Stevens Institute of Technology for the past twenty years. Edward has written four previous books on computer security, and his writings and commentary have appeared in major national newspapers, television shows, and books. He holds a BS degree in physics from Dickinson College, and the MS/PhD degrees in computer science from Stevens Institute of Technology. He is also a graduate of the Columbia Business School.

Customer Reviews

4.1 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

11 of 11 people found the following review helpful By Richard Bejtlich on March 7, 2011
Format: Hardcover
Writing a book isn't easy, especially when you're trying to develop a framework and solutions that apply to a topic as vast as protecting national infrastructure. I applaud Dr Amoroso's efforts in Cyber Attacks, but I fear he is solving yesterday's problems with yesterday's answers. This book might have been more relevant in 2006 when one could have plausibly pointed to botnets as "clearly the most important security issue on the Internet today" as Dr Amoroso oddly says on p 12. Unfortunately for readers, Cyber Attacks does not have the perspective needed to provide workable solutions to modern problems.

Throughout Cyber Attacks the reader will find evidence that the author isn't staying current with today's security landscape, despite his status as CISO for a tier one carrier. For example, on p 7 he says botnets are "most often" controlled by IRC. That was once true, and today some botnets do use IRC, but many if not most have switched to other protocols. Most use HTTP for C2 in order to frustrate detection and escape through corporate proxies, but others use social media and peer-to-peer mechanisms. Later in the book the author advocates technologies like honeypots and firewalls to counter threats. There is some value in deception technologies, and network segmentation has some merit, but again these approaches remind me of advice from the early 2000s. Chapters 8 and 9, with discussions on bots and worms (and Slammer, from 2003!) seem fixated on an earlier age. As a final symptom of this backward approach, count the number of times the author quotes books written between 1998 and 2002.

A second issue involves the author's suggested "remedies." I don't think a focus on engineering is the proper way to address security threats.
Read more ›
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 4 people found the following review helpful By Likes to eat Pi on August 8, 2011
Format: Hardcover Vine Customer Review of Free Product ( What's this? )
In this book Edward Amoroso lays out a 10 point plan for how to secure national infrastructure. As any infosec pro will tell you, a good security plan always begins with threat modelling. While nnot explicitly spelled out as such, Amoroso is clearly very concerned with botnets, as they are called out in almost every chapter. The problem is, botnets just aren't the same concern today that they were five or six years ago - more modern and advanced threats pervade the threat landscape. Unfortunately this narrow and outdated focus has made many of the suggested countermeasures useless in one form or another.

Many of the suggestions in this book are both obvious and currently practiced (at least to some extent) by any reasonably mature security program, and the others (like deception and diversity) would require a serious reworking of the way the entire internet functions, to the point where it's impractical to even bother with except as a theoretical exercise. Many other suggestions would be useless against more modern threats like APT and social engineering attacks. At least one (diversity) is actually likely to make an enterprise's security weaker if implemented the way he suggests by making management more difficult. While many of the suggestions are useful, if rudimentary, Amoroso's outdated threat model had made this book far less useful than it could be.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 4 people found the following review helpful By Kanishk Rastogi VINE VOICE on February 24, 2011
Format: Hardcover Vine Customer Review of Free Product ( What's this? )
Since this book has been written by a senior network security officer at AT&T, I had high expectations from this book. And indeed, a lot of them were met.
A very well organized and true to its' promise (going by the preface), this book covers the "what to do" of making a large infrastructure secure very well. The reader can refer to one of the many books out there for the "how to do" part.

Written like a technical document, the main 9 principles of securing networks are summarized in the introductory chapter itself. Then the following chapters cover each principle with in-depth details.

I also liked the writing style of the author of re-stating several points using various examples. This helps in cementing the concepts in mind once the book is done reading.

Several security incidents that have occurred in the past are mentioned all over the book for better explanation. Relevant current examples like the ones related to SCADA network have been included whenever considered necessary.

It is expected that the audience of this book has some security background, if not experts.

Just didn't like the redundancy of concepts, and hence 4 stars.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Hardcover Vine Customer Review of Free Product ( What's this? )
I think this book is aimed at a relatively unique audience - managers, technology officers, and the like. It certainly is not for any home users wanting to find out what antivirus software to buy for their PC.

That said, it is an interesting take on protecting national infrastructure. As others note, Amoroso does tend to spend a lot of time on DDOS and botnet attacks and not as much on other cyber issues that face presumably government computer systems like data exfiltration, insider threats, etc. Some of that is covered with discussions of honeypots/honeynets to catch attackers and capture what they are doing, as well as segregation of duties, etc, but there might be a bit skewed emphasis. Then again, Amoroso might be privy to information that influenced that emphasis. Just because a lot of infamous botnets are getting squashed of recent doesn't mean there aren't stealth botnets out there that are lying in wait to be called into action. A national infrastructure adversary probably wouldn't want to base their offensive posture on a botnet that also peddles Viagra.

For someone wanting to get a broad overview of the considerations involved in a good security posture - even if you just run the network/IT department anywhere that security matters (and it really matters everywhere) I think this book does a pretty good job. It seems that most security concepts are covered and if a reader wishes to find more information, they will be armed with the basics to go find that information.

I think it might be aimed at professionals wanting to get an overview and perspective as well as becoming more conversant in the terminology and where the pieces fit. A seasoned security professional might not get too much from this book. Intermediates to beginners would probably get a lot.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews

More About the Author

Discover books, learn about writers, read author blogs, and more.

What Other Items Do Customers Buy After Viewing This Item?

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Cyber Attacks: Protecting National Infrastructure
This item: Cyber Attacks: Protecting National Infrastructure
Price: $52.48
Ships from and sold by Amazon.com