While one person may be responsible for actually writing a book, it is by no means a solitary pursuit. Certainly that was the case with Cyber Threat! My thinking about the evolution of the asymmetric cyber threat has been shaped by many people whose opinions and perspectives I respect. While we do not always agree on every issue, I do believe that the big cyber threat picture is coming clearly into focus and that we agree on many aspects of the problem and the solutions. Unhesitatingly, I would say that without their contributions, this book would not have been possible. In many ways this is a race against time, a race to close the gaps before the digital barbarians get through the gate. On that we all agree. Whatever deficiencies this volume may suffer are the fault of the author, not those who generously contributed their time and expertise.

The cyber threat is not just a computer or technology issue. It is a fundamental business and industry issue, comprised of technology and human behavior. It is a problem that has leached into virtually every dimension and aspect of life. As a threat, it packs a powerful blow. Balancing the threat against the necessity of all things cyber is a delicate exercise. As they say, it's complicated. It also requires many vantage points. I have been fortunate in receiving many perspectives on the subject.

Writing a book is a family affair, and this one was no exception. All we have is time, and how we spend it matters. I felt this was an important subject, and so did my family, and it was therefore worth the commitment. This book would not have been possible without the love and support of my family.

First, a special thanks to my wife, Susan, who is a tireless researcher and constant editor who continuously challenges assumptions and supported this effort from day one. My mother, Evelyn Houck, also encouraged the effort and supported it in many ways. My brother, Phillip, of the Maverick Insurance Agency, provided special insight on cyber insurance and risk. Kenneth Brown, an adviser at ZeroPoint Risk Research where I worked for nearly five years, proved to be a strong sounding board about banking, the economy, and risk management.

Michael J. Sullivan of the Ashcroft Sullivan LLC law firm deserves special thanks, and not only for contributing the foreword of this book. Mike has dedicated much of his career to public service and personifies what it means to serve, most recently as the U.S. attorney for the District of Massachusetts and as director of the Bureau of Alcohol, Tobacco, Firearms and Explosives. He has prosecuted war criminals, terrorists, and cyber criminals, among others. Mike dedicated his invaluable time in discussing the issues examined in this book. Working with Mike are an exemplary group of professionals, including former U.S. assistant attorney Brian J. Leske, attorney Ellen Giblin, attorney Amy Barry, and Michelle Reilly, who are always professional, resourceful, and supportive and who have contributed selflessly. I also want to thank former U.S. attorney general John Ashcroft, David Ayers, and Paul Garrett of the Ashcroft Group LLC.

Ken Mortensen, former associate deputy attorney general, spent many hours with me at the Patriot Diner discussing transnational organized crime, privacy, and many other cyber threat issues. I would also like to express my gratitude to Thomas Garruba for his insights. A number of executives at Boston Private Bank and Trust Company were generous with their time and expertise, including Chief Risk Officer Timothy MacDonald, Rich Byron, attorney Victoria Kane, William Kane, Christine Cioffi, and Tiffany DeMontier.

My sincerest thanks to attorneys Heather Egan Sussman of the Boston office of McDermott, Emery & Will LLP, and attorneys Jennifer Geeter and Jon Dabney of the Washington, D.C., office. All have been a pleasure to work with, often under trying circumstances, and all three are exceptional.

I owe special gratitude to my former ZeroPoint Risk Research partners and colleagues Lorie Skolski, Gerard Kane, Steve Grosso, and former FBI special agent and security executive Joseph DeSalvo. They were always unwavering in their support and are dedicated professionals for whom I have exceptional regard.

To former Boston police commissioner Edward F. Davis, thank you. Catapulted into the national spotlight during the Boston Marathon terrorist bombing in 2013, he was a tireless figure when it seemed Boston was under siege.

Attorneys William “Bill” Rogers, John F. Bradley, and Peter J. Caruso of Prince Lobel Tye LLP in Boston have been generous with their time and expertise, as has former federal prosecutor Joseph M. Burton, managing partner of the San Francisco office of Duane Morris LLP, and Eduard Goodman of ID Theft 911. Dr. Lothar Determann, an attorney at Baker & McKenzie LLP, has been very helpful, and I appreciate his expertise and efforts. I extend my thanks to Holly Chase, a bank regulator and expert in financial institution risk, and to Elton Hill, who retired recently from the Federal Reserve. I also want to acknowledge Kevin Hamel, who leads the privacy and security initiative at COCC.

For many years I have been associated with the National Security Institute. Thank you to my NSI colleagues Stephen Burns, David Marston, and the late Edward Hymoff. Much of what I know about security I learned at NSI. It was Ed, formerly with the forerunner of the Central Intelligence Agency, the Office of Strategic Services, who one day a number of years ago, while I was teaching at Boston University, said, “There are a couple of former military guys I'd like you to meet.” It was Dave and Steve. A great American and national treasure also serves on the advisory board of the National Security Institute, four-star General Earl Anderson, U.S. Marine Corps (Retired), the youngest active-duty Marine ever promoted to the rank of general. He is also the former assistant commandant of the Marine Corps. At this writing he is 94 years old. Semper Fi, General.

For their invaluable contributions over the years I would like to thank attorney David R. Wilson, John Cassella, Thomas Barrett, and Colonel James Bullion, U.S. Army (Retired). Colonel Bullion served two tours in Iraq and has spent a great deal of time in Afghanistan with the Department of Defense, where understanding the nature of threats and responding accordingly is essential to survival.

Retired Marine Corps officers and National Security Agency veterans Ed Lucke and Jeffrey Zimmerman have long been colleagues whose experiences also shaped my appreciation of threat and risk. Dr. Larry Ponemon and Susan Jayson of the Ponemon Institute have been very supportive, encouraging, and generous with their research. I would like to thank Jerry Archer, Jim Malatesta, Jin Kim, Richard Crawford, Phill Bakker, Joe Judge, Jeffrey Bamberger, Dr. Angelo Tosi, and John Rostern for their observations and support over the years. Thank you also to Thomas Wagner for your advice and counsel.

Anthony Kimery, executive editor of Homeland Security Today, has been extremely helpful and insightful and always supportive. Thank you, Christopher Pierson, for your studied perspective on privacy, and Tom Alger. Andy Briney of TechTarget is always helpful, and I have appreciated his counsel and observations through the years. I also want to acknowledge Kathleen Richards and Eric Parizo of TechTarget, as well as Eileen Feretic of Baseline magazine.

Thank you, Elizabeth C. and T. Brooks Fitzsimmons.

To Brian Powers, David Mechanic, Dennis Huaman, Maryalice Decamp, Brian Kelly, Chris Winn, Christo Ovcharov, Paul Rozek, Beth Healy, David Welch, Captain G. Mark Hardy, U.S. Navy (Retired), attorney Annemarie McAvoy of Fordham University Law School, Gary Foster, and Dr. Jack Kerivan, thank you for your continuous support and encouragement. Michael Fountain and Mike Weir, thank you.

Also deserving of thanks are Thomas E. Samoluk, attorney, executive, and author, whose commentary on certain subjects has proved spine-tingling, Anne Marie Graceffa, and David Rawlings. Dan Swartwood of the Ponemon Institute and president of the Society for the Policing of the Cyberspace, thank you for your insights. Debra Squires-Lee of Sherin Lodgen LLP is deserving of thanks. John Colucci of the McLane law firm, thanks for your frequent counsel. I appreciate the contribution of Nicola Crawford of i-Risk Europe Ltd. Much appreciation to Nikk Gilbert, CISO of CUNA Mutual, and Naheed Bleecker for their continuing support. To Kevin Hamel, vice president of security at COCC, thank you for your observations and support. To Eileen Turcotte, thank you.

I want to extend my appreciation to Neil Doherty and to attorney Scott Kannry for their always interesting observations regarding privacy and risk.

To David Wilkinson and Karen E. Antons of the Bellwether Group Inc., and M. J. Vaidya, an adjunct professor at New York University and Americas CISO at General Motors, your support is appreciated. Thank you, Constantine Karbaliotis, for your expert counsel, and to Catherine A. Allen and Robin Slade of the Santa Fe Group.

Tomas Filipiak served overseas as an officer in the U.S. Army as an information security professional and understands the cyber threat and its life and death implications in a combat zone. I appreciate his observations. To Matthew Lion, Erin Weber, Sanjay Deo of 24by7 Security LLC, and Clay Moegenberg, I appreciate your always interesting perspective and support. Insurance executive and privacy and security specialist John Graham of Zurich North America was very helpful, as always, and my appreciation goes also to Jim Randall, who is head of global cyber security for Zurich. Danny Miller, system CISO of the Texas A&M University System, was very helpful.

Much of the effort to protect consumers in the United States against the cyber threat is undertaken by states. None is more deserving of mention than the Commonwealth of Massachusetts. Leading this effort are Barbara Anthony, undersecretary of the Office of Consumer Affairs and Business Regulation, and her exceptional team, including Deputy General Counsel Joanne Campo, Julian W. Smith, and Maureen Tobin—thanks for your good work and leadership.

My appreciation is also extended to Paul D'Ambrosio, MD, Andrew DiLernia, MD, and Karyn M. Connolly.

Benjamin Dubuc traveled to China to teach English after graduating from the University of New Hampshire and kept in touch on the cyber threat there, which was greatly appreciated.

Stacey Rivera, my editor at John Wiley & Sons, has proved to be more than patient and exceptionally competent, and I want to thank her for making this book better than it otherwise would have been.

Maintaining integrity in the enterprise is the job of everyone, but the actions of those security, compliance, and privacy officers are vital. Thanks to those whose battle every day is to defend against the cyber threat.

Last but not least, there are others who deserve thanks but their identities will have to remain confidential, as they continue to work behind the scenes in the interest of law enforcement and national security. You know who you are, and I appreciate your work, as do many others.