Countdown to Zero Day is an account of the Stuxnet worm, widely regarded as the world’s first cyberweapon. It was a computer worm that most cybersecurity analysts believe was designed to target Iranian nuclear weapons facilities. Stuxnet sparked an intense debate of the use of cyberweapons and our vulnerabilities to cyber attacks.
Most of the book follows a group of cybersecurity researchers trying to figure out what Stuxnet does. It’s a fascinating story, and Zetter clearly has an astute grab of the details. She delves fairly deep into some of the technical minutiae; the book is rife with footnotes. I appreciated this granularity, though I can see how it might be overwhelming for some.
Zetter also strives to place Stuxnet in geopolitical context, and to assess its impact on Iran’s nuclear program. She does both ably, and she clearly has access to an impressive array of sources.
While the books focuses primarily on telling Stuxnet’s tale, Zetter also examines its impact and legacy. Like many, Zetter sees Stuxnet as a wakeup call that cyber weapons can be used effectively in international relations. She also indicates that Stuxnet showed the world how effective cyber weapons are in asymmetric conflicts: they’re relatively cheap, and wealthier, more technologically advanced present larger attack surfaces and greater vulnerabilities.
I just read another book on cyber attacks, This is How They Tell Me the World Ends by Nicole Perlroth. They’re different; Countdown to Zero Day is the story of this one cyber attack, while This is How They Tell Me the World Ends traces the history of the cyber vulnerabilities gray market. But Countdown to Zero Day is better in most ways—it’s a more cohesive story, the technical details presented much more clearly, and Zetter’s discussion of the impact of cyber attacks is much more concise than Perlroth’s. I think Countdown to Zero Day, despite being written six years earlier, Countdown anticipates most of Perlroth’s analysis and covers the important points in much less space.