Mr. Winkler is a former undercover security analyst with the National Security Agency, who now works with governments and major corporations to help them uncover potential security breaches. He states in the introduction to Spies Among Us that there seems to be a fascination with spectacular acts committed by terrorists, foreign intelligence operatives, and computer hacking geniuses. Against such threats, corporations and individuals are tempted to feel powerless. Such acts, though potentially devastating, are quite rare and only affect relatively small numbers of people and businesses. Conversely, natural disasters, accidents, and criminal acts, though not as spectacular, are much more common and affect many more people. In Spies Among Us, Mr. Winkler seeks to empower his readers with simple countermeasures that can mitigate the common threats we all face. He further adds that such prudence also helps protect against attacks from the terrorists, spies, and computer geniuses.
Spies Among Us is divided into three parts. Part I discusses the fundamental concepts of the intelligence process, espionage, and crime. Part II explores the details of some notable penetration tests conducted by Mr. Winkler and his colleagues as well as some real-world cases of high- level crime and espionage. Finally, Part III describes the simple countermeasures that can be used to reduce both individual and corporate vulnerabilities to various threats.
In Part I, Mr. Winkler defines risk, threat, vulnerability, counter-measures, value, and their interrelationship. He further explains how to determine the value of assets and how to evaluate various threats against those assets. Of particular interest to BECCA members, Mr. Winkler thoroughly describes the corporate espionage threats that U.S. corporations face. He lists the major countries that successfully use their state intelligence agencies to target U.S. corporations. Among those countries are two U.S. allies identified by the CIA as conducting espionage against U.S. companies: France and Israel. Furthermore, Mr. Winkler describes how each nation targets U.S. corporations both at home and abroad. He states that the U.S. government is quite different than that of most other industrialized nations in that it generally does not collect intelligence on behalf of its corporations. Contrast this with the statement of Pierre Marion, the former head of the French foreign intelligence agency who has stated, "There is no such thing as an economic ally." Among other countries, the U.S. government is considered "naïve" in its view of international corporate espionage.
In addition to foreign intelligence threats, Part II of Spies Among Us explains how corporate information leaks can be caused or exploited by insiders (employees), petty crime, suppliers, customers, and competitors. In regards to employees, the author draws an amazing parallel between the profile of an extremely hard- working employee and that of a spy. They both show interest in what their coworkers are doing, they volunteer For extra work, they work late, and they rarely take vacations. Attackers Target vulnerabilities of corporations and individuals. Mr. Winkler defines Vulnerabilities in four categories: operational, physical, personnel, and technical. Under operational vulnerabilities, he addresses security awareness and makes a notable statement, that "there is no common sense without common knowledge," emphasizing the importance of security awareness training for everyone.
In Part II, not only does the author describe various successful attacks Against major corporations, he also describes the vulnerabilities which facilitated or allowed these attacks.
In Part III, Mr. Winkler explains simple countermeasures to address these vulnerabilities and similar vulnerabilities of individuals. He defines these countermeasures in the same categories that he used for vulnerabilities. However, he makes the interesting observation that the categories do not necessarily correlate. For instance, he states that poor security awareness is an operational vulnerability. However, an effective countermeasure for poor awareness is a technical countermeasure such as token-based authentication which thwarts social engineering attacks designed to obtain passwords from users. In the final chapter, Mr. Winkler provides practical suggestions for implementing and testing countermeasures and incident response procedures. He includes sound advice on how to garner support from management and compliance from employees. He states that an effective security awareness program could result in "thousands of people detecting security problems, not just the two people in a typical security department."
As a military intelligence professional, I found Spies Among Us to be a fascinating and enlightening read. As only someone who has great understanding can, Mr. Winkler greatly simplifies the intelligence process and provides interesting insights into recent events. He also writes from the vantage point of an insider. The security countermeasures he recommends are practical and feasible for both organizations and individuals to implement. As someone who sees the need for professional reading but who does not normally enjoy such activity, I found this book to be refreshingly enjoyable to read. I highly recommend Spies Among Us to anyone working in the security or intelligence field. I also highly recommend it to anyone else who has ever felt vulnerable or who just wants to peer into the hidden world of espionage and crime that is always among us.
"Spies Among Us reads like a Robert Ludlum novel, [and] it’s riveting because it’s all true. If you’ve got a social security number, you need to read this book whether you’re a CEO or a grandmother. Winkler reveals the top threats to our personal and national security, with lots of straight-forward advice on how to protect yourself."
–Soledad O'Brien, CNN