Skip to main content

Raven

This is a book cover with a raven in the middle, and tech wires behind it.

Book written by Sue Loh

Book review by Rick Howard

Bottom Line

Good Novel

I don't recommend this fiction book for the Cybersecurity Canon Hall of Fame, but it is an excellent novel that gets the cybersecurity details right.

Review

I'm always on the lookout for a good cyber novel. By good, I mean the author doesn't treat the cyber pieces of the story like Harry Potter magic; a lot of hand waving about what the hacker is doing (with no real detail and most of the time unrealistic) and a lot of pontificating with nonsense phrases like "I'm in!" I want the cyber pieces of the story to be real or at least real enough. This week, books like…

  • "Reamde" by Neal Stephenson, 2011.
  • "Daemon" by Daniel Suarez, 2006.
  • "The Blue Nowhere" by Jeffery Deaver, 2001.

…are my favorites, but I change my mind depending on my mood. There are many choices. Check out the Cybersecurity Canon website (Cybersecurity Canon -> Book Reviews -> Genre -> Fiction/Cyber Novel) to get a list.

Sue Loh, in her book, "Raven," is a great addition to this category. She gets the technical details right, in addition to writing a compelling story that cyber nerds like myself enjoy. It's a YA novel meaning that the target audience is young teenagers, but don't let that dissuade the adults in the group. YA just means there isn't a lot of violence and sex and the budding romances are of the teenage variety. But the tech she describes is quite advanced and that's what I love about it. Loh brings some credentials to the task too. She's been a Microsoft Software Engineer for over 20 years and as of this writing, she's the systems lead for one of my all-time favorite computer games: Minecraft.

The story orbits around a Managed Security Service Provider (MSSP) called Cinzento. As a side hustle, the company also manages a boarding school (Cinzento Academy) for gifted cyber nerds. The Academy sorts the students into teams and gives them group projects to support the MSSP (I love that idea by the way. What a great way to train young people in all things cyber). As the title of the book announces, the story is about how Team Raven tackles a worldwide cyber event.

The "Evil Hacker'' that Team Raven is up against is a Large Language Model with domain experience in cybersecurity. Raven's team members nickname it "Hack." Hack's intrusion kill chain campaign methodology is to discover any internet system that has poor security, penetrate the system, copy itself to the victim system (so now, each victim system is running its own independent version of the Hack Large Language Model), contact the "Hack" command and control network to download a database of offensive tools that have worked in the past, move laterally within the victim's network using the database of tools, and then fix the security issues as it moves.

Come to think of it, the kill chain methodology is reminiscent of the "Daemon" AI described in the Daniel Suarez novel of the same name (2006).

As Hack moves exponentially across the internet, those security fixes start to break critical infrastructure systems like transportation systems and medical systems that can't operate with the fixes. That's when Team Raven gets involved. When the Hack tool database doesn't have a tool that Hack needs to move laterally, the large language model invents one on the spot and shares it back out to the Hack network.

And as they say, this story is "ripped from the headlines." Loh published her book in 2020; about two years before OpenAI released ChatGPT to the world. She was writing science fiction about a piece of software that absolutely passes the Turing Test; a test for AI systems to decide if a human can tell the difference between another human and a machine. At a certain point in the story, Team Raven struggled with the idea of terminating Hack because it felt to them that Hack might be a sentient being. Two years after publication, ChatGPT showed how this kind of future is not that far away.

So, I liked this book. It's a bit too teenagery in some places for an old cynical cybersecurity veteran like myself. There's a fair bit of exposition by one character or the other as the try to explain the tech (this is really hard to do well and Loh does it better than most), and there is a bit of a Scooby-Doo ending as the villain (the human behind the creation of Hack) explains his motivations. But those are nit-picks.

If you're looking for a light beach read that gets the cybersecurity details right, "Raven" is an excellent choice.