Book Review: Zero Day by Mark Russinovich

Against this backdrop of security vulnerabilities, Microsoft Technical Fellow (and Windows IT Pro Senior Contributing Editor) Mark Russinovich recently authored Zero Day, a novel focused on the real-world threat of cyberterrorism.

Jeff James

September 21, 2011

4 Min Read
ITPro Today logo in a gray background | ITPro Today

This is shaping up to be a banner year for cybersecurity news of all stripes. I've already posted about the havoc that Anonymous and Lulzsec have caused, the discovery of an "indestructible" botnet, and how universities (and end users) are struggling with security issues. Then there was Stuxnet, a complex bit of malware that was believed to have been jointly developed by American and Israeli intelligence services to attack Siemens industrial equipment used in the Iranian nuclear program.

Against this backdrop of security vulnerabilities, Microsoft Technical Fellow (and Windows IT Pro Senior Contributing Editor) Mark Russinovich recently authored Zero Day, a novel focused on the real-world threat of cyberterrorism. Although Zero Day is fiction, the premise that Russinovich presents -- that cyberterrorism is real, and that it's only a matter of time before a terrorist group chooses this option -- is a terrifying one to consider.


Zero Day by Mark Russinovich


The first few chapters of Zero Day focus on a series of devastating attacks by a new breed of malware that is causing pilots to lose control of their aircraft, making hospital record systems fail, disrupting robotic auto assembly lines, and causing nuclear power plants to fail.

That's when protagonist Jeff Aiken enters the scene. Something of a lone wolf computer security genius, Aiken turned in his security passcard at the CIA to escape some suffocating government bureaucracy and, to some extent, flee from personal demons and do some soul-searching after his wife's death during 9/11. Now working as a freelance computer security expert, Aiken makes a comfortable living selling his services to the highest bidder.

Aiken rolls up his sleeves and comes to the aid of Fischerman, Platt & Cohen, a small Manhattan legal firm that has seen their expensive PCs turned into glorified paperweights by a mysterious cyberattack. Aiken starts working with Sue Tabor, an over-worked and under-appreciated (surprise!) system administrator, in an effort to solve the mystery of why the company's computers have turned into unresponsive lumps of plastic and silicon.

The first half of the novel is a bit slow going, but the pace continues to pick up steam towards the last half of the book. Aiken soon joins forces with Dr. Daryl Haugen, a statuesque blonde who just happens to be an old friend and security expert at the Department of Homeland Security (DHS). Haugen soon becomes Aiken’s love interest, and the plot thickens from there.

Zero Day includes references to many real-world cyberattacks. There’s also a section where Russinovich alludes to some of his own work around discovering Sony’s use of rootkits in their music CDs a few years ago, but he deftly (and thankfully) avoids the temptation to insert himself by name directly into the story, as Stephen King did (with mixed results) in his Dark Tower series.

Where Zero Day excels is when the novel turns to the technical aspects of the plot, and it is here where Russinovich displays his mastery (and intimate familiarity) with specific technical and cybersecurity terms and technology. Less tech-minded readers may find themselves glossing over these parts, but IT professionals, system administrators, technologists, and other tech-savvy readers—myself included--may find these portions of the novel some of the most enjoyable.

Zero Day is Russinovich's first fiction novel, and some aspects of the book seem a bit unpolished; some of the dialogue is awkward and stilted in spots, and I found reading through a chapter devoted to an extensive, vowel-deficient instant messaging exchange a bit tedious. Russinovich isn't Robert Ludlum, and Jeff Aiken most definitely isn't Jason Bourne, but Russinovich seems to attempt channeling both at various points. That isn’t entirely a bad thing, as Russinovich has managed to blend some thrilling, dramatic action with a host of specific technical detail that makes Zero Day unique and a thoroughly engaging, enjoyable read.

Those are admittedly minor gripes to what I consider one of the best books I’ve read this year, and arguably one of the most readable novels ever written about cyberterrorism. It's exceptionally impressive considering that the work is Russinovich's first novel. It also won’t be his last: Russinovich told me during an interview on the Microsoft campus in early September that he is already working on Trojan Horse, a sequel to Zero Day that will be published by St. Martin's Press in 2012.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like