Luke de Wolf's avatar
Luke de Wolf
luke@primal.net
npub1fk8h...cwld
Author of Defending Bitcoin: Industrial Cybersecurity for the Monetary Grid. Co-founder of BTC HEL Co-author of Bitcoin: The Inverse of Clown World Producer of the Bitcoin Infinity Show
Luke de Wolf's avatar
lukedewolf yesterday
image This is where the cybersecurity side of the book starts. Chapter 3 walks the core concepts the rest of the book runs on, in plain language. It opens with the CIA triad (just a coincidence, I promise!), the three properties cybersecurity defends in every system. Confidentiality keeps information from anyone who shouldn't have it, integrity keeps it from being altered without authorization, and availability keeps it reachable for the people who need it. Every threat in Part II maps back to one of those three. From there it gets into threat modeling, which is a structured discipline rather than a vibes-check. Before you defend anything, you ask who the adversary is, what the asset is, where the attack surface lies, and what the mitigation looks like. Run that formally and some threats turn out to be less important, while others turn out larger than you'd expect. Then comes defense in depth, which is just the principle that you never lean on a single control. You layer them so each one stands on its own, and a failure in one doesn't cascade through the rest. The chapter walks how to design those layers so the whole system doesn't unwind from a single point. We also formally define the concept of risk, measured as likelihood times impact. A threat that's devastating but unlikely calls for different controls than one that's common but survivable, and that matrix is how Part II keeps everything in proportion. Without it, the threat chapters that follow would read like a long list instead of a prioritized map. By the end, you've got the cybersecurity vocabulary that the rest of the book depends on, and the bridge from "I hold Bitcoin" to "I'm responsible for defending a system I have a stake in."