You are here: 鶹ý School of International Service Centers Security, Innovation, and New Technology Book Review - The Perfect Weapon: War, Sabotage and Fear in the Cyber Age

Technology

Book Review - The Perfect Weapon: War, Sabotage and Fear in the Cyber Age

By |

David E. Sanger’s riveting work, The Perfect Weapon: War, Sabotage and Fear in the Cyber Age, explores the quandary of how to use and defend against cyber-attacks. He describesthe perfection of cyber weapons as their almost limitless ability to steal money, pilfer secrets,sabotage critical infrastructure, undermine democracies, and tear societies apart at the seams.Cyber weapons are available to large and small powers, democracies and dictators and they havealtered the geopolitical landscape forever. The panoply of questions that this fact raises makesSanger’s book fascinating. How does a nation respond to, deter, or defend against a stealthy,effective, deniable cyberattack? Is it better to threaten an overwhelming cyber counterattack?Or should it be a non-cyber response, ranging from economic sanctions, a conventional militaryresponse or even going nuclear? Does a nation “bunker-in” and harden its defenses? (Sangeralleges this is a 10-year task for the United States.) The author takes on all of these questions andmore. Organized into thirteen nearly stand-alone chapters, four important threads run throughoutthe book: (1) A strategic partnership between government and private sector technologycompanies is vital; (2) Cyber transparency is a required; (3) A good cyber offense requires agood cyber defense; and (4) There is an underlying risk of escalation into conventional war.

David Sanger is a senior national security correspondent for The New York Times and has been on three Pulitzer Prize-winning teams. As part of his journalistic career, Sanger served asthe paper’s White House correspondent during both the Clinton and Bush administrations. Thisbook is sourced almost exclusively from the author’s firsthand interactions with world leadersand cyber experts. His direct access to presidents, politicians, technology CEOs, and securityleaders around the world is unparalleled. The foreshadowing of things to come is chilling. Theinsights into the threat are eye-opening for a cyber neophyte. For instance, what cyber threatcould possibly cause a steady hand, like former US Secretary of Defense James Mattis, torecommend a policy of nuclear deterrence in this arena?

The book is easy to read for anyone interested in geopolitics and the conundrums ofoffensive and defensive cyberwar. The author does not delve deeply into the technical issuesunderpinning cyberwar but provides enough details for the tech savvy reader to appreciate andexplore further. In addition to the four pervasive themes, this book focuses on the “7 sisters ofcyber conflicts” – US, Russia, China, Britain, Iran, Israel, and North Korea. The United States isportrayed as surprisingly aggressive and predictably vulnerable in this arena.

The role of private companies is interwoven throughout the book. Sanger illuminates thecomplex debates concerning personal privacy and electronic device security. Who is right whenlaw enforcement demands access to a ‘secure’ iPhone? Do the ends justify the means when lawenforcement pays one private company to break a security system designed by another company,
intended to ensure a US citizen’s privacy?

Sanger provides an insightful history of a time when government collaboration withindustry was easier and explains why it is dysfunctional today. An example of why there is abad public-private relationship is Snowden’s leak of a secret NSA briefing revealing (with asmiley face graphic) where the NSA will tap into the Google Cloud. Consequently, it is notsurprising that Google’s head of security told Sanger “No hard feelings, but my job is to maketheir job hard,” referring to the NSA. Sanger juxtaposes such areas of public-private friction
with historical illustrations of close cooperation, such as the “proud” 鶹ý company,AT&T’s Bell Laboratories, enthusiastically supporting successful Cold War efforts in the 1980s.

Sanger advocates for greater cyber transparency on several fronts. How does a nationbegin to discuss setting international rules about the use of weapons whose existence and use arenot acknowledged? Additionally, how doinstitutions defend against threats if the intelligencecommunity will not share information of a known threat, its details, and reliability, for fear of
compromising sources? A perfect example is the FBI’s anemic attempts to warn the DemocraticNational Committee (DNC) of Russian cyber intrusion into their network well before the 2016election. The warning went unheeded, and the DNC fumbled the response. The timeline wassuch that “babies were conceived and born” before the DNC looked into the warning, and the US
presidential election was directly impacted.

The reader becomes well informed regarding the United States’ frequently used andeffective offensive capabilities. Despite eras of timidity, especially under PresidentObama,theUShassetmanycyberattackprecedents.Thedescriptions of Stuxnet and Olympic Games areriveting and the results satisfying to an 鶹ý reader. Sanger also explains how the US hasseen its cyber weapons stolen and turned back on it (not so satisfying).

Sanger states that ten years will be required for the United States to develop a defensethatisadequateforcyberdeterrence.Butthisargumentisunderdeveloped compared to otherissues in the book and needed greater detail to make such a long timeline convincing. Acomparison to “The Great Firewall” of China might have been a good place to start. Perhaps thepublic sector – private sector relationship in the United States could be expanded to encompass
national cyber security standards such as regulations, incentives, and penalties for non-compliance. This might be a natural extension of Sanger’s “defend forward” and “deterrencethrough transparency” of offensive capability argument.

The author provides recommendations, mostly relating to cyber transparency. Inparticular, establishing a cyber “red-line” requires a credible deterrent that the United Statespresently lacks. Sanger does not advocate for Mattis’ nuclear deterrence concept butrecommends that the United States’ powerful offensive cyber capability be clearly revealed andpublicly employed to establish strong deterrence. Weaker states such a North Korea currently donot fear a US response to egregious cyber-attacks. Public attribution and responses to attacks arealso required for an effective cyber policy. Faster technologies and the use of artificialintelligence will increase the destructive power of cyber-attacks. The author believes thatcyberwar arms control agreements must come out of the shadows and that the days where onlynations with conventional weapons could threaten the United States are gone.


About the Author:

Steve Bruner is a recently retired Lieutenant Colonel in the United States Army with tours in Bosnia, Kosovo, Iraq and Afghanistan. His career culminated with a four year stint coordinating strategic level crisis response exercises at NATO's Joint Warfare Centre in Stavanger, Norway. He is currently completing a MA in International Affairs: Comparative and Regional Studies for Eurasia focused on security issues at 鶹ý's School of International Service. His primary research interests are the geopolitical challenges and security threats around the Black Sea. He hopes to rejoin NATOs efforts to predict and prepare for emerging threats upon his graduation from 鶹ý.


*THE VIEWS EXPRESSED HERE ARE STRICTLY THOSE OF THE AUTHOR AND DO NOT NECESSARILY REPRESENT THOSE OF THE CENTER OR ANY OTHER PERSON OR ENTITY AT AMERICAN UNIVERSITY.

more_csint_reviews