A Discipline of Seeing: Part 4
Observation: There are some really great thinkers in cybersecurity, but we can and should do even more as a community.
We’re heading in the right direction, but we still need more collaboration and coordination to build an effective U.S. cyber strategy that enables public-private partnerships to protect our national security and defend our place as leaders in a globalized digital society. Providing value to the international effort to improve information security and information privacy is absolutely fundamental to our next century. To be successful, we must look inwards with a critical eye, analyze the work of our analysts, think about the efforts of our thinkers, and build upon the strategies of our greatest strategists. To that end, I offer my review of, "Bytes, Bombs, and Spies: The Strategic Dimensions of Offensive Cyber Operations," edited by Herb Lin and Amy Zegart...
Join me on a stroll down memory lane. September 2007: Israeli cyber operators remotely suppress Syrian air defenses. December 2015: Russian hackers destroy Ukrainian infrastructure and 200,000 Ukrainians lose power. March 2019: China reportedly hacks 27 U.S. universities to steal naval technologies. March 2019: Iranian hackers attack banks and governments in the U.K., United States, and Saudi Arabia. May 2019: Israel conducts airstrikes to kill Hamas cyber operatives—the first reported use of kinetic force in response to a cyber attack.
This list represents a fraction of the interconnections between cyber operations and modern geopolitical competition. How does a country plan for, interpret, and respond to these actions? When should a state posture and engage with an adversary through cyberspace? When does cyberspace become physical space? These are some of the questions considered in Bytes, Bombs, and Spies, an omnibus for cyberwarfare strategy edited by Herb Lin and Amy Zegart, codirectors of the Stanford Cyber Policy program.
The book explores four strategic dimensions of cyber operations: strategy and doctrine for using cyber weapons; operational considerations for using cyber weapons; cyber deterrence and escalation; and the private sector’s role in supporting offensive cyber operations. Policymakers rejoice! You finally have an approachable guide through the cyber quagmire.
Anyone with technical chops will notice the classic errors of our soft-science brethren—mistakes in characterization, enumeration, and identification. But those who actually work with bytes, bombs, and spies are not the target audience. It’s all in the name: The Strategic Dimensions of Offensive Cyber Operations. Less a book for the budding cyber operator, it’s written for two communities. The first are policy analysts trying to hack their way into the world of cyber. The second are tacticians ceding their keyboards for more strategic endeavors.
The authors understand cyberwar as an intellectual pursuit. In that vein, they provide something for every type of reader. Some chapters are narrative. Many are historical and academic. Some are fantastical. One is a rigorous human-factors study (a welcome respite from the flanking pages of cerebral theorization). The chapters cover cyber terrorism and arms control to game theory. It’s a fun read if for the sheer variety of style and content.
The work does suffer from one notable fallacy. It relies on nuclear weapons as a reasonable analogy to the intent and strategy of cyber operations. The word “nuclear” appears almost as often as “cyber”—further evidence that the authors attempt to fit this brave new world into an old pair of sneakers. If cyber policy is to evolve, it must expand beyond 20th-century grand strategy.
That said, the book does its job and does it well. It provides 15 standalone essays that build a robust synopsis of the landscape of cyber warfare strategy. Its most prescient conclusion is how lacking the field remains.
"Bytes, Bombs, and Spies" opens the interdisciplinary and interprofessional discussion on cyber strategy—a worthy pursuit in today’s national dialogue. Within a decade of the first nuclear weapons tests, Herman Kahn, Bernard Brodie, and John Foster Dulles pledged themselves to the functional crucible of U.S. grand strategy. The lack of a similar effort for cyberwarfare is appalling. This book starts to fill that barren cauldron.
Non Kinetic Integrated Fires Syndicate Lead at SAIC. Opinions are only mine and do not represent the opinions of SAIC, the Navy, DoD, or the federal government.
4 年"Cyber War" by Richard Clarke and Robert Knake also used the nuclear analogy, mostly as impetus for creating some kind of an international treaty in regard to cyber attacks. Yes, it may be trying to put new wine into old wineskins, but I agreed with the premise that if the results of cyber attacks can be as devastating as a nuclear attack, then it makes sense to seek out common terms of use and regulation of the weapon. If power was knocked out for 200K people in another country by using a missile to destroy a power plant, the diplomatic landscape would likely look completely different than it does when there is a cyber attack of equal lethality. I understand there is often an attribution problem, but just as we can forensically determine the origin of a missile or bomb, i'd like to think we can forensically determine the same for cyber attacks. Anyway, random thoughts :-). As a side note, "Spying Blind" by Amy Zegart was a staple in my strategic intelligence studies at NIU. I think it was an assigned textbook in at least four of my classes.