[Hebert Lin & Amy Zegart, eds. Bytes, Bombs, and Spies. The strategic dimensions of offensive cyber operations. The Brookings Institution. Washington, 2019. 438 p. REVIEW / Albert Vidal

September 23, 2019

review / Pablo Arbuniés

Just as in the second half of the 20th century the world experienced the nuclear weapons degree program between the US and the USSR for world hegemony, everything seems to indicate that the degree program that will mark the 21st century is that of cyberspace. Since the US department Defense included cyberspace as the fifth domain of the country's military operations (along with land, sea, air and space), it has become clear that its role in world security is of paramount importance.

However, the very nature of cyberspace makes it a completely different field from what might be called kinetic security fields. The only constant in cyberspace is change, so any study and strategic approach must be able to adapt quickly to changing conditions without losing efficiency and maintaining tremendous precision. This is a real challenge for all actors in cyberspace, both national and private. At the national level, the incorporation of cyber operations into the US National Security Strategy (NSS) and the development of a cyber warfare doctrine by the department Defense are the two main pillars on which the new cyberspace degree program will be built.

Bytes, Bombs, and Spies" explores the major issues raised by this new challenge, presenting very different approaches to different situations. Probably the greatest value offered by the book is precisely the different ways of tackling the same problem advocated by the more than twenty authors who have participated in its preparation, coordinated by Herbert Lin and Amy Zegart. These authors collaborate in the 15 essays that make up the book. They do so with the idea of converting a topic as complex as offensive cyber-operations into something accessible to readers who are not experts in the topic, but without renouncing the depth and detail of an academic work.

Throughout the Issue , the authors not only discuss what should be the approach of the theoretical framework . They also assess the U.S. government's policies in the field of offensive cyber operations and suggest what should be the core topic in the development of new policies and the adaptation of previous ones to the changing cyber environment.

The book attempts to answer the major questions raised about cyberspace. From the use of offensive cyber operations in a conflict framework to the role of the private sector, from escalation dynamics and the role of deterrence in cyberspace to the intelligence capabilities needed to conduct effective cyber operations.

One of the main questions is how to include cyber operations in the framework of the dynamics of a scale of conflict. Is it lawful to respond to a cyber attack with kinetic force? And with nuclear weapons? The current U.S. government cyber doctrine leaves both doors open, confronting a response based on the effects of the attack over the means. This idea is described as incomplete by Henry Farrell and Charles L. Glaser in their chapter, in which they suggest the need to take into account more factors, such as the perception of the threat and the attack by other actors, as well as public opinion and the international community.

Continuing with the theoretical approaches, the main question raised by this book is whether it makes sense to apply to the strategic study of cyberspace the same principles that were applied to nuclear weapons during the Cold War in order to answer the questions posed above. And since this is a relatively new field in which global hegemony and stability may be at stake from the outset, how this question is answered may mean the difference between stability or utter chaos.

This is precisely what David Aucsmith argues in his chapter. He argues that cyberspace is so different from classical strategic disciplines that its strategic dimensions need to be rethought from scratch. The disintermediation of governments, unable to cover the whole of cyberspace, opens up a niche for private companies specializing in cybersecurity, but they too will not be able to completely fill what in other domains is filled by the government. For his part, Lucas Kello tries to fill the sovereignty gap in cyberspace with the aforementioned private participation, proposing the convergence between governments and citizens (through the private sector) in cyberspace.

In conclusion, ˝Bytes, Bombs, and Spies" tries to answer all the main questions posed by cyberspace, without being unattainable for a non-expert public in the topic, but maintaining rigor, precision and depth in its analysis. .