[Hebert Lin & Amy Zegart, eds. Bytes, Bombs, and Spies. The strategic dimensions of offensive cyber operations. The Brookings Institution. Washington, 2019. 438 p. REVIEW / Albert Vidal
review / Pablo Arbuniés
Just as in the second half of the 20th century the world experienced the degree program nuclear arms race between the US and the USSR for world hegemony, everything seems to indicate that the degree program that will mark the 21st century is that of cyberspace. Since the United States Defense department included cyberspace as the fifth domain of the country's military operations (along with land, sea, air and space), it has become clear that its role in world security is of paramount importance.
However, the very nature of cyberspace makes it a completely different field from what might be called kinetic security fields. The only constant in cyberspace is change, so any study and strategic approach must be able to adapt quickly to changing conditions without losing efficiency and maintaining tremendous precision. This is a real challenge for all actors in cyberspace, both national and private. At the national level, the incorporation of cyber operations into the US National Security Strategy (NSS) and the development of a cyber warfare doctrine by the department of Defense are the two main pillars on which the new degree program for cyberspace will be built.
Bytes, Bombs, and Spies" explores the major issues raised by this new challenge, presenting very different approaches to different situations. Probably the greatest value offered by the book is precisely the different ways of tackling the same problem advocated by the more than twenty authors who have participated in its preparation, coordinated by Herbert Lin and Amy Zegart. These authors collaborate in the 15 essays that make up the book. They do so with the idea of converting a topic as complex as offensive cyber operations into something accessible to readers who are not experts in the topic, but without renouncing the depth and detail of an academic work.
Throughout the volume the authors not only raise what the approach of the theoretical framework should be. They also assess U.S. government policies in the field of offensive cyber operations and raise what should be the points core topic in the elaboration of new policies and adaptation of previous ones to the changing cyber environment.
The book attempts to answer the major questions raised about cyberspace. From the use of offensive cyber operations in a framework of conflict to the role of the private sector, from the escalatory dynamics and the role of deterrence in cyberspace to the intelligence capabilities needed to conduct effective cyber operations.
One of the main questions is how cyber operations are included in the framework of the dynamics of a conflict scale. Is it lawful to respond to a cyber attack with kinetic force? And with nuclear weapons? The current U.S. government cyber doctrine leaves both doors open, confronting a response based on the effects of the attack over the means. This idea is described as incomplete by Henry Farrell and Charles L. Glaser in their chapter, in which they suggest the need to take into account more factors, such as the perception of the threat and the attack by other actors, as well as public opinion and the international community.
Continuing with theoretical approaches, the main question raised by this book is whether it makes sense to apply to the strategic study of cyberspace the same principles that were applied to nuclear weapons during the Cold War in order to answer the questions posed above. And since this is a relatively new field in which global hegemony and stability may be at stake from the outset, how this question is answered may mean the difference between stability or utter chaos.
This is precisely what David Aucsmith argues in his chapter. He argues that cyberspace is so different from classical strategic disciplines that its strategic dimensions need to be rethought from scratch. The disintermediation of governments, unable to cover the whole of cyberspace, opens up a niche for private companies specializing in cybersecurity, but they too will not be able to completely fill what in other domains is filled by the government. For his part, Lucas Kello tries to fill the sovereignty gap in cyberspace with the aforementioned private participation, proposing the convergence between governments and citizens (through the private sector) in cyberspace.
In conclusion, ˝Bytes, Bombs, and Spies" attempts to answer all the main questions posed by cyberspace, without being unattainable for a non-expert audience at topic, but maintaining rigor, precision and depth in its analysis .