In the era of modern information and communication technologies, the ability to conduct cyber operations has emerged as a significant offensive capability and emerging national security threat for several countries. David Sanger’s The Perfect Weapon delves into matters such as how the thinking of security policymakers evolved regarding cyber threats, how strategies were formulated both for offensive and defensive capabilities, and how cyber operations are serving as an alternative to military action for states – for instance, the Stuxnet attack on Iranian nuclear facility and targeting of North Korean missile program. Similarly, the book also provides details about the counter-cyber operations launched by America’s adversaries, such as the Iranian cyber operations against American financial institutions. These operations against the USA created significant national security ramifications, spreading doubts among cyberspace users regarding their privacy, and questioning America’s ability to protect itself from cyber-attacks. In the book, Sanger focuses on what he terms as the seven sisters of the cyber conflict – the United States, Russia, China, Britain, Iran, Israel, and North Korea.
He claims that today, in the cyber world, we have somewhat the same situation as in World War I. He contends that as no state could imagine itself without airpower after 1918, the modern states also cannot survive without equipping themselves with cyber capabilities. Currently, more than 30 states have their own cyber forces, which have helped conducting at least 200 state-to-state cyber-attacks over the past decade or so. To explain the future uncertainty of cyber weapons, Sanger uses the analogy of an aircraft. In 1909, Wright Brothers were show-casing their invention by undertaking first flights. Fast forward to 1945, the invention of Wright brothers was being used to drop atomic bombs in Japan. In the given context, where the aircraft underwent tremendous transformations in less than four decades, the author argues likewise for cyber weapons, where it is impossible to fully imagine how dramatically these will alter the exercise of national power. He proceeds by saying that cyber conflict remains in a grey area between war and peace – an uneasy equilibrium which often remains at the brink of going out of control. In the first chapter, Sanger explains in detail how the USA and Israel created and tested Stuxnet- describing it as the “most sophisticated cyber weapon in history” – before deploying it against the Iranian nuclear facility. The evolution of Iranian cyber capabilities and its retaliation against the USA, including attacking several financial institutions, is largely covered in the second chapter.
Sanger says that Edward Snowden’s leaks resulted in an era where, for the first time in post-World War II history, American firms made a broad refusal of cooperation towards their government. He comprehensively discusses the leaks and their repercussions in the third and fourth chapters. Evolution of Chinese and North Korean cyber capabilities and operations are covered in the fifth and sixth chapters respectively. In the remaining six chapters, the author discusses the foreign cyber operations launched against the USA, and the American administration’s responses to these attacks. Chapter 11 discusses the reasons why American Cyber Command has not been up to the task in respect of undertaking cyber operations. The chapter also details the efforts undertaken to block Chinese investments in sensitive new technologies in the USA.
The last chapter focuses on American cyber operation against the North Korean missile program and its repercussions. While explaining the evolution of perceptions regarding cyber threats in the USA, the author explains how cyber-attacks, which were mentioned nowhere in the 2007 global “Threat Assessment”, have rapidly emerged as the number one threat in the annual assessment prepared for the American Congress by the intelligence agencies. For the first time since the 1949 Soviet testing of the atomic bomb, an increased number of cyberattacks have resulted in quick revision of the threat perception in the US. Sanger says that despite American offensive prowess in the cyber domain, the country is becoming more vulnerable with each passing day. He blames Donald Trump and his predecessors for their failure to formulate what he calls “proportionate yet effective response” to foreign cyber operations. Consequently, America’s adversaries have come to know that through cyber operations they can undercut the United States without provoking a military response. The author is concerned over the absence of debates aimed at finding geopolitical and technological solutions to the current and future threats emerging from the cyber domain. Prior to formulating solutions to the emerging cyber threats, he argues that a few realities need to be acknowledged first by the American policymakers and cyberspace users. It has to be realized that American cyber capabilities are no longer unique. Both China and Russia have equally matching capabilities in the cyber domain, whereas Iran and North Korea are very likely to be on the path of enhancing their cyber capabilities. The author recommends that a guide should be formulated to direct how the US should respond to foreign cyber operations. He further argues that USA needs to demonstrate its willingness for using cyber weapons, in case foreign cyber operations cross a pre-defined redline. Moreover, Sanger recommends that the American policymakers should be able enough to know and publicly attribute the origins of a particular cyber operation to a particular state. He suggests that the.
American intelligence services should rethink their wisdom of maintaining secrecy around cyber capabilities; the secrecy about American cyber capabilities is impeding negotiations over formulating norms of behaviour in cyberspace. This in turn has allowed American adversaries to take advantage of this situation by interfering in American systems. He asserts that following the Snowden leaks and the Shadow Brokers, “America’s adversaries have a pretty complete picture of how the United States breaks into the darkest corners of cyberspace.” While shifting his focus from American policymakers to cyberspace users, Mr. Sanger advocates that the world needs to move ahead in setting norms of behaviour for cyber domain, even if governments don’t intend to move forward in this regard. He presents a case study in the form of Digital Geneva Convention., proposed by Microsoft President Brad Smith. The convention primarily aim at not assisting any government in launching a cyber-attack against “innocent civilians and enterprises from anywhere.” Similarly, the signatories of the convention will assist any state which faces a foreign cyber-attack. However, Mr. Sanger points out a number of weaknesses in the proposed convention, such as the fact that no company from China, Russia and Iran were part of the initial compact. Similarly, a number of American tech companies like Google and Amazon did not intend to be part of the Microsoft-led initiative. He also proposed that cyber-security awareness be disseminated among individuals. He believes that awareness among users of cyberspace alone can wipe out about 80 percent of daily cyber threats. The Perfect Weapon presents a comprehensive overview of the modern cyber battlefield for lay-men and cyber security enthusiasts. In the book, the author discusses in detail the prominent cyber operations from Stuxnet to NotPetya and how the most active states in the cyber domain are shaping the future landscape of the fifth generation of warfare. Sanger has rightly pointed out that the future of cyber warfare is totally uncertain. Therefore, efforts have to be made for formulating rules and norms to ensure that the cyberspace does not become hostage to a few hands who, through simple key board strokes, aim to make it a source of destruction and havoc.
This book review was originally published by Journal of Contemporary Studies.