top of page
Server Room

The book is a wave-tops survey of the broad subject and succeeds at this task very well overall. Each of the chapters is written by a different author with its own focus. Mostly they are value-added, thoughtful, and where necessary, cite appropriate sources. Except for Patrick Jagoda's chapter, most read as if the entire work was submitted for DOD/USG editing and imprimatur; some portions read almost like USG talking points. Strong consensus emerged among the authors that current and future conflicts between states and even substantial non-state actors will have a cyber component, but just as "air power alone" could not take ground or finish wars, it will be a component along a broader range of options and powers exercised that very well may decisively multiply and magnify these other efforts. While on the air power analogy, there seems to be a strong tilt in favor of unstoppable offensive use, much like early air power theories. Even by World War II, those theories were literally blown out of the sky as credible defenses did also emerge (to include defensive use of airpower). Probably we can expect the first time we realize that cyber's overwhelming offensive advantage is blunted is when we find out the hard way.

For the most part, it was tightly-written by knowledgeable authors that added value, at least in summary fashion, to each of their topics. For a relative newcomer to the field, this makes an outstanding first stop. Even for people in the field, the variety of topics may help them become more well-rounded. Jeffrey R. Cooper's Chapter 7 unfortunately exhibited some sloppy thinking and writing, diluting the usefulness of some of the worthy concepts one can still unearth there. Chris Demchak's Chapter 8 likewise makes some pretty bold and sometimes unsupported assertions that reduce its overall value. John B. Sheldon's Chapter 13 rightly calls for a more robust strategic theory dealing with cybered conflict, but does not itself deliver as much substance as one might wish, although it does propose some framework with which to work in crafting one.

In terms of advised courses of action, the authors sometimes converge and sometimes sharply disagree. There were those who recognized the power of the internet and related computing relied on its generative capacity, so attempts to legislate, regulate, and otherwise coercively-apply security were self-defeating in terms of reducing the overall value of the asset itself. Others took it for granted that such additional security-first approaches were both beneficial and inevitable. 

Conversely, all seemed to recognize that improving the level of literacy and awareness of average users was essential, something we can see in our present time with the rise of multi-factor authentication (MFA) and its complete irrelevance in terms of fraud rates continuing to rise nonetheless. The authentication itself is largely sufficient, even as a single factor (or it wouldn't be very useful to stack together in MFA), but the real weakness lies in the person who picks "1234" for a pin, "password" for a password, leaves their password on a note on the bottom of their keyboard, or sends money to a "Nigerian prince" or "boyfriend" they've never even met.

Another point of convergence seemed to be that at the present time, cybercrime and cyber espionage were significant uses of cyber power, but what many think of as "cyberwar" was not yet a full reality. Cyberspace was a viable area to enable and magnify the use of other forms of power. While physical harm could (and rarely has) been caused through purely cyber means, many factors have so far restrained entities from engaging in this more often.

Given the paucity of literature in this young field, this work is a welcome addition. Given the rapidly changing nature of this field, it would likely benefit from the occasional updated edition. Even despite its age, it remains mostly relevant at this moment and is, as I noted already, a good place for a new entrant to this field to begin. Overall a very good read for those interested in cybered threats or the responses of authorities to them.

bottom of page