By David E. Sanger, Crown, 357 pages, $28
New technologies of destruction have appeared throughout history, from the trireme and gunpowder in past centuries to biological and nuclear weapons in more modern times. Each technology goes through a cycle of development and weaponisation, followed only later by the formulation of doctrine and occasionally by efforts to control the weapon’s use. The newest technological means of mayhem are cyber, meaning anything involving the electronic transmission of ones and zeros. The development of cyber capabilities has been rapid and is continuing; doctrine is largely yet to be written; and ideas about control are only beginning to emerge.
David E. Sanger’s The Perfect Weapon is an encyclopaedic account of policy-relevant happenings in the cyberworld. Sanger, a national security correspondent for the New York Times, stays firmly grounded in real events, including communication systems getting hacked and servers being disabled. He avoids the tendency, all too common in futuristic discussions of cyber issues, to spin out elaborate and scary hypothetical scenarios. The book flows from reporting by Sanger and his colleagues, who have had access, and volunteer informants, that lesser publications rarely enjoy. The text frequently shifts to the first-person singular, along with excerpts from interviews Sanger has had with officials up to and including the president of the United States.
The principal focus of the book is cyberwarfare — the use of techniques to sabotage the electronic or physical assets of an adversary — but its scope extends as well to other controversies that flow from advances in information technology. Sanger touches on privacy issues related to the collection of signals intelligence — a business that has been around since before Franklin Roosevelt’s secretary of war, Henry Stimson, talked about gentlemen not reading each other’s mail.
He also addresses social media and the problems of misuse that have bedeviled Facebook, including usage by foreign governments for political purposes. These other topics are to some extent a digression from the main topic of cyberwarfare. Intelligence collection and electronic sabotage are different phenomena, which in the United States involve very different legal principles and policy procedures. But Sanger takes note of such differences, and the book’s inclusiveness makes it useful as a one-stop reference for citizens who want to think intelligently about all issues of public policy having a cyber dimension.
The combining of that dimension with other security topics, like nuclear weapons and ballistic missiles, is a strength of the book. In an earlier work, Confront and Conceal, Sanger told the story of the electronic sabotage of Iran’s nuclear programme by means of a computer worm known as Stuxnet. A point of interest in his new book is what he has to say about any similar efforts against North Korea, as the Trump administration intensifies attempts to take advanced weapons out of the North Koreans’ hands. Sanger ponders whether the serial failures of North Korean ballistic missile tests in 2016 reflected a Stuxnet-like attack on that programme. He strongly suggests that there was such an effort but is unable to offer hard evidence, only a few possible hints in official comments. Looking beyond missiles, Sanger notes that North Korea’s backwardness generally makes it an unpromising target for cyberwarfare. In the words of a senior official of the United States Cyber Command, “How do you turn out the lights in a country that doesn’t have enough power to turn them on?”
The Perfect Weapon is at least as much about the cyber activities of America’s adversaries as about any United States programmes. Although the backwardness of most North Korean infrastructure may make it an unpromising target for others to attack, thanks to a crash hacker-training program it is now in the cyberwarfare big leagues. This was demonstrated by the attack in 2014 on Sony Pictures in response to a movie Pyongyang didn’t like. A more experienced player is Russia, which Sanger says was hacking into American government systems as early as the 1990s. His description of the cyber portion of Russia’s interference in the 2016 presidential election is thorough and convincing. It ought to be required reading for anyone who doubts the extent and seriousness of the Russian effort.
A common trait of books (including this one) that seek to sound an alarm about a growing threat is overstating what the authors see as inattention, especially official inattention. Even the most well-connected journalist cannot be expected to know everything that national security bureaucracies are worrying about. And whatever may have been cybersecurity’s status in the public consciousness a few years ago, it has since graduated to being a trendy topic, with a plethora of university programs catering to those wanting to enter the field.
John Bolton’s recent elimination of the position of cybersecurity coordinator at the National Security Council would seem to support Sanger’s theme of insufficient governmental attention to the subject, but politics unique to the Trump administration are at least as important a factor. As Sanger himself observes, Trump’s “refusal to acknowledge Russia’s pernicious role in the 2016 election, for fear it would undercut his political legitimacy, only exacerbates the problem of formulating a national strategy” on cybersecurity.
The paucity of strategy and doctrine on cyberwarfare is less a product of inattention than of the still-early stage of this latest technology of destruction. The lack of doctrine and especially the lack of consensus on controlling destructive use of cyber tools also reflect the trade-offs and complexities that Sanger’s book lays out well. Chief among these is a reluctance to forgo, in the name of defense and security, methods that could be useful offensively, especially when their use occupies a gray area between peace and war. American officials may see implants in someone else’s computer networks as a prudent step given the possibility of war, even though when the same kind of implants have been discovered in United States systems, Sanger notes, “the US was outraged — understandably — and assumed the worst.”
Another complication concerns the role of the private sector, as not just a developer and supplier of the technology but as an operator. Corporate America once believed that what was good for General Motors was good for the country, and vice versa. Today Silicon Valley — burned by leaks about past cooperation with government agencies that have raised users’ concerns about privacy — doesn’t see things that way.
Sanger displays a journalist’s bias against secrecy and repeatedly blames what he calls the intelligence agencies’ “paranoia about protecting sources and methods” for an insufficient public discussion of cybersecurity, which he sees in turn as the prime reason for insufficient strategy and doctrine. But showing more leg while risking those sources and methods would not improve public understanding of the core issues involved.
And there are other valid reasons not to reveal everything Washington knows about other governments’ cyber activities. Sanger criticises Barack Obama for not making more of a public case about Russia’s election interference but does not explain how Obama could have done so without appearing to interfere in the election himself. Today, making public whatever the United States knows about North Korea’s cyber mischief would not improve the chances for success in the already dicey nuclear diplomacy with Pyongyang.
The great value of The Perfect Weapon is less in its specific policy prescriptions than in its being the most comprehensive, readable source of information and insight about the policy quandaries that modern information technology and its destructive potential have spawned. –New York Times News Service
