THE PERFECT WEAPON: WAR, SABOTAGE, AND FEAR IN THE CYBER AGE
By David E. Sanger
Crown, $28, 384 pages
Since the advent of nuclear weapons, American deterrence has been based on the notion that only adversarial nations with nuclear weapons pose an existential threat to the country’s security. In “The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age,” David Sanger argues that an additional existential threat now confronts America because we live in a world in which virtually everything we rely on — whether computers, phones, transportation, electrical power grids, water supplies or global navigation and communications satellites — is interconnected in cyberspace. It is there that everything is vulnerable to disruption, if not destruction, through the use of cyber-weapons by malevolent adversaries.
To explain the nature and magnitude of this threat, Mr. Sanger, a New York Times national security correspondent and author, details how a new revolution in cyber-warfare has emerged over the past several years and the measures required to address it. He writes: “Cyberweapons are so cheap to develop and so easy to hide that they have proven irresistible for large and small powers alike. Because such attacks rarely leave smoking ruins, Washington remains befuddled about how to respond. Our adversaries have realized that it’s a great way to undercut us without being made to pay any real price for such actions.”
“The Perfect Weapon” focuses on the interplay between what the author terms the “Seven Sisters” of cyber conflict — with China, Iran, North Korea and Russia considered the malevolent actors that can target the United States, Britain and Israel, also major cyber powers. This important book could not be more timely.
Mr. Sanger’s account begins with how cyber conflict has exponentially expanded since the revelation of the ingenious American-Israeli Stuxnet worm-driven cyber-attacks on Iran’s offensively-intentioned Natanz main nuclear facility’s centrifuges (which the author had revealed in his New York Times reporting in 2011). The American-Israeli cyber-attack, the author argues, represented a critical turning point in modern cyber warfare because it “transformed America’s cyber operations from surveillance tools to vital weapons in the country’s arsenal.”
The Stuxnet attack against Iran, in turn, led it to create its own cyber-corps to counter the cyber-offensives against it. In a 2012 attack, Iranian hackers targeted some four dozen American financial institutions in “distributed denial of service” attacks, with the financial industry responding by spending billions of dollars to build cyber protections. That same year, Iranian hackers also used their own virus worm to strike some 30,000 Saudi Arabian Aramco computers, along with 10,000 servers, which forced the Saudis to scrap their infected computers and purchase 50,000 new hard drives.
Mr. Sanger is concerned about such “tit-for-tat” retaliatory cyber warfare between countries because of the likelihood it could escalate out of control into unleashing a nuclear-grade cyber conflagration, leading him to recommend creating Geneva Convention-like laws for cyber-arms control. Under its guideline, the author proposes, rules would be set “for what should be off-limits for offensive cyber activity — hospitals, emergency responders, and now election systems “
Mr. Sanger also argues for a new governmental playbook that would set out “proportional response” to cyber-attacks. This is crucial because over the past several years adversary state actors such as China, North Korea and Russia have launched cyber-attacks against America that proceeded without an effective U.S. response. This was the case in fall 2014 when North Korean hackers burrowed into the Sony computer networks in retaliation for the release of a motion picture that had mocked the Pyongyang leader.
In addition to paralyzing much of Sony’s computer power, the breach, which the author characterizes as a “weapon of political coercion,” also exposed highly embarrassing details about the movie company’s executives and Hollywood actors. There was no U.S. government retaliation against this North Korean breach, the author points out, although Sony vastly upgraded its cyber security systems.
Similarly, in 2015 it was revealed that Chinese state-directed hackers had massively breached the U.S. Office of Personnel Management’s repository of security clearance files. Although the United States had issued indictments against the alleged hackers, no other significant retaliatory measures were taken against China.
Finally, with the alleged Russian government-led cyber breaches against the Democratic Party in the 2016 presidential election, including the massive dumping of embarrassing emails into WikiLeaks and the use of bots in social media to influence public opinion, Mr. Sanger notes the characterization of a former Obama administration official who called the expulsion of 35 Russian “diplomats” as “the perfect nineteenth century response to a twenty-first century problem.”
But Mr. Sanger’s book is not a political one. Its focus remains fixed on America’s cyber-adversaries. The good news, as the author points out, is that the United States has established a Cyber Command with the advanced technological capability to take the battle to the enemy with “game changing” offensive cyber weapons. With advanced offensive cyber capabilities no longer unique to any nation, this book is an indispensable guide to understanding how the use of cyber weapons can cause catastrophic harm to our societies and the measures required to mitigate it.
• Joshua Sinai is a senior analyst at Kiernan Group Holdings (KGH) in Alexandria, Va.
Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.