Book Review: Cyberspace in Peace and War Second Edition

This is a review of the second edition of Cyberspace in Peace and War, by Professor Martin Libicki of the US Naval Academy. I reviewed the first edition when it came out in 2019. The second edition contains numerous updates. The world of cyberspace has also changed, with threats and catastrophic cyber incidents such as the Solar Winds hack making the ideas expounded by Professor Libicki all the more relevant to the national security establishment and other policy makers.

First off, this is not a book. It is four books compiled into a single 250,000-word volume. It is a massive treasure trove of fundamental knowledge and insights into one of the most challenging strategic issues confronting the United States today. The four sections of the book cover Foundations, Operations, Strategies and Norms. A cybersecurity novice reading this book will emerge from the experience with basic knowledge of virtually all the strategic and operational aspects of cyberwar and cyber defense. An experienced policymaker will have his or her sense of the topic honed and enriched by this book.

This new version of the book includes more extensive analysis of cyberespionage. It goes into depth on the difficult behavior of Russia, for example, while also breaking down some myths about China—e.g., their networks are much easier to penetrate than some would have you believe. Libicki backs up his assertions with real life examples and compelling hypothetical scenarios.

One challenge that Libicki has taken on is to place cyberspace in the narrow context of military command and national security policymaking. This not an easy process, because cyberspace, and technology in general, is a far broader domain. Yet, as Libicki shares, implicitly, in a war scenario a military commander must make specific decisions about using, or not using the cyber weapons at his or her disposal.

The book delivers a deliciously thorough rebuke to the many armchair experts who claim to possess simple solutions to the immense national security challenge. Easy answers are simply not available in this arena, and Libicki breaks this down in case after case. A crowd-pleasing idea like “Let’s hack them back!” will create a cascade of unanticipated counter-threats, as he explains in multiple iterations throughout the book.

At the same time, there are parts of this book that are somewhat infuriating. While the military and national security establishment are necessarily segregated from the rest of the world, in terms of cyberwar, it is not realistic to ignore, as Libicki tends to do, the broader reality of America’s cyber vulnerabilities. For instance, a recurring theme of the book is that cyberattacks have temporary effects, and can generally be reversed within a few hours. Therefore, he argues, military commanders should not assume that a cyber weapon will have much of an impact on a broader military operation.

This may be true, in a one-off analysis, but the current reality is that China has used cyberwar techniques to visit extensive, or even complete degradation of America’s war fighting capabilities over the least 15 years. The intellectual debate about attack vs. counteract has long passed in this situation. China has stolen the plans for our biggest weapons system, the F-35, and can be credibly accused of breaking into every major defense contractor, American industrial corporation and weapons program. China has also stolen virtually all of the US government’s personnel data, naval codes and more.

In parallel, Russia has penetrated thousands of government and business targets, giving it the ability to wreak havoc on the American economy and society if it feels so provoked. It is easy to imagine a scenario where America’s defense industrial complex, along with wide swaths of the country itself are paralyzed by cyberattacks—rendering the country’s defenses extremely impaired. These factors must be added to any narrow “use ‘em or lose ‘em” analysis of military cyber weapons.

Even the basic idea of the cyber weapon can be misplaced in this confusing moment. The book often places cyber weapons in an NSC-68 style policy framework, as if they were hydrogen bombs. They are not. Cyberwar has a lot more to do with espionage and sabotage over the long run, not a yes/no command decision on a kinetic battlefield. The risks we face are far more serious, in my view, than Libicki suggests in his tight policy dialogues.

Book details

Publisher ‏ : ‎ Naval Institute Press; 2nd edition (September 15, 2021)

Language ‏ : ‎ English

Hardcover ‏ : ‎ 512 pages

ISBN-10 ‏ : ‎ 1682475867

ISBN-13 ‏ : ‎ 978-1682475867