This book provides a much-needed discourse around the complex subject of cyber warfare. Providing a wide-ranging, grounded, and comprehensive discussion on various topics related to cyber warfare, anyone who wishes to gain a deeper understanding of the issues involved in militarizing cyberspace should read it.
The terms “cyber war” and “cyber warfare” have permeated common discourses to such an extent that it seems impossible to hold a conversation on politics, foreign policy, or even technological issues without them being mentioned sooner or later. For such a heavily used term, cyber warfare is, as a concept, a relatively new one and its usage is often riddled with hyperbole and hysteria. It is also one of those fields of studies that touches on multiple disciplines, ranging from technology to ethics.
In introducing the book, the editor first provides clear reasoning as to why the concept under discussion is “warfare” rather than “war.” Having made this distinction, the book starts off with a chapter on the history of cyber warfare. The chapter not only covers the incidents that relate to cyber warfare, but also discusses the evolution in strategic thinking around this area. Chapter 2 puts forward a taxonomy of characteristics of cyber attacks, with the aim of helping to understand their effect and consequences. While such an effort may seem less than exciting, it fills a crucial need to measure the impact of a cyber attack. If an action cannot be measured, it cannot be quantified; if not quantified, it cannot be objectively analyzed.
Chapter 3 covers the contentious issue of attribution in cyber operations from a technical perspective. While the chapter itself is short on the technical depths of the approaches involved, it makes it up by covering good ground on the various approaches involved. Chapter 4 is interesting not only in its central point--contrary to what is claimed in literature, that not enough is known to subject cyber operations to rigorous strategic analysis, there is indeed enough material to perform such an analysis--but also because of the slightly confrontational tone taken by the author. The content under discussion lends itself to the tone, though!
Chapters 5 and 6 concentrate on the legal issues surrounding cyber warfare. Coming from a computer science background, I found the discussion in these chapters very enlightening, helped by the methodical step-by-step reasoning behind the analysis. In chapter 5, the author considers the notion of jus ad bellum (Latin for “right to war”) in the context of cyber attacks. It analyzes the criteria to judge whether a specific cyber operation against a state meets the criteria to allow the state to engage in use of force to counter the act. Starting from the peremptory Article 2(4) of the United Nations (UN) Charter 1945, the author analyzes which (if any) of the existing international legal frameworks can be applied to cyber warfare. Chapter 6 continues this legal analysis of cyber warfare by considering the application of jus in bello (law governing conduct of hostilities once armed conflict has started) within the domain of cyber warfare. The analysis covers topics like what may be attacked, the proportionality of attack, and means and methods of warfare.
Chapter 7 concludes the book with coverage of cyber warfare from yet another nontechnical angle, that of ethics, but looking at it from the lens of jus bellum iustum, the just war theory, a combination of jus ad bellum and jus in bello. The authors put forward the opinion that even in the wild west of the cyber realm, where accountability is often absent, acts of cyber warfare should only be undertaken when there is a “compelling, morally justifiable reason” to do so.
As a whole, the book not only lives up to its stated goal of providing a starting point for an interdisciplinary analysis of the domain of cyber warfare, it does so in a clear and forceful manner. However, while this is a great book for obtaining a wider and deeper understanding of the strategic aspects of cyber warfare, it is not focused narrowly on the technological aspects of the domain, something that potential readers who are technical practitioners in the area should note.