Barely a day passes without a revelation about a breach of government cyber-defenses somewhere in the world, as hackers penetrate vital servers, steal information about millions of individuals, and pour top-secret government documents onto the Internet. There is no doubt that such attacks are irritating, time-consuming, and potentially very expensive. The question is whether they are truly dangerous—tantamount to acts of terrorism, or even war.
Wittes and Blum’s book provides a good framework for thinking about that question. The authors go beyond cyberthreats to examine other technological risks as well, notably the use of biological agents and robotics. They argue that people are becoming more capable of finding ways to hurt others, as deadly technologies become easier to use. At the same time, and for the same reasons, individuals are also becoming more vulnerable. Increasingly, cyberattacks come without apparent reason and without notice, hurting bystanders as well as the intended targets. And when government forces or agents are suspected of being involved, it is often frustratingly difficult to attribute attacks to them with confidence. Wittes and Blum describe this developing threat environment in stark detail and then turn to political and legal theory for policy guidance. In a careful, sophisticated analysis, they note how complex cybercrimes can slip through the cracks between national and international law. In discussing how to combat such activities, the authors transcend clichés about tradeoffs between liberty and security, patiently explaining how without security, there is rarely much liberty.
Weimann methodically zeroes in on the many ways that terrorists exploit cyberspace. His book offers a disturbing compendium of their techniques and tactics. But it is somewhat easier to demonstrate that the Internet can be used for propaganda and recruitment than to gauge the effectiveness of such efforts. And it is harder still to assess the threat of true cyberterrorism, which Weimann defines as “the use of computer network devices to sabotage critical national infrastructures.” To date, terrorists have caused inconvenience and embarrassment with cyberattacks, but not mass casualties. Still, Weimann has helpful ideas about countermeasures that governments can employ: for example, drowning out terrorist messages online with countermessaging.
Russell’s short book does not address the whole range of hostile activities that might be described as “cyber,” instead concentrating on attacks that aim to cut off government agencies and important institutions from cyberspace. Russell rightly sees this tactic as a contemporary form of a long-established and clearly warlike act: a blockade. In two substantial case studies—of a series of crippling attacks on Estonian government networks in 2007 and another on Georgian ones the following year—she explains how the hacking in each situation related to the broader political context and illuminates the challenge of attributing attacks and crafting legitimate responses. Although the Kremlin denied any involvement, both campaigns clearly originated in Russia and had obvious political triggers: in Estonia, the attacks appeared to be retaliation for Tallinn’s decision to relocate a Soviet-era war memorial; in Georgia, they accompanied conventional Russian military strikes during the short war over the disputed areas of Abkhazia and South Ossetia. Russell recognizes that cyber-blockades can be just as legitimate as the conventional kind, although it is hard to see how the technique’s legal status could be confirmed when employed anonymously, even if the likely perpetrator’s denials are barely credible. And one implication of recognizing cyber-blockades as acts of war, of course, is that the targets of such measures would not need to respond in kind; they could instead choose to respond with conventional force.