Armed with digital weapons, hackers, criminals, and nation-states have done incalculable damage to firms, individuals, and governments. For the past two decades, the advantage in cyberspace—which the U.S. military considers a “fifth domain,” alongside those of land, sea, air, and space—has been decisively on the side of offense. In deploying the so-called Stuxnet virus to shut down Iran’s uranium enrichment operation in 2009, Israel and the United States proved that a cyberattack can succeed even if the target is not connected to the Internet. But Clarke and Knake argue that the advantage is now shifting toward defense, even though defending is still far more expensive than attacking. The best approach, they argue, is not to counterpunch when struck but to build resilience into the tools and networks of cyberspace. Doing so won’t prevent attacks but can minimize their damage, so that the assaults that do get through won’t matter much. The authors make digital technology wonderfully clear for nonexperts (their explanation of quantum computing is particularly masterly) and describe dozens of proposed policy fixes to update government’s lagging role. Unfortunately, they don’t adequately deal with the difficulties their proposals would entail or rebut counterarguments that critics might pose.