Sara Seppanen is a third year War Studies student with a particular interest in intelligence studies and cybersecurity.

Flawed conceptions and alarmist predictions permeate much of the debate on cybersecurity today, leading to mainstream media continuously invoking the idea of a cyberwar. As recently as September 2019, General Sir Nick Carter as Chief of the Defence Staff claimed that Britain is ‘at war every day’. [1] This was a careless statement emanating from the fact that Britain is being subjected to cyber-attacks every day. In Cyber War Will Not Take Place, Thomas Rid proves exactly why decision-makers like Carter are wrong. Spanning eight chapters, Rid aims to comment on the past, the present and the likely future in order to set forward a convincing case for cyberwar being a wasted metaphor. Resting his arguments on technological possibilities and an empirical record of cyber-attacks, Rid provides a fact-driven blow against doomsayers claiming that cyber war is a reality.

The central theme of Rid’s work is that of war, and how the concept relates to the so-called cyberspace. In order to move beyond the “myth and fairy tale” [2] of the destructiveness of cyberattacks, Rid draws on the characteristics of war set out by military theorist Clausewitz. For something to qualify as war, Rid emphasises, an act needs to be instrumental, political and violent, or at least potentially violent. By viewing an empirical record of cyber offenses through a Clausewitzian prism, Rid compellingly underlines that neither the supposed 1982 Siberian pipeline explosion nor 1999 Moonlight Maze meet all three criteria. [3] Not only does this Clausewitzian perspective underpin much of Rid’s discussion, but it is also what precisely distinguishes him from others in the field. By considering Rid’s work amongst network-centric discussions regarding technological vulnerabilities, such as Richard Stiennon’s There Will be Cyberwar, one can recognise how this book is a refreshing reminder of the meaning of war in the cyber domain. [4] Rather than labelling politically motivated cyber-attacks as war, Rid’s core argument is that activities such as Stuxnet and Shady RAT fall under categories of sabotage, espionage or subversion. By identifying the human body as the foundation of violence, Rid subsequently claims that cyber offences diminish rather than accentuate violence. The essential conclusion is therefore that political goals can be achieved through non-violent shortcuts. [5] Most importantly, by arguing that the militarised debate on cyber offences is a flawed conception, Rid sheds light on the notion that cyberspace is riddled with problematic activities to which there is no single solution.

The greatest advantage of Rid’s book is the pedagogical approach adopted to outline an argument. By delivering illuminating examples and outlines of technological aspects throughout the book, Rid provides a readily accessible discussion on cybersecurity for students and practitioners alike. For instance, readers from a non-technical background can enjoy a solid explanation of how commands can be used to control Trojans. [6] Rid also provides some graphs and statistics, illustrating how the semantic use of subversion as a concept has changed over time. [7] By using these tools to make the advanced technical and conceptual analysis more comprehensible, Rid skilfully avoids alienating the reader. The reader is also guided by Rid’s establishment of step-by-step outlines at the start of every sub-section. Furthermore, while the bold title of the book may suggest a hard-line approach to analysis, Rid appears to welcome possible counterarguments. For instance, when arguing that computer code cannot be considered violent, Rid acknowledges the hypothetical case of attackers being able to spoof a drone’s GPS navigation to unleash missiles. [8] However, a word of caution is in order regarding the assumed nuances. Rid’s pedagogic approach does not hinder him from using counterexamples for his own winning, often dismissing alternative scenarios by claiming that they seem “very unlikely”. [9] Although this strategy might be deemed necessary in light of all illusionary speculation the book is set to oppose, Rid can indeed be criticised for some lack in imagination. After all, he risks ridiculing readers from the very start by loudly dismissing popularly cited scenarios such as a Chinese attack on US Homelands as ‘science fiction’. [10] Nonetheless, those overcoming these instances, knowing that all technology has once been considered science fiction, will discover the unique value in Rid’s work. As promised, the approach is factually accurate and conceptually challenging, ultimately outweighing the occasional flaws.

Similarly, while Rid takes stock to consider cyberwar through the lens of Clausewitz, the conceptual foundation is not without its faults. Although the discussions brilliantly remind the reader that war is more than a didactically useful device, Rid seems somewhat unable to identify weaknesses in his own model. For example, the rich exploration of violence could have been even more refined by Rid admitting the potential limitations of placing the human body at the epicentre of violence. As John Stone suggests, violence in war is not necessarily lethal in character, but could also mean the use of force to break things. [11] Nonetheless, even though the consideration of alterative interpretations would have been welcomed, Rid’s purpose was never to discuss advanced political theory. Needless to state, cramming more theoretical approaches into 218 pages would probably have led to Rid losing much of his clarity and precision in the eyes of the everyday reader.

On the whole, Rid’s book is an impressive contribution to the cybersecurity debate. Even seven years after publication, in a field evolving remarkably quickly, Cyber War Will Not Take Place feels more relevant than ever. Rid’s work is, after all, a sobering and necessary lesson for anyone embellishing debates on cybersecurity with labels of war. Students and practitioners alike should definitely have a copy of their own, so that everyone can be part of attenuating some of the militarised hype.

Citations:

[1] Nicholls, “Britain is ‘at war every day’ due to constant cyber attacks, Chief of the Defence Staff says” (2019), The Telegraph, URL: https://www.telegraph.co.uk/news/2019/09/29/britain-war-every-day-due-constant-cyber-attacks-chief-defence/ [Accessed 25 October 2019]

[2] Rid, Thomas. Cyber War Will Not Take Place (Hurst & Company, 2013) p.174

[3] Ibid p.4

[4] Stiennon, Richard. There Will be Cyberwar (IT-Harvest Press, 2015)

[5] Rid, Cyber War Will Not Take Place, p.167

[6] Ibid p.89

[7] Ibid p.117

[8] Ibid pp.14-15

[9] Ibid p.15

[10] Ibid p.4

[11] Stone, John. “Cyber War Will Take Place!”, Journal of Strategic Studies Vol.36.1 (2013) p.107