The world of cyber operations remains largely opaque for many readers. Not a day goes by when there is some breach or incident reported by the media. Indeed, and arguably, the public is now numb to these incidents. A bank is breached or their account is compromised, and the financial institution issues a new card. Yet, that personal touch of cybercrime is only the tip of a much deeper and more frightening iceberg. David Sanger in his latest work “The Perfect Weapon” dives under the surface to present the high stakes game of cyber and information operations at the nation-state level. He reconstructs Russia’s 2016 cyber information operations alongside Iran’s hack of Saudi Aramco, the North Korean attack on Sony, and Operation Olympic Games—the joint U.S.-Israeli attack on Tehran’s centrifuges. The book’s greatest strength is in how Sanger captures the complexities of cyber weapons and cyber operations to illustrate the internal dynamics of the Obama administration as it grappled with these emerging capabilities. Are cyber weapons akin to nuclear weapons? How and when should they be used? How do you balance intelligence collection with covert operations? How do you respond to a cyber-attack? When is an incident espionage and when is it an attack? What is the role of the government in defending private networks? There are, quite simply, no easy answers to these questions and there may not be for some time. Throughout all of this, national security officials fear a cyber Pearl Harbor—when the lights go dark, the networks shut down, and our modern way of life comes to a screeching halt. It hasn’t happened yet, but adversaries like Russia and China are inside power, financial, and other information networks, lurking, watching, and indeed making themselves known as if to say “we are here and we want you know it”. Russia’s attacks on Ukraine’s power grid are a great illustration of the national security community’s greatest fears. After an extensive pre-attack reconnaissance campaign, the Russians took control of Kiev’s power grid, locking out its operators, shutting down the power, deleting hard drives, and forcing workers to go back to physical switches. If the same were to happen in the United States, the damage could be catastrophic and many of these plants no longer have physical switches or the people who know how these systems used to work. Sanger also covers the complexities brought about by the tech giants themselves. From Apple’s dispute with the FBI over the San Bernardino terrorist’s phone, to Facebook’s ignorance of “fake news”, and Google’s efforts to thwart the NSA, Sanger highlights the role these companies play in national security—wittingly or unwittingly. Where he falls a bit short is on the other side of the equation, where those principles fell somewhat short. Apple for all of its stances on privacy and protecting consumer information bent over backwards to accommodate the Chinese government. While Apple was opposing the FBI, it removed apps from the App store that offered Virtual Private Networks (VPNs) that would allow Chinese users to circumvent the “Great Firewall of China”. This was purely a business decision. Apple could stand up and wave the privacy flag in the United States, but if it wanted access to the Chinese market, it needed to be a bit more flexible. Sanger also discusses the impact of Edward Snowden and Chelsea Manning’s treason, which when added with the Shadow Broker’s releases offered adversaries staggering insight into the U.S.’ capabilities and programs, and some of these capabilities directly. The proliferation of advanced tools and techniques is one of the greatest cyber threats today. Nation-states do not have the monopoly on cyber weapons. Compared to a nuclear program, cyber weapons are peanuts. An individual sitting in a café in Vienna or Bangkok can wield potentially the same capabilities as an intelligence agency. And as Stuxnet—the Operation Olympic Games weapon—illustrated, once it is in the wild, it is available for all to see. That it is well written should not come as a surprise. Sanger is one of the top national security reporters working today. It is well reported, well sourced, and his access provides insights into what many of the key players were thinking at the time and in the years since their tenure ended. Of less interest, at least to this reviewer, were the few discussions of the reporting process itself. Here Operation Olympic Games stands out. Sanger goes into extensive detail about what he knew and when, when he approached the administration for their comment and security vetting. It doesn’t add too much to the story, which is itself staggering. Sanger, of the New York Times, masterfully follows up his previous two works—"The Inheritance” and “Confront and Conceal”, both on the Obama administration’s national security activities. For lay readers, the Perfect Weapon is a great one-volume precis on recent cyber war.
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.