The world of cybersecurity is a complicated maze of technology, politics, and policy, a constant competition among those who would harness all of them for good and/or ill. It is also a world in which the search for command and control runs faster than the capacity of governments to keep up. Fred Kaplan’s Dark Territory: The Secret History of Cyber War introduces this world through the lens of cyber war—a concept that has evolved over many decades but today represents an ever more dangerous prospect.
Kaplan tells the story of the development of cybersecurity policies through the experiences of those in the government from the early period before the era of the Internet. The book begins with the story of Ronald Reagan watching the movie War Games in 1983, which led him to ask his national security team whether the plot of an accidental nuclear war could actually happen. Out of that discussion began the preoccupation with cybersecurity—a preoccupation whose intensity would multiply over the next three decades.
Dark Territory shows that there has been a steady evolution of government engagement in enhancing the monitoring and collection of data, resulting in the enormous government reach today. But the key moment in the anecdote about Reagan’s naive question was captured in the realization that, as much as the U.S. could do to protect itself in a cyber war situation, other countries also have an equal ability for cyber aggression and defense.
Dark Territory is a tour of the many different studies, briefings, and commission reports that have been competing for attention and impact over the decades. The story of the Snowden revelations is presented as the catalyst of the review panel President Obama assigned to write a report on cybersecurity and what the ground rules should be. Who Snowden was and how and why he did what he did are less important than the impact on the struggle to forge policy parameters in the aftermath.
The basis for Kaplan’s book is to undermine the potential of cyber war and “how a handful of technical savants, from just down the street or the other side of the globe, could devastate the nation.” It also tracks what the government has been trying to do in order to prevent a cyber war, which involves the need to rethink and revamp the tools to combat digital espionage, mass intellectual-property theft, and cybercrime, all of which required hundreds of billions of dollars.
Because the main focus is on government policies and practices, the role and responsibility of industry in this evolution is not examined as extensively. The book refers to the increasing cyber attack threats these allies are facing and the defense tools the U.S. is developing either on its own or in tandem with allies. But the main message appears to be how the U.S. is learning that cyber offense and defense require the same tools.
There is a more condescending tone in the book when discussing the reaction of countries like Germany to the overreach of the NSA surveillance tactics as revealed by Snowden. Kaplan suggests, for example, that Germany’s shock over such NSA practices is naive and hypocritical. But there is no depth of analysis regarding how or why the so-called Five Eyes arrangement among English-speaking countries has allegedly been successful in dealing with cyber threats.
At the same time, much focus is given to the reaction of the United States to the increasing cyber penetration it sees from China and elsewhere around the globe. Considering that the U.S. has been dominant in creating and shaping the Internet age, it may be hard to grasp that the U.S. does not own it anymore.
Dark Territory offers an informative history of how the U.S. has struggled with its own challenges in forging a coherent policy on cybersecurity. Kaplan reviews the Obama administration’s efforts to square the circle of privacy and protection with his pronouncement following the Snowden revelations and the eventual passage of the Freedom Act to correct the perceived excesses of the NSA after 9/11.
But the overall advantage of the book for readers lies in delivering a better picture of the somewhat confusing, uncertain, and slow evolution of American cybersecurity policy deliberations, which remain in dark territory in the domestic realm as much as they do on the global stage.