Cyberspace is an evolving medium, and the best strategic thinking about cyber dimensions of commerce, security, politics, and warfare is likely yet to come. I was happy, however, to read David Betz and Tim Stevens’ recent International Institute of Strategic Studies (IISS) monograph Cyberspace and the State: Toward a Strategy for Cyber-Power. It is a valuable addition to the growing library on cyber strategy, and a valuable read not only for students of strategy and policy but also for network defenders and industry executives looking for a broader contextualization of present day cyber challenges.
First, let’s cross off what Cyberspace and the State is not. Betz and Stevens have not written a “gee-whiz” book arguing that everything is new. They are aware of the prehistory of hacking, and note such seminal events in the hacker subculture ranging from MIT’s Tech Model Railway Club to the worm assault on NASA computers in 1989. This is also not a book that propagates “cyber-doom” scenarios or seeks to convince you that the Chinese and Russians can control everything from SCADA systems to nuclear launch networks. The cyber-world is scary enough without embellishment, and Betz and Stevens do not indulge in the dark side. Lastly, Cyberspace and the State is also not a cyber-utopian book–it is broadly aware that (contra Barlow) cyberspace is not independent. Like Gregory Rattray, Betz and Stevens also have a strong grasp of political-military history and also deploy their extensive knowledge of international relations to the task.
It is difficult to summarize the book–for a short monograph it is literally packed with ideas. Betz and Stevens explore the many dimensions of national cyber-power, the definition of cyberspace itself and what it constitutes, and make a principled case for a more relaxed approach to Internet governance. For the state to thrive, Betz and Stevens argue, it will have to get used to the idea of accepting that an economically prosperous cyberspace will necessarily create areas in which pure sovereignty will have to be delegated or at least relaxed. Betz and Stevens note that Western states, particularly European states seeking to exercise strict controls over political discourse in cyberspace, mirror the practices of more authoritarian countries like Russia and China.
Perhaps one of the most useful aspects of Betz and Stevens’ work is that it rigorously adheres to a limited and useful typology of information warfare. Taking the early 1990s writings of figures like John Arquilla, Dorothy Denning, and Martin Libicki as their guidepost, Betz and Stevens look at cyberwar and IW as merely the use of information to either heighten one’s own advantage or degrade the information resources possessed by the opposing side. IW here is an umbrella term referring to a host of activities governing the flow of information, cyberwar being only one. Betz and Stevens are also rigorous in dismissing attempts to dub everything under the sun “cyberwar,” but also are not blind to the myriad ways in which cyber power can be exercised. Sometimes, critiques of cyberwar do not make sufficient latitude for the fact that there are other uses of cyberspace beyond kinetic destruction or terrorism that can enhance the power (or bottom line) of state and non-state actors.
Grab a copy of Cyberspace and the State to understand not only the past and present of cyberpower, but also where it may be going in the future. There have been very little useful new ways of thinking about the cyber environment over the last 15 years, but Betz and Stevens have written a classic that is likely to stand the test of time.