The Platform


Areesha Anwer reviews Derek S. Reveron and John E. Savage’s new book, Security in the Cyber Age.

In our increasingly digital world, security has become a fundamental concern. As technology infiltrates every facet of our lives, the interconnectivity of devices and the digitization of critical systems present a growing array of vulnerabilities for cybercriminals to exploit. The stakes are exceptionally high, ranging from personal data breaches to threats against national infrastructure. The ramifications of a security lapse can be profound and far-reaching. As technology advances, so do the tactics of cyber adversaries, making cybersecurity an urgent issue affecting individuals, organizations, and policymakers alike.

Political scientist Derek S. Reveron, Chair of the National Security Affairs Department at the U.S. Naval War College, and computer scientist John E. Savage explore this pressing topic in their book, Security in the Cyber Age. Their comprehensive study delves into the evolving landscape of cyberspace, examining both the technological and policy dimensions that characterize this field. The book adopts an interdisciplinary approach, integrating perspectives from political science, computer science, and international relations.

The authors paint a complex picture of cyberspace, highlighting its multifaceted nature and the unique risks it poses. Cyberspace is portrayed as a domain where various actors utilize its opportunities in different ways. The book elaborates on how these risks evolve over time, with ransomware serving as a contemporary example of cybercrime, akin to a modern form of robbery.

Reveron and Savage delve into digital governance, discussing how the open and distributed nature of the Internet prevents governments from exercising absolute sovereign control over their citizens. For example, despite China’s ban on Bitcoin, Chinese citizens have continued to access their digital wallets via servers located outside the country.

The book underscores the shift in security paradigms from physical threats, such as guns and drones, to digital threats represented by bits and bytes. The authors cite instances where nations like Russia, Iran, China, and North Korea have targeted and disrupted telecommunication networks, power grids, pipelines, and banking systems, affecting not only governments but also individuals.

The ethical and legal implications of cybersecurity are also addressed, touching on issues like privacy, surveillance, and international cooperation in the cyber realm. Reveron and Savage argue that the Internet is increasingly used for policy objectives that can economically and physically suppress people. They cite Edward Snowden’s revelations and the situations in Kashmir and Myanmar as examples of evident suppression through digital means.

The authors call for a balanced approach that aligns security needs with fundamental rights and freedoms. They discuss how racism, xenophobia, and sexual exploitation often surface in the context of cybercrime and highlight international efforts, such as the 2003 Protocol to the Cybercrime Treaty and the 2001 Budapest Convention on Cybercrime, to curb such abuses.

Regarding supply chain regulation, the book explores how global supply chains, integral to the phenomenon of globalization, contribute to cybersecurity risks. Components of a single device, from design to manufacturing, are often produced in different countries worldwide, including the U.S., South Korea, Taiwan, China, and others. This dispersed production process introduces vulnerabilities at various stages of an information system’s lifecycle, posing significant risks to entities like U.S. federal agencies.

The book also provides an in-depth discussion of artificial intelligence (AI) technology, noting that AI is poised to surpass humans in storing and processing vast amounts of information quickly. The authors caution that humans may underestimate both the benefits and threats of AI, referencing the Turing test—an early prediction by Alan Turing that differentiating humans from machine intelligence would become challenging.

Reveron and Savage emphasize major cyber events that have elevated cybersecurity to a national security concern, including foreign efforts to steal intellectual property, interfere in elections, and compromise critical infrastructure. They discuss how both government and private sectors are vulnerable to cyberattacks that can significantly disrupt a nation’s economy.

Content regulation is another critical topic. The authors argue that government regulation of content disrupts the balance between free speech, the spread of misinformation, and the incitement of violence. They reference the role of social media in the storming of the U.S. Capitol as an example of how digital platforms can incite real-world actions.

Drawing parallels to the ideological rivalry of the Cold War, the authors highlight the competitive nature of Internet governance today. They quote NATO Secretary General Jens Stoltenberg, who stated that cyber is a central element in virtually all crises and conflicts. Cyberattacks potentially warrant an Article 5 response from NATO, which views an attack on one member as an attack on all.

The book concludes with recommendations for enhancing leadership and decision-making in cybersecurity, emphasizing the need for executive education to bolster leaders’ problem-solving abilities. It focuses on the importance of team dynamics and diversity and views cybersecurity as a public good. The authors advocate for a new corporate culture that empowers subordinates and fosters excellence, stressing the significance of foresight in cybersecurity leadership to anticipate and address emerging challenges.

Security in the Cyber Age provides a thorough exploration of the technological and policy challenges in the digital age, making a timely contribution to the field of cyberspace. It appeals to a broad audience by offering a comprehensive study of the subject matter. The book’s interdisciplinary approach provides crucial technical details and policy solutions while acknowledging geopolitical realities. It includes case studies and real-world examples that help readers contextualize theoretical discussions in practical terms. However, the book could have offered a more balanced perspective by also addressing U.S. cyberattacks on other nations, particularly its competitors and adversaries.

Areesha Anwer is a Research Officer at the Center for International Strategic Studies Sindh. She holds a Master's degree in International Relations from the University of Karachi. Her research areas include emerging technologies, cyberspace politics and artificial intelligence.