The Hacker And The State: Cyber Attacks And The New Normal Of Geopolitics

Author: Ben Buchanan
Publisher: Cambridge, MA: Harvard University Press, 2020. 432p.
Reviewer: Kevin Cassidy | September 2020

In 2011, the movie The Girl with the Dragon tattoo was released. The ostensible hacker, Lisbeth Salander (Rooney Mara), teams up with journalist Mikael Blomkvist (Daniel Craig) on a missing person case. They uncover murder and corruption. One of the lines from that movie is:

Mikael Blomkvist: What are you doing?
Lisbeth Salander: Reading your notes.
Mikael Blomkvist: They’re encrypted!
Lisbeth Salander: [Looks up at him] Please.

Ben Buchanan’s book, The Hacker and the State, probes deep into cyber security, the truths and myths about cyber security and how society, corporations and individuals pay particularly close attention to it in today’s everchanging world. Just like Lisbeth Salander’s response to Mikael Blomkvist, just about everything in cyber space can be viewed or hacked.

The book contains pertinent insider information based on interviews by Buchanan, as well as information discussing declassified files and forensic analysis of company reports that have been researched. His writing style allows the reader to understand technical jargon. More significantly, he allows the reader to understand the real geopolitical competition of the digital age as it applies to business and government agencies.

In the introduction, Buchanan discusses the National Security Agency (NSA), military mobilization and foreign countries that have the capability to hack into major American corporations or government agencies themselves. He discusses how China, Russia, North Korea, Britain, and the United States hack one another in a persistent struggle for global domination. His analysis of ‘signaling and shaping’ in the introduction allows the reader to conceptualize the credibility of information one has or may have and how this information is used to shape or change a particular concept or strategy the end user may or may not have. Buchanan compares this stalemate to a high-stakes poker game. Each side positions itself in an attempt to influence how the other side will play its hand.

Besides an introduction and conclusion, the book is divided into three well written parts; Espionage, Attack and Destabilization. Each of the three parts of the book explains the reasons behind cyber- attacks, and the mitigation efforts employed not to become a target. His writings discuss cyber-attacks being far less critical than society anticipates. Cyber-attacks impact financial institutions, information technology systems, educational and health systems. The counter measures government agencies and private businesses have incorporated into their plans now play a significant role in combating cyber-criminal activities. Buchanan discusses how national-security priorities and global businesses have reshaped the geopolitical advantage to combat spy craft and espionage.

In chapter 6 entitled Strategic Sabotage, Buchanan does a deep dive into Stuxnet and how it involved various countries. Stuxnet was a destructive computer worm developed by hackers in the United States and Israel. It was designed to set Iran’s nuclear centrifuges to dangerously high speeds. However, the code escaped the confines of Iran’s nuclear facilities and spread throughout the globe. Buchanan highlights what went right and wrong and the effect Stuxnet had on various countries.

An overall theme of the book is that Cyber espionage has been going on pretty much since the emergence of the web and the rise of personal computers. Countries like Russia, China, Iran and North Korea are mostly seen as the country’s most likely to be engaging in cyber-espionage operations against Western targets. These countries Advanced Persistent Threat (APT) hacking groups target governments and organizations on a global scale. Western governments are also involved in their own cyber-espionage expertise as well.

Kevin Cassidy-Professor in the Security, Fire & Emergency Management Department at John Jay College. He also lectures at Slippery Rock University in Pennsylvania. He is a member of ASIS.