Wars of Disruption and Resilience: Cybered Conflict, Power, and National Security by Chris C. Demchak. University of Georgia Press, 2011, 331 pp.
Chris Demchak’s Wars of Disruption and Resilience is a critical analysis of the appropriate national security approach to address cyber threats. The author’s intent is to provide a textbook for undergraduate and graduate students in national security fields. Demchak, an associate professor at the US Naval War College, has authored or co-authored several other books and articles, including Military Organizations, Complex Machines: Modernization in the U.S. Armed Services and Lessons of the Gulf War: Ascendant Technology and Declining Capability. While lengthy analyses of technology’s effects on society are commonplace, as are recommendations for ensuring security in an increasingly globalized world, Demchak’s book takes a relatively unique approach by arguing it is not possible to foresee or guard against every debilitating event. She employs three case studies to demonstrate how resilience is a more effective long-term strategy and offers suggestions on how to build an effective national resilience strategy.
The book assesses the effects of globalization and the rise of technology in society, international relations, and conflict. It discusses challenging aspects of the relationship between technology and the state, including privacy, the dual-use nature of digital resources, and the ubiquitous concern of cyber terrorism. It also offers guidelines on concepts of disruption and resilience, pointing out that in modern society, nation-states cannot hope to disrupt every potential attack. The author argues that, as a result, the United States should devote greater resources to laying the groundwork for a resilience strategy. She summarizes the three main theories of international relations—realism, liberal institutionalism, and constructivism—detailing how each fails to adequately predict cyber conflict at all levels and suggests a syncretic approach which uses complementary aspects of each theory working together rather than in competition as a solution.
Demchak examines six case studies to demonstrate effective disruption and resilience strategies: US disruption of perceived threats in Guatemala and Vietnam, Victorian disruption of perceived Abyssinian and Ashanti threats, and medieval warring between Italian city-states Florence and Milan and between Greek city-states during the Second Peloponnesian Archidamian War. While the historical examinations are admittedly fascinating and educational—with Demchak stressing the use of disruptive techniques and resilience strategies for each one—the link to modern cyber conflicts is weak. She conclusively shows that disruption techniques alone are insufficient and highlights techniques for creating resiliency. Nonetheless, the examples might be of greater use if more applicable to cyber conflicts.
Demchak also discusses the challenges of implementing a resilience strategy, including political acceptance of cyber threats, as well as the importance of cyber security, technological challenges, and separating information related to threats from private data compiled on innocent citizens. She notes that the Internet’s basic design and its original purpose make cyber security difficult and that states that have changed these basic assumptions approach cyber security in a different manner.
She outlines organizational changes the United States might undertake to develop collective knowledge and communication critical to national security. Specifically, she introduces the idea of a “knowledge nexus,” a collaborative knowledge-sharing effort traversing multiple institutions and hierarchies to share threat and response data required for national security. The author devotes a great deal of space to how to protect the privacy of uninvolved civilians. She advocates behavior-based monitoring that separates personally identifiable information (PII) from individual online activity or behavior and states, “To succeed, collective problem solving must be made easy, useful, and routine.” She proposes the “atrium model” as a method of capturing the tacit, routine knowledge that enables threat awareness and response.
Finally, Demchak looks ahead to changes in the status quo that may impact the current US approach to national security, particularly in the cyber domain. In particular, she discusses Cyber Command, highlighting, like many other critics, that legal authorities will prevent it from conducting all activities necessary to ensure cyber security. Also, she briefly examines how societal changes have led legal changes in history and argues that the cyber threat will be no different. She examines how China, in particular, is choosing to use cyberspace as an enabler, defending itself in the cyber domain, and outlines the challenges that Chinese cyber activities present to US national security interests, both from an attack and an exploitation standpoint.
While the title suggests a focus on the cyber field, the book does not present many recommendations that are not broadly applicable to other aspects of national security. It presents intriguing insights for the national security scholar; however, some discussions, conclusions, and recommendations are unlikely to find a foothold with military thinkers. In particular, Demchak’s sharp criticism of the conduct of and political decisions behind Operation Iraqi Freedom suggests a bias discordant with an otherwise supportive argument for the role of the Department of Defense in national and cyber security. Her personal observations regarding failures in the intelligence community and the US military in the last several decades detract from an otherwise valuable discussion. Nevertheless, several conclusions and recommendations introduce novel thinking. National security scholars willing to wade through the less innovative text may find insights, recommendations, and discussions relevant and timely. Cyber enthusiasts, on the other hand, will likely be disappointed.
Capt Julie Clements, USAF