Strategic Cyber Deterrence: The Active Cyber Defense Option by Scott Jasper. Rowman & Littlefield, 2017, 255 pp.
The book Strategic Cyber Deterrence: The Active Cyber Option is particularly relevant today in the face of the continuing challenges for America from the Russians, Chinese, Iranians, and North Koreans. While many feel that cyber deterrence is unattainable, Professor Scott Jasper of the Naval Postgraduate School shows quite clearly that we can in fact get there if we open our intellectual aperture. This subject is of ever-increasing relevance to the physical and digital security of the nation, as well as to America’s wider national interests. It is tough ground to cover, filled with a great deal of technical information and international relations jargon, but it is a needful task and worth the intellectual effort.
Jasper has structured the book logically into three parts. He begins with a section of solid introductory material covering the main theoretical areas that must be understood to address deterrence. “Strategic Landscape” (chapter 1) covers all the preliminary concepts. It is heavy but understandable. The next two chapters (“Cyber Attacks” and “Theoretical Foundations”) expand on the concepts introduced in the first and will satisfy those who may think chapter 1 covered too much ground, too fast.
In Part II, “Traditional Deterrence Strategies,” chapters 4–6 form an excellent primer on deterrence. Jasper categorizes deterrence three ways: retaliation, denial, and entanglement. Respectively, he defines each of these terms to mean deterrence because your opponent is worried about the backlash, deterrence because the opponent’s efforts will have no effect, and deterrence because the opposing system and your own are so intertwined that hostile attack becomes self-defeating. For readers with a scholastic background in deterrence, these three chapters are classic treatments and can be covered quickly. For other readers, this section offers solid background information and is well worth reading to grasp critical concepts.
Jasper finishes the book by investigating an active cyber defense strategy (chapters 7 and 8): what it is; what it is not; why it can work; and why it may be our only real, effective choice when considering alternative strategies.
The book has many strengths. First, it is loaded with understandable definitions—especially helpful with terms that are typically misused or at least misunderstood. That alone would make it worth reading. Second, it challenges the intellectual status quo without dismissing traditional thought. He gives the traditional deterrence theories a fair look. Doing so gives great balance and credibility to his later arguments. Finally, his alternative, an active cyber defense, is presented rationally and without the zealotry. Remaining scholarly and objective, Jasper shows the potential advantages and liabilities of the solution.
There are weaknesses to Strategic Cyber Deterrence. Primary of these is that a nonexpert could get lost in the strategic and technical jargon. Jasper tries to avoid this, but cyber and deterrence are impossible to discuss without their associated vocabularies, and mixing them creates difficulty. Additionally, he seems to spend too much time setting the stage in the first six chapters. However, Jasper covers those areas much better than most academics, and another reader may have more patience.
Reading this book is well worth the effort. While not a summer beach page-turner, it is a well written, accessible volume providing a superb reference for those involved or interested in this key national security debate. Active cyber defense is the way forward to achieve deterrence and to guide response. What we have now is simply not enough. Jasper gets away from the view that active measures will turn the Internet into the Wild West, filled with vigilantes. He shows how an active defense policy can work and that it really is the most viable option. If one reads only the excellent chapter 7 on the active cyber defense option (and the appendix on the national strategy agenda), it would justify the cost of the book and the time spent in reading. This chapter is insightful and enormously persuasive.
Every expert in the cyber field should read this book and consider Jasper’s cogent arguments. Every legislator who wants to propose legislation to “solve” the cyber problem needs this book to become adequately literate in this crucial area. Every pundit who wants to break the next big cyber story should read it to avoid distortions and false reporting. Any civilian who wants a glimpse of the present and the future of our security world should also invest the time.
Scott Jasper has written a compelling work and should be congratulated for a fine book.
Stephen Bucci
The Heritage Foundation