Cybersecurity: Geopolitics, Law, and Policy
Book written by Amos N. Guiora
Book review by William Yurek
Guiora’s book Cybersecurity: Geopolitics, Law, and Policy takes a broad, strategic view of cybersecurity. It may serve as a general education for newcomers to the world of cybersecurity, but it is likely of little educational value to those already familiar with operating in the cyber realm. Its consistent identification of cybersecurity as a “risk” may both distract and confuse readers, detracting from the overall value of the book.
Cybersecurity: Geopolitics, Law, and Policy begins with a “shock and awe” chapter, apparently intended to jolt the reader into wanting to know more about the broad nature of the cyberthreat. It then enters into a summary of the chapters to follow, which is a good idea in that it prepares the reader for the ideas to come in the later, substantive chapters. The substantive chapters cover topics such as the definition of cybersecurity, geopolitics, policy, and corporate, individual, and law enforcement responses to the cyberthreat.
In his substantive chapters, Guiora brings up a number of important concepts that drive cybersecurity at a very high strategic level. These include the tension or balance between privacy, individual rights and liberties, and cybersecurity; the need for cooperation in the federal, state, local and international arenas; and the impossibility of 100 percent prevention of cyberattacks. Unfortunately, the chapters themselves tend to be very broad and bleed into each other, rather than addressing the discrete topic of the chapter headings. There is a strong reliance on single interactions with professionals and other experts in the field as a basis for broad conclusions about the current state of cybersecurity efforts. While the book does a good job of identifying things that should be done to improve cybersecurity at the corporate, policy, law enforcement and individual levels, it has little specific guidance about how to implement those suggestions through current organizations and processes.
Throughout his book, Guiora addresses cybersecurity as a risk or danger to be mitigated. This is confusing, as cybersecurity isn’t a risk or danger to anyone except maybe malicious cyber actors, such as hackers. The consistent treatment of cybersecurity as something that needs to be stopped or mitigated, including a final chapter about how law enforcement “mitigate[s] cybersecurity,” detracts from the valid ideas in the book. From the start of his book, Guiora tells the reader that his background is most heavily focused on the threat of conventional terrorism. While he accurately notes that there are solid parallels between terrorism, cyberterrorism, and cybercrime, the three ideas and terms tend to be used interchangeably throughout the book, which can be confusing. In the end, Cybersecurity: Geopolitics, Law, and Policy looks like a book written about terrorism, adapted to cyberterrorism, and then adapted to cybercrime.
Cybersecurity: Geopolitics, Law, and Policy offers broad coverage of strategic aspects of cybersecurity in the modern age. It identifies the key topics that dominate cybersecurity today. However, the continued treatment of cybersecurity as a risk, problem or threat is a confusing message for newcomers to the cybersecurity arena.