Cybersecurity Canon Book Review: Dawn of the Code War: America’s Battle Against Russia, China, and the Rising Global Cyber Threat
Book written by John P. Carlin and Garrett M. Graff
Book review by Andrew Hall
I recommend this book to readers interested in cybersecurity from the Justice Department perspective and the role of FBI in cybersecurity. I do not recommend this book for the Cybersecurity Hall of Fame.
This is a well-written book by a senior leader within the FBI telling the story of the United States Government’s public actions to hold both criminals and nation-state actors accountable for their actions in cyberspace. The book is very much written from the US perspective and addresses the roles of the Justice Department and FBI as elements of national power alongside the Department of Defense and the intelligence community. The unique perspective provided by John P. Carlin from his position within the Justice Department make this very valuable to understand the challenges in bringing criminal cases against malign actors within cyberspace to court.
The authors are a former Assistant Attorney General, John P. Carlin, under the Obama administration and a national security journalist, Garrett M. Graff. The book is told from a first-person narrative format as Carlin takes the reader on a journey through his time at the FBI which corresponds with the first indictments of nation-state hackers by the US Government and the execution of the “Name and Shame” strategy. Carlin’s unique perspective as a senior leader within the Justice Department provide insight into recent history, but his work is very much from the perspective of the US.
In some books the foreword or introduction can be easily skipped as you rush to chapter one. This would not work for this book. The foreword introduces the story of Junaid Hussain, an ISIL social media terrorist by the age of 21, and the interwoven story between the Al Qaeda terrorists and ISIL. The foreword motivates the book, as it highlights the importance of cyberspace to the terrorist’s war being waged against the US. The introduction tells of the story of the battle between traditional state actors and the US within cyberspace. This combination of introduction and foreword highlighting the terrorists and the nation-state agendas motivate all that follows.
The story that follows is a first-person account of Carlin coming to grips with the complexity of criminal, terrorist and nation-state actors within cyberspace. The story told from the perspective of law enforcement illustrates the importance of combining all elements of national power to address national objectives in cyberspace. His coverage spans from the Morris worm, to the rise of Russian and Ukrainian hackers, to their compatriots in China and North Korea. The common thread he develops is to first explain and understand the threat, and then explore the possibilities to create cases within the judicial system to shape cyberspace in the interests of the US. The primary adversaries of the US in cyberspace - Iran, China, Russia, and North Korea - are explored in turn.
The weakest portion of the book is the chapter addressing the information warfare being waged against the US during the 2016 election and transition of parties. This is the period where Carlin exited public service, and the first-person narrative is no longer appropriate. He attempts to explore the issues surrounding the now highly politicized term “Fake News.” He addresses the changing nature of freedom of speech on-line and details the challenges in countering ISIL and their sympathizers online. The Syrian Electronic Army’s attempt to challenge traditional US media is an indication of the new struggles facing a free press and the issues for an educated populace to make sense of competing narratives. The issue of Russian interference continued to grow as he exited public service and this part of the book could easily be expanded to an additional chapter, or at least the length of the introduction. He briefly addresses the role of Russia in the 2016 elections, but I would like to have seen the legal work surrounding the Mueller investigation discussed in much greater detail. His discussion of the requirement for a nonpartisan process established in advance to address election meddling properly addresses the challenges with addressing partisan issues where one of the parties will always be seen to benefit.
As the book concludes with an epilogue on how to win the code war, I found myself glad to have read the book that portrayed some of the most interesting facets of attacks within cyberspace and having a better idea of the role of the FBI and Justice department within the US government. Carlin believes that we are at a critical junction as we work to ensure our democratic norms are not undermined by the freedoms of cyberspace. Although I do not recommend this book for acceptance into the Hall of Fame, it is a well written book and an enjoyable read.