The Perfect Weapon review: David Sanger’s urgent warning about cyber warfare
Three time pulitzer prize winning journalist, Ray Bonner, reviews ‘The Perfect Weapon’ by David Sanger in the SMH
From the planting of land mines to the dropping of nuclear bombs, nations have adopted treaties governing their use, giving us rules for war on land, on sea, in the air, and in space. That leaves cyber space, which is where tomorrow’s wars will be fought.
For those wars – already begun – there are no rules. Rob a bank, and you’ll go to jail. So, North Korean hackers pulled off a digital bank heist, breaking into the Bangladesh central bank, with a plan to siphon off a billion dollars.
“There was no penalty for the Bangladesh bank attack or the cryptocurrency heists that followed” from half a dozen central banks, David Sanger notes in this urgent book.
“There is no issue on which government lawyers have spent more time, to less productive effect, than on the question of how the laws of war apply to cyber,” a senior lawyer in the American intelligence community told Sanger. Though lacking in a compelling character, or a captivating plot, The Perfect Weapon may be one of the most important, if chilling, books you’ll read this year. The prose is measured, reflecting that Sanger has worked for three decades at The New York Times. (I was a colleague in the paper’s Washington bureau for a brief period when I was working there.)
The message is alarming. “Rarely in human history has a new weapon been adapted with such speed, customised to fit so many different tasks, and exploited by so many nations to reshape their influence on global affairs,” Sanger writes. He goes on that cyber weapons have the capability to “fry power grids, stop trains, silence cellphones, and overwhelm the internet”.
The US is almost certainly using cyber sabotage against North Korea. How else to explain that in 2016, “North Korea’s missiles started falling out of the sky”, as David Sanger puts it. CREDIT:AP
If these doomsday scenarios are the future, the future is now. In large part owing to the reporting by Sanger and his colleagues, it is well-known that the US and Israel planted a computer virus, known by the code name “Stuxnet”, into Iran’s nuclear facilities, causing centrifuges to spin out of control, and setting back its nuclear program for years. Russia resorted to cyber war in Ukraine, as part of its conventional invasion. And, of course, Russia used cyber weapons to influence the most recent US presidential election, as well as the Brexit vote.
The US is almost certainly using cyber sabotage against North Korea. How else to explain that in 2016, “North Korea’s missiles started falling out of the sky”, as Sanger puts it.
It might be hard not to applaud any program that disables missiles in the hands of Kim Jong-un. But what are the rules here? If the US dropped bombs to knock out North Korea’s missiles, it would be considered an act of war. And while it would probably be within international law to take out a missile when it was on the launch pad and being loaded with a war head, what about disabling a missile, with cyber sabotage, before it even gets to the launch pad, as is happening in North Korea? “That is largely forbidden by international law,” Sanger writes.
What about attacks on civilians? The Geneva Convention specifically provides for the “Protection of Civilian Persons in the Time of War”. A conventional war. What about cyber war? In 2017, Britain’s National Health Service was crippled by a vicious malware attack. Hospital operating rooms went dark, refrigerators storing blood were turned off. The attack affected some 200,000 computers in just about every country on the internet planet.
“It was akin to terrorism,” Sanger writes. What law prohibits such an attack?
Without rules, a cyber attack is likely to lead to escalation. After Iran learned about the cyberattacks on its nuclear program, Iranian hackers targeted capitalist faith in the American economy, infiltrating J.P. Morgan, Bank of America and the New York Stock Exchange. “For historians of the Cold War this development had a familiar ring: we deployed nuclear weapons, and the Soviets did; we created bureaucratic structures around those weapons, and then they did,” writes Sanger.
“So what is to be done?” Sanger asks in the closing chapter. Among other proposals Sanger calls for a “Digital Geneva Convention”, in which companies – Microsoft, Facebook, Google, et al – take the lead.
“We need to remember that we built these technologies to enrich our societies and our lives, and not to find yet another way to plunge our adversaries into darkness,” Sanger notes.
It is a clarion call. “Cyberweapons are so cheap to develop and so easy to hide that they have proven irresistible.” In the past decade alone, the number of countries with cyber warfare capability has risen from three or four to more than 30. The growth in the existential threat has been concomitantly exponential.
Raymond Bonner is a journalist, author, and bookseller.
David Sanger spoke recently with Ray Bonner at Bookoccino: see images of eventBuy ‘The Perfect Weapon’