top of page

Breaking the Code on Bytes, Bombs and Spies

Updated: Jul 11, 2022

REVIEW — This collection published by the Brookings Institution Press is a very readable collection of papers which resulted from a workshop at Stanford’s Hoover Institution that was held in 2016.

With the rapid changes in virtually all aspects of the cyber domain, one might think that with this starting point, approaching three years old, the collection would be dated. However, that is not the case at all. Bytes, Bombs, and Spies is current and up-to-date, with the 2016 workshop only representing a starting point as one of the first unclassified meetings of experts to consider the subject matter. The collection represents current thinking at the unclassified level. Moreover, in contrast to many collections representing the output of meetings, workshops, etc., this is a well-written, well edited, and very readable work. In the reviewer’s experience many collections, even from the best of conferences, workshops etc. are of uneven quality, with some decent chapters, some merely adequate chapters, and unfortunately many chapters that are either badly written or so narrowly focused as to be unreadable. Bytes, Bombs, and Spies is a refreshing deviation from what may be a norm. Its 16 chapters are uniformly well-written and topical.

The Introduction, written by the editors, is a very readable overview of the issues involved in offensive cyber operations and how the various papers in the collection relate to current issues. The collection covers a broad sweep of cyber operations and addresses U.S. efforts, policies, and objectives in virtually all major areas. It pays particular attention to policy impacts of cyber threats from China, North Korea, and Russia and it reflects how Presidential Policy Directive 20 (PPD – 20) established U.S. policy on offensive cyber operations.

It is important to note that the reader need not be a cyber expert to understand the concepts and gain insights from collection chapters such as Effects, Saliencies, and Norms, which provides sufficient introductory material and scenario-based analysis that any reader will profit from reading it. Other chapters focus on specific issues such as hacking a nation’s missile development program, and a broad-based discussion of cyber terrorism and limiting the undesired impact of cyber weapons.

The chapter on Rules of Engagement for Cyberspace Operations attempts to grapple with how a military commander will have to deal with the laws of war, jus ad bellum and jus in bello, the legal considerations prior to war and the law of making war. In this particular section it would have been nice to see a discussion of the Tallinn Manual 2.0 or the original Tallinn Manual.

All The Collection has two chapters devoted to private enterprise and how private enterprise can use cyber weapons and what roles they play vis-à-vis the military cyber structure. Certainly, the chapter on U.S. offensive operations in a possible China confrontation deserves careful reading and discussion.

Overall, this is a collection of well-written contributions on pertinent topics with some of the chapters having been published in whole or in part prior to the creation of the collection. The issues are timely and important, and Bytes, Bombs, and Spies should be read by anyone interested in the concepts of cyber warfare.

This book earns a prestigious four out of four trench coats.

Edited by Herbert Lin and Amy Zegart, Brookings Institution Press

THE REVIEWER — Dr. George M. Moore is a scientist-in-residence at the James Martin Center for Nonproliferation Studies (CNS) at the Middlebury Institute of International Studies at Monterey. He teaches courses in nuclear security, nuclear forensics, drones and surveillance, and other technical topics including cyber security, He is also a licensed attorney.

Read more Under/Cover book reviews in The Cipher Brief

Read Under/Cover interviews with authors and publishers in The Cipher Brief

Interested in submitting a book review? Check out our guidelines here.


bottom of page