Font Size: A A A

Home > Reviews > The Cybersecurity Dilemma

The Cybersecurity Dilemma

Author Ben Buchanan

ISBN No 9781849047135

Review date 24/06/2019

No of pages 290

Publisher Hurst

Publisher URL

Year of publication 16/03/2017


The Cybersecurity Dilemma Hacking, Trust, and Fear Between Nations by Ben Buchanan

Our Review


£ 25

In 2013 a book came out from Thomas Rid, an academic at King's College London (KCL) titled Cyber War Will Not Take Place. A well-argued work, it was welcome in its originality, as an antidote to all the news items about nation-state hacking which is not however the same as war. Now another academic who gained his PhD in war studies from KCL, has published a book, The Cybersecurity Dilemma, with as original an idea; that where nations lack trust in cyberspace, they find it sensible to carry out cyber-attacks, which the author terms the 'security dilemma'.

The dilemma, as Ben Buchanan sets out, is not new; it dates from before anything was cyber. Think of how once spies sought to read the contents of office rubbish bins, to see what the ambassador or minister was reading and writing; now spies want to read the president's emails (and those of whoever is allowed to communicate digitally with him). Think too of the Cold War when the US confronted the USSR; neither wanted to harm the other, and in the event neither did, but that didn't stop all the tension of the Cold War, such as the shooting down with loss of life a Korean airline flight in 1983 that strayed into Soviet air space; only the fall of the Soviet Union did. What to one side is intelligence-gathering, the other side may find threatening; an attempt to steal its secrets. As a state puts up security to foil the intelligence-gatherers, so the other state has to become yet more intrusive. Indeed, the very way that a state responds to an intrusion, is part of what the other state wants to find out. "The race to the bottom thus begins. This escalatory dynamic is perhaps even more concerning in cybersecurity."

Buchanan does a fine job of setting out how the 'security dilemma' is about as old as recorded history; and shows how if anything it's more of an issue in the age of cyber, when it can be hard to tell defence apart from attack. If this reminds you of the risk of nuclear war - US and USSR each having nuclear weapons, neither wanting to use them - Buchanan does go over that, and shows that at least the rivals came to a consensus, through treaties. We don't have that in cyber, nor do we have any more than the beginnings of a prospect of such a cyber-state consensus, according to the author.

It pays to set up your 'offensive efforts' in advance, what Buchanan calls 'enabling intrusions'. If a state has fears, it has incentive 'to get ahead of the problem', to detect the adversary; but that runs the risk of the other side finding out, and that makes more fear, and more risk of a crisis. In the physical world, we can tell if another country is invading from the tanks that roll over the border signs; not so in the cyber world. And if you think encryption can protect you, it can also protect your adversaries.

Buchanan closes by making the point that fear and escalation are at the core of the dilemma; in other words, human agency. Misinterpretation - by humans - can lead to outcomes that no-one wants, that are bad all round. He ends: "States will either take action in search of mitigation or they will bear the dilemma's risks. There is no easy way out."

Buchanan's book, like Rid's, is an important and relevant contribution to a question that ultimately affects us all.

About the author

Ben Buchanan is a Postdoctoral Fellow at Harvard University’s Belfer Center for Science and International Affairs, where he specialises in cybersecurity and statecraft. He earned his PhD in War Studies from King’s College London, where he was a Marshall Scholar.