Book Reviews

We publish reviews and speak about new books on international security issues.

Today we invite our readers to get acquainted with a review of the Dr. Thomas Rid`s book “Cyber War Will Not Take Place” by Mr. Maksim Sorokin, PIR Center Information & Publications Program Intern.

Dr. Thomas Rid is a political scientist and professor specializing in security studies. He has written extensively on topics related to cybersecurity, including the historical development of cyber conflict, the attribution of cyber-attacks, and the broader implications of information warfare in the digital age. His research often explores the intersection of technology, security, and international relations.

Following the information revolution and cyberspace development, discussions about the changing nature of warfare have always been incremental. Military experts worldwide started talking about cyber war, which should have moved the physical battlefields into the virtual domains. Until now, social media has been gripped by threatening titles about the upcoming cyber Pearl Harbor.

Yet in 2013, Dr. Thomas Rid published a book titled Cyber War Will Not Take Place, countering the narrative of a new type of war with the argument that cyber war has never happened in the past, is not occurring now, and is unlikely to appear in the future. To complement the main idea, Dr. Thomas Rid refers to the concept of war proposed by Clausewitz in his work On War and, subsequently, divides modern cyber operations into sabotage, espionage, and subversion.

This review will cover Dr. Thomas Rid’s primary thoughts and arguments in his book Cyber War Will Not Take Place and their applicability to contemporary international security architecture.

What is War?

As Carl von Clausewitz wrote, “War is an act of force to compel the enemy to do our will”. Dr. Thomas Rid starts his book by identifying what war is inherently, recalling Clausewitz’s traditional understanding of war. According to Clausewitz, war is defined by three crucial elements: violence, instrumental character, and political nature. Looking ahead, Dr. Thomas Rid concludes that none of the cyber incidents the international community has faced so far does not meet the following criteria.

First, Clausewitz famously defined war as an extension of politics by other means. Central to this definition is the idea that war involves violence. In the form of armed conflict, violence is the means through which political goals are pursued. Clausewitz recognized that war inherently involves destruction, force, and the application of military power to achieve political objectives. The intensity of violence and the nature of military operations are vital aspects of the conduct of war. As he argues, “A real act of war is always potentially or actually lethal, at least for some participants on at least one side”.

Second, according to Clausewitz, war is an instrument or tool political entities use to achieve specific ends. The instrumental character of war emphasizes that military force is not an end but a means to achieve political objectives. War is a method through which political actors seek to influence and coerce their adversaries. Understanding war as an instrument highlights the strategic and goal-oriented nature of armed conflict, where military actions are employed to bring about a desired political outcome. Therefore, the purpose is a political intention; the means is war.

Third, Clausewitz emphasized war’s inherently political nature — “An act of war is always political”. War is not an isolated or independent phenomenon; it is deeply intertwined with political objectives and decisions. The political nature of war means that the political goals and interests of the involved actors shape its conduct and outcomes. Clausewitz argued that war continues political activity and that military actions must be aligned with political aims. The relationship between war and politics is dynamic, with political considerations influencing military strategy and vice versa.

As Dr. Thomas Rid argues, these three elements — violence, instrumental character, and political nature — provide a foundational framework for understanding the nature of war. He emphasizes the interconnectedness of military and political aspects in war, highlighting that successful military strategies must harmonize with overarching political objectives.

Based on the respective assumption, the author emphasizes using force as the pivotal element of any warlike action and concludes that there have not been cyber offenses that can be labeled an act of war. Similarly, Dr. Thomas Rid evokes some potential scenarios in which cyberattacks could hypothetically harm or even kill people, yet we have not faced such so far.

Furthermore, Dr. Thomas Rid speculates on cyber weapons as “computer code that is used or designed to be used, to threaten or cause physical, functional or mental harm to structures, systems or living beings”. He, therefore, argues that well-known cyber weapons have far less firepower than traditional weaponry, which leads to the nearly absolute improbability of causing physical damage or harming people and, thus, the inapplicability of the concept of violence typical for wars.

Three forms of cyber offenses

Describing the nature of cyber-attacks Dr. Thomas Rid categorizes cyber offenses into three forms: sabotageespionage, and subversion.

Cyber sabotage is intentional actions to disrupt, damage, or destroy computer systems, networks, or digital infrastructure. It is a form of cyber-attack in which the primary goal is to undermine the normal functioning of systems or to cause physical damage through digital means. Various actors, including individuals, hacktivists, criminals, or nation-states, can conduct sabotage.

Cyber espionage, also known as cyber spying or cyber intelligence gathering, involves the unauthorized acquisition of sensitive information from individuals, organizations, or governments through digital means. This form of espionage leverages technology and the internet to conduct intelligence-gathering activities.

Cyber subversion is a cyber-attack that aims to undermine or destabilize a targeted system, organization, or entity. It involves unauthorized access, data manipulation, and critical operations disruption. Cyber subversion seeks to compromise information integrity, confidentiality, and availability, leading to significant harm or loss for the targeted entity.

Dr. Thomas Rid notes the importance of understanding the motivations behind cyber subversion, ranging from political or ideological reasons to economic or strategic interests. Thus, he argues that “the ultimate goal of subversion may be overthrowing a society’s established government, but subversive activity may also have more limited causes”.

He also highlights the need for robust defense mechanisms and proactive measures to detect and mitigate cyber subversion attacks. Organizations must stay vigilant and continuously enhance their cybersecurity posture to counter the evolving threats of cyber subversion.

Concerning the forms of cyber offenses above, Rid’s division of their technical and social natures is worth highlighting. Thus, sabotage is purely technical, subversion is social, and espionage may be both technical and social.

Accordingly, sabotage may manifest as malicious software, such as viruses, worms, trojan horses, and ransomware, which can compromise the security of computer systems; denial-of-service (DoS) attacks, which are used to overwhelm a system, network, or service with an excessive amount of traffic, rendering it inaccessible to legitimate users; data destruction or manipulation, and whatnot.

The principal example herein is Stuxnet, which essentially remains the most sophisticated cyber-attack so far. Once again, this demonstrates that cyber war is still an abstract and unclear phenomenon, although, remarkably, Stuxnet spawned the wave of cyber war-related hype as it showed the power of cyber warfare capable of disrupting entire systems and networks. In brief, Stuxnet is a highly sophisticated computer worm the United States (presumably with Israel) used in 2010 to sabotage Iran’s nuclear program, specifically targeting its uranium enrichment facilities.

Cyber espionage often involves using sophisticated malware to infiltrate target systems, allowing attackers to exfiltrate sensitive data or monitor activities. Social engineering techniques, such as phishing emails, are also commonly employed to trick individuals into revealing login credentials or other sensitive information. Furthermore, advanced persistent threats are long-term, targeted cyber-attacks in which attackers gain unauthorized access to a network and remain undetected for an extended period, allowing for continuous data exfiltration.

According to Dr. Thomas Rid, subversion is social in nature. By that the author means that “human minds are the targets, not machines”. He recalls the politically motivated DDoS attacks in Estonia and Georgia that had a social dimension: “They cut the information flow between governments, the media, and citizens, undermining citizens’ trust in their leaders’ authority and competence”.

Attribution

Another aspect that Dr. Thomas Rid uses as a counterargument to the concept of cyber war is the issue of attribution. He argues that one of the critical manifestations of wars is that someone takes accountability for it. In terms of cyber warfare, this has never been the case, as (1) the states would never proclaim the responsibility for offensive cyber operations, and (2) attributing cyber-attacks to someone is technically sophisticated and nearly impossible (at least, so far).

Applicability of Rid’s thoughts today

Ten years have passed since the book’s publication, and Rid’s thoughts flooded the discourse on the changing nature of warfare and its shift to virtual battlefields. At the time, social media insisted on the upcoming cyber Pearl Harbor, but Dr. Thomas Rid shattered such an illusion by approaching war from its traditional understanding, proposed back in the 19th century.

Reflecting on the tendencies in modern security architecture, it seems fair to prove Rid’s ideas have been correct and augmented. So far, Stuxnet remains the most destructive cyber operation that has yet to lead to any violence. States are now using their cyber capabilities only as a supplement to traditional means of warfare. Therefore, if approaching war as Clausewitz proposed, cyber war has never indeed happened, is not occurring now, and is unlikely to take place in the future.

Accordingly, since the beginning of the Russian Special Military Operation in Ukraine, military and security experts worldwide predicted a new generation war that would take place predominantly virtually, with cyber-attacks being the decisive advantage. Yet the expectations have not met the realities, as the friction manifests traditional conventional military armed conflict, supplemented by emerging technologies. The same can be said of the ongoing tensions between Israel and Palestine.

Nonetheless, although Rid’s ideas have stood the test of time and are still relevant to the contemporary world, they seem to be limited by the perception of Clausewitz’s concept of war. What if cyber war is not about violence toward people? What if it has other manifestations? What if the consequences of cyber-attacks might be even more adverse than those of physical ones? All these questions open a window of opportunity to address the concept of cyber war, not leaving it behind even though it seems irrelevant now to anticipate it.