Readings 2020: Ben Buchanan (2020). The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

In 2020 I committed to writing short thoughts on my readings.

Today, it’s The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics (2020) by Ben Buchanan.


After having really liked Ben’s previous book (The Cybersecurity Dilemma), I had high hopes for reading “The Hacker and the State”. It tells the story of state-originated hacking and the diversity of ends that cyber subterfuge can be employed. It categorizes this in three parts, which also reflect the book’s main empirical point: state originated hacking is most used for espionage, attack, and destabilization. Theoretically, the book’s main thesis contends that between two distinct approaches to competitive statecraft, cyber capabilities are best used for ‘shaping geopolitics and seizing the advantage’ (p.3), rather than ‘signaling a state’s positions and intentions.’ (p.4) In fifteen chapters (319 pages), Buchanan presents a rich empirical narrative to make his case.

The empirical detail and accuracy are also where the reader gains the most. The analyst profits from Buchanan’s mixture between geopolitical and national security analysis, archival work, and being able to draw on information security insiders. This leads to new and interesting details in some cases that may already be familiar and also some cases that are written up for the first time (e.g. I liked the chapter on the ShadowBrokers).

Unfortunately, whilst the empirical focus is great, in the case of The Hacker and the State it comes at a detriment to the theoretical and analytical narrative. This starts in the introduction, where signaling is taken on the first time. We read that

‘cyber operations are ill-suited for signaling’ […] This is not a view aligned with conventional wisdom, with its roots in Cold War theories. Policymakers and scholars frequently present cyber capabilities as analogous to nuclear capabilities, which make signaling essential given the potentially catastrophic impacts, or as analogous to conventional military capabilities, which make signaling easier given their high visibility.’ (pp.7-8)

This representation of the current state of the discipline, whilst having resonated with me before 2013, seems unfamiliar to me today, with literature that would have been relevant (e.g. on intelligence and covert operations) left undiscussed. Furthermore, if, according to the author, policymakers are seeing cyber tools as signaling options, it seems strange to then try to convince us in the next 300 pages that shaping is the purpose for which cyber operations are best used for, using the empirical record created at the behest of policymakers.

Overall I found the book to be rich on information, good on the empirical details, interesting diversity of topics, but to the detriment of analytical focus, particularly around clarity and precision of the argument. What exactly is shaping? How does it interact with spying, attacking, and destabilizing? How do these three concepts differ in the cyber area than their traditional remit? And even if one were to follow the argument that shaping is what cyber operations are best used for, one wonders, why the argument is not better embedded in the literature dealing with such ‘shaping’ operations. Instead of arguing against the literature of signaling, I would have hoped for a deep engagement with what the author considers the more fruitful literatures, such as the one on covert or special operations (Conclusion), and indeed, the big debate about cyber as a conflict space vs. cyber as an intelligence contest. But those were very high hopes.

PS: I aim to write a formal book review with Lennart Maschmeyer.


Now read this

Switzerland’s Security 2015

On 4. May 2015, Switzerland’s intelligence service published its annual report on the security situation of the country. Strategic landscape The report notes a state of flux in the strategic landscape, driven by (a) a long-term clash of... Continue →