Addressing cybersecurity begins with recognizing that there is a “code war” happening around us and to us. The heart of Dawn of the Code War, by former Assistant Attorney General for National Security John P. Carlin, is a historical review of the significant cyberattacks against the United States as seen from inside the Department of Justice. Carlin charts the evolution of cyberthreats against the U.S. with intense clarity.
The attacks Carlin cites vary widely in their intent, target, and tools. Well-organized Chinese efforts to steal American intellectual property cost the U.S. hundreds of billions of dollars each year. Cyberattacks on political expression stretch as far back as an Iranian attack on the Sands Hotel in early 2014, launched after a series of fiery public comments directed at Iran by CEO Sheldon Adelson. A similarly motivated North Korean attack on Sony followed later that year.
Hackers’ infiltration of a New York dam in 2013 signaled the vulnerability of critical infrastructure, and Atlanta’s municipal government systems were ransacked in 2018 by a ransomware attack. The same year, a compromised Associated Press Twitter account posted a fake message that then-President Obama had been injured, sending the stock market tumbling. Of course, there are also the ongoing Russian attempts to interfere in U.S. elections. In short, the scope of today’s cyber threats is vast.
The problem is still growing. Carlin does note the increasing willingness and ability of the U.S. to “name and shame” foreign actors for attacks and to prosecute perpetrators. These strides toward deterrence and the development of cyber norms are necessary—but not sufficient. In part, Dawn of the Code War is Carlin’s call to action. Today, we depend on technologies and an internet that were designed without much security in mind. We are “playing a massive game of digital catch-up,” Carlin rightly concludes, and we cannot afford to make the same security mistakes with the next generation of technology. Diverse and increasing cyberthreats will require a comprehensive, society-wide response.