THE PERFECT WEAPON

War, Sabotage, and Fear in the Cyber Age

By David E. Sanger

357 pp. Crown. $28.

New technologies of destruction have appeared throughout history, from the trireme and gunpowder in past centuries to biological and nuclear weapons in more modern times. Each technology goes through a cycle of development and weaponization, followed only later by the formulation of doctrine and occasionally by efforts to control the weapon’s use. The newest technological means of mayhem are cyber, meaning anything involving the electronic transmission of ones and zeros. The development of cyber capabilities has been rapid and is continuing; doctrine is largely yet to be written; and ideas about control are only beginning to emerge.

David E. Sanger’s “The Perfect Weapon” is an encyclopedic account of policy-relevant happenings in the cyberworld. Sanger, a national security correspondent for The New York Times, stays firmly grounded in real events, including communication systems getting hacked and servers being disabled. He avoids the tendency, all too common in futuristic discussions of cyber issues, to spin out elaborate and scary hypothetical scenarios. The book flows from reporting for The Times by Sanger and his colleagues, who have had access, and volunteer informants, that lesser publications rarely enjoy. The text frequently shifts to the first-person singular, along with excerpts from interviews Sanger has had with officials up to and including the president of the United States.

The principal focus of the book is cyberwarfare — the use of techniques to sabotage the electronic or physical assets of an adversary — but its scope extends as well to other controversies that flow from advances in information technology. Sanger touches on privacy issues related to the collection of signals intelligence — a business that has been around since before Franklin Roosevelt’s secretary of war, Henry Stimson, talked about gentlemen not reading each other’s mail. He also addresses social media and the problems of misuse that have bedeviled Facebook, including usage by foreign governments for political purposes. These other topics are to some extent a digression from the main topic of cyberwarfare. Intelligence collection and electronic sabotage are different phenomena, which in the United States involve very different legal principles and policy procedures. But Sanger takes note of such differences, and the book’s inclusiveness makes it useful as a one-stop reference for citizens who want to think intelligently about all issues of public policy having a cyber dimension.

The combining of that dimension with other security topics, like nuclear weapons and ballistic missiles, is a strength of the book. In an earlier work, “Confront and Conceal,” Sanger told the story of the electronic sabotage of Iran’s nuclear program by means of a computer worm known as Stuxnet. A point of interest in his new book is what he has to say about any similar efforts against North Korea, as the Trump administration intensifies attempts to take advanced weapons out of the North Koreans’ hands. Sanger ponders whether the serial failures of North Korean ballistic missile tests in 2016 reflected a Stuxnet-like attack on that program. He strongly suggests that there was such an effort but is unable to offer hard evidence, only a few possible hints in official comments. Looking beyond missiles, Sanger notes that North Korea’s backwardness generally makes it an unpromising target for cyberwarfare. In the words of a senior official of the United States Cyber Command, “How do you turn out the lights in a country that doesn’t have enough power to turn them on?”