Skip to main content
The Army Lawyer | Issue 1 2024View PDF

Book Review: Dark Territory

Book cover: 'Dark Territory'

Book Review

Dark Territory

The Secret History of Cyberwar


As an open society, the United States has a clear interest in strengthening norms that mitigate cyber threats and enhance stability in cyberspace. We aim to deter cyber attacks from state and non-state actors and will respond decisively with all appropriate tools of national power to hostile acts in cyberspace, including those that disrupt or degrade vital national functions or critical infrastructure.1

Dark Territory,2 Fred Kaplan’s first book on cyber security, is a must-read for anyone trying to understand the big-picture history of cyber warfare. As the quote above illustrates, securing cyberspace is a key concern for the national security law (NSL) practitioner.3 Therefore, Dark Territory is a worthy read for NSL practitioners or military attorneys who want to explain the “why” behind cyber policy and law.

The term “dark territory” in the context of this book refers to the lack of clear guidance in cyberspace operations.4 “[A]t what point [does] a cyber attack constitute an act of war?”5 And “[w]ho’s in charge” when a cyber attack occurs?6 The term also referred to stretches of railroad tracks that lacked signals.7 Since the 2016 publication of this book, however, many more control signals in the cyber domain have come into existence, and law and policy now hold answers to the question of “who’s in charge.”

The Department of Defense Law of War Manual8 (DoD LoW Manual) now directly answers a central question posed by Dark Territory about when cyber attacks constitute use of force. Simply put, we look at the attack’s effects and compare them to more typical uses of force.9 Almost a decade after the publication of Dark Territory, policy and doctrine documents10 shed plenty of light on when cyber operations go from mere probing or teenage curiosity to jus ad bellum, or, a reason to resort to force.11

Dark Territory covers the early period when signals intelligence morphed into cyber operations from the 1950s to the 1980s. It continues into a period when the internet came of age in the early decades of the twenty-first century. The history culminates in a warning,12 which may seem alarmist to some.13 But for legal practitioners who have cause to advise on cyber operations, it provides welcome food for thought.

If a “cyber Pearl Harbor”14 event occurs in the coming decades, Dark Territory provides the most explicit warning through its broad-strokes history of cyberwar.15 This review sets out the good and the bad of Dark Territory, with a recommendation to add this book to the NSL practitioner’s bookshelf.

Beginning with the positives, NSL practitioners should read Dark Territory for three main reasons. First, the book is a good way to understand the background of key terms in cyber operations, which often sound like they are right out of science fiction, using the paradigm of life imitating art. Second, the book is a reminder of the need to stay alert to cyber threats. Third, in his typical fashion, Kaplan uses Dark Territory to explain changes to how we fight as we transition to multidomain operations.

Life Imitating Art

Dark Territory demonstrates that much of the policy and language we use with cyberspace is a case of life imitating art. As Oscar Wilde put it, “Paradox though it may seem—and paradoxes are always dangerous things—it is nonetheless true that [l]ife imitates art far more than [a]rt imitates life.”16

The origin story in Dark Territory begins with President Ronald Reagan, motivated by the 1983 movie WarGames,17 sending his advisers off to create new national policy directives.18 The movie features a high school protagonist, played by a young Matthew Broderick, who begins his hacking career by accessing his school’s computer network to change grades.19 The protagonist stumbles onto Pentagon servers while trying to find a new computer game and nearly causes a nuclear missile launch.20 President Regan saw the movie and asked if a similar scenario was possible.21 His inquiry resulted in National Security Decision Directive (NSDD) 145, National Policy on Telecommunications and Automated Information Systems Security, which he signed on 17 September 1984.22

In another example of life imitating art, the origins of “information warfare” are tied to the director of the National Security Agency (NSA) watching a scene in the movie Sneakers.23 As told by Kaplan, a line about the important role information plays in the world caught the NSA director’s attention, which the following quote encapsulates: “The world is run by ones and zeroes. . . . There’s a war out there. . . . It’s about who controls the information.”24

Cyberspace terminology also supports the notion of life imitating art. In determining how to label threats to the United States’ budding internet infrastructure, the word “cyber” was floating around.25 The word has roots in “cybernetics,” which describes closed loops of information systems.26 According to Dark Territory, though, the science fiction novel Neuromancer27 brought the term “cyberspace” mainstream.28

Fast forward to 2023, where “cyberspace” and “information warfare” have entered Army and joint operations doctrine. Army Field Manual (FM) 3-0, Operations, updated 1 October 2022, recognizes information warfare as methods of warfare and threat used by peer adversaries.29 Similarly, FM 3-0 now includes the cyberspace domain as a key element of the Army’s operational environment,30 just as Joint Publication 3-0 includes cyberspace as part of the joint operations area.31 Joint doctrine on joint cyberspace operations also establishes cyberspace as part of the information environment.32

The origins of key phrases in cyber operations are relevant to NSL or military legal practitioners; they allow practitioners to maintain competence by keeping abreast of benefits and risks associated with technology.33 To the extent cyberspace operations terms sound like the stuff of sci-fi movies and books, Dark Territory tells us why. The book also offers great vignettes on the importance of users keeping networks secure.

Why We Maintain Cyber Awareness34

Reading Dark Territory is worth five years of cyber awareness training.35 Jokes aside, the book expertly paints a picture of why we all need to stay alert to cyber threats. It does so with vivid depictions of military secret networks compromised by thumb drives or the story and aftermath of one of U.S. history’s biggest top-secret information spillages.36

In 2008, NSA signals intelligence (SIGINT) analysts noticed a beacon was sending a signal from a classified computer in Afghanistan.37 A U.S. Service member had plugged a malware-infected thumb drive into a U.S. Central Command computer containing secret information, compromising it with malicious Russian software.38 Whether acting as a legal adviser or legal reviewer for the mandatory investigation following an actual or suspected compromise of classified information,39 legal practitioners should find this aspect of Dark Territory interesting for its relevance.

Legal practitioners advising in cyberspace must read Dark Territory to understand why key documents in cyberspace policy are steeped in secrecy. In short, “the secret history of cyberwar”40 and cyberspace policy are largely secret due to cyberspace’s SIGINT roots. Kaplan also shows how information warfare connects SIGINT to cyberspace. As the internet emerged, communications shifted largely from wired phone lines and microwaves to packets of information sent over what became the internet.41 But the NSA continued its dominant role in cyberspace operations while remaining one of the most secretive agencies in the U.S. Government. Kaplan manages to shed light on secret policies, secret courts,42 and the laws maintaining that secrecy.43

Dark Territory traces the evolution of cyberspace policy and law despite default secrecy. Referencing NSDD 145, the confidential initial policy directive that placed the NSA in charge of computer servers and networks, and subsequent updates as an example that most policy documents in the cyberspace domain were published secretly.44 The book also provides vivid examples of the grave impact of the spillage of secret and top-secret documents on national security. Presidential Policy Directive 20 (PPD-20), “U.S. Cyber Operations Policy,” was top-secret until Edward Snowden leaked it in June 2013 along with other NSA secrets.45 “Fort Meade’s crown jewels were now scattered all over the global street, for interested parties everywhere to pick up.”46

Kaplan highlights the Snowden leak’s global impact across the diplomatic, information, military, and economic spectrums, compromising U.S. national interests. The incident also led to significant reforms. In August 2013, the Obama administration appointed a commission nicknamed “The Five Guys,” which published a report with forty-six recommendations for reform in December 2013.47 The recommendations covered surveillance of U.S. persons, surveillance of non-U.S. persons, and organizational reform.48

Dark Territory shows the trend toward less-secretive agencies becoming involved in cyberspace. A decade after these leaks, more of these organizations are involved in cyberspace operations and are doing important work in securing cyberspace. These organizations include U.S. Cyber Command,49 the Cybersecurity and Infrastructure Security Agency,50 and in the Army’s case, U.S. Army Cyber Command.51 All these agencies make the NSA a less dominant player in cyberspace operations while also definitively answering the question of “who’s in charge.”52 Law practice has also adapted to changes in what has become a clearly defined cyber domain.

Military legal practitioners will benefit greatly from using Dark Territory as a non-technical approach to understanding why securing the cyberspace domain is so important, why key terms are used the way they are used, and why the cyber domain is central to multidomain operations.

Changes to the Way We Fight: Legal Support to Multidomain Operations

This book remains relevant to the military legal practitioner almost a decade after its publication because the cyberspace domain continues to play a central role in the way we fight. In his previous work, The Insurgents,53 Kaplan effectively explained the sea change to how we fought at the beginning of the global war on terror as the military revived counterinsurgency doctrine. Similarly, Dark Territory effectively explains a key aspect of the military’s doctrinal transition to multidomain operations, as cyberspace is now one of the five domains of multidomain operations.54

The threat of “weapons of mass disruption” remains real.55 Kaplan establishes throughout Dark Territory that “what we can do to them, they can someday do to us”56 with examples of cyber attacks in every direction. The military legal practitioner must now consider the cyberspace domain in providing legal advice. Thankfully, military doctrine and practitioners have caught up to this task.

In fact, Army FM 3-84, Legal Support to Operations, published in September 2023, establishes the central role of multidomain operations in how we provide legal support.57 As explained in FM 3-84, “Judge advocates [(JAs)] and paralegals who understand law and policy play a critical role in helping the commander visualize advantages and disadvantages in the information and human dimensions.”58

Similarly, The Army Lawyer has published important articles on JAs’ roles in cyberspace operations.59 These efforts answer one of Dark Territory’s repeatedly asked questions: “Who’s in charge?”60 Dark Territory remains relevant to the extent readers want to understand why things are the way they are regardless of shortcomings.

A Must-Read Despite the Negatives

The territory we now call the cyberspace domain is not so dark anymore, but that does not make Kaplan’s book irrelevant. The crucial part of this book is the history; the author set out to write a compelling history of cyberwar over five decades, and he succeeded. Specifically, this book provides more of a strategic view of cyberspace, while other books in the genre, such as Sandworm61 by Andy Greenberg (senior writer for Wired magazine62), cover similar incidents on a more tactical level. Thus, the advantage of Kaplan’s strategic view is that Dark Territory requires little to no technical knowledge from the reader.

Dark Territory conveys the history of cyberwar in an easy-to-follow manner based largely on interviews of U.S. policymakers and action officers in the formative years of the cyberspace domain. One can also safely assume the bulk of the information in the book is limited to unclassified information, as the interviewees were limited by law.63 As such, the book might be missing the complete picture.

While it may feel logical to assume that cyberwar requires new international laws because it is relatively new, this logic has not been borne out. For example, the lead prosecutor of the International Criminal Court has made it clear that his office would investigate cybercrimes violating the Rome Statute,64 citing attempts to impact critical infrastructure such as medical facilities or control systems for power generation.65

Another criticism of Dark Territory is that it prompts alarmism.66 Actually, the book’s initial reference to WarGames seems to tease out the idea that fears of great cyberspace disasters are blown out of proportion, especially for the average person. Also, almost forty years after those fears led to NSDD 145, it appears most people should be more concerned about global pandemics, climate-change-accelerated natural disasters,67 and old-fashioned irredentism leading to global conflict—less so high school kids accidentally fooling well-funded government systems into destroying the world.

Conclusion

There may have to be another history of cyberwar covering the same period as Dark Territory twenty-five years from now, after most or all the documents relevant to the topics Kaplan covers are declassified.68 However, the author of that yet unwritten, more detailed history of cyber warfare would be wise to read and cite Kaplan’s Dark Territory closely and heavily. In the meantime, Military legal practitioners will benefit greatly from using Dark Territory as a non-technical approach to understanding why securing the cyberspace domain is so important, why key terms are used the way they are used, and why the cyber domain is central to multidomain operations. To that end, this book is an important addition to the NSL practitioner’s bookshelf. TAL


MAJ Akinsanya is a Student in the 72nd Graduate Course at The Judge Advocate General’s Legal Center and School in Charlottesville, Virginia.


Notes

1. The White House, National Security Strategy 34 (2022).

2. Fred Kaplan, Dark Territory: The Secret History of Cyberwar (2016).

3. See The White House, supra note 1, at 34.

4. See Kaplan, supra note 2, at 272.

5. Id. at 271.

6. Id. at 81, 121, 183. The question of “who’s in charge” is brought up repeatedly in Dark Territory and sets up a theme of lacking command structure in the early days of cyber warfare.

7. Id. at 272.

8. Off. of Gen. Couns., U.S. Dep’t of Def., Department of Defense Law of War Manual (12 June 2015) (C1, 31 July 2023) [hereinafter DoD LoW Manual].

9. See id.16.3.1. The DoD LoW Manual even provides examples that clarify when cyber operations constitute use of force, such as triggering a nuclear plant meltdown or opening a dam above a populated area. Id.

10. See, e.g., Joint Chiefs of Staff, Joint Pub. 3-12, Joint Cyberspace Operations (19 Dec. 2022) [hereinafter JP 3-12]; U.S. Dep’t of Army, Field Manual 3-12, Cyberspace Operations and Electromagnetic Warfare (24 Aug. 2021).

11. See DoD LoW Manual, supra note 8, § 1.11.

12. See Kaplan, supra note 2, ch. 15.

13. See, e.g., P.W. Singer, ‘Dark Territory: The Secret History of Cyber War,’ by Fred Kaplan, N.Y. Times (Mar. 1, 2016), https://www.nytimes.com/2016/03/06/books/review/dark-territory-the-secret-history-of-cyber-war-by-fred-kaplan.html (“What neither the insiders nor Kaplan himself seems willing to wrestle with is why this fear of a ‘cyber Pearl Harbor,’ which drives almost all of the book, not to mention billions in spending in the real world, never actually happened over the ensuing two decades.”).

14. Kaplan, supra note 2, at 53.

15. Other books warn of similar worst-case scenarios with cyberwar, but Dark Territory stands out by focusing on history. See, e.g., Ted Koppel, Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath (2015); Richard A. Clarke & Robert K. Knake, The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats (٢٠٢٠).

16. Oscar Wilde, The Decay of Lying 30 (Alma Classics 2016) (1891).

17. WarGames (United Artists Pictures, Inc. & Sherwood Pictures 1983).

18. Kaplan, supra note 2, ch. 1.

19. WarGames, supra note 17.

20. Id.

21. Kaplan, supra note 2, at 2.

22. Id.; The White House, Nat’l Sec. Decision Dir. No. 145, National Policy on Telecommunications and Automated Information Systems Security (17 Sept. 1984).

23. Sneakers (Universal Pictures 1992); Kaplan, supra note 2, at 31.

24. Kaplan, supra note 2, at 31 (quoting Sneakers, supra note 23).

25. Id. at 45-46.

26. Id. at 45.

27. William Gibson, Neuromancer (1984).

28. Kaplan, supra note 2, at 45.

29. U.S. Dep’t of Army, Field Manual 3-0, Operations paras. 1-36, 2-40 (1 Oct. 2022) [hereinafter FM 3-0].

30. See id. para. 1-78.

31. Joint Chiefs of Staff, Joint Pub. 3-0, Joint Campaigns and Operations, at VII-1, VII-3 (18 June 2022) [hereinafter JP 3-0].

32. See JP 3-12, supra note 10, ch. 1, para. 2(g).

33. See U.S. Dep’t of Army, Reg. 27-26, Rules of Professional Conduct for Lawyers r. 1.1, cmt. 7 (28 June 2018) (explaining the military attorney’s duty to maintain competence).

34. See U.S. Dep’t of Army, Reg. 25-2, Army Cybersecurity para. 2-37 (4 Apr. 2019) (requiring authorized users of Army information systems and computer networks to complete and record cyber awareness training annually).

35. Not according to Army policy, which requires proof of annual training. See id.

36. See Kaplan, supra note 2, at 182. Spillage incidents are “[u]nauthorized disclosure of classified information (UDCI) incidents.” U.S. Dep’t of Army, Pam. 25-2-17, Incident Reporting para. 2-1(c)(4)(i) (8 Apr. 2019).

37. Kaplan, supra note 2, at 180-82.

38. Id. This also fits neatly with the concept of peer threats addressed in FM 3-0. See FM 3-0, supra note 29, para. 2-36. Dark Territory touches on several incidents with Iran, Russia, China, and North Korea.

39. See U.S. Dep’t of Army, Reg. 380-5, Army Information Security Program para. 9-3 (25 Mar. 2022) (discussing mandatory investigation due to potential spillage).

40. See Kaplan, supra note 2 (referring to the title of the book).

41. Id. at 25.

42. See id. at 154; 50 U.S.C. § 1801.

43. See, e.g., 18 U.S.C. § 798 (prohibiting unlawful disclosure of classified information); 18 U.S.C. § 793 (prohibiting unlawful gathering, transmitting, or losing defense information).

44. Kaplan, supra note 2, at 178.

45. Id. at 218. Kaplan clarifies in the notes for chapter 12 that PPD-20 was among the documents leaked by Edward Snowden and is available on the Federation of American Scientists website.

46. Id. at 229.

47. Id. at 255.

48. Richard A. Clarke et al., Liberty and Security in a Changing World: Report and Recommendations of the President’s Review Group on Intelligence and Communications Technologies (2013), https://obamawhitehouse.archives.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf.

49. U.S. Cyber Command, https://www.cybercom.mil (last visited Jan. 16, 2024)

50. Cybersecurity & Infrastructure Security Agency, https://www.cisa.gov/shields-up (last visited Jan. 16, 2024). According to the Cybersecurity and Infrastructure Security Agency’s website, it is the Nation’s cyber defense agency, standing ready “to help organizations prepare for, respond to, and mitigate the impact of cyberattacks.” Id.

51. U.S. Army Cyber Command, https://www.arcyber.army.mil/ (last visited Sept. 18, 2023).

52. See supra note 6 and accompanying text.

53. Fred Kaplan, The Insurgents: David Petraeus and the Plot to Change the American Way of War (2013).

54. See U.S. Dep’t of Army, Doctrine Pub. 3-0, Operations para. 1-4 (31 July 2019); FM 3-0, supra note 29, intro. fig. at x.

55. Kaplan, supra note 2, at 52.

56. Id. at 213.

57. U.S. Dep’t of Army, Field Manual 3-84, Legal Support to Operations para. 2-9 (1 Sept. 2023).

58. Id. para. 2-12.

59. See, e.g., Major Vivek “Frank” M. Shah & Captain Trevor W. Waliszewski, Mastery of Cyber Law: Maneuvering Through Cyberspace, Army Law., no. 4, 2022, at 18; Lieutenant General Stuart W. Risch & Colonel Ryan B. Dowdy, Multi-Domain Operations: Judge Advocate Legal Services’ Role in MDO and Bridging the Eighteenth Capability Gap, Army Law., no. 4, 2022, at 90.

60. See supra note 6 and accompanying text.

61. Andy Greenberg, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers (2019).

62. Andy Greenberg, Wired, https://www.wired.com/author/andy-greenberg (last visited Jan. 17, 2024).

63. See supra note 43 and accompanying text.

64. Rome Statute of the International Criminal Court, July 17, 1998, 2187 U.N.T.S. 3.

65. Andy Greenberg, The International Court Will Now Prosecute Cyberwar Crimes, Wired (Sept. 7, 2023), https://www.wired.com/story/icc-cyberwar-crimes.

66. See Singer, supra note 13.

67. This may be a case of “eco-anxiety,” which some may similarly consider alarmist. See Jason Horowitz, How Do We Feel About Global Warming? It’s Called Eco-Anxiety. N.Y. Times (Sept. 16, 2023), https://www.nytimes.com/2023/09/16/world/europe/italy-greece-eco-anxiety.html.

68. See 1 U.S. Dep’t of Def., 5200.01, DoD Information Security Program: Overview, Classification, and Declassification, encl. 5, para. 12 (24 Feb. 2012) (C2, 28 July 2020) (explaining automatic declassification of documents after twenty-five years); see also Elizabeth Goitein, Government Classification and the Mar-a-Lago Documents, Brennan Ctr. for Just. (Oct. 6, 2022), https://www.brennancenter.org/our-work/research-reports/government-classification-and-mar-lago-documents (addressing the time it typically takes to declassify documents).