Mr. Carlin acknowledges that for naming and shaming to work it must be combined with other tactics, such as sanctions. But some have suggested that publishing the details of the hackers’ actions, even without revealing FBI sources and methods, can teach hackers how to better hide their tracks. Information in the indictments may also provide a playbook for others to disguise their own attacks by adopting the markers of past Chinese or Russian hacks.Such concerns are mostly absent from Mr. Carlin’s book ... For Vladimir Putin, being called out by name is sometimes a bonus, turning influence operations into a wild success.
If there is a shortcoming in the book, it is that in Carlin’s telling the center of gravity in this case and others seems to shift away from U.S. attorneys in the field to officials at the Justice Department in Washington ...[Carlin] does an admirable job explaining the stakes, and for someone trying to get up to speed, this encyclopedic accounting of the opening shots in the code war is an excellent primer. For those who have been following cyber for some time, however, the book may seem to cover familiar ground. One gets the sense that Carlin’s position prevented him from telling us much more than we already know. (He quotes the New York Times and open-source reporting extensively, which made me wish that he’d revealed more of what he learned by being in the room.)
Urgent ... smart if sometimes seemingly overwrought ... Given the threats Carlin enumerates, including election hacking and the theft of intelligence files, responses 'created and refined in real-time' are increasingly necessary—but not forthcoming ... Given the lack of developed policy, if you’re alarmed by the thought of Russian election tampering in 2016, you’re likely to be even more so come the midterms—and by this dire book.
