ISBN: 978-0197550892, Oxford University Press, 2023, 272 pages, $99.75 (Hardcover), $19.99 (Kindle)
Reviewed by: Isabelle Hoare, Northrup Gruman, Melbourne, Florida, USA
Erica D. Lonergan and Shawn W. Lonergan’s Escalation Dynamics in Cyberspace is a pleasantly digestible work of cyber strategy analysis. At a time when fears of a catastrophic “Cyber 9/11” or “Cyber Pearl Harbor” continue to dominate policy rhetoric and public discourse, the Lonergans offer a refreshing perspective. Their central thesis—that cyber operations rarely lead to escalation—is supported by a robust theoretical framework and extensive case analysis.
Rather than treating cyberspace as a uniquely escalatory domain, the authors demonstrate that cyber operations are often used for signaling, espionage, and crisis management. In fact, they suggest that the very characteristics that limit cyber’s strategic impact—such as plausible deniability, technical complexity, and limited destructive potential—also make it a useful tool for de-escalation. This nuanced and data-driven approach makes Escalation Dynamics in Cyberspace a critical resource in discussions of cyber conflict and national cyber strategy. The book is not only a must-read for policymakers, scholars, and military professionals, but it also serves as a grounding tool for the cyber alarmist.
The Lonergans’ work is distinguished by its clarity and relevance. In contrast to cyber literature that leans on speculative “what if” scenarios, this book anchors its conclusions in extensive empirical data and rigorous case selection. Drawing from hundreds of cyber incidents and 18 geopolitical crises, the authors find consistent evidence that cyber operations between rival states tend to follow a tit-for-tat pattern rather than escalating into open conflict.
At the heart of their argument are four characteristics of cyber operations: their dependence on secrecy and plausible deniability; the technical difficulty of executing strategic-level attacks; the limited and often reversible effects these attacks generate; and the dual-use nature of cyber tools for both espionage and warfare. These features collectively undermine the assumption that cyberspace favors the offense. On the contrary, the authors convincingly show that cyber’s strategic logic is defined more by caution and calibration than by risk and aggression.
Perhaps the most compelling contribution of the book is its treatment of cyber operations as instruments of accommodative signaling. In times of crisis, states often face domestic or strategic pressure to do something tangible in response to provocation. Cyber operations—because they can be calibrated, deniable, and non-lethal—offer a uniquely valuable tool to signal resolve without inviting military retaliation. This insight reframes cyberspace not as a destabilizing force but as a pressure valve during international crises.
That is not to say the authors ignore escalation risks. Indeed, one of the strongest sections of the book is its exploration of possible escalation scenarios. The Lonergans are careful to identify rare but dangerous situations, particularly those involving operations targeting military or nuclear command-and-control infrastructure, where cyber actions could cross domains and provoke kinetic conflict. However, even these edge cases are shown to be bounded by significant organizational, strategic, and perceptual constraints. In short, escalation is not impossible, but it is exceptional—and that distinction is critical in understanding conflict in cyberspace.
Another strength of the book lies in its policy relevance. The authors critically engage with U.S. Cyber Command’s “defend forward” strategy, raising important questions about the risks of persistent engagement and pre-positioning in adversary networks. Their warning is not alarmist but pragmatic: policymakers must recognize the limits of cyber coercion and invest more in resilience, defense, and clarity in signaling. These recommendations are especially timely given the increasing normalization and integration of offensive cyber operations in national defense strategies.
What sets this book apart is its balance between theory and practice, skepticism and optimism, factual depth and conceptual clarity. The Lonergans are not cyber utopians; they recognize the dangers that cyberspace presents as a new domain of war and conflict. But they refuse to indulge in strategic fatalism. Their central message is that if we better understand the actual dynamics of cyber interaction, we can design smarter, safer strategies for the digital age.
Escalation Dynamics in Cyberspace is an influential work that challenges and refines our understanding of cyber conflict. It systematically dismantles the myth of inevitable escalation and replaces it with a more accurate, more applicable, and more understandable framework for interpreting cyber operations. Some readers may find themselves needing to reread sections to fully appreciate the depth of the argument, especially if they are not well-versed in international security policy. Despite the complexity of some topics, the authors illustrate their perspective eloquently, painting a rich, accessible picture of how cyber operations occur within broader strategic and political contexts.
Whether you are a cyber operator, policy analyst, military strategist, academic, or simply interested in cyberspace dynamics, this book will shift the way you think about cyberspace—not as a ticking time bomb, but as a domain of calculated restraint and quiet competition. This text belongs not only on the syllabus of every serious course on cyber strategy and the desks of those shaping tomorrow’s doctrine, but also on the shelves of every cyber alarmist who needs a dose of empirically grounded analysis to dial back the panic.
