March 2015 Books of Note

State Behavior and the Nuclear Nonproliferation Regime
Jeffrey R. Fields, ed., University of Georgia Press, 2014, 321 pp.

This collection of 10 essays examines the basis for states’ decisions to support or resist global nonproliferation efforts after a decision to join the nuclear Nonproliferation Treaty (NPT). In his introduction, Jeffrey Fields, the book’s editor, notes that states-parties to the NPT are not required to support the many additional measures that have been negotiated to buttress the nonproliferation regime, such as the Model Additional Protocol, which grants the International Atomic Energy Agency expanded rights of access to nuclear information and sites, and the Comprehensive Test Ban Treaty. The ensuing chapters consider different factors in state nonproliferation behavior, including threat perception, “free riding,” security guarantees, and resource constraints and economic interests. Jeffrey Knopf’s essay addresses the contentious question of whether nonproliferation and disarmament are linked. He concludes that “signs of a commitment to nuclear disarmament” by the nuclear-weapon states “will tend on balance to enhance support for nonproliferation.” In another chapter, Robert Reardon questions the “common assertion” that Russia sometimes takes positions that undermine the nonproliferation regime and Moscow’s own security interests “in a misguided effort to maintain an outsized influence in world affairs and build a network of support among states hostile to the United States.” Reardon argues that Russia’s nonproliferation decisions “are best viewed as rational policy choices based on a complex calculus of competing short- and long-term interests.”—KINGSTON REIF

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon
Kim Zetter, Crown Publishers, 2014, 433 pp.

Countdown to Zero Day tells the story behind Stuxnet, the virus that carried out the first cyberattack to cause physical damage to a country’s critical infrastructure. Many experts, including the book’s author, journalist Kim Zetter, believe Stuxnet was the first digital weapon used by a state but will not be the last. Stuxnet, which was discovered in June 2010 by a small computer security firm, VirusBlokAda, is believed to have been launched by the United States against Iran’s nuclear program. Zetter takes the reader through the complicated planning, execution, and discovery of the virus that covertly sabotaged and destroyed almost 1,000 centrifuges at Iran’s Natanz uranium-enrichment facility. Zetter organizes the book into chapters that break down each aspect of Stuxnet, from how it was planned to how the virus “unloaded its payload.” This allows the reader to become familiar with the technology, software vulnerabilities, and cyber capabilities that made Stuxnet possible, including the use of an unprecedented number of zero-day vulnerabilities—vulnerabilities in software that are unknown to the companies that created it and can be exploited by hackers to gain access to a computer or network—that Stuxnet effectively exploited to carry out its mission. Zetter explores many issues that Stuxnet highlighted in the ongoing debate over what constitutes acceptable behaviors by countries in cyberspace—for example, whether the use of a virus such as Stuxnet represents an act of war. Another issue she tackles is whether governments should be allowed to exploit zero-day vulnerabilities, even purchasing some from hackers on the “gray market,” in the name of national security or be required to ask software companies to patch them.—TIMOTHY FARNSWORTH