Chapter 5 considers strategy as the art of planning. The term is widely used in government, business, and society to describe an organization’s overall goals, the ways the goals could be achieved, and the resources necessary for success. There are important differences around the world regarding how policymakers view their roles in cyberspace. In market-oriented democracies, government roles are largely limited, and corporations dominate. Software is produced free of government regulation, telecommunication companies operate within a government’s technical guidelines but are profit-driven, and the market for hardware and their information and communications technology supply chains are largely open and global. In authoritarian countries, cyberspace is not free and is highly regulated for the benefit of the government rather than society or corporations or individual users. The chapter considers how strategic principles are applied by different governments and cyberspace and offers a case study of organizing the military for cyberspace.

Chapter 2 introduces the reader to the hardware and software of modern computers. It begins by putting computation in a historical context, thereby showing that computation has been a concern of humanity for millennia. Unsurprisingly, modern computers have been foreshadowed by much older calculating devices designed to meet human needs. The chapter also examines operating systems for the efficient management of computer resources and hardware and software abstractions helpful to understanding computers, such as file systems, virtual memories, and high-level programming languages. The important topics of password security, social engineering, and malicious software are introduced as well as techniques to find and remove malware. Although one might expect that hardware would not exhibit security vulnerabilities, that is false. This is illustrated by a subtle bug introduced in the 1990s to make computers run faster by allowing some instructions to be executed out of order but only shown in 2018 to be a serious security hazard.

Chapter 8 explores the application of international law and norms in cyberspace. It examines law that governs use of force in international politics, the types of weapons that can be developed and used in armed conflict, how combatants engage in conflict on the battlefield, and when individuals can be held criminally accountable for violating these rules. Some governments classify a cyber operation as equivalent to a use of force or form of warfare only if it produces physical destruction or death, while others declare a cyber operation to be an attack when the targeted system loses its ability to function. Finally, the chapter considers how to develop and encourage the adoption of cyberspace norms for governmental behavior and set expectations for states to regulate illicit cyber activity within their borders.

Chapter 7 focuses on the impact of international cooperation in cyberspace. By design, the Internet is global, and engineering ignores sovereignty concerns such as citizenship, borders, and domestic law. However, running against domestic regulation and the consequent possible internet fragmentation are several international efforts to cooperate in cyberspace through various stakeholder and multilateral models that include the United Nations, European Union, and the North Atlantic Treaty Organization (NATO). The latter, composed of 30 countries in North America and Europe, issued a communique in 2021 pushing back against authoritarian uses of the Internet calling for a free, open, and peaceful cyberspace. In 2022, 60 countries, including many NATO members, adopted ”A Declaration for the Future of the Internet.” Applying human rights in cyberspace was among the principles adopted. To explore these issues, the chapter reviews forms of internet governance enabling technical, legal, and policy cooperation across boundaries.

Chapter 4 explores the human dimensions of cybersecurity. Steps that nation-state attackers use to penetrate an organization through phishing and social engineering are described as well as responses that defenders can take to protect themselves. These include hardening facilities, controlling remote access, educating security personnel and users on security hazards, using reputational services, and running an effective security operations center. Because people play a central role in cybersecurity, the chapter also examines limitations on human judgment, captured in the phrase “cognitive biases,” where preconceived notions and biases shape how we organize and respond to challenges. The chapter closes with discussions of applications of economics to cybersecurity and cybersecurity risk evaluation.

Cyberspace is woven into the fabric of modern life. It transcends boundaries, is dynamic, offers low barriers to entry, affords a certain amount of anonymity, enables mass surveillance by governments and corporations, and is essential for just about everything. Within just the past few decades, people everywhere have become as dependent on this online world for their daily activities as they are dependent on the physical world for human activities. The introductory chapter defines cyberspace, considers the importance of cybersecurity, and offers an overview of each chapter.

From its humble beginnings, the Internet has evolved through commercial activities into a global network that reflects different political systems, economic drivers, and social norms. Governments are moving past laissez-faire approaches to the information technology sector and using national and international institutions and practices to increase regulation and intervention in cyberspace. Likewise, individuals, corporations, and non-governmental organizations are active in defining cyberspace. Chapter 11 addresses the question of leadership in the cyber age. Leadership requires many important skills among which is the ability to make good forecasts on which policy may rest.

Chapter 6 explores in detail the attempts by governments to regulate cyberspace. National governments are increasingly assertive and exert control over security, privacy, and content. This is an important departure especially in democratic-capitalist countries that have been largely laissez-faire with respect to cyberspace. The chapter considers these moves at the domestic regulatory level and examines how corporations, civil society, and citizens are responding. Fundamentally, the chapter addresses the role governments play in cybersecurity and foretells the beginning of more governmental intervention in cyberspace, such as mandatory data compromise reporting. Further, as certain countries promote their telecommunication companies globally, cyberspace becomes the means to increase global surveillance, which raises new policy and security issues.

Chapter 3 makes the case for classifying five grey area examples as hate speech in the ordinary sense of the term based on the global resemblance test. We also argue that Facebook’s community standard on hate speech is ambiguous, inconsistent, and incomplete in relation to these examples, and so recommend specific reforms. Section 3.2 looks at hybrid attacks, which, like personal insults, target specific individuals, but, like prototypical hate speech, also attack the groups to which targeted individuals belong and, go beyond standard protected characteristics. Section 3.3 investigates selective attacks, which are derogatory or insulting words that refer to only a subset of a group or else to an amalgamated set of people who belong to multiple groups. Section 3.4 scrutinises reverse attacks, which involve words used by members of groups typically perceived as victims against groups more usually considered perpetrators. Section 3.5 examines righteous attacks, which we associate with attacks in pursuit of some righteous cause. Finally, Section 3.6 assesses indirect attacks, wherein the speaker intentionally uses a derogatory word to address or target someone whom the speaker knows or presumes to be not a member of the group referred to by the word under its literal or primary meaning.

Chapter 8 pulls together the various analyses and practical recommendations we have made concerning the two concepts of hate speech and deals with potential objections and lingering worries. Section 8.2 focuses on the ordinary concept hate speech and confronts possible objections to our normative conceptualisation. This section also summarises the many recommendations we made concerning how Meta (Facebook, Instagram) should amend and revise its community standard and authoritative internal policy on hate speech, and tries to allay residual doubts the company might have about these recommendations. Section 8.3 turns to consider the legal concept hate speech and deals with potential objections to our limited formal definition of the concept and our analyses of grey area laws including those that appear to fall between hate speech laws and hate crime provisions, and also denialism laws. In addition, we reiterate our guidance on how states can develop a coherent body of hate speech laws in the light of both national perspectives and international norms against hate speech, and offer some reasons why states should place special weight on the latter.

Chapter 7 argues that denialist speech can, and should, be classified as a sui generis form of hate speech in the legal sense of the term. Section 7.2 looks at the many faces of denialist speech, including forms of synchronous denialism that are often overlooked in these debates. Sections 7.3 and 7.4 address the thorny problem of classification and attempt to explain why it matters. In Sections 7.5 and 7.6 we turn to examine in more detail the spread of denialism laws at the domestic level and try to uncover the many different functions or purposes served by such laws. Finally, in Section 7.7 we address two sceptical challenges to our main thesis. First, if denialist speech is rightly classifiable as hate speech, then why were denialism provisions absent from the early landmark international laws dealing with incitement to genocide and hate speech in general? And second, if denialist speech can be considered hate speech despite its absence from landmark international laws, then what about other things, such as defamation of religion, and what prevents our characterisation of hate speech in the legal sense from becoming absurdly capacious?

Chapter 6 explores the distinction between the legal concepts of hate speech and hate crime. Our purpose is not only to shed light on but also to resolve the ambiguity, as well as to further illustrate and stress test our analyses. Sections 6.2 and 6.3 propose that the legal concept hate speech, formally speaking, only refers to laws which create bespoke crimes or other sorts of offences that do not have corresponding or parallel basic or base versions, whereas the legal concept hate crime only refers to laws which identify aggravated crimes that do have corresponding or parallel basic or base versions. Section 6.4 makes several key comparisons and contrasts between the concepts, beyond the merely formal analysis, while Section 6.5 develops an account of why the distinction between hate speech and hate crime matters legally speaking, both for victims and defendants. Finally, Section 6.6 discusses four potential grey areas of hate speech law, namely using threatening words or behaviour to stir up hatred; incitement to commit genocide; incitement to discrimination or violence; and torts and delicts involving racist abuse.