Cybersecurity debates often invoke the language of war, describing intrusions as attacks, conflicts, or even acts of warfare, particularly in public and policy-facing discussion. Yet most result neither in physical destruction nor decisive strategic outcomes, even when they cause severe economic or societal harm. They unfold less as discrete ‘battles’ than as prolonged contests over access, secrecy, and institutional trust. In Age of Deception: Cybersecurity as Secret Statecraft, Jon R. Lindsay takes this disconnect as his starting point. Rather than asking how cyber operations transform warfare, the book poses a more grounded question: how do cyber operations function as instruments of state power in practice?
Lindsay reframes the discussion, arguing that cybersecurity is best understood not primarily through the logic of war, but through that of intelligence and secret statecraft. He makes a distinction between the different logics of state power. Military statecraft relies on organised violence, economic statecraft on organised exchange. Cyber operations, by contrast, are situated within a third strategic logic: organised deception. This reframing shifts attention away from dramatic incidents and toward the institutional conditions that make cyber operations politically useful – or not.
Access, secrecy, and institutional vulnerability
At the core of the book is a theory of what Lindsay calls ‘intelligence performance’: states’ ability to sustain covert access to information or systems to meaningfully support political objectives. Cyber operations, from this perspective, are neither anomalous nor unprecedented, but a contemporary evolution of long-standing practices of espionage, sabotage, and subversion. Their effectiveness does not hinge primarily on technical sophistication or destructive capacity, but on institutional conditions.
Two such conditions are central. First, cyber operations exploit vulnerable institutions – here, shared technical, organisational, and social arrangements that depend on trust, coordination, and routine cooperation. Second, cyber operations require clandestine organisation – disciplined structures capable of managing secrecy, controlling exposure, and adapting to counterintelligence pressure. Only under both conditions can cyber operations generate sustained intelligence value.
A key implication is that institutional vulnerability is often a byproduct of success rather than failure. Shared standards, interoperable infrastructure, and dense forms of cooperation, characteristic of liberal economic and technical order, create the conditions that allow cyber exploitation to scale. Digitisation expands opportunities for access through cyberspace while simultaneously increasing the risk of exposure as operations traverse systems owned and monitored by actors outside the initiating state, particularly private firms. Cyber insecurity, in this sense, stems less from weak governance than from the forms of coordination that underpin modern political and economic life. This produces a persistent tension between access and secrecy that shapes the limits of cyber power.
Recurring patterns of intelligence competition
Lindsay develops this framework through a wide variety of historical and contemporary case studies. Rather than treating cyber operations as exceptional, the book draws on earlier forms of intelligence and covert action to trace recurring dynamics of access and exposure. Cases spanning the Soviet spies of the Cambridge Five and the Allied cryptographers at Bletchley Park to Stuxnet, Russian interference in the 2016 US elections, and the 2020 SolarWinds compromise are used to show how institutional vulnerabilities are repeatedly exploited and how secrecy, once degraded or lost, limits the political value of intelligence gains.
Rather than presenting these cases as isolated incidents, Lindsay traces the processes of each campaign to reveal how intelligence performance emerges, degrades, and collapses under institutional pressure. Across settings, the same pattern recurs: intelligence gains are real but fragile, dependent on secrecy that is difficult to sustain in complex, interconnected environments.
The chapter on China offers a broader analysis of cyber-enabled intelligence at scale across state, industry, and society. This analysis is a particularly strong contribution, especially given common policy and media narratives that frame China’s cyber activity as hostile and strategically dominant. Rather than treating Chinese cyber activity as evidence of inherent or growing dominance in cyberspace, Lindsay shows how institutional constraints and internal contradictions limit the extent to which extensive cyber operations translate into durable strategic advantage. The result is a more sober account of Chinese cyber power, one that emphasises scale and persistence without assuming strategic payoff.
Taken together, the combination of historical comparison, process tracing, and structural analysis allows the intelligence performance framework to be examined across both discrete campaigns and sustained intelligence competition. Cyber operations emerge not as a revolutionary form of power, but as a familiar mode of statecraft operating under present-day institutional conditions.
Cyber power without strategic resolution
These conditions shape how cyber power is exercised in practice. Because digitised and interconnected institutions offer many points of entry, access is often relatively easy. Yet the same reliance on shared infrastructure and private-sector oversight makes secrecy increasingly fragile. Cyber operations leave traces that can be aggregated, analysed, and publicly disclosed.
The SolarWinds compromise illustrates this dynamic clearly. While the operation achieved unusually broad access across government and private-sector networks, its exposure rapidly constrained the intelligence value of that access. Affected organisations moved to remediate systems, reassess trust relationships, and restructure oversight. The incident demonstrated reach and persistence, but also how quickly secrecy can collapse in a highly connected environment.
To Lindsay, this explains why cyber power tends to enable sustained competition rather than decisive strategic advantage. Intelligence performance rarely disappears entirely: it degrades together with secrecy, leading to ongoing tension rather than resolution. Under these conditions, cyber operations may also serve as instruments of restraint or de-escalation (though often in contingent, case-specific ways rather than through stable deterrence), allowing states to signal and apply pressure short of open confrontation. Once intelligence performance begins to degrade, however, the central problem shifts from access itself to how intelligence is interpreted, coordinated, and acted upon.
Interpreting intelligence performance
The book’s strengths also define its limits, which become clearer once Lindsay begins to tackle the growing role of private industry. He makes it explicit that intelligence gains are often partial, temporary, and politically constrained. This is a deliberate boundary of the argument. Lindsay’s focus remains on the institutional conditions that make intelligence usable or unusable in the first place, rather than on the downstream cognitive or bureaucratic processes that assign meaning to collected information. The book does not aim to explain how analysts or policymakers resolve uncertainty in practice, but rather why intelligence so often fails to consolidate into durable strategic advantage.
When secrecy collapses, intelligence performance does not simply end, nor does it resolve into defensive capability. Instead, it becomes a coordination problem among actors with different institutional incentives. Private firms now play a central role in detecting intrusions, reconstructing campaigns, and shaping public understanding. Yet these firms operate under commercial, legal, and reputational constraints that often encourage partial disclosure and the retention of intelligence as proprietary information.
Cyber power as intelligence competition
Age of Deception offers a disciplined and persuasive alternative to dominant ways of thinking about cyber power. The resulting picture is deliberately ambivalent. Cyber operations may contribute to strategic stability by offering alternatives to overt coercion, yet they do so by normalising persistent exploitation of civilian infrastructure and social trust. While cyber conflict is unlikely to decide wars between states, it may nonetheless degrade human security in more diffuse and enduring ways.
By grounding cyber operations in the logic of intelligence and secret statecraft, Lindsay provides a framework that explains both their ubiquity and their limits without resorting to inflated claims about cyberwar or technological determinism. The book will be especially valuable to readers dissatisfied with incident-driven analysis and interested in how intelligence value accumulates, degrades, and is constrained over time. For scholars, analysts, and policymakers alike, it offers a plain and measured way to understand cyber operations as a persistent feature of state competition, while remaining clear about why they so rarely deliver decisive strategic outcomes.
Age of Deception: Cybersecurity as Secret Statecraft (2025) by Jon R. Lindsay is published by Cornell University Press.
Related Posts
Insights from Binding Hook Live
30 October 2025
Hooked! #7: I love a parade (but what does it mean?)
18 September 2025
