Podcast Summary: New Books Network
Episode: Jon R. Lindsay - "Age of Deception: Cybersecurity as Secret Statecraft"
Date: February 7, 2026
Host: Eleonora Matiacci (Amherst College)
Guest: Jon R. Lindsay (Georgia Tech)
Episode Overview
This episode features Professor Jon R. Lindsay discussing his book, Age of Deception: Cybersecurity as Secret Statecraft (Cornell UP, 2025). Lindsay challenges conventional views about cybersecurity by positioning it as a domain of enduring secret statecraft rather than simply a set of new technological tools or a new form of warfare. The discussion explores the paradoxical relationship between trust, cooperation, and conflict in cyberspace, illustrated through historical and contemporary case studies.
Key Discussion Points & Insights
1. The Central Paradox: Cooperation Enables Conflict
- Lindsay’s Core Argument: Cyberspace depends on vast cooperative systems (technological, legal, and social), but these same systems create vulnerabilities that enable espionage and subversion.
- “Trust in cyberspace almost enables espionage and subversion.” (00:46, Host recapping Lindsay's thesis)
- Defining Institutions:
- Lindsay sees institutions as “the rules of the game”—the formal and informal systems that allow cooperation.
- "These are human built systems of constraint..." (02:40)
- Irony of Scale: The world’s increased capacity for large-scale cooperation through technology unwittingly increases opportunities for cyber deception and secret intelligence operations.
2. Case Studies Illustrating the Paradox
a. Bletchley Park to Modern Cyber Operations
- Lindsay’s broad timeline, from WWII to present day, demonstrates the persistent logic of secret statecraft.
b. Deep Dive: The Stuxnet Operation (04:42–12:27)
- Stuxnet Overview: Publicly exposed in 2010, it was a US-Israel cyber operation targeting Iranian nuclear centrifuges.
- Not Just One Event: Stuxnet was part of a 15-year series of operations, not a one-off case.
- "It's this 15 year saga of multiple operations, using multiple toolkits..." (06:28, Lindsay)
- Two Kinds of Cooperation:
- Target Cooperation: Iran relied on Western technology—Microsoft software, Siemens equipment—which allowed attackers to exploit vulnerabilities.
- "The technologies provide the connectivity which opens the door for spies to come in." (09:06)
- Attacker Cooperation: U.S. and Israel worked together; the coalition avoided open warfare, using cyber operations as a ‘third way’ to delay conflict.
- "You also don’t have... Israel starting or dragging the United States into a preventative war with Iran." (11:34)
- Target Cooperation: Iran relied on Western technology—Microsoft software, Siemens equipment—which allowed attackers to exploit vulnerabilities.
- Outcome:
- Stuxnet didn’t halt Iranian enrichment but did help avoid wider war.
- “The first [kind of cooperation]... is not successful, and the second one is very successful.” (11:56)
3. The Distinct Logic of Deception (13:13–15:02)
- Deception vs. War vs. Deterrence:
- Deception is not new (see Sun Tzu), but is often misunderstood.
- "If deterrence takes the means of war and applies them to the ends of peace, then deception takes the means of peace and applies them to the ends of war." (14:30, Lindsay)
- Consequences: Analysts and policymakers err when they apply war or deterrence logic to cyberspace, overlooking the unique logic of deception.
4. Why This Matters to Non-Experts (15:24–17:16)
- Technology as Social Practice:
- The digital ecosystem is not just technical—it’s built on collective human trust and cooperation.
- "Technology is social practice... not just as this thing that smart guys in Silicon Valley build." (16:10, Lindsay)
- Participation: Both experts and laypeople are actors in systems of trust, making everyone stakeholders in cybersecurity’s paradoxes.
5. Surprises in the Research: 2016 Election Case (17:37–20:53)
- Russian Interference:
- The media and technical community initially saw Russian operations as classic deception.
- But after exposure, the operation ramped up rather than halted, suggesting something beyond deception—political performance.
- “Once the Russian hand is revealed, the operation doesn’t stop, it goes into overdrive... I don’t think this is deception at all. This is something else. Cooperation still matters, but it's a much more overt form of cooperation.” (18:48)
6. Research Approach: Studying the Ungraspable (21:20–24:53)
- Intelligence Studies Dilemma:
- Studying secret activity is inherently difficult—most remains hidden by design.
- "You're studying self-hiding phenomena." (21:23)
- Merging Fields:
- Lindsay bridges historical intelligence studies with modern cybersecurity research for richer insights.
- Case Selection:
- Chose Bletchley Park, Stuxnet, and the 2016 Election as 'critical cases'—well-documented, representative, and theoretically significant.
7. Limits of Observation & Data (25:00–26:20)
- Most cyber operations go undetected.
- "Very few Stuxnet kind of things that we can attribute to the US NSA." (25:29)
- The absence of evidence for large-scale cyber 'war' events supports Lindsay’s thesis that secret statecraft—not open conflict—is the dominant mode.
8. Implications for Policy & Practice (26:54–30:02)
- Secret Statecraft Defined: The covert use of technical and political tools for state aims under the guise of peace.
- Trade-offs:
- Increased connectivity creates vulnerability; more security reduces usability.
- Defensive actions may impair offensive capability, and vice versa.
- "Improving defense means you're also having to improve offense. Improving security means you're degrading the usability of these systems." (29:50, Lindsay)
- Ethical and Practical Dilemmas:
- “If you want connectivity or do you want security? That’s going to be a fundamental tradeoff... Is that the kind of world we want to live in, as a democratic community?” (28:05)
9. Reflections on the Research Journey (30:30–33:11)
- Lindsay initially underestimated the challenge, thinking a 'cyber-focused' book would be straightforward.
- The project evolved to focus on two main drivers: vulnerable institutions and clandestine organizations.
- "Getting to a simple place often takes a really, really long time." (32:58)
10. Next Steps & Future Research (33:37–35:16)
- New Interests: Lindsay is investigating how ancient archetypes, like Odysseus—the original deceiver—shape modern thinking about technology and deception.
- On AI: "We have Homeric minds in a 21st century technological environment... I don't think that we've done enough thinking about the effect of these archaic archetypes." (34:34)
- Considering the enduring human elements—values, judgment—that technology cannot automate.
Notable Quotes & Memorable Moments
-
On the book’s core lesson:
"Deception is an interestingly distinct class of strategy that we really need to pay attention to. If deterrence takes the means of war and applies them to the ends of peace, then deception takes the means of peace and applies them to the ends of war."
— Jon R. Lindsay (14:30) -
On the ironies of cyber conflict:
"The technologies provide the connectivity which opens the door for spies to come in... that's what makes spies different than soldiers."
— Jon R. Lindsay (09:06) -
On research surprises:
"We were no longer in the world of secret statecraft... I had to look at this and say, I don't think this is deception at all. This is something else."
— Jon R. Lindsay (19:30) -
On the human element:
"Technology is social practice... it is something that you, as a political actor, are actively participating in."
— Jon R. Lindsay (16:10) -
On policy trade-offs:
"Improving defense means you're also having to improve offense. Improving security means you're degrading the usability of these systems."
— Jon R. Lindsay (29:50)
Timestamps for Key Segments
- 00:46 — Central paradox: cooperation enables cyber conflict
- 04:42 — Stuxnet case study introduction
- 07:45 — Stuxnet as multi-decade operation
- 09:06 — How cooperation makes conflict possible in Stuxnet
- 13:13 — The difference between the logic of war, deterrence, and deception
- 15:24 — Why this matters beyond policymakers and experts
- 17:37 — 2016 U.S. election, Russian disinformation, and research surprises
- 21:20 — Methodological challenges: studying hidden phenomena
- 26:54 — Policy implications and real-world trade-offs
- 30:30 — Reflections on crafting a theory of deception in cybersecurity
- 33:37 — Lindsay’s future research: deception, archetypes, and AI
Summary Conclusion
Jon R. Lindsay’s Age of Deception reframes the modern cybersecurity debate by arguing that secret statecraft—rooted in cooperation and deception—remains fundamental, even as the tools and scale change. Trust, built into the fabric of our digital world, paradoxically enables conflict and espionage. Understanding these dynamics, and the difficult trade-offs they entail, is crucial for everyone navigating today's (and tomorrow’s) interconnected technological society.
