Book Review: The Fifth Domain – A Cyber Veteran’s Take

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats by Richard A. Clarke and Robert K. Knake (Penguin, 2019).

Introduction: Personal Reflections on a Cybersecurity Wake-Up Call

Reading The Fifth Domain reminded me of my own experiences as a U.S. Army cyber operations officer and many of the things I’m still seeing in my current role. Richard A. Clarke and Robert K. Knake deliver an urgent warning about cyber warfare that deeply resonated with me. In military terms, cyberspace is often called the “fifth domain” of warfare (after land, sea, air, and space), and this book drives home that reality with vivid examples and authoritative insight. As someone who has spent years defending networks and critical systems, I found the authors’ insights extremely familiar. They reflected many of my own thoughts. The book’s core premise is clear: we have entered an age in which online threats trigger real-world consequences, from malware causing physical damage (like Stuxnet did) to hackers shutting down hospitals and transport systems. Yet, Clarke and Knake’s tone remains “sobering but hopeful,” emphasizing solutions over doom-saying. This balanced approach drew me in. While the threats are dire, there are concrete steps we can take to defend ourselves.

Shining a Light on Critical Infrastructure Threats

One of the book’s most striking contributions is how starkly it illuminates the vulnerabilities of our critical infrastructure; the power grids, water systems, transportation networks, and other essential services that modern society hinges upon. Clarke and Knake, both veteran security experts with high-level government experience, provide an invaluable overview of the “greatest looming cyber threats” to these systems and outline a big-picture plan to counter them. They recount well-known incidents like the Stuxnet attack on Iran’s nuclear program and lesser-known but equally alarming episodes (such as the 2017 EternalBlue malware that “closed hospitals in Britain and froze shipping crates in Germany”) to illustrate how a few lines of code can wreak havoc in the physical world. The authors dedicate an entire chapter to the U.S. electric power grid, rightly and often considered the backbone of all other infrastructure, noting it “remains vulnerable to cyber-attacks” and even proposing options to secure it. As I read their detailed analysis of grid security, I recalled training exercises in the Army that simulated blackouts caused by hackers. Clarke and Knake’s descriptions rang true to those scenarios, underscoring that the threat is not theoretical, and it’s targeting the systems we rely on every day.

What makes The Fifth Domain especially compelling is that it doesn’t stop at sounding the alarm; it also explores why some organizations weather cyber assaults better than others. The authors highlight cases where one company shrugs off an attack while a similar company is devastated, attributing this disparity to differences in cybersecurity preparedness. Their message is that resilience is achievable. By adopting best practices , from basic cyber hygiene to advanced tools, and by fostering a culture of security, critical infrastructure operators can drastically reduce the impact of attacks. Clarke and Knake champion the concept of “cyber resilience,” building systems that can withstand attacks and bounce back quickly, because we live in a world where attacks are inevitable. In their view, investing in strong defenses and backup plans not only protects essential services but also raises the costs for our adversaries, be they criminal groups or nation-states. This focus on resilience over relentless offense aligns with my own philosophy as a cyber professional: we cannot prevent every attack, but we can harden our systems to blunt the damage and deter aggressors.

From the Battlefield to the Emergency Call Center: Emergency Services in the Crosshairs

While The Fifth Domain discusses critical infrastructure at a national scale, its warnings are highly translatable to the emergency services and public safety sector, an area I’ve worked closely with for years now. After all, what is more critical than the 9-1-1 systems and communications networks that police, fire, and EMS depend on? The same vulnerabilities that threaten power grids or pipelines also endanger our emergency services. In fact, recent trends show that attackers are increasingly targeting the very systems that keep the public safe. In 2024, cyberattacks on public safety answering points (911 dispatch centers), radio networks, and computer-aided dispatch systems surged by 60%, making public safety systems “an increasingly common threat target”. We’ve seen distressing incidents where 911 call centers were knocked offline by ransomware or overwhelmed by denial-of-service attacks. One recent cyberattack in Nevada, for example, “forced 911 telecommunicators to take notes by hand” because digital law enforcement systems went down. This is means that during a crisis, when every second counts, hackers can literally slow down or halt the emergency response, putting more lives at risk.

Clarke and Knake’s book, though published in 2019, anticipates this spillover of cyber threats into public safety. The authors paint scenarios in which digital attacks lead to physical chaos; scenarios that, to my mind, map directly onto the world of firehouses, ambulances, and emergency call centers. One major point in the book is that a cyber attack on the electric grid wouldn’t just cause a power outage; it would progress into cascading emergencies, knocking out communications, disabling traffic systems, and crippling the ability of first responders to coordinate. The Fifth Domain shines a light on exactly these nightmare situations. It prompts those of us in the public safety community to ask: Are our 911 systems, our police databases, our ambulance dispatch networks prepared for a cyber onslaught? The sobering evidence is that we have a lot of work to do. Many 911 and emergency systems still run on outdated technology that wasn’t designed with cybersecurity in mind. The book’s core lessons about updating infrastructure, enforcing security standards, and practicing incident response drills are as relevant to a local Emergency Call Center as they are to a Fortune 500 company or a military command center. In short, Clarke and Knake’s insights bridge the gap between the battlefield and Main Street, reminding us that a digital strike can hit anywhere, from power plants to public safety offices.

2019 to Today: Little Progress, Heightened Urgency

Perhaps the most jarring aspect of reading The Fifth Domain in 2025 is realizing how little has changed in the years since its publication. Clarke and Knake issued a clear wake-up call in 2019, yet progress in shoring up our cyber defenses has been startlingly slow. The authors were remarkably prescient. A 2023 West Point review noted “the accuracy with which Clarke and Knake predict many issues that have become prevalent in recent times”, underscoring the “persisting value” of their insights. Indeed, many of the book’s warnings have materialized. Take the Colonial Pipeline incident in 2021: a ransomware attack shut down one of America’s largest fuel pipelines, causing gas shortages and panic along the East Coast. It was exactly the kind of critical infrastructure attack the book forewarned and it highlighted that we hadn’t learned enough from earlier wake-up calls like Stuxnet. Despite a decade of admonitions (many from experts like Clarke himself), basic security gaps remain wide open.

This lack of progress isn’t due to ignorance. Experts know what needs to be done. However, due to complacency, competing priorities, and insufficient investment these problems persist. The Fifth Domain doesn’t shy away from this reality. Clarke and Knake argue that national consensus and willpower are missing ingredients in our cybersecurity strategy. They conclude that until we, as a society, prioritize cyber defense, we will remain vulnerable. In a particularly powerful passage, they warn that “what is missing is national consensus, will, and priority setting”, and if we fail to take the necessary steps, “we may lose not just the battle but the war”. Coming from a former White House security adviser (Clarke) and a former cyber official (Knake), this is not hyperbole but a sober assessment of strategic risk. Given my experience, I’ve seen how bureaucracy and lack of urgency can hamstring even well-intentioned security improvements. The book reinforced my belief that the cyber threats to our country’s infrastructure demand immediate and sustained action. Unfortunately, as I write this, major ransomware attacks and data breaches are still making headlines with depressing regularity. From hospital systems being held hostage by hackers to city governments (large and small) having their emergency services disrupted, it often feels like we’re reliving the scenarios The Fifth Domain warned about, rather than preventing them.

Conclusion: Hope, Solutions, and a Call to Action

Despite the alarming subject matter, The Fifth Domain is, at its heart, optimistic. Clarke and Knake don’t believe we are doomed to a future of cyber dystopia, and neither do I. In fact, one of the most uplifting takeaways from the book is that it “offers a wealth of practical and achievable ideas” for how governments, companies, and citizens can “deter and thwart attacks.”  That spirit of empowerment permeates the final chapters. The authors highlight success stories of companies that fended off nation-state hackers, of government agencies that dramatically improved their security in a short time, and of international cooperation averting digital disasters. They emphasize modern strategies – from “nudges and shoves” (government incentives for better security) to leveraging emerging technologies like artificial intelligence for defense, that can tilt the balance in favor of the defenders. And crucially, they stress education and personal responsibility, urging ordinary users to take simple steps to protect themselves, thereby strengthening the whole ecosystem.

As I finish reflecting on The Fifth Domain, I remain largely positive and motivated. The book succeeded in both validating my own experiences and expanding my perspective. It reinforced that the threats to critical infrastructure and public safety are real and pressing, but it also reinforced that we are not helpless. Cybersecurity isn’t magic; it’s a combination of smart policy, vigilant technical measures, and a culture that values security. Clarke and Knake have given us a roadmap that is as relevant to an Army Cyber Command unit as it is to a local fire department’s IT team. The book’s clarion call for action, cooperation, and resilience is one we should all heed.

Sources:

1. Clarke, R. A., & Knake, R. K. (2019). The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats. Penguin Press.