// Comparison
Sandworm vs The Hacker and the State: Which Should You Read?
Two cybersecurity books on Narrative, compared honestly: who each is for, what each does best, and which to read first.
A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
Andy Greenberg
Long-form journalism on the GRU's hacking operations, the best non-technical book on what state-level cyber actually looks like.
Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.
Read this if
Skip this if
Key takeaways
- NotPetya was not a ransomware accident; it was a wartime weapon that overshot.
- Attribution is slow, contested, and political, but it is also possible and increasingly precise.
- The line between cybercrime and statecraft is thinner than the threat-intel literature suggests.
- Cyber is poorly modeled by deterrence theory: states use it constantly, below the threshold of war, to shape the environment rather than to threaten escalation.
- The signaling/shaping distinction (espionage, sabotage, destabilization, election interference) is the right taxonomy for analyzing modern campaigns and is the book's most reused contribution.
- Attribution and accountability remain genuinely hard, and that asymmetry is itself a structural feature of cyber statecraft, not a temporary condition awaiting better tools.
How they compare
Sandworm and The Hacker and the State are both rated 5/5 in our catalog. Pick by topic preference and reading style rather than by rating.
Both books target beginner-level readers, so the choice is about topic, not difficulty.
Sandworm and The Hacker and the State both cover Narrative, Geopolitics, so reading them in sequence reinforces the same material from different angles.