I've posted about this phenomenon before. It's worth bearing in mind that these are not just one-off disruptions, and the cost of evacuation, search, digital forensics, and so on probably costs at least $10,000 per incident, if not much more.
I'm not a computer security person but I think it's worth looking at the pattern of attacks like these and thinking in terms of attack surface, vulnerability, and so on. It's not fundamentally different to DDOS attack.
The issue here is not a technical failing or a bad policy on the library's fault -- the problem is we've allowed this sort of thing to go unpunished so often that the perpetrators (correctly) view it as being nearly risk-free. Have the FBI or some other well-resourced and knowledgeable law enforcement agency start investigating these threats and making high profile arrests that result in long prison sentences and I suspect the problem will dry up rather quickly. Unfortunately, the local PD (making the generous assumption that they even care) are simply not capable of tracking down threats delivered via telecommunications even if the threats originate from their own community.
It doesn't say what books. Shouldn't matter to some extent, but odds are it's a deliberate provocation as opposed to a book that the library is "organically" including in it's collection. "If your enemy has a choleric temper, antagonize him" works very well. But don't pretend it's not a tactic. I don't think this is the same as the "sensitivity readers" censoring Dr. Seuss or Ian Fleming or Agatha Christie or stuff that's been on long standing publication. Provoke, and then talk up your opponents bad reaction.
I'm not a computer security person but I think it's worth looking at the pattern of attacks like these and thinking in terms of attack surface, vulnerability, and so on. It's not fundamentally different to DDOS attack.