NATO Cooperative Cyber Defence Centre of Excellence, 2013

This paper examines how nation states unsuccessfully attempt to use cyber attacks as instruments to support their foreign policy objectives. By analyzing three prominent case studies, I show that as a result of geopolitical tensions, cyber attacks were implemented to further nation state objectives in support of foreign policy considerations and failed to achieve their respective outcomes despite successful deployment against their intended targets. The three case studies, hypothetical scenarios inspired by real events, include: (1) the October 2012 distributed denial of service attacks targeting the U.S. banking sector;

T. Minárik et al. (eds), 11th International Conference on Cyber Conflict: Silent Battle, 2019, 2019

Anonymity is considered to be a key characteristic of cyber conflict. Indeed, existing accounts in the literature focus on the advantages of the non-disclosure of cyber attacks. Such focus inspires the expectation that countries would opt to maintain covertness. This hypothesis is rejected in an empirical investigation we conducted on victims’ strategies during cyber conflict: in numerous cases, victim states choose to publicly reveal the fact that they had been attacked. These counterintuitive findings are important empirically, but even more so theoretically. They motivate an investigation into the decision to forsake covertness. What does actually motivate states to move into the international arena and publicly expose a cyber attack? The goal of this paper is to understand why and under which geopolitical circumstances countries choose to give up the advantages of anonymity. Whether they wish to Name and Shame opponents for ignoring international norms or whether they try to avoid public humiliation, victims of cyber attacks occasionally reveal the fact that they had been attacked. There is tension between such motivations and the will to protect intelligence sources and the incentives to prevent escalation if an attack is revealed, even more so if the attacker is exposed. Indeed, we find that sunk costs, counterescalation risks and the need to signal resolve—while critical in motivating victims to keep cyber attacks secret—may not suffice under such specific circumstances. By focusing on the victim’s side, we draw inspiration from data on real-world cyber attacks in order to place cyber operations in the larger context of secrecy and covert actions in the international arena. In so doing, the aim is to advance the use of empirical data for understanding the dynamics of cyber conflict and the decision-making process of states operating in this increasingly complex domain.

Covert action is as old as political man. The subversive manipulation of others is nothing new. It has been written about since Sun Tzu and Kautilya. People and nations have always sought the use of shadowy means to influence situations and events. Covert action is and has been a staple of the state system. A dark and nefarious tool often banished to philosophical and intellectual exile, covert action is in truth an oft-used method of achieving utility that is frequently overlooked by academics. Modern scholars contend that, for utility to be achieved, activities such as war and diplomacy must be conducted transparently. Examined here is the construction of utility for a subset of covert action: cyber attacks. Cyber attacks, as a functional tool of state, have the ability to influence the space between overt diplomacy and overt war. They have been and are currently being used to influence what James D. Fearon refers to as the ex-ante bargaining range of states.2 The manipulation of the bargaining range between states to achieve a more favorable ex-ante settlement that averts the potential for overt war is not limited to cyber attacks, however. Cyber attacks are just one tool among many that has risen in prominence in recent years.

2019 11th International Conference on Cyber Conflict, 2019

The unprecedented transparency shown by the Netherlands intelligence services in exposing Russian GRU officers in October 2018 is indicative of a number of new trends in state handling of cyber conflict. US public indictments of foreign state intelligence officials, and the UK's deliberate provision of information allowing the global media to "dox" GRU officers implicated in the Salisbury poison attack in early 2018, set a precedent for revealing information that previously would have been confidential. This is a major departure from previous practice where the details of state-sponsored cyber attacks would only be discovered through lengthy investigative journalism (as with Stuxnet) or through the efforts of cybersecurity corporations (as with Red October). This paper uses case studies to illustrate the nature of this departure and consider its impact, including potentially substantial implications for state handling of cyber conflict. The paper examines these implications, including: • The effect of transparency on perception of conflict. Greater public knowledge of attacks will lead to greater public acceptance that countermeasures should be taken. This may extend to public preparedness to accept that a state of declared or undeclared war exists with a cyber aggressor. • The resulting effect on legality. This adds a new element to the long-running debates on the legality of cyber attacks or counterattacks , by affecting the point at which a state of conflict is politically and socially, even if not legally, judged to exist. • The further resulting effect on permissions and authorities to conduct cyber attacks, in the form of adjustment to the glaring imbalance between the means and methods available to aggressors (especially those who believe themselves already to be in conflict) and defenders. Greater openness has already intensified public and political questioning of the restraint shown by NATO and EU nations in responding to Russian actions; this trend will continue. • Consequences for deterrence, both specifically within cyber conflict and also more broadly deterring hostile actions. In sum, the paper brings together the direct and immediate policy implications, for a range of nations and for NATO, of the new apparent policy of transparency.

Cyber aggression – be it espionage, sabotage or even warfare – among state actors is an increasing threat to international security and stability. Due to a lack of commonly accepted international rules or norms in the cyber security area, individual states are looking for the best way to deal with the threat. One of the most effective methods in this regard is to deter cyber threats, preferably before the actual aggression starts or escalates. One potential foreign policy instrument that might be considered useful for cyber deterrence is the concept of signalling: informing any state that is conducting or sponsoring cyber aggression that this (hidden) activity is being monitored and that it may be met with retaliation. Signalling might be an effective instrument to change the cost-benefit calculations of states engaging in or sponsoring cyber aggression activities. While especially cyber espionage and cyber sabotage are currently considered to be cheap, almost non-risk activities, the instrument of signalling may make them less anonymous and risk-free. Yet, the effectiveness of the instrument is difficult to measure.

Cherian Samuel & Munish Sharma (eds.), Securing cyberspace. International and Asian perspectives (Pentagon Press, New Delhi 2016) pp. 95-105., 2016

Predicting the future is hardly possible, but stating that cyber aggression – be it espionage, sabotage or even warfare – will be a continuing threat to international security and stability in the coming years seems a safe forecast. This chapter deals with the question of how states can cope with this forecast from a foreign policy perspective, focussing on cyber aggression conducted or sponsored by state actors. Defence and deterrence, which could be labelled passive deterrence and active deterrence as well, are probably the most ‘obvious’ counter-measures to international cyber aggression that a state could implement. This chapter especially analyses why defence and deterrence look like promising policies, but in practice face some difficulties in the cyber realm. Diplomatic efforts to create Confidence Building Measures (CBMs) and international accepted norms regarding cyberthreats could be more effective in actively addressing the core problems of international cyber aggression, but are little successful so far. The chapter argues that such multilateral diplomatic efforts are crucial for long-term cybersecurity and stability. Instead of an on-going ‘cyber arms race’, efforts could better be focussed on building mutual confidence and respect as well.

How could foreign policy instruments be helpful in responding to major cyber-attacks? This policy brief provides a first exploration of this topic by investigating five cases of international cyber-attacks which had a great deal of societal impact. What role did foreign policy instruments play in the responses to these cyber-attacks, and how can we evaluate their role in hindsight? The policy brief concludes that, although cyber technicians will always be in the lead when a massive cyber-attack occurs, foreign policy instruments such as diplomatic communication, warnings, and sanctions could contribute to limiting the damage of a cyber-attack as well.

Polish Yearbook of International Law

Tallinn University Press, 2019

The paper is devoted to the analysis of the role of cyber in a larger context. The cyber interventions conducted against the states carry an offensive nature and contribute to the violent and non-violent confrontations in different ways. This topic is essential to examine, as the threat of Cyberattacks and hacking incidents are becoming more and more frequent nowadays. They can cause many intangible and physical damages to the states and their populations. The research will be based on the evaluation of the three cases. Through the given examples, it is possible to formulate the advantages and the limits while measuring the value of a new domain. Notably, such benefits as the problem of attribution; avoidance of retaliation might outweigh the costs for the adversary. Cyberattacks are an effective contribution to other powers possessed by the state. Their effective conduction with other conventional actions can result in the state's empowerment. The author will use qualitative research methods: comparative case study, process tracing, and document analysis to estimate the consequences and highlight the significance of the given challenge. Moreover, the author will focus on "the theory of Cyberpower" to strengthen the arguments of the paper and contribute to the research of cyber phenomenon in the IR discipline.