CYBER CONFLICT BELOW THE “THRESHOLD OF WAR”: CYBER WEAPONS IN INTELLIGENCE CONTEST
DOI:
https://doi.org/10.18485/Keywords:
cyber conflict, cyberspace, cyber security, intelligence contest, international relationsAbstract
This paper provides an overview of key findings in the international relations literature concerning conflicts between states in cyberspace. The main conclusions drawn from this literature suggest that, thus far, the “threshold of war” has not been crossed in cyber conflicts. Instead, what we are witnessing is a “gray zone,” characterized by state intelligence contest in cyberspace, manifesting through a multitude of acts of sabotage, subversion, and espionage. Furthermore, the paper presents specific examples of vulnerabilities exploited by actors in the cyber domain and the weaponry employed for such purposes. States have frequently resorted to such forms of weaponry in the previous decades. The aim of this paper is to contextualize how states operate in cyberspace within the broader environment of international relations.
References
[1] Amer, Karim and Jehane Noujaim, The Great Hack, Netflix, 2019
[2] Berger, Joseph, “A dam, small and unsung, is caught up in an Iranian hacking case”, The New York Times, March 26, 2016. Available from: https://www.nytimes.com/2016/03/26/nyregion/rye-brook-dam-caught-in-computer-hacking-case.html (Accessed September 4, 2023)
[3] Burges, Matt, “A Mysterious Satellite Hack Has Victims Far Beyond Ukraine”, Wired, March 23, 2022. Available from: wired.com/story/viasat-internet-hack-ukraine-russia (Accessed September 4, 2023).
[4] Cattler, David and Daniel Black. The Myth of the Missing Cyberwar. Foreign Affairs, April 6, 2022. Available from: https://www.foreignaffairs.com/articles/ukraine/2022-04-06/myth-missing-cyberwar (Accessed September 4, 2023).
[5] Davis, Joshua, “Hackers take down the most wired country in Europe”, Wired magazine, August 21, 2007. Available from: https://www.wired.com/2007/08/ff-estonia/ (Accessed September 4, 2023).
[6] Eady, Gregory, Tom Paskhalis, Jan Zilinsky, Richard Bonneau, Jonathan Nagler, and Joshua A. Tucker, “Exposure to the Russian Internet Research Agency foreign influence campaign on Twitter in the 2016 US election and its relationship to attitudes and voting behavior”, Nature Communications, Vol. 14, No. 1, 2023.
[7] Farwell, James, and Rafal Rohozinski, “Stuxnet and the Future of Cyber War”, Survival, Vol. 53, No. 1, 2011, pp. 23–40.
[8] Fischerkeller, Michael P., Emily O. Goldman, and Richard J. Harknett, Cyber persistence theory: Redefining national security in cyberspace, Oxford University Press, 2022.
[9] Fischerkeller, Michael P., and Richard J. Harknett, “Deterrence is not a credible strategy for cyberspace”, Orbis, Vol. 61, No. 3, 2017, pp. 381–393.
[10] Gerasimov, Valery, “The Value of Science in the Foresight”, Military Review, January/February 2016. Available from: https://www.armyupress.army.mil/portals/7/military-review/archives/english/militaryreview_20160228_art008.pdf (Accessed September 4, 2023).
[11] Ghafur, Saira, Soren Kristensen, Kate Honeyford, Guy Martin, Ara Darzi, and Paul Aylin, “A retrospective impact analysis of the WannaCry cyberattack on the NHS”, NPJ digital medicine, Vol. 2, No. 1, 2019.
[12] Gibney, Alex, Zero days, Showtime, USA, 2016.
[13] Goodman, Will, “Cyber deterrence: Tougher in theory than in practice?” Strategic Studies Quarterly, Vol. 4, No. 3, 2010, pp. 102–135.
[14] Harknett, Richard J. & Max Smeets, “Cyber campaigns and strategic outcomes”, Journal of Strategic Studies, Vol. 45, No. 4, 2022, pp. 534–567.
[15] Jensen, Benjamin, Brandon Valeriano, and Ryan Maness, “Fancy bears and digital trolls: Cyber strategy with a Russian twist”, Journal of Strategic Studies, Vol. 42, No. 2, 2019, pp. 212–234.
[16] Jervis, Robert, The meaning of the nuclear revolution: Statecraft and the prospect of Armageddon, Cornell University Press, 1989.
[17] Jordan, Javier, “International Competition Below the Threshold of War: Toward a Theory of Gray Zone Conflict”, Journal of Strategic Security, Vol. 14, No. 1, 2020, pp. 1–24.
[18] Kaska, Kadri, Henrik Beckvard, and Tomáš Minárik, “Huawei, 5G and China as a security threat”, NATO Cooperative Cyber Defence Center for Excellence (CCDCOE) Vol. 28, 2019, pp. 1–26.
[19] Landau, Susan, “Making sense from Snowden: What’s significant in the NSA surveillance revelations”, IEEE Security & Privacy, Vol. 11, No. 4, 2013, pp. 66–75.
[20] Lindsay, John R, Tai Ming Cheung, and Derek S. Reveron, China and cybersecurity: Espionage, strategy, and politics in the digital domain, Oxford University Press.
[21] Lindsay, John, “Hidden Dangers in the US Military Solution to a Large-Scale Intelligence Problem” in (eds.) Robert Chesney and Max Smeets, Deter, Disrupt, Or Deceive: Assessing Cyber Conflict as an Intelligence Contest. Georgetown University Press, 2023.
[22] Lindsay, John, “Stuxnet and the Limits of Cyber Warfare”, Security Studies, Vol. 22, No. 3, 2013, pp. 365–404.
[23] Maness, Ryan C, “Death by a Thousand Cuts: Is Russia Winning the Information War with the West?” in (eds.) Mai’a K. Davis Cross and Ireneusz Paweł Karolewski, European-Russian Power Relations in Turbulent Times, The University of Michigan Press, Ann Arbout, Mi, 2021, pp. 160–186.
[24] McGuffin, Chris, and Paul Mitchell, “On Domains: Cyber and the Practice of Warfare”, International Journal, Vol. 69, No. 3, 2014, pp. 394–412.
[25] Miller, Chris Chip War: The Fight For The World’s Most Critical Technology, Simon and Schuster, 2022.
[26] Mueller, Robert, “Report On The Investigation Into Russian Interference In The 2016 Presidential Election”, Department of Justice Washington, D.C. March 2019.
[27] Panetta, Leon, “Defense secretary warns of ‘cyber Pearl Harbor’”, CBS News YouTube Channel, October 13, 2012. Available from: https://www.youtube.com/watch?v=C2Qp59aQyu4 (Accessed September 4, 2023).
[28] Platsis, George, “The human factor: Cyber security’s greatest challenge” in: Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications, IGI Global, 2019, pp. 1–19.
[29] “Public Draft: The NIST Cubersecurity Framework 2.0”, National Institute of Standards and Technology, 2023. Available from: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.ipd.pdf (Accessed September 4, 2023).
[30] Rid, Thomas, “Cyber War Will Not Take Place”, Journal of Strategic Studies, Vol. 35, No. 1, 2012, pp. 5–32.
[31] Rid, Thomas, and Ben Buchanan, “Attributing cyber attacks”, Journal of Strategic Studies, Vol. 38, No. 1–2, 2015, pp. 4–37.
[32] Rivera, Jason, “Understanding and Countering Nation-State Use of Protracted Unconventional Warfare”, Small Wars Journal. Available from: https://smallwarsjournal.com/jrnl/art/understanding-and-countering-nation-state-use-of-protracted-unconventional-warfare (Accessed September 4, 2023).
[33] Rovner, Joshua, “What is an Intelligence Contest?”, Texas National Security Review, Fall 2020, pp. 114–120.
[34] Samonas, Spyridon and David Coss, “The CIA strikes back: Redefining confidentiality, integrity and availability in security”, Journal of Information System Security, Vol. 10, No. 3, 2014, pp. 21-45.
[35] Singer, P. W. and Emerson T. Brooking, “What Clausewitz Can Teach Us About War on Social Media”, Foreign Affairs, October 4, 2018. Available from: https://www.foreignaffairs.com/world/what-clausewitz-can-teach-us-about-war-socialmedia (Accessed September 4, 2023).
[36] Smeets, Max, “The Risks of Managing a Purchased Cyber Arsenal”, Blog Post by Max Smeets, Guest Contributor, Council on Foreign Relations, May 31, 2022. Available from: https://www.cfr.org/blog/risks-managing-purchased-cyber-arsenal (Accessed September 4, 2023).
[37] Smeets, Max, No shortcuts: Why states struggle to develop a military cyber-force, Oxford University Press, Oxford, 2023.
[38] Tang, Min, “Huawei versus the United States? The geopolitics of exterritorial internet infrastructure”, International Journal of Communication, Vol. 14, 2020, pp. 4556–4577.
[39] Thompson, Mark, “Iranian cyber attack on New York dam shows future of war”, Time, March 24, 2016. Available from: https://time.com/4270728/iran-cyber-attack-dam-fbi/ (Accessed September 4, 2023).
[40] Von Clausewitz, Carl, (Peter Paret, Michael Eliot Howard, and Carl von Clausewitz), On War, Princeton University Press, 2008.
[41] Vukelić, Miloš R., Kulturni ratovi u Sjedinjenim Američkim Državama i Evropskoj uniji u periodu od 2014. do 2020. godine, Doktorska disertacija, Univerzitet u Beogradu – Fakultet političkih nauka, 2023.
[42] Wardle, Claire, and Hossein Derakhshan, “Information disorder: Toward an interdisciplinary framework for research and policymaking”, Council of Europe Report, 2017.
[43] Warner, Michael, “The Character of Strategic Cyberspace Competition and the Role of Ideology” in (eds.) Robert Chesney and Max Smeets, Deter, Disrupt, Or Deceive: Assessing Cyber Conflict as an Intelligence Contest. Georgetown University Press, 2023.
[44] White, Geoff, “The Lazarus heist: How North Korea almost pulled off a billion-dollar hack”, BBC News, June 21, 2021. Available from: https://www.bbc.com/news/stories-57520169 (Accessed September 4, 2023).
[45] Wilner, Alex, “US cyber deterrence: Practice guiding theory”, Journal of Strategic Studies, Vol. 43, No. 2, 2020, pp. 245–280.
[46] Zeng, Jinghan, Tim Stevens, and Yaru Chen, “China’s Solution to Global Cyber Governance: Unpacking the Domestic Discourse of ‘Internet Sovereignty’”, Politics & Policy, Vol. 45, No. 3, 2017, pp. 432–464.
[47] Zetter, Kim, “Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers”, Wired, May 28, 2012. Available from: https://www.wired.com/2012/05/flame/ (Accessed September 4, 2023).
[48] Zetter, Kim, “The Untold Story of the Boldest Supply-Chain Hack Ever”, Wired, May 2, 2023. Available from: https://www.wired.com/story/the-untold-story-ofsolarwinds-the-boldest-supply-chain-hack-ever/ (Accessed September 4, 2023).
[49] Zimmermann, Verena, and Karen Renaud, “Moving from a ‘human-as-problem’ to a ‘human-as-solution’ cybersecurity mindset”, International Journal of HumanComputer Studies, Vol. 131, 2019, pp. 169–187.
[50] “Department of Defense Cyber Strategy”, United States Department of Defense, Washington DC, 2018.
[51] “Hearing Before the Senate Select Committee on Intelligence. Social Media Influence in the 2016 U.S. Election”, 115th Cong. 13 (11/1/17) (testimony of Colin Stretch, General Counsel of Facebook), 2017.
[52] “Proposal for a Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148, COM (2020) 823 final”, European Commission. Available from: https://eur-lex.europa.eu/resource.html?uri=cellar:be0b5038-3fa8-11eb-b27b-01aa75ed71a1.0001.02/DOC_1&format=PDF (Accessed September 4, 2023).
[53] “Update on Twitter’s review of the 2016 US election”, Twitter blog, 2018. Available from: https://blog.twitter.com/en_us/topics/company/2018/2016-election-update (Accessed September 4, 2023).
[54] “H.R.4346 – Chips and Science Act, 2022”, 117th Congress (2021-2022), U.S. Congress, 2022. Available from: https://www.congress.gov/bill/117th-congress/house-bill/4346 (Accessed September 4, 2023).
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
