Cyber Conflict and International Relations: Where to get started

Cyber conflict seems to have become necessary and normal. Nearly every day cyber attacks occupy the headlines of mainstream media. A diverse group of governments across the world state that they are exploring options to (further) develop a capacity to conduct offensive cyber operations. Non-state actors also continue to rely on cyber means whilst pursuing a diverse set of motives.  

Yet, the dynamics of cyber conflict are complex, understudied, and constantly changing.  In 2012, when Gen. Keith Alexander was still heading the NSA and US Cyber Command, he stated that there is “much uncharted territory in the world of cyber-policy, law and doctrine”. Gen. Alexander’s statement still holds today. There is still much uncertainty about a broad set of related issues, such as the potential normative restraints on cyber conflict, fourth party intelligence collection, the strategic value of offensive cyber operations, and how state and non-state actors (can) work together in cyberspace – both from offensive and defensive perspective. Researchers have tried to answer these questions whilst the conceptual and empirical underpinnings of the field are fluid. New ‘data points’, like the cyber-enabled information operations during the US Presidential Elections, have (re)shifted the focus of the field and changed our understanding of what cyber conflict entails. New interpretations of old ‘data points’, like the re-study on the 1990s Moonlight Maze campaign, have equally altered our understanding of the field.

So where to get started if you’re a political science student (or diplomat, congressional staffer, etc.) new to the field of cyber conflict? Below you can find a very, very short reading list. It’s based on my teaching at Stanford University for the Master in International Policy (MIP), analysis of 25+ cyber conflict syllabi, and review of cyber conflict articles in top 50 Poli Sci journals. 

  1. Conceptualizing Cyberspace and Cyber Conflict

2. Types of Threat Actors and forms of Activity

3. Policy Dilemmas

(Public) Attribution

  • Rid, Thomas & Ben Buchanan, ‘Attributing Cyber Attacks’, Journal of Strategic Studies, 38:1-2 2015, http://www.tandfonline.com/doi/abs/10.1080/01402390.2014.977382
  • Florian Egloff, “Public Attribution of Cyber Incidents,” (2019, May),  CSS Analyses in Security Policy, http://www.css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/CSSAnalyse244-EN.pdf

VEP / Capability Build up

Organizational Integration

  • Michael Hayden, Playing the Edge: American Intelligence in the Age of Terror 
  • Michael Sulmeyer, “Much Ado About Nothing? Cyber Command and the NSA,” WarontheRocks, (2017, July 19) https://warontherocks.com/2017/07/much-ado-about-nothing-cyber-command-and-the-nsa/ 
  • Smeets, Max, “Organisational Integration of Offensive Cyber Capabilities: A Primer on the Benefits and Risks,” NATO CCD COE Publications, 2017, http://maxsmeets.com/wp-content/uploads/2018/09/Art-02-Organisational-Integration-of-Offensive-Cyber-Capabilities-2.pdf

Cybersecurity Dilemma

  • Buchanan, Ben, Cybersecurity Dilemma, 2017, Oxford University Press

Collateral Damage

4th Party Collection

  • Juan Andres Guerrero-Saade & Costing Raiu, “Waling in our enemy’s shadow: When Fourth-Party Collection Becomes Attribution Hell”, Virus Bulletin Conference, (2017, October): https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/Guerrero-Saade-Raiu-VB2017.pdf
  • GReAT, Animals in the APT Farm, Kaspersky Lab (2015, March 6): https://securelist.com/animals-in-the-apt-farm/69114/

Dealing and Responding to Proxy Activity

  • Healey, Jason. “The Spectrum of National Responsibility for Cyberattacks.” Brown Journal of World Affairs 18.1 (2011): 57–69.
  • Maurer, Tim “‘Proxies’ and Cyberspace,” Journal of Conflict and Security Law, (December 17, 2016)
  • Bejtlich, R. ‘What Does “Responsibility” Mean for Attribution?’ (TaoSecurity, 22 December 2014) http://taosecurity.blogspot.com/ 2014/12/what-does-responsibility-mean-for.html4

4. History US Cyber Conflict

  • Warner, Michael (2012) Cybersecurity: A Pre-history’, Intelligence and National Security, 27:5, 781-799 http://www.tandfonline.com/doi/full/10.1080/02684527.2012.708530
  • Healey, Jason, and Karl Grindal. 2013. A Fierce Domain: Conflict in Cyberspace, 1986 to 2012. Cyber Conflict Studies Association.
  • Sanger, David E., 2012. Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power (NY: Crown), pp. 188-209

5. US(CYBERCOM) Cyber Strategy

  • Lynn, William J. III, “Defending a New Domain,” Foreign Affairs 89.5 (2010), 97-108.
  • United States Cyber Command, “Achieve and Maintain Cyberspace Superiority”, (March 23, 2018), retrieved from: https://assets.documentcloud.org/documents/4419681/Command-Vision-for-USCYBERCOM-23-Mar-18.pdf
  • Smeets, Max and Herbert S.  Lin, Chapter 4: A Strategic Assessment of the U.S Cyber Command Vision, 2018, Bytes, Bombs & Spies, Brookings Institution Press: https://medium.com/freeman-spogli-institute-for-international-studies/bytes-bombs-and-spies-261564d51157

6. The Strategic Value of Cyber – Deterrence, Compellence, Persistence and more

  • Gartzke, Erik. “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth.” International Security 38, no. 2 (October 2013): 41–73. doi:10.1162/ISEC_a_00136.
  • Harknett, Richard J. and Michael P. Fischerkeller, “Deterrence is Not a Credible Strategy for Cyberspace,” (2017), Orbis Summer 2017, Vol. 61, No. 3
  • Gartzke, Erik and Jon R. Lindsay. “Weaving Tangled Webs: Offense, Defense, and Deception in Cyberspace.” Security Studies 24, no. 2 (April 3, 2015): 316–48. doi:10.1080/09636412.2015.1038188.
  • Aaron F. Brantly, Cyber Actions by State Actors: Motivation and Utility, International Journal of Intelligence and CounterIntelligence, 27:3 (2014)465-484

7. Cyber Norms

  • Finnemore, Martha “Cultivating International Cyber Norms.” America’s Cyber Future: Security and Prosperity in the Information Age 2 (2011).
  • Farrell, Henry and Charles L. Glaser, The role of effects, saliencies and norms in US Cyberwar doctrine, Journal of Cybersecurity, 3, 1, 1 March 2017, 7–17, https://doi.org/10.1093/cybsec/tyw015
  • Finnemore, Martha and Duncan B. Hollis, “Constructing Norms for Global Cybersecurity,”  110 American Journal of International Law, Temple University Legal Studies Research Paper No. 2016-52

8. International Law

  • Koh, Harold Hongju. “International Law in Cyberspace.” Harvard International Law Journal Online 54 (2012): 1–12.
  • Schmitt, Michael N. “International Law in Cyberspace: The Koh Speech and the Tallinn Manual Juxtaposed,” Harvard International Law Journal, 54 (2012) http://www.harvardilj.org/wp-content/uploads/2012/12/HILJ-Online_54_Schmitt.pdf
  • Waxman, Matthew C., “Cyber-Attacks and the Use of Force: Back to the Future of Article 2(4),” Yale Journal of International Law, vol. 36, no. 421 (2011): pp. 421-459.

Links

Leave a Reply

Your email address will not be published. Required fields are marked *