Accountability and cyber conflict: examining institutional constraints on the use of cyber proxies

Abstract

As state-sponsored cyber operations have proliferated, some states are outsourcing these operations to non-state cyber proxies. However, given the relative ease of outsourcing cyber operations, it is puzzling why more states are not engaged in this practice. I examine how domestic accountability institutions potentially explain this restraint in the use of cyber proxies. I argue that in cases where the incumbent is likely to be held to account for cyber operations, there is restraint in the use of proxies. Moreover, I distinguish vertical from horizontal accountability and argue that because vertical accountability mechanisms directly threaten the tenure of the incumbent if outsourced cyber operations go wrong, it has a greater constraining effect relative to horizontal accountability. I test these propositions with new data on the activities of several hacker groups and robustly confirm that accountability institutions do place significant constraints on the use of cyber proxies.