Cyber Conflicts in International Relations: Framework and Case Studies

Abstract

Twenty years ago, the possibility of having an international conflict extend into the cyber domain was distant. Since then much has changed. Today cyber conflict is not considered particularly unusual. But considerable uncertainties remain about the nature, scale, scope and other features of such conflicts. This paper addresses these issues using a re-analysis of the case studies presented in A Fierce Domain recently published by the Atlantic Council. In addition, we draw upon other materials (academic and media) to expand our understanding of each case, and add several cases to the original collection resulting in a data set of seventeen cyber conflict, spanning almost three decades (1985-2013). Cuckoo's Egg, Morris Worm, Solar Sunrise, EDT, ILOVEYOU, Chinese Espionage, Estonia, Russo-Georgian war, Conficker, NSA-Snowden, WikiLeaks and Stuxnet are some of the major cases included. This study presents each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Emphasis is placed on characteristics of cyberspace visible on conflicts. Findings include: Distributed Denial of Service is the most common offensive action; accountability is difficult in cyberspace, particularly with international conflicts; outcomes of each instance have been variable, and economic impact is hard to estimate; the private sector has been a key player in cybersecurity; size of an actor, and countries' ICT infrastructure, influence the nature of the cyber conflicts.