Offensive Cyber Capabilities Research Articles

Unpacking Russia’s Cyber-Incident Response

Western states are increasingly holding foreign governments accountable for cyberattacks. They couple public attribution of cyberattacks (PAC) with indictments, sanctions, and collective “naming and shaming” campaigns. Russia, however, while routinely subject to foreign cyber-intrusions, has seemed much less responsive toward these attacks. I argue that Russia’s restraint regarding PAC stems from its desire to maintain the relative impunity of state-sponsored cyberattacks. This strategy stems from Moscow’s technological inferiority to the West and from the strategic benefits of internationally tolerated cybercrime. Despite the harm to Russia, tolerance toward cybercrime helps the Kremlin steal foreign technology, improve its defensive and offensive cyber capabilities, and facilitate covert action against democracies abroad. Merging securitization theory with criminology, I propose a novel theoretical lens to explain this phenomenon and then test it—quantitatively and qualitatively—against a large dataset of Russian-language media reports, forensic investigations, and policy documents. I argue that threat perception of cyberattacks is not a given but rather is contingent upon the material distribution of cyberpower among nations and intrinsic utility of cybercrime as a political tool.

Assessing Offensive Cyber Capabilities

The recent emergence of mercenary spyware like Pegasus or Russia’s ongoing conventional warfare in Ukraine, supplemented by a cyber offensive we never experienced before, made cybersecurity even more critical. Despite the considerable research in the field, it seems that academia and the private sector have not been able to keep up with the growing importance of security and privacy resulting from the significant increase in cyber threats to critical services, infrastructure and human rights. Research on cyber capabilities tends to focus on the general understanding of the field and pays less attention to the rapid spread of increasingly advanced offensive cyber capabilities. Correctly assessing the capabilities of others and recognising the steps necessary to develop their own capabilities are essential for any country in combating future cybersecurity challenges. However, since there is no consensus on describing even basic cyber capabilities, current research uses different interpretations and usually lacks offensive capabilities altogether. In this article, I discuss the problem of assessing, measuring and evaluating offensive cyber capabilities, starting from the different definitions of some related terms through the various cyber power indices, right down to the talent behind cybersecurity, and perhaps the most promising indicators for assessing offensive capabilities.

A Small State’s Cyber Posture: Deterrence by Punishment and Beyond

This study explores a small-state’s offensive cyber capabilities as a deterrent against great-power cyber hostilities. More specifically, it poses the question: Could Norway successfully deter hostile cyber operations of greater powers, notably China and Russia, by signaling a resolve to retaliate within the same domain? The study reviews literature on the small state’s prospects of acquiring relevant offensive cyber capabilities; successfully signaling a deterrence-by-punishment posture; and, more generally, on the intricacies of retaliating against a greater power. The study concludes that most small states would enter the cyber battlefield with non-strategic and surreptitious capabilities, be inclined to signal their resolve with considerable ambiguity, and be compelled to respond with deniable means. It finds that such obscure features – the hallmarks of murky clandestine operations rather than a strategic posture – do not provide efficacious deterrence. Hence, to Norway and similar small states, deterrence by punishment may be an elusive, if not altogether vain, cyber posture.

Moving from secrecy to transparency in the offensive cyber capabilities sector: The case of dual-use technologies exports

Transparency is central to the prevention of human rights abuses. Over the past few decades, a belief in transparency has permeated multiple industries, reflected in an explosion of legislation intended to further this principle. Yet, despite this emphatic recognition of the importance of transparency, the activities of government and private sector actors involved in the development, sale, and export of Offensive Cyber Capabilities (OCC) remain cloaked in secrecy regardless of the sector’s role in facilitating human rights abuses. In this article, we tackle this broader challenge of secrecy via a case study on the export of dual-use technologies. We theorize why secrecy has been so prevalent in the OCC sector. We consider the role of different forms of secrecy—such as commercial secrecy and opportunistic secrecy by governments—in facilitating this situation. We argue that injecting greater transparency into the OCC sector is critical to deterring human rights abuses through accountability and oversight, can help counter the proliferation of offensive cyber technology proliferation, and can ensure better overall governance in regimes governing the export of dual-use technologies. Mandating transparency by governments and exporting companies in the OCC sector can pave the way for policy changes to better regulate this industry and finds support in international human rights principles related to transparency. In closing, we examine how transparency might be incorporated into export frameworks addressing dual-use technologies.

INDIA’S GROWING CYBER PARTNERSHIPS AND CHALLENGES FOR PAKISTAN

With the emergence of new technologies, the potential of cyberspace is immense; however, the growing number of cyber-attacks on states’ critical infrastructure has highlighted the need for cyber security. Although it is challenging to achieve foolproof security, states can maximise safety in the cyber domain through cyber partnerships with technologically advanced countries. This study finds that India is maximising its cyber security while enhancing its offensive cyber capabilities by concluding agreements with most cyber-secure states. Furthermore, India’s cyber capabilities are more focused on Pakistan due to longstanding tensions between the two countries. On the other hand, Pakistan lacks focus on cyber security and has yet to take sufficient measures. Pakistan can maximise its cyber security through technological advancements and taking advantage of friendly countries' expertise in the cyber security domain. Cyber security partnerships will strengthen Pakistan against threats emerging from state and non-state actors. Following a qualitative exploratory research design, this study provides a detailed understanding of India’s growing cyber security partnership and cyber posture, besides highlighting Pakistan’s approach towards cyber security. Bibliography Entry Farooq, Ammad and Ahmad Ali. 2022. "India’s Growing Cyber Partnerships and Challenges for Pakistan." Margalla Papers 26 (2): 49-61.

Drawing a line: Digital transnational repression against political exiles and host state sovereignty

AbstractAuthoritarian regimes increasingly resort to surveillance and malware attacks to extend their coercive reach into the territory of other states and silence dissidents abroad. Recent scholarship has examined the methods of digital transnational repression and their detrimental effects on the fundamental rights and security of targeted individuals. However, the broader normative and security dimensions of these practices remain underexplored, especially with regard to the states hosting the affected exiles. Addressing this gap, our article investigates digital transnational repression as a potential violation of host state sovereignty. Mobilising emerging research on digital sovereignty and cybersecurity, we argue that digital repression can violate host state sovereignty in that it constitutes extraterritorial enforcement jurisdiction; interferes with open debate and national self-determination; impedes the host state's adherence to fundamental norms of international humanitarian law; and undermines host state authority, domestic sovereignty, and integrative capacities. We outline possible pathways to counter digital transnational repression, focusing notably on distributed cyber deterrence, punitive measures like sanctions, and norms and regulations restricting the global proliferation of offensive cyber capabilities. Building on a post-territorial notion of sovereignty that centres on the effects of state actions in and beyond cyberspace, our article contributes to reflections on a human-centric approach to cybersecurity.

Denmark’s Offensive Cyber Capabilities: Questionable Assets for Prestige, New Risks of Entrapment

In 2019, Denmark declared its military offensive cyber capability operational. This article analyses how this capacity compares to another recent acquisition, the F-35 multirole combat aircraft, in Denmark’s general military security strategy. Snyder’s article, “The Security Dilemma in Alliance Politics”, from 1984 explain why and how the strategic challenge for Danish decision-makers is to minimize the risk of abandonment by the United States while avoiding becoming involuntarily entrapped in U.S. conflicts (Snyder, 1984). Denmark has consciously sought to balance this dilemma since joining NATO in 1949. This article shows that the F-35 acquisition is well suited for this strategy and that the new offensive cyber capacity functions differently, creating new risks of entrapment. While this does not disqualify offensive cyber as a useful Danish military capability, it does imply that decision makers must evaluate offensive cyber on terms other than those of conventional means.

Leashing the Dogs of Cyber War

Abstract States have increasingly been engaged in the development of cyber capabilities which can act across the full spectrum of effects. The structures competent to deliver these effects are usually institutionally tied to armed forces or intelligence services, or represent a mixture of the two. Both types of organizations are typically subject to strict oversight and control mechanisms due to the nature of their activities and their potential to impact on the constitutional foundations of a democratic state. Yet, there is limited research available on the respective national frameworks governing offensive cyber capabilities, and similarly little information on the applicable control mechanisms. This article provides an overview of the areas of oversight, explores the challenges related to cyber capabilities, and offers possible avenues for future research.

Chinese Concepts and Opportunities in Information Warfare: China-US Rivalry in Cyberspace

The research is devoted to the emergence of threats to information security and competition in cyberspace between the two largest powers - China and the United States. Over the past ten years, China has been actively developing offensive cyber capabilities, turning into a state with a combat- ready and modern army. Its technological level is behind the United States in many areas, but Beijing is rapidly closing the gap. Today, the information confrontation between these countries is of a strategic nature. Both China and the United States are investing large sums of money in the development of cyber technologies. The authors examine the different approaches of China and the United States to the methods of waging information wars and countering various challenges and threats in cyberspace. In conclusion, the authors come to the opinion that China will actively develop information technologies and build up its strategic potential in this area in the near future, which will lead to tougher competition among major powers in cyberspace.

Cyber conflict short of war: a European strategic vacuum

ABSTRACT Cyber conflict short of war plays an increasingly important role in contemporary security politics. Dedicated to a study of three European NATO members – the Netherlands, France and Norway, this article expands the existing focus of the study of cyber conflict short of war beyond its dominating US context. It compares and assesses how the countries perceive and respond to a changing strategic environment characterised by increasing cyber conflict short of war. The analysis demonstrates that all three countries acknowledge that cyber operations short of war alter the strategic environment and challenge the idea of deploying offencive cyber capabilities as purely a warfare matter. However, it also identifies a strategic vacuum, as none of them have formulated strategies that describe in detail how military and intelligence entities are supposed to approach and manage the new strategic environment. The article asserts that the current lack of strategic guidance is a fundamental challenge that puts European societies at risk and undermines democratic governance as navigating the new space of strategic cyber competition is a significant challenge to contemporary European statecraft. It concludes by noting three avenues for how to ameliorate this situation and fill the vacuum.

Offensive Cyber Capabilities and State Violence: Three Logics of Integration

Abstract Offensive cyber capabilities (OCCs) are the combination of people, technologies, and organizational attributes that jointly enable offensive cyber operations: the adversarial manipulation of digital services or networks. Most works on OCCs focus on their (de-)escalatory potential in terms of diplomatic tension, instability, or power. This article argues for a re-orientation toward the normatively prior question of their relative violence. It asks: how are OCCs integrated into violent state capacities and what are the consequences? The article proposes three logics of integration by which OCCs are included in violent state actions, in both repressive and interstate situations. These logics—substitution, support, and complement—weigh the benefits of using OCCs against an adversary instead of, as part of, and in addition to other means of violence, respectively. The article argues that the violence of OCCs depends on two things: first, whether one adopts a narrowly physical or a more expansive definition of violence and, second, which logic of integration governs their use. On a narrow definition of violence, substitutive and supportive uses of OCCs are less likely to be violent than conventional alternatives, and complementary uses of OCCs are not violent at all. On a wider definition, both substitutive and supportive uses of OCCs can lead to more violence than conventional alternatives, while complementary uses of OCCs are highly likely to increase violence overall. Acknowledging the different logics of integration for OCCs, and understanding their violent effects, has important analytical and policy benefits for global security studies.

The better angels of our digital nature? Offensive cyber capabilities and state violence

AbstractTransformations in state violence are intimately associated with technological capacity. Like previous era-defining technologies, global digital networks have changed state violence. Offensive cyber capabilities (OCCs) appear to constitute a major technological development that offers the potential for reducing state violence. This article asks: are OCCs really the better angels of our digital nature? Current scholarship in strategic studies, adopting a narrow definition of violence, conceives of OCCs as largely non-violent. This ignores how technology has given rise to new forms of harm to individuals and communities, particularly in the context of violent state repression. We propose using an expanded definition of violence, including affective and community harms, and argue that OCCs relocate, rather than reduce, state violence towards non-bodily harms. Even though their lethal effects are limited, OCCs are not, as is supposed, a non-violent addition to state arsenals. This conclusion has important implications for international affairs, including re-orienting defensive cybersecurity efforts and altering calculations around the perception of OCCs by adversaries.

An Inspection Regime for Cyber Weapons: A Challenge Too Far?

Two of the most pressing questions concerning international peace and security today are how to avoid an escalation of conflicts in cyberspace and how to ensure responsible behavior and accountability of states in their use of information and communication technologies. With more than thirty states now possessing offensive cyber capabilities and cybersecurity incidents such as Stuxnet, WannaCry, and NotPetya causing significant physical effects or financial damage, there is a clear need to find a better way to manage security risks connected with the use of increasingly sophisticated cyber means by states. At present, this issue is on the agenda of two United Nations groups and is mainly addressed through a “framework for responsible behavior of states” consisting of international law, voluntary and non-binding norms, and confidence-building measures for states’ use of information and communication technologies. What the current discussions do not address, however, is whether the security risks could also be regulated through an arms control and inspection regime for cyber weapons. While such a regime has been proposed by scholars, states remain skeptical or even actively opposed to efforts to impose traditional arms control measures on offensive cyber capabilities. This essay examines why a cyber weapons inspection regime is so difficult to devise. It argues that due to their nature and mode of functioning, cyber weapons significantly differ from traditional nuclear, chemical, or biological weapons, such that mechanisms established by traditional arms control treaties either will not work or will not be agreed to by states. Instead, new regulatory approaches are necessary.

The AI-cyber nexus: implications for military escalation, deterrence and strategic stability

ABSTRACTHow could AI-infused cyber capabilities be used to subvert, or otherwise compromise, the reliability, control and use of states’ nuclear forces? This article argues that a new generation of artificial intelligence (AI) enhanced cyber capabilities will amplify the risk of inadvertent escalation caused by the co-mingling of nuclear and strategic non-nuclear weapons and the increasing speed of warfare, thereby increasing the risk of nuclear confrontation. It examines the potential implications of cyber (offensive and defensive) capabilities augmented with AI applications for nuclear security. The article concludes that future iterations of AI-enhanced cyber counterforce capabilities will complicate the existing challenges of cyber defence, and in turn, compromise nuclear assets and increase the escalatory effects of offensive cyber capabilities.

Deterring Russian cyber warfare: the practical, legal and ethical constraints faced by the United Kingdom

ABSTRACTThis article examines both the nature of the cyber threat that Russia poses to the United Kingdom and the efficacy of the latter’s responses to it. It begins, and making use of original Russian sources, with a review of why a Russian cyber campaign is being conducted against the UK and how it is being operationalised. This article then goes on to analyse the UK’s ability to defend itself against this campaign by employing the concepts of both deterrence-by-denial and deterrence-by-punishment. But can this UK cyber deterrence actually work? The idea of cyber deterrence-by-denial seems to be impractical, while there are specific issues with employing cyber in a deterrence-by-punishment capacity. In particular, how can the UK use its own offensive cyber capabilities against Russia and yet remain within international law and ethical boundaries? Indeed, the UK government has already accepted that, in any future use of its offensive cyber capabilities, it cannot do so.

Past behavior and future judgements: seizing and freezing in response to cyber operations

Abstract The use of cyber operations as a foreign policy instrument continues to stimulate academic interest towards interstate behavior in this domain. With continued investment in offensive cyber capabilities, there is an urgency to provide both academics and policy-makers with a better grasp of this phenomenon. While the past decade saw the growth of frameworks that highlight systemic and/or technological factors, this article investigates the role of pre-existing beliefs in the attribution of malicious cyber operations. Through survey experiments, it highlights the phenomenon of seizing and freezing with respect to attributive judgements in response to degradative cyber operations. With respect to theory, the results contribute to the emerging study of the cognitive–affective aspects of cyberspace. As for policy, the results illustrate the potential for biased judgements in response to incidents and reinforces the need to develop mechanisms that minimize its impact on state behavior.

ЭВОЛЮЦИЯ АМЕРИКАНСКОЙ ПОЛИТИКИ КИБЕРБЕЗОПАСНОСТИ

The article is devoted to the evolution of the American national cyber security strategies during the two recent decades. Ever since the late 1990s, cyber security has become one of the top national security priorities. However, every presidential administration had different approaches to ensuring cyber security. Theoretically, every cyber threat has at least three elements, each of which has to be considered to work out a robust cyber security strategy: the source of attack, the target of attack and the means of attack. The W. J. Clinton administration prioritized cyber threats only by the end of 1990s, and the major agency responsible for cyber security was the Federal Bureau of Investigation (FBI), which meant that the government mostly countered criminal threats to commercial sector. G. W. Bush administration’s top national security priority was countering terrorism; hence, cyber security was integrated into most of the antiterrorist activities. National Security Strategy declared preventive action as a general approach to antiterrorist activities, which is why the government needed to collect and analyze a lot of personal data. The general government agency responsible for cyber security became Department of Homeland Security (DHS), and the cyber security policies included many legislative initiatives comprising the USA PATRIOT Act, new Foreign Intelligence Security Act (FISA), etc. Barack Obama’s cyber security strategy was part of the globalist agenda aimed at building international partnerships, as opposed to the unipolar world (the strategy of a previous administration). The Obama administration made an effort to implement deterrence policies to counter cyber threats. The general agency to deter cyber threats was the new CYBERCOM, created as a part of STRATCOM. Obama administration had to adopt a lighter legislation regulating government control over information – for example Freedom Act. Donald Trump’s cyber security agenda includes the development of offensive cyber capabilities, as outlined in the White House and Department of Defense cyber security strategies. While the distinction between offence and defense in cyberspace is very vague, obviously Trump’s strategy is aimed at countering American adversaries. Russian-American relations are of special concern in this regard, because the new technologies are becoming a part of a new arms race. And while the traditional arms control regime is collapsing, it triggers a number of destabilizing trends in contemporary international relations.

Strategic trends in the global cyber conflict

The paper reviews the main strategic trends in cyber policy and security in recent years, pointing out the emergence of a new ‘cyber escalation cycle’: while states are investing significant resources to improve their offensive cyber capabilities, these capabilities are subsequently being stolen, publicised and used by hostile countries to launch devastating cyberattacks. This has led governments to pursue legislation to control incoming technology, changing the technological relations between countries. Given the development of enhanced cyber capabilities and the effectiveness of the attacks, we believe that leakage followed by immediate use of the leaked offensive cyber weapons against rival countries will only increase, making this issue even more contentious.

Piasecki T, Chrzastek K, Kasprzykowska U. Mycoplasma pulmonis of rodents as a possible human pathogen. Vector-borne Zoonotic Dis 17(7):475‒477, 2017.

Over the past two decades, cyber weapons have become a topic of increasing scholarly attention. The spread of offensive cyber capabilities among state and non-state actors has given rise to calls for more formal procedures concerning their acquisition, use and transfer. Despite Stuxnet being the only cyber weapon to date demonstrating destructive capability in theatre, there has been widespread unease among public and private actors.The spread of offensive cyber capabilities among state and non-state actors has given rise to calls for more formal procedures concerning their acquisition, use and transfer.However, even against the background of potentially far-reaching effects on civilian and economic infrastructures, consensus on how to regulate cyber weapons appears hard to come by. Jacqueline Eggenschwiler and Jantje Silomon of the University of Oxford explore the opportunities related to cyber weapons norm construction, examining the academic literature and policy documents and detailing the challenges.

Integrating offensive cyber capabilities: meaning, dilemmas, and assessment

ABSTRACT Across the world, states are establishing military cyber commands or similar units to develop offensive cyber capabilities. One of the key dilemmas faced by these states is whether (and how) to integrate their intelligence and military capabilities to develop a meaningful offensive cyber capacity. This topic, however, has received little theoretical treatment. The purpose of this paper is therefore to address the following question: What are the benefits and risks of organizational integration of offensive cyber capabilities (OIOCC)? I argue that organizational integration may lead to three benefits: enhanced interaction efficiency of intelligence and military activities, better(and more diverse) knowledge transfer and reduced mission overlap. Yet, there are also several negative effects attached to OIOCC. It may lead to 'cyber mission creep' and an intensification of the cyber security dilemma. It could also result in arsenal cost ineffectiveness in the long run. Although the benefits of OIOCC are seen to outweighs the risks, failing to grasp the negative effects may lead to unnecessary cycles of provocation, with potentially disastrous consequences.