The Blame Game: National Strategies During Cyber Conflict

Cyber technology enables countries to act covertly: the results of offensive actions in the cyber realm and their influences are not always revealed to the public eye. Likewise, identifying who is behind a given attack may be complicated. Even if the upshots of the attack are publicly observable—e.g., damage to a power grid leading to the severance of electricity in an entire country—the attacked country can still dismiss these effects, arguing that they were the result of some technical failure rather than proof of a successful hostile action against it. Furthermore, any suspected attacker could use denial as a strategy. To date, however, our understanding of those strategies—both attacker and attacked—is limited theoretically and empirically.

Recent work regarding covert actions offers three mechanisms that induce credibility to signals of resolve in the covert sphere. These can make the use of covert actions even more appealing. First are sunk costs, which refer to situations when states decide to take covert action because of non-recoverable resources. Choosing covert action, leaders employ a more "creative" way of addressing security threats. Second are counter-escalation risks. Covert actions can signal resolve since they appear credible because of the risk of crisis escalation; leaders using covert signaling tools can be free to engage in more aggressive behavior. Last are domestic risks. Covert actions enable leaders to act more freely without risking the loss of public support. Those mechanisms suggest that countries will opt for covert actions to achieve political goals.

Accordingly, a key question arises: what causes countries—victims and attackers alike—to abandon the covert playing field for the public international arena when conducting their cyber feuds? Why would a country that was attacked choose to admit being harmed publicly, and why would an accused attacker choose to publicly admit or deny allegations? Why not simply remain silent and maintain ambiguity? Existing literature does not provide satisfying answers to any of these questions.

We propose to undertake the first comprehensive study to examine factors underlying the strategic choices of states involved in cyber conflicts. Choice of any specific strategy may have important implications for the country, its leaders, and its relations with other international actors. Therefore, it is necessary to examine in depth the considerations that may influence national decision makers in choosing their strategy, the factors that lead to this choice and its implications.

At the center stands a novel theoretical framework we develop, which elucidates the variation in states’ strategy and sheds new light on the broader topic of actors’ decision-making process in cyberspace. This framework consists of an analysis of states’ wide-ranging strategic, diplomatic and political considerations and their motivations to choose each strategy. We focus primarily on what leads states to forsake the benefits of anonymity and ambiguity by moving cyber conflict into the public sphere. Next, we examine the validity of our framework by analyzing empirical data, we originally collected and compiled, concerning interstate cyber conflict.

The research will be composed of three main parts. First, the theoretical model explains why countries choose to leave the covert sphere and go public. As a part of this section, we also analyze in depth the relative advantages and disadvantages of each of the possible strategies available for victims and (suspected) attackers. Second, we collect the necessary data to compile an updated cyber attacks dataset. This component of the project constitutes its core. The analysis will be conducted in the third part in order to identify the circumstances and conditions under which states are more likely to choose to reveal the attack and to discover the relative influence of each type of consideration. We expect our results to shed new light on the conundrum that we observe empirically: how come states move away from the obscurity of the cyber arena and make cyber attacks public?