“Internet technology has outstripped strategy or doctrine - at least for the time being. In the new era, capabilities exist for which there is as yet no common interpretation - or even understanding. Few if any limits exist among those wielding them to define either explicit or tacit restraints.”
H. Kissinger (2016)
Whilst a growing number of states are said to be developing offensive cyber capabilities, there is still much ‘unchartered territory’ regarding the objectives and strategy of using these capabilities. This workshop will focus on the strategic dimension of cyber conflict in the context of great power competition in cyberspace and through cyber means.
Max Smeets (Postdoctoral Fellow in Cybersecurity, Stanford University CISAC; Non-Resident Cybersecurity Policy Fellow, New America): “The Strategic Value of Offensive Cyber Operations: A Conditional Offer”
Could offensive cyber operations provide strategic value? If so, how and under what conditions? Whilst a growing number of states are said to be interested in developing offensive cyber capabilities, there is a sense that state leaders and policy makers still do not have a strong conception of its strategic advantages and limitations. This article finds that offensive cyber operations could provide significant strategic value to state-actors. The availability of offensive cyber capabilities expands the options available to state leaders across a wide range of situations. Distinguishing between counterforce cyber capabilities and countersue cyber capabilities, the article shows that offensive cyber capabilities can both be an important force-multiplier for conventional capabilities as well as an independent asset. They can be used effectively with few casualties and achieve a form of psychological ascendancy. Yet, the promise of offensive cyber capabilities’ strategic value comes with a set of conditions. These conditions are by no means always easy to fulfill - and at times lead to difficult strategic trade-offs.
Richard Harknett (Professor of Political Science and head of the Department, University of Cincinnati): “Strategic Persistence”
What is the distribution of power in cyberspace? What defines it, shapes it and stabilizes it? In examining these subset questions, this paper concludes that cyberspace should be understood as a new seam in global power competition. The manner in which cyber power is distributed will be a crucial variable in explaining the dynamics of 21st Century war, peace, and, most importantly, strategic behavior that sits between those two traditional categories.
This paper examines the anchoring structural construct of a distribution of global power to understand where cyber power fits. Is cyber power simply an additional capacity that affects the overall distribution of power among states or is theoretical explanatory advantage found in exploring the notion of a distribution of cyber power as a subset of global dynamics that is increasingly shaping world politics? When the president of Russia suggests that the actor who dominates in leveraging Artificial Intelligence in the 21st Century will dominate international politics, he is hinting at the latter. What role will large corporate entities play in the overall distribution of state power? Can we talk about a distribution of cyber power without considering the capacity and strategic intent of Alphabet? In examining this new seam, the paper will also discuss the implications for current strategic, norm-based and legal frameworks if cyber operations can have strategic effect below the level of direct contest (war).
Herbert S. Lin (Senior Research Scholar for Cyber Policy and Security, Stanford University CISAC; Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution): “Strategic Cyber Attacks on National Confidence”
Catastrophic cyberattacks are usually seen as cyberattacks that disable or destroy large portions of computer systems and networks controlling critical infrastructure such as electric power and banking/financial systems. But much smaller attacks—that is, attacks whose scope and severity were not nearly as large in technical terms—could be able to diminish public confidence in systems and thereby cause highly disruptive effects on a national scale. For example, tens of millions of citizens losing confidence in the banking system could result in a run on the banks; losing confidence in the safety of air travel could induce a sharp drop-off in airline revenue and associated economic activity; and losing confidence in the integrity of their medical records could persuade citizens not to seek vital medical care. Cyberattacks on public confidence have not been the subject of much study, and they should be.