Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
With financially-sensitive information constantly owing through company emails, these inboxes are lucrative targets for attackers.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
The recent assassination attempt on former Russian spy Sergey Skripal has led to a deluge of cyber-based conspiracy theories within the London security community. My own personal favourites are that (a) Skripal was targeted for assassination due to his alleged engagement with the UK security services over the Democratic National Congress hack in 2017, and (b) that the UK government considered a cyber-attack on Russia in response to the assassination attempt. To date, both these claims remain completely unsubstantiated. However, that so many theories around the Skripal assassination attempt link cyber operations to a conventional covert operation is symptomatic in my mind of how intertwined with cyber threats modern international relations has now become.
International Relations (IR) is a deeply complex field of study that is increasingly integrating cyber security issues into its analysis. One concept within the field of IR that is particularly useful for understanding issues such as the ones generated by the Skripal event is that of escalation in levels of hostilities between states. Escalation occurs between states during or in the run-up to a period of conflict, and a situation can be seen either to be escalating or de-escalating depending on the situation and the wishes of the states involved.
One of the best examples of escalation is the Cuban missile crisis of 1962, when the construction of ballistic missile launch facilities (silos) on the island led the Kennedy administration to impose a military blockade and demand the withdrawal of all weapons from Cuba. Within this case an important point to note is that the processes of escalating and de-escalating involved signalling between the US and Russia. Examples of signalling within the crisis included the building of missile silos (escalation), Kennedy’s address to the US on the 22 October 1962 (escalation), Soviet withdrawal of missiles (de- escalation), and US public commitment to respect Cuban sovereignty (de-escalation). These are all examples of both provocative and palliative signalling between the states.
Figure 1: Cuban Missile Crisis game tree modelling how US and Soviet actors would have considered their decisions (Source: Wikimedia Commons)
Cyber operations are often, I believe incorrectly, portrayed as being desirable precisely because they do not cause escalation between states. As Eric Rosenback former Assistant Secretary of Defence and principle cyber advisor to the Pentagon from 2011 to 2015 commented:
“The place where I think it will be most helpful to senior policymakers is what I call “the space between.” What is the space between? … You have diplomacy, economic sanctions…and the you have military action. In between there’s this space, right? In cyber, there are a lot of things that you can do in that space between that can help us [the United States] accomplish the national interest.”
The “in between” area referred to by Rosenback is symptomatic of the sentiment that cyber operations have a high level of plausible deniability and hence do not have the potential to escalate a conflict in the same way a physical operation does.
However, a historical review of major cyber incidents shows this theory to simply not be true. The distributed denial of service (DDoS) attacks on the Estonian economy circa 2007 are still used to frame Russia as a highly aggressive cyber actor, even though the attribution is thin. After the Sony hack of 2014, the US conducted a thinly veiled cyber-attack on the North Korean Internet. One of the legacies of the Stuxnet incident of 2010 was Iran prioritizing the development of its own cyber warfare capability that bore its own bitter fruit in 2012 with an attack on Saudi Aramco.
What all these cases show is that far from being a consequence-free way of striking against an enemy, when attributed to a state (no matter how tenuously) cyber-attacks can lead directly to escalation. Herein lies the issue with cyber conflict: signalling between states in physical space such as the Cuban missile crisis is very clear; however, within cyberspace what is an escalating and de-escalating signal is very difficult to interpret.
Coupled with this is the issue of proportionality and what the cyber equivalent of a minor skirmish versus an all-out assault actually is. Here the potential for unplanned escalation between states rises exponentially. As a recent Chatham House paper commented: “there is a risk that any such [cyber] operation could be construed by the targeted state, or even the international community at large, as a use of force, leading to escalation of the situation”.
To conclude, what we have not seen to date is a “cross over event”, where a physical act of violence has provoked a cyber-attack that has in turn escalated to a retaliatory act of physical violence. Nevertheless, the discussions around events such as the Skripal assassination attempt have put this type of scenario on the agenda. Within this context, the idea that cyber is somehow “the space between”, where action has no consequence, is now simply incorrect.
To learn more, subscribe to our threat intelligence emails here.