Abstract
The debate on both the impacts of cyber attacks and how to respond to them is active, but precedents are a few. At the same time, cybersecurity issues have been catapulted into the highest of high politics: cyberpolitics. The objective of this chapter is to encourage political decision-makers (and others) to create a framework of proportionate ways to respond to different kinds of cyber hostility. The proportionate response is a complicated, situational political question. This chapter creates a context for the contemporary politics of cyber affairs in the world and determines five variables that policymakers need to consider when evaluating appropriate responses to a cyber attack. As offensive cyber activity becomes more prevalent, policymakers will be challenged to develop proportionate responses to disruptive or destructive attacks. There has already been significant pressure to “do something” in the light of the alleged state-sponsored attacks. Past experience suggests that most policy responses are ad hoc. This chapter comprehensively analyzes how cyber attacks should be treated as a political question and represents a rough framework for policymakers to build on. The chapter presents five variables that policymakers need to consider when evaluating appropriate responses to cyber hostilities. Combining incident impact, policy options, and other variables, the framework outlines the different levers of cyberpolitics that can be applied in response to the escalating levels of cyber incidents. The response framework is also an integral part of the state’s cyber deterrence.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In July 2016, the WikiLeaks website publicized embarrassing emails from the accounts of the Democratic National Committee (DNC). The hackers gained full access to the DNC network used by the election staff, including emails, memos, and research performed for Democrats running for Congress (read more in Siboni and Siman-Tov 2016).
- 2.
For the role of the cyber component in the Russia-Ukraine war, (see Geers 2015).
- 3.
This Clausewitzian approach is controversial, but describes how politics and war are intertwined. (see, e.g., Kaldor (2010)).
- 4.
“A decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis.” NATO (2014).
- 5.
“Hybrid Warfare” is a controversial concept. (See, e.g., Renz and Smith 2016).
- 6.
The reader will find a more comprehensive analysis in Limnéll (2015).
- 7.
Cyber attacks take many forms, like gaining, or attempting to gain, unauthorized access to a computer system or its data; unwanted disruption or denial of service attacks, including the take down of websites; installation of viruses or malicious code (malware) on a computer system; unauthorized use of a computer system for processing or storing data; changes to the characteristics of a computer system’s hardware, firmware or software without the owner’s knowledge, instruction or consent; and inappropriate use of computer systems.
- 8.
Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury, or death solely through the exploitation of vulnerable information systems and processes. (See Applegate 2013).
- 9.
General definition of a cyber attack in level five: “Poses an imminent threat to the provision of wide-scale critical infrastructure services, national gov’t stability, or to the lives of U.S. persons.” (White House 2016).
- 10.
Included representatives from China, US, Russia and other countries.
- 11.
NATO has declared that “our policy also recognizes that international law, including international humanitarian law and the UN Charter, applies in cyberspace.” (NATO 2014)
- 12.
“All members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the purposes of the United Nations.”
- 13.
Such as death/injury or destruction/damage, which would normally be viewed as an armed attack.
- 14.
For example, foreign policy instruments such as diplomatic communication, warnings, and sanctions.
- 15.
Compare Feakin (2015).
- 16.
For example, the United States has announced that it will “respond to cyber attacks against U.S. interests at a time, in a manner, and in a place of our choosing, using appropriate instruments of U.S. power and in accordance with applicable law” (Department of Defense 2015).
References
Applegate S (2013) The dawn of kinetic cyber. In: Podins K, Stinissen J, Maybaum M (eds) 5th international conference on cyber conflict. NATO CCD COE Publications, Tallinn
ACSC (2016) Threat report 2016. https://www.acsc.gov.au/publications/ACSC_Threat_Report_2016.pdf. Accessed 25 Oct 2016
Babcock C (2015) Preparing for the cyber battleground of the future. http://www.au.af.mil/au/afri/aspj/digital/pdf/articles/2015-Nov-Dec/SEW-Babcock.pdf. Accessed 16 Aug 2016
Bejtlich R (2015) Strategic defence in cyberspace: beyond tools and tactics. In: Geers K (ed) Cyber war in perspective: Russian aggression against Ukraine. NATO CCDCOE Publications, Tallinn, pp 159–170
Blake A (2016) Hillary Clinton: U.S. will treat cyberattacks ‘just like any other attack’. http://www.washingtontimes.com/news/2016/sep/1/clinton-us-will-treat-cyberattacks-just-any-other-/. Accessed 7 Oct 2016
Bronk C, Tikk-Ringas E (2013) The cyber attack on Saudi Aramco. https://doi.org/10.1080/00396338.2013.784468
Choucri N (2012) Cyberpolitics in international relations. In: Krieger J (ed) Oxford companion to comparative politics. Oxford University Press, New York, pp 267–271
Davis J, Harris G (2016) Obama considers ‘proportional’ response to Russian hacking in U.S. election. The New York Times. http://www.nytimes.com/2016/10/12/us/politics/obama-russia-hack-election.html. Accessed 16 Oct 2016
Department of Defense Science Board (2013) Task force report: Resilient military systems and the advanced cyber threat. http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf. Accessed 12 Aug 2016
Department of Defense (2015) The DoD Cyber Strategy. http://www.defense.gov/Portals/1/features/2015/0415_cyberstrategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf. Accessed 15 Sept 2016
E-ISAC (2016) Analysis of the cyber attack on the Ukrainian power grid. https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf. Accessed 24 Aug 2016
Feakin T (2015) How to respond to a state-sponsored cyber attack. Defense One, 28 August
Foxall A (2016) Putin’s Cyberwar: Russia’s statecraft in the fifth domain. Policy Paper No. 9. http://www.stratcomcoe.org/afoxall-putins-cyberwar-russias-statecraft-fifth-domain. Accessed 25 Aug 2016
Geers K (ed) (2015) The role of the cyber component in Russia-Ukraine war. NATO CCDCOE Publications, Tallinn
Homeland Security (2016) Joint statement from the department of homeland security and office of the director of national intelligence on election security. https://www.dhs.gov/node/23199. Accessed 20 Sept 2016
Kaldor M (2010) Inconclusive wars: is Clausewitz still relevant in these global times? https://doi.org/10.1111/j.1758-5899.2010.00041.x
Kremer J-F, Müller B (2014) Cyberspace and international relations, theory, prospects and challenges. Springer, London, p xi–xvii
Lewis J (2015) Compelling opponents to our will: the role of cyber warfare in Ukraine. In: Geers K (ed) Cyber war in respective: Russian aggression against Ukraine. NATO CCD COE Publications, Tallinn, p 39–47
Libicki M (2013) Cyberwar fears pose dangers of unnecessary escalation. http://www.rand.org/pubs/periodicals/rand-review/issues/2013/summer/cyberwar-fears-pose-dangers-of-unnecessary-escalation.html. Accessed 10 Aug 2016
Limnéll J (2014) NATO’s September summit must confront cyber threats. Breaking Defense. http://breakingdefense.com/2014/08/natos-september-summit-must-confront-cyber-threats/. Accessed 8 Aug 2016
Limnéll J (2015) The exploitation of cyber domain as part of warfare: Russo-Ukrainian war. Int J Cyber-Secur Digital Forensics (IJCSDF) 4(4):521–532
Limnéll J, Salonius-Pasternak C (2016) Challenge for NATO—Cyber article 5. The Center for Asymmetric Threat Studies, Swedish Defense University
Lin P, Fritzsch L, Rowe N (2012) Is it possible to wage a just cyberwar?” http://www.theatlantic.com/technology/archive/2012/06/is-it-possible-to-wage-a-justcyberwar/258106/. Accessed 24 Sept 2016
Mačák K (2016) Is the international law of cyber security in crisis? In: Pissanidis N, Rõigas H, Veenendaal M (eds) 8th international conference on cyber conflict: cyber power. NATO CCD COE Publications, Tallinn, pp 127–139
NATO (2014) Wales summit declaration. http://www.nato.int/cps/en/natohq/official_texts_112964.htm. Accessed 3 Aug 2016
NATO (2016) Warsaw summit communiqué. http://www.nato.int/cps/en/natohq/official_texts_133169.htm. Accessed 3 Aug 2016
Radziwill Y (2015) Cyber-attacks and the exploitable imperfections of international law. Brill Nijhoff, Leiden
Rantapelkonen J, Kantola H (2013) Insights into cyberspace, cyber Security, and cyberwar in the nordic countries. In: Rantapelkonen J, Salminen M (eds) The fog of cyber defence. National Defence University, Helsinki, pp 27–40
Renz B, Smith H (2016) Russia and hybrid warfare—going beyond the label. Aleksanteri paper 1/2016. http://www.helsinki.fi/aleksanteri/english/publications/presentations/papers/ap_1_2016.pdf. Accessed 14 Sept 2016
Reuters (2016) Moscow says U.S. cyber attack claims fan ‘anti-Russian hysteria’. http://www.reuters.com/article/us-usa-russia-cyber-ministry-idUSKCN1280DO. Accessed 18 Oct 2016
Rid T, Buchanan B (2014) Attributing cyber attacks. J Strat Stud. https://doi.org/10.1080/01402390.2014.977382
Roscini M (2014) Cyber operations and the use of force in international law. Oxford University Press, New York
Sanger D (2016) Biden hints U.S. response to Russia for cyberattacks. http://www.nytimes.com/2016/10/16/us/politics/biden-hints-at-us-response-to-cyberattacks-blamed-on-russia.html. Accessed 25 Oct 2016
Schmitt M (2013) Cyber activities and the law of countermeasures. In: Ziolkowski K (ed) Peacetime regime for state activities in cyberspace. NATO CCD COE Publications, Tallinn, pp 659–690
Siboni G, Siman-Tov D (2016) The superpower cyber war and the US elections. INSS Insight No. 858 (September 2016)
Stavridis J (2016) How to win the cyberwar against Russia. Foreign Policy. http://foreignpolicy.com/2016/10/12/how-to-win-the-cyber-war-against-russia/. Accessed 13 Oct 2016
Stinissen J (2015) A legal framework for cyber operations in Ukraine. In: Geers K (ed) Cyber war in perspective: Russian aggression against Ukraine. NATO CCDCOE Publications, Tallinn, pp 123–134
Tallinn Manual (2013). https://ccdcoe.org/tallinn-manual.html. Accessed 16 Aug 2016
Thomas T (2014) Creating cyber strategists: escaping the “DIME” mnemonic. Defence Studies 14:4. https://doi.org/10.1080/14702436.2014.952522
Tzu S (1963) The art of war (trans: Griffith S). Oxford University Press, p 24
United Nations (2016) Developments in the field of information and telecommunications in the context of international security. http://www.un.org/ga/search/view_doc.asp?symbol=A/71/172. Accessed Sept 15 2016
Valeriano B, Maness RC (2015) Cyber war versus cyber realities. Oxford University Press
Van der Meer S (2015) Signalling as a foreign policy instrument to deter cyber aggression by state actors. Clingeldael (December 2015)
Van Haaster J (2016) Assessing cyber power. In: Pissanidis N, Rõigas H, Veenendaal M (eds) 8th international conference on cyber conflict: cyber power. NATO CCD COE Publications, Tallinn, pp 7–22
Wester T (2014) Just Cyberwar. Cyber security policy and research institute. http://www.cspri.seas.gwu.edu/blog/2014/11/24/just-cyberwar. Accessed 3 Aug 2016
White House (2013) Remarks by President Obama and President Xi Jinping of the People’s Republic of China after bilateral meeting. https://www.whitehouse.gov/the-press-office/2013/06/08/remarks-president-obama-and-president-xi-jinping-peoples-republic-china-. Accessed 14 Aug 2016
White House (2016) Presidential policy directive—United States cyber incident coordination. https://www.whitehouse.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident. Accessed 15 Sept 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Limnéll, J. (2018). Developing Political Response Framework to Cyber Hostilities. In: Lehto, M., Neittaanmäki, P. (eds) Cyber Security: Power and Technology. Intelligent Systems, Control and Automation: Science and Engineering, vol 93. Springer, Cham. https://doi.org/10.1007/978-3-319-75307-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-75307-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75306-5
Online ISBN: 978-3-319-75307-2
eBook Packages: EngineeringEngineering (R0)