The Muscular Diplomacy of Cyber Capability
By Guy O’Donnell – PGI Cyber
Attribution, the practice of assigning responsibility for cyber activity to a specific actor or sponsor, is often characterised as an exercise of ‘informed’ guesswork. But it is perhaps better thought of as a challenging investigative process, the purpose of which is to reduce uncertainty. At the technical level, the proliferation of sophisticated encryption and anonymity techniques frustrate the process, while at the strategic level cyber actors will increasingly transmit disinformation, or conduct ‘false flag’ operations, as was the case in the TV5 monde attack.
This ambiguity can have profound implications for how countries will conduct foreign policy. For example, in the absence of defined norms of behaviour in cyberspace the established rules of engagement are less well-defined. Without firm attribution where does the ‘redline’ sit? Furthermore, if the public is expected to support government action, sufficient evidence will be required. Trust in intelligence agencies is however low, and releasing such information will undoubtedly reveal unique capabilities and access to an adversary. Options for responding to a cyber incident may therefore be principally defensive, at least in the short term.
But this does not mean cyber is confined to a zero-sum game. Even in the absence of firm attribution the threat of cyber operations can be used to exert influence; gauge an adversaries risk appetite; allow for psychological operations, all with a degree of plausible deniability. In short, it can be used as a form of ‘muscular diplomacy’, occupying the middle ground between military posturing and sabre-rattling rhetoric.
The recent deterioration of US-Russia relations, a facet of which has been escalating cyber breaches, neatly illustrates this point. US Vice President Joe Biden’s recent statement on the possibility of cyberattacks against Russia wasn’t clear on the nature of the US response. If the threat of a US ‘clandestine’ cyberwar on Russia was serious, then it would not have been announced. Yet, the deterrent impact of any operation would be limited if it were kept completely secret. Regardless of whether this is the last bastion from an administration soon to be replaced, the US will walk a difficult line in defining a response. Moreover, it demonstrates the utility of ‘muscular diplomacy’ to publicly voice discontent whilst sending a strong deterrent message to an adversary.
For those who don’t know PGI Cyber is an integrated cyber-security solutions provider bringing together a unique capability in the vast field of information security, applicable across the commercial, governmental and institutional sectors.
Your free global geopolitical
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.