![Sample our Politics & International Relations journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5947/TOC-Subject-Sample-2021-Politics-International-Relations.jpg"})
Abstract
Apprehension about cyber insecurity can be reduced by taking into account the growing power of defence in cyberspace. The cyber defender is strong and getting stronger. Several of the advantages that the defender in ground combat enjoys, such as superior knowledge of and preparation of the terrain, apply to the defence of computer networks. In fact, the plasticity of virtual terrain magnifies these defensive advantages. Cyber defenders are increasingly harnessing this power, improving cyber security and resilience without resort to cyber offence. The advances in cyber technology that empower the defender are becoming more widely available and affordable. In addition, the power of cyber defence and the challenges it presents to cyber offence can reduce the intensity of the cyber-security dilemma.
Acknowledgements
The authors would like to thank Peter Wostenberg, a PhD candidate in Baylor University’s Department of Political Science, for his assistance with research and revisions.
Notes
1 Steve Morgan, ‘Cybercrime to Cost the World $10.5 Trillion Annually by 2025’, Cybercrime Magazine, 13 November 2020, https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/.
2 Michelle Nichols, ‘North Korea Took $2 Billion in Cyberattacks to Fund Weapons Program: U.N. Report’, Reuters, 5 August 2019, https://www.reuters.com/article/idUSKCN1UV1ZX/.
3 See NATO, ‘Statement by the North Atlantic Council in Solidarity with Those Affected by Recent Malicious Cyber Activities Including the Microsoft Exchange Server Compromise’, Press Release 120, 19 July 2021, https://www.nato.int/cps/en/natohq/news_185863.htm.
4 See Christopher Bing, ‘Suspected Russian Hackers Spied on U.S. Treasury Emails – Sources’, Reuters, 13 December 2020, https://www.reuters.com/article/idUSKBN28N0PH/; and Marcus Willett, ‘Lessons of the SolarWinds Hack’, Survival, vol. 63, no. 2, April– May 2021, pp. 7–26.
5 See John Arquilla, ‘Cyberwar Is Already Upon Us’, Foreign Policy, 27 February 2012, https://foreignpolicy.com/2012/02/27/cyberwar-is-already-upon-us/; Richard A. Clarke and Robert K. Knake, Cyber War: The Next Threat to National Security and What to Do About It (New York: Ecco, 2012); Richard A. Clarke and Robert K. Knake, The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats (New York: Penguin Press, 2019); and Martin C. Libicki, Conquest in Cyberspace: National Security and Information Warfare (Cambridge: Cambridge University Press, 2007).
6 See Clarke and Knake, The Fifth Domain, pp. 195–6; and Brandon Valeriano and Benjamin Jensen, ‘The Myth of the Cyber Offense: The Case for Restraint’, Policy Analysis 862, Cato Institute, 15 January 2019, https://www.cato.org/policy-analysis/myth-cyber-offense-case-restraint.
7 White House, ‘National Cybersecurity Strategy’, March 2023, p. 14, https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf.
8 US Cyber Command, ‘CYBER 101 – Defend Forward and Persistent Engagement’, 25 October 2022, https://www.cybercom.mil/Media/News/Article/3198878/cyber-101-defend-forward-and-persistent-engagement/.
9 See Antonio Calcara et al., ‘Will the Drone Always Get Through? Offensive Myths and Defensive Realities’, Security Studies, vol. 31, no. 5, October 2022, pp. 791–825.
10 See Erik Gartzke, ‘The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth’, International Security, vol. 38, no. 2, Fall 2013, pp. 41–73; Erik Gartzke and Jon R. Lindsay, ‘Weaving Tangled Webs: Offense, Defense, and Deception in Cyberspace’, Security Studies, vol. 24, no. 2, April 2015, pp. 316–48; Thomas Rid, Cyber War Will Not Take Place (Oxford: Oxford University Press, 2013); and Samuel Zilincik and Isabelle Duyvesteyn, ‘Strategic Studies and Cyber Warfare’, Journal of Strategic Studies, vol. 46, no. 4, February 2023, pp. 836–57.
11 See Karen Ruth Adams, ‘Attack and Conquer? International Anarchy and the Offense–Defense–Deterrence Balance’, International Security, vol. 28, no. 3, Winter 2003/04, pp. 45–83; Stephen Biddle, ‘Rebuilding the Foundations of Offense–Defense Theory’, Journal of Politics, vol. 63, no. 3, August 2001, pp. 741–74; Charles L. Glaser and Chaim Kaufmann, ‘What Is the Offense–Defense Balance and How Can We Measure It?’, International Security, vol. 22, no. 4, Spring 1998, pp. 44–82; Robert Jervis, ‘Cooperation Under the Security Dilemma’, World Politics, vol. 30, no. 2, January 1978, pp. 167–214; and Keir A. Lieber, ‘Grasping the Technological Peace: The Offense–Defense Balance and International Security’, International Security, vol. 25, no. 1, Summer 2000, pp. 71–104.
12 See Ben Garfinkel and Allan Dafoe, ‘How Does the Offense–Defense Balance Scale?’, Journal of Strategic Studies, vol. 42, no. 6, September 2019, pp. 736–63; Gartzke and Lindsay, ‘Weaving Tangled Webs’, pp. 316–48; Keir A. Lieber, ‘The Offense–Defense Balance and Cyber Warfare’, in Emily O. Goldman and John Arquilla (eds), Cyber Analogies (Monterey, CA: Naval Postgraduate School, 2015), pp. 96–107; William J. Lynn III, ‘Defending a New Domain: The Pentagon’s Cyberstrategy’, Foreign Affairs, vol. 89, no. 5, September/October 2010, pp. 97–108; Rebecca Slayton, ‘What Is the Cyber Offense–Defense Balance? Conceptions, Causes, and Assessment’, International Security, vol. 41, no. 3, Winter 2016/17, pp. 72–109; and Valeriano and Jensen, ‘The Myth of the Cyber Offense’.
13 See Ben Buchanan, The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations (Oxford: Oxford University Press, 2016).
14 See Erica D. Lonergan and Shawn W. Lonergan, ‘Cyber Operations, Accommodative Signaling, and the De-escalation of International Crises’, Security Studies, vol. 31, no. 1, January 2022, pp. 32–64. Some scholars have criticised Erica and Shawn Lonergan’s arguments as being incomplete. See, for example, Brandon K. Yoder, ‘Can Cyberattacks Reassure? Half Measures as a De-escalation Strategy’, Security Studies, vol. 31, no. 4, August 2022, pp. 757–63.
15 See Jervis, ‘Cooperation Under the Security Dilemma’; Margaret MacMillan, The War that Ended Peace: The Road to 1914 (New York: Random House, 2014); and Jack Snyder, The Ideology of the Offensive: Military Decision Making and the Disasters of 1914 (Ithaca, NY: Cornell University Press, 2013).
16 See Clarke and Knake, Cyber War.
17 See Dale Peterson, ‘Offensive Cyber Weapons: Construction, Development, and Employment’, Journal of Strategic Studies, vol. 36, no. 1, February 2013, pp. 120–4.
18 See Clarke and Knake, The Fifth Domain, pp. 4–5, 13, 35–9.
19 Ibid., pp. 35–6.
20 US Bureau of Labor Statistics, Office of Occupational Statistics and Employment Projections, ‘Occupational Outlook Handbook’, September 2022.
21 See James E. McGhee, ‘Liberating Cyber Offense’, Strategic Studies Quarterly, vol. 10, no. 4, Winter 2016, pp. 46–63; and Max Smeets, ‘Building a Cyber Force Is Even Harder than You Thought’, War on the Rocks, 12 May 2022, https://warontherocks.com/2022/05/building-a-cyber-force-is-even-harder-than-you-thought/.
22 See US Cyberspace Solarium Commission, ‘Final Report’, March 2020, https://drive.google.com/file/d/1ryMCIL_dZ30QyjFqFkkf10MxIXJGT4yv/view.
23 See Stephen D. Biddle, Military Power: Explaining Victory and Defeat in Modern Battle (Princeton, NJ: Princeton University Press, 2004), pp. 108–31.
24 See Stephen Biddle, ‘Back in the Trenches’, Foreign Affairs, vol. 102, no. 5, September/October 2023, pp. 153–64.
25 See Austin Long, ‘A Cyber SIOP? Operational Considerations for Strategic Offensive Cyber Planning’, Journal of Cybersecurity, vol. 3, no. 1, March 2017, pp. 19–28.
26 See B.A. Friedman, On Tactics: A Theory of Victory in Battle (Annapolis, MD: Naval Institute Press, 2017), pp. 106–7.
27 See Peter Campbell, Military Realism: The Logic and Limits of Force and Innovation in the US Army (Columbia, MO: University of Missouri Press, 2019), p. 140.
28 See Carl von Clausewitz, On War, ed. Michael Howard and Peter Paret, (Princeton, NJ: Princeton University Press, 1989), p. 360.
29 See Campbell, Military Realism, chapter 4.
30 See Thanh Cong Truong, Quoc Bao Diep and Ivan Zelinka, ‘Artificial Intelligence in the Cyber Domain: Offense and Defense’, Symmetry, vol. 12, no. 3, March 2020, pp. 3–4.
31 See ibid., pp. 3, 18.
32 See Clarke and Knake, The Fifth Domain, p. 94; and Gartzke and Lindsay, ‘Weaving Tangled Webs’, pp. 320–1.
33 See David E. Sanger, The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age (New York: Crown, 2018), pp. 192–3.
34 See Clarke and Knake, The Fifth Domain, p. 42.
35 See ibid., pp. 41–2.
36 See T. Aditya et al., ‘The Future of Networking: Embracing Softwaredefined Solutions’, International Journal of Advanced Research in Science, Communication and Technology, vol. 3, no. 2, February 2023, pp. 503–11; Seung Hun Jee, Ji Su Park and Jin Gon Shon, ‘Security in Network Virtualization: A Survey’, Journal of Information Processing Systems, vol. 17, no. 4, August 2021, pp. 801–17; and Yu Zheng et al., ‘Dynamic Defenses in Cyber Security: Techniques, Methods and Challenges’, Digital Communications and Networks, vol. 8, no. 4, August 2022, pp. 422–35.
37 See Gartzke and Lindsay, ‘Weaving Tangled Webs’, pp. 320–1, 340–1; and Kristin E. Heckman et al., ‘Active Cyber Defense with Denial and Deception: A Cyber-wargame Experiment’, Computers & Security, vol. 37, September 2013, pp. 72–7.
38 See Gartzke and Lindsay, ‘Weaving Tangled Webs’, pp. 340–1; and Heckman et al., ‘Active Cyber Defense with Denial and Deception’.
39 See Truong, Diep and Zelinka, ‘Artificial Intelligence in the Cyber Domain’.
40 See Sanger, The Perfect Weapon, pp. 171–2.
41 They include Rapid7 (https://www.rapid7.com/products/insightidr/features/deception-technology/); SentinelOne (https://www.sentinelone.com/surfaces/identity); and Acalvio (https://www.acalvio.com/products/advanced-threat-defence/).
42 Clausewitz, On War, p. 357.
43 US Chairman of the Joint Chiefs of Staff, ‘Cyberspace Operations’, Joint Publication 3-12, 8 June 2018, p. II–4, https://irp.fas.org/doddir/dod/jp3_12.pdf.
44 Brett T. Williams, ‘The Joint Force Commander’s Guide to Cyberspace Operations’, Joint Force Quarterly, vol. 73, 2nd Quarter 2014, p. 16, https://nsarchive.gwu.edu/sites/default/files/documents/6379791/National-Security-Archive-Maj-Gen-Brett-T.pdf.
45 Ibid.
46 See Florian Skopik and Timea Pahi, ‘Under False Flag: Using Technical Artifacts for Cyber Attack Attribution’, Cybersecurity, vol. 3, no. 1, March 2020, p. 8.
47 Truong, Diep and Zelinka, ‘Artificial Intelligence in the Cyber Domain’, p. 8.
48 See Sophie Bushwick, ‘New Encryption System Protects Data from Quantum Computers’, Scientific American, 8 October 2019, https://www.scientificamerican.com/article/new-encryption-system-protects-data-from-quantum-computers/.
49 See Buchanan, The Cybersecurity Dilemma.
50 See Michael P. Fischerkeller, ‘Cyber Signaling: Deeper Case Research Tells a Different Story’, Security Studies, vol. 31, no. 4, December 2022, pp. 772–82; and Yoder, ‘Can Cyberattacks Reassure?’
51 See, for example, Michael J. Mazaar, ‘Understanding Deterrence’, Perspective, RAND Corporation, 19 April 2018, p. 7, https://www.rand.org/content/dam/rand/pubs/perspectives/PE200/PE295/RAND_PE295.pdf.
52 See Jared Cohen and Richard Fontaine, ‘Uniting the Techno-democracies’, Foreign Affairs, vol. 99, no. 6, November/December 2020, pp. 112–22.
Additional information
Notes on contributors
Peter Campbell
Peter Campbell is an associate professor of political science at Baylor University and author of Military Realism: The Logic and Limits of Force and Innovation in the US Army (University of Missouri Press, 2019).
Michael J. Donahoo
Michael J. Donahoo is a professor in the School of Engineering and Computer Science at Baylor University.