SpringerLink
Log in

Positioning Diplomacy Within a Strategic Response to the Cyber Conflict Threat

  • Conference paper
  • First Online:
Socio-Technical Aspects in Security (STAST 2021)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13176))

Included in the following conference series:

  • 610 Accesses

Abstract

Background. Nation states unleash cyber attacks targeting other nation states (e.g. WannaCry, SolarWinds), termed “offensive cyber operations”. When such aggressions are deemed, according to the UN Charter, to constitute a threat to the peace, breach of the peace, or act of aggression towards a nation state, governments might choose to respond. Responses can range from silence all the way to retaliation, at the other end of the scale. The emergence of cyber diplomacy suggests a less militant and potentially powerful response option. Barrinha and Renard [5] explain that the rise of cyber diplomacy has coincided with “a growing contestation of the values, institutions and power dynamics of the liberal-created cyberspace”. (p. 3). The question is: how could cyber diplomacy fit into a strategic threat management plan?

Aim. To position cyber diplomacy within a strategic response to nation state offensive cyber operations.

Method. To help us to position cyber diplomacy’s role in this domain, we first examine historical cyber conflicts, and governments’ responses to these, as well as testing the factors that might explain response choice. We then review a number of proposed options for managing cyber conflicts.

Results. We propose a comprehensive “Five D’s” strategic framework to manage the threat of offensive cyber operations. Cyber diplomacy is included, acknowledging its emerging and potentially powerful role in managing cyber conflicts in the future.

Conclusions. Cyber diplomacy has recently emerged and it has not yet been widely deployed. We show how it can be positioned within a strategic framework for managing the threat of offensive cyber operations from other nation states.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 58.84
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 74.89
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.cyberarmscontrol.org/post/article-39-of-the-un-charter-cyber-as-a-threat-to-international-peace-and-security.

  2. 2.

    http://www.ieee-security.org/Cipher/Newsbriefs/1996/960723.EOonCIP.html.

  3. 3.

    https://fas.org/irp/offdocs/eo13010.htm.

  4. 4.

    https://legal.un.org/repertory/art51.shtml.

  5. 5.

    https://www.kaspersky.co.uk/resource-center/threats/ransomware-wannacry.

  6. 6.

    https://www.csoonline.com/article/3218104/what-is-stuxnet-who-created-it-and-how-does-it-work.html.

  7. 7.

    https://www.cisecurity.org/solarwinds/.

  8. 8.

    https://microsites-live-backend.cfr.org/cyber-operations/search?keys=not+petya.

  9. 9.

    https://www.dailymail.co.uk/sciencetech/article-2637899/eBay-refused-admit-massive-cyber-attack-thought-customer-data-safe.html.

  10. 10.

    https://microsites-live-backend.cfr.org/cyber-operations.

  11. 11.

    https://nordvpn.com/cri/.

  12. 12.

    https://www.icrc.org/en/doc/war-and-law/treaties-customary-law/geneva-conventions/overview-geneva-conventions.htm.

  13. 13.

    https://www.scholaradvisor.com/essay-examples/cleopatra-relationships/.

  14. 14.

    https://www.un.org/en/about-us/history-of-the-un.

  15. 15.

    https://www.itu.int/en/ITU-D/Cybersecurity/Pages/National-Strategies-repository.aspx.

References

  1. Attatfa, A., Renaud, K., De Paoli, S.: Cyber diplomacy: a systematic literature review. Procedia Comput. Sci. 176, 60–69 (2020)

    Article  Google Scholar 

  2. Baldwin, D.A.: Power and International Relations: A Conceptual Approach. In: Walter Carlsnaes, T.R., Simmons, B.A. (eds.) Handbook of International Relations. Princeton University Press, Princeton (2016)

    Google Scholar 

  3. Baram, G., Sommer, U.: Covert or not covert: national strategies during cyber conflict. In: 11th International Conference on Cyber Conflict (CyCon), vol. 900, pp. 1–16. IEEE (2019)

    Google Scholar 

  4. Barker, I.: Nation state attacks increase 100 percent in three years (2021). https://betanews.com/2021/04/08/nation-state-attacks-increase/

  5. Barrinha, A., Renard, T.: Power and diplomacy in the post-liberal cyberspace. Int. Aff. 96(3), 749–766 (2020)

    Article  Google Scholar 

  6. Bayer, R.: Diplomatic Exchange Data set, v2006.1. (2006). https://correlatesofwar.org/data-sets/diplomatic-exchange

  7. BBC: Cyber-attack: US and UK blame North Korea for WannaCry (2017). Accessed 1 May 2021. https://www.bbc.co.uk/news/world-us-canada-42407488

  8. Brantly, A.F.: The cyber deterrence problem. In: 10th International Conference on Cyber Conflict (CyCon), pp. 31–54. IEEE (2018)

    Google Scholar 

  9. Brown, G.D.: Why Iran won’t admit Stuxnet was an attack. Joint Force Quart. 63(4), 70–73 (2011)

    Google Scholar 

  10. Carlin, J.P.: Detect, disrupt, deter: a whole-of-government approach to national security cyber threats. Harv. Nat’l Sec. J. 7, 391 (2015)

    Google Scholar 

  11. Carpenter, P.: Cybersecurity and nation-state threats: what businesses need to know (2021). https://www.forbes.com/sites/forbesbusinesscouncil/2021/04/16/cybersecurity-and-nation-state-threats-what-businesses-need-to-know/?sh=18d005817c21

  12. Cavelty, M.D., Egloff, F.J.: Hyper-securitization, everyday security practice and technification: cyber-security logics in Switzerland. Swiss Polit. Sci. Rev. 27(1), 139–149 (2021)

    Article  Google Scholar 

  13. cipher: Which Country is #1 in Cybersecurity? (2021). Accessed 10 July 2021. https://cipher.com/blog/which-country-is-1-in-cybersecurity/

  14. CISCO: cyber diplomacy in the European union (2017). Accessed 2 May 2021. https://www.cisco.com/c/dam/m/en_ca/business-transformation/pdf/5-ways-to-detect-a-cyber-attack.pdf

  15. Clare, J.: The deterrent value of democratic allies. Int. Stud. Quart. 57(3), 545–555 (2013)

    Article  Google Scholar 

  16. Cluley, G.: Us offers \$10 million reward in hunt for state-sponsored ransomware attackers (2021). Accessed 17 Jul 2021. https://www.tripwire.com/state-of-security/security-data-protection/us-offers-10-million-reward-in-hunt-for-state-sponsored-ransomware-attackers/

  17. Cohen, M., Freilich, C., Siboni, G.: Four Big “Ds’’ and a Little “r’’: a new model for cyber defense. Cyber Intell. Secur. 1(2), 21–36 (2017)

    Google Scholar 

  18. Cop**er, D.S.: Aggression in Cyberspace: Framing an Operational Response. Technical Report, Naval War Coll Newport RI Joint Military Operations Department (2010)

    Google Scholar 

  19. Cuthbertson, A.: Yahoo data breach is ‘Most Audacious Hack of All Time’ (2016). Accessed 30 Apr 2021. https://uk.news.yahoo.com/yahoo-data-breach-most-audacious-163029811.html

  20. Department of Global Communications: 5 ways the UN is fighting ‘infodemic’ of misinformation (2020). Accessed 2 May 2021. https://www.un.org/en/department-global-communications/

  21. Earle, P.C.: Lockdowns have killed what’s left of the united nations’ credibility (2020). Accessed 30 Apr 2021. https://www.aier.org/article/lockdowns-have-killed-whats-left-of-the-united-nations-credibility/

  22. Fayi, S.Y.A.: What Petya/NotPetya ransomware is and what its remidiations are. In: Latifi, S. (ed.) Information Technology - New Generations. AISC, vol. 738, pp. 93–100. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77028-4_15

    Chapter  Google Scholar 

  23. Fitzpatrick, D.: Evolution and chaos in property right systems: the third world tragedy of contested access. Yale LJ 115, 996–1048 (2005)

    Article  Google Scholar 

  24. GOV.UK: Implementing norms in cyberspace (2020). Accessed 30 Apr 2021. https://www.gov.uk/government/publications/implementing-norms-in-cyberspace

  25. Hald, S.L., Pedersen, J.M.: An updated taxonomy for characterizing hackers according to their threat properties. In: 2012 14th International Conference on Advanced Communication Technology (ICACT), pp. 81–86. IEEE (2012)

    Google Scholar 

  26. Hanhimäki, J.M.: The United Nations: A very Short Introduction. Oxford University Press, Great Britain (2015)

    Book  Google Scholar 

  27. Hollis, D.B.: Why states need an international law for information operations. Lewis Clark L. Rev. 11, 1023–1061 (2007)

    Google Scholar 

  28. Hunton privacy blog: white house to nominate first national cyber director (2021). Accessed 18 Jul 2021. https://www.huntonprivacyblog.com/2021/04/14/white-house-to-nominate-first-national-cyber-director/

  29. ID agent: 10 facts about nation-state cyberattacks that will keep you up at night (2020). https://www.idagent.com/blog/10-facts-about-nation-state-cyberattacks-that-will-keep-you-up-at-night/

  30. Jacobsen, J.T.: En “digital Genèvekonvention” er ikke i Danmarks interesse. Internasjonal Politikk 76(2), 73–88 (2018)

    Google Scholar 

  31. Jensen, L.: Maritime cyber security: it’s all about the money (2021). Accessed 1 May 2021. https://improsec.com/cyber-blog/maritime-cyber-security-its-all-about-the-money

  32. Jervis, R.: The cuban missile crisis: what we know, how did it start, and how did it end. In: Scott, L., Hughes, R.G. (eds.) The Cuban Missile Crisis: A Critical Reappraisal (Cold War History). Taylor & Francis, Oxon (2018)

    Google Scholar 

  33. Kanuck, S.: Sovereign discourse on cyber conflict under international law. TEx. L. REv. 88, 1571–1597 (2009)

    Google Scholar 

  34. Kello, L.: The meaning of the cyber revolution: perils to theory and statecraft. Int. Secur. 38(2), 7–40 (2013)

    Article  Google Scholar 

  35. Kostadinov, D.: The attribution problem in cyber attacks (2013). Accessed 30 Apr 2021. https://resources.infosecinstitute.com/topic/attribution-problem-in-cyber-attacks/

  36. Lakshmanan, R.: Here’s how solarwinds hackers stayed undetected for long enough (2021). Accessed 30 Apr 2021. https://thehackernews.com/2021/01/heres-how-solarwinds-hackers-stayed.html

  37. Lee, E.: More dependence on internet leads to more cyberattacks worldwide (2017), vOA News. Accessed 8 May 2021. https://www.voanews.com/silicon-valley-technology/more-dependence-internet-leads-more-cyberattacks-worldwide

  38. Levinson, M.: Why law enforcement can’t stop hackers (2011). Accessed 1 May 2021. https://www.cio.com/article/2402264/why-law-enforcement-can-t-stop-hackers.html

  39. Lin, H.S.: Offensive cyber operations and the use of force. J. Nat’l Sec. L. Pol’y 4, 63–86 (2010)

    Google Scholar 

  40. Lustik, L.: Can the UN prevent cyber-attacks? (2018). Accessed 1 May 2021. https://thenewcontext.org/can-the-un-prevent-cyber-attacks/

  41. Maness, R.C., Valeriano, B.: The impact of cyber conflict on international interactions. Armed Forces Soc. 42(2), 301–323 (2016)

    Article  Google Scholar 

  42. Moret, E., Pawlak, P.: The EU cyber diplomacy toolbox: towards a cyber sanctions regime? (2017). European Union Institute for Security Studies (EUISS). Accessed 8 May 2021. https://www.iss.europa.eu/sites/default/files/EUISSFiles/Brief 24 Cyber sanctions.pdf

  43. Murray, G.R., et al.: Toward creating a new research tool: Operationally defining cyberterrorism (2019), oSF Preprints

    Google Scholar 

  44. Newbill, C.M.: Defining critical infrastructure for a global application. Ind. J. Global Legal Stud. 26, 761–780 (2019)

    Article  Google Scholar 

  45. Newman, L.H.: How an accidental ‘Kill Switch’ Slowed Friday’s massive ransomware attack (2017). Accessed 1 May 2021. https://www.wired.com/2017/05/accidental-kill-switch-slowed-fridays-massive-ransomware-attack/

  46. Nye, J.S., Jr.: Deterrence and dissuasion in cyberspace. Int. Secur. 41(3), 44–71 (2016)

    Article  Google Scholar 

  47. Office of the director of national intelligence: NCSC director warns of nation-state cyber threats to law firms in June 4 remarks at ILTA LegalSEC summit 2019 (2019). https://www.dni.gov/index.php/ncsc-newsroom/item/2002-ncsc-director-warns-of-nation-state-cyber-threats-to-law-firms-in-june-4-remarks-at-ilta-legalsec-summit-2019

  48. Office of the director of national intelligence: cyber threat framework (undated). https://www.odni.gov/index.php/cyber-threat-framework

  49. O’Flaherty, K.: U.S. government confirms plan to defend 2020 election against cyberattacks (2019). https://www.forbes.com/sites/kateoflahertyuk/2019/08/28/us-government-plan-to-halt-election-cyberattacks-misses-one-major-issue/?sh=7c1017de2041

  50. Oved, M.C.: Journalist’s phone hacked by new ‘invisible’ technique: all he had to do was visit one website. Any website. (2021). https://www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html

  51. O’Connell, M.E.: Cyber security without cyber war. J. Confl. Secur. Law 17(2), 187–209 (2012)

    Article  Google Scholar 

  52. Pomerleau, M.: State vs. non-state hackers: different tactics, equal threat? (2015). https://defensesystems.com/articles/2015/08/17/cyber-state-vs-non-state-haclers-tactics.aspx

  53. Presidency: European union: cyber diplomacy in the European union (2019). Accessed 2 May 2021. https://eucyberdirect.eu/wp-content/uploads/2019/12/cd_booklet-final.pdf

  54. Rankin, D.J., Bargum, K., Kokko, H.: The tragedy of the commons in evolutionary biology. Trends Ecol. Evol. 22(12), 643–651 (2007)

    Article  Google Scholar 

  55. Renaud, K., Orgeron, C., Warkentin, M., French, P.E.: Cyber security responsibilization: an evaluation of the intervention approaches adopted by the five eyes countries and China. Public Adm. Rev. 80(4), 577–589 (2020)

    Article  Google Scholar 

  56. Rid, T., Buchanan, B.: Attributing cyber attacks. J. Strat. Stud. 38(1–2), 4–37 (2015)

    Article  Google Scholar 

  57. Rosenzweig, P.: Cyber warfare: how conflicts in cyberspace are challenging America and changing the world. ABC-CLIO (2013)

    Google Scholar 

  58. Schmitt, M.N. (ed.): Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge University Press, Cambridge (2017)

    Google Scholar 

  59. Shackelford, S.J., Andres, R.B.: State responsibility for cyber attacks: competing standards for a growing problem. Geo. J. Int’l L. 42, 971 (2010)

    Google Scholar 

  60. Sharma, U., Sharma, S.K.: Principles And Theory In Political Science Vol# 1. Atlantic Publishers & Dist, New Delhi (2000)

    Google Scholar 

  61. Sigholm, J., Larsson, E.: Determining the utility of cyber vulnerability implantation: The heartbleed bug as a cyber operation. In: 2014 IEEE Military Communications Conference, pp. 110–116. IEEE (2014)

    Google Scholar 

  62. Silver, L.: U.S. is seen as a top ally in many countries - but others view it as a threat (2019). Accessed 30 April 2021. https://www.pewresearch.org/fact-tank/2019/12/05/u-s-is-seen-as-a-top-ally-in-many-countries-but-others-view-it-as-a-threat/

  63. Singer, E.O.: From reproductive rights to responsibilization: fashioning liberal subjects in Mexico City’s new public sector abortion program. Med. Anthropol. Quart. 31(4), 445–463 (2017)

    Article  Google Scholar 

  64. Smith, B.: Keynote address at the RSA conference: the need for a digital Geneva convention (2017), president and Chief Legal Officer, Microsoft

    Google Scholar 

  65. Starks, T.: US blames China for Microsoft hacking, ransomware attacks as part of global condemnation (2021). Accessed 19 Jul 2021. https://www.cyberscoop.com/china-microsoft-exchange-server-indictments-us-allies/

  66. Terry, P.C.: Don’t do as I do-The US response to Russian and Chinese cyber espionage and public international law. German Law J. 19(3), 613–626 (2018)

    Article  Google Scholar 

  67. The associated press: US, Estonia partnered to search out cyber threat from Russia (2020). Accessed 2 May 2021. https://www.usnews.com/news/politics/articles/2020-12-03/us-estonia-partnered-to-search-out-cyber-threat-from-russia

  68. Tidy, J.: Solarwinds: Why the sunburst hack is so serious (2020). Accessed 31 Dec 2020. https://www.bbc.com/news/technology-55321643

  69. Torres, M., Riordan, S.: Policy brief: the cyber diplomacy of constructing norms in cyberspace (2020). Accessed 30 Apr 2021. https://www.ieeiweb.eu/wp-content/uploads/2020/10/T20_TF5_PB4_ok.pdf

  70. Tsagourias, N.: Cyber attacks, self-defence and the problem of attribution. J. Conflict Secur. Law 17(2), 229–244 (2012)

    Article  Google Scholar 

  71. United nations: telling the UN story in many languages, powered across platforms. (undated). Accessed 30 April 2021. https://www.un.org/en/department-global-communications/

  72. Valeriano, B., Jensen, B.M., Maness, R.C.: Cyber strategy: The Evolving Character of Power and Coercion. Oxford University Press, New York (2018)

    Book  Google Scholar 

  73. Valeriano, B., Maness, R.C.: The dynamics of cyber conflict between rival antagonists, 2001–11. J. Peace Res. 51(3), 347–360 (2014)

    Article  Google Scholar 

  74. Vavra, S.: NSA warns defense contractors to double check connections in light of Russian hacking (2021). Accessed 30 April 2021. https://www.cyberscoop.com/nsa-warns-defense-contractors-operational-technology-connections-russia-solarwinds/

  75. Vercellone, C.: Ukraine is getting more help to build cyber capabilities (2020). Accessed 3 May 2021. https://www.fifthdomain.com/international/2020/03/04/ukraine-is-getting-more-help-to-build-cyber-capabilities/

  76. Walljasper, J.: Elinor Ostrom’s 8 principles for managing a commons (2011). Accessed 22 Apr 2021. http://www.onthecommons.org/magazine/elinor-ostroms-8-principles-managing-commmons

  77. Waltz, K.N.: Theory of International Politics. Reading, Mass.: Addison-Wesley Pub. Co., Boston (1979)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Strathclyde, Glasgow, UK

    Karen Renaud & Tony Craig

  2. Abertay University, Dundee, UK

    Karen Renaud & Amel Attatfa

  3. Rhodes University, Grahamstown, RSA

    Karen Renaud

  4. University of South Africa, Gauteng, RSA

    Karen Renaud

Authors
  1. Karen Renaud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amel Attatfa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tony Craig
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Karen Renaud .

Editor information

Editors and Affiliations

  1. Delft University of Technology, Delft, The Netherlands

    Simon Parkin

  2. King's College London, London, UK

    Luca Viganò

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Renaud, K., Attatfa, A., Craig, T. (2022). Positioning Diplomacy Within a Strategic Response to the Cyber Conflict Threat. In: Parkin, S., Viganò, L. (eds) Socio-Technical Aspects in Security. STAST 2021. Lecture Notes in Computer Science, vol 13176. Springer, Cham. https://doi.org/10.1007/978-3-031-10183-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10183-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10182-3

  • Online ISBN: 978-3-031-10183-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation