Cyber Operations In Wartime

Headlines about cyber warfare often focus on doomsday scenarios, with depictions of nation-states using “cyber bombs” to remotely dismantle electric grids and other critical infrastructure

Yet recent events, including Russia’s use of cyber operations for information warfare and propaganda, suggest that policymakers and military leaders need to broaden their assumptions about how state and non-state actors are likely to use such operations in future conflicts. 

To investigate the role of cyber operations in diverse crisis scenarios, the UC Berkeley Center for Long-Term Cybersecurity  (CLTC) has developed two distinct wargame formats the use  innovative methodology for investigating competition among diverse actors to determine their likely strategic preferences.

Island Impact & Netwar

In the Island Impact game, players represented either the US or China in a simulated crisis in the South China Sea. In Netwar the players took on the role of either a national government or one of three opposition groups (a violent non-state actor, major international firm, or cyber activist network) in the context of an escalating conflict.

  • CLTC first ran these games with university students and national security professionals to examine how the participants approached incorporating cyber capabilities with more conventional tools of statecraft.
  • CLTC then constructed a survey experiment involving more than 3,000 internet users to identify which of the strategies identified in the wargame they preferred.

The wargames and survey experiments both showed that cyber capabilities produce a moderating influence on coercive exchanges and crisis escalation.

Cyber-based instruments of power appear to offer states a means of managing escalation ‘in the shadows’.

Cyber conflict appears in these simulations to resemble covert action and looks more like the ‘political warfare’ of the Cold War than it does a military revolution. The research work suggests that leaders should think about cyber exchanges in crisis settings more as political warfare and subterfuge than as traditional warfighting. 

Among The  CLTC's Key Findings:

Cyber exchanges will not necessarily be escalatory:

Particularly in state-to-state crises, participants were restrained in their use of cyber tools, suggesting that cyber capabilities may not necessarily be a preferred choice for provocative escalations.

Cyber deterrence may be overhyped:

In the context of cyberspace, the logic of coer-cion—the use of threats and limited action to alter behavio is less about deterrence (i.e. the threat of force) than about signaling resolve and undermining adversaries from within.

Power disparities had limited influence on decision-making:

Even players who were more powerful than their opponents used restraint, suggesting that cyber operations may in fact help stabilize strategic interactions between rivals.

Regime type informs cyber strategy preferences: 

Actors took a more defensive posture when the polity they were contesting was a democracy, as opposed to an autocracy.

Cyber strategy is “issue-agnostic”:

The nature of the conflict has little impact on the use of cyber capabilities, as different issues driving conflict, ideology or ethnic minority rights, did not produce observable differences in cyber strategy preferences.

The report, sponsored by the UC Berkeley, gives an overview of the implications for policymakers and military leaders as they make decisions about cybersecurity and anticipate how rivals will use cyber space in future crises linked below. 

Academia. Edu:

You Might Also Read: 

Reshaping The Future Of War With Malware:

 

« Alarming Surge In Malicious Apps
Endpoint Security Is More Important Than Ever »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

SK Shieldus

SK Shieldus

SK shieldus are a converged security provider with business capabilities in both cybersecurity and physical security based on Big-Tech.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.

Cyberhill Partners

Cyberhill Partners

Cyberhill is a professional engineering services firm solving complex software implementation and integration challenges.