Sunday Musings: Cyberconflict, an Evolution of Thought, a Swing at a New Model

November 17th, 2024

Happy Sunday Friends!

This week I’m foregoing the latter portion of the musing as I’ve written a ton regarding cyberconflict and policy. It’s a bit of a neck out moment for me, let me know what you think, critiques welcome.

One Quote I’m Musing

"To dare is to lose one's footing momentarily. To not dare is to lose oneself."

-S?ren Kierkegaard

Strategic Understanding in Cyberconflict: Reflections on the Evolution of the Field: I came across an interesting study this week called "The Evolution of Cyberconflict Studies" by Myriam Dunn Cavelty, Tobias Pulver, and Max Smeets. It got me thinking about how the field of cyberconflict has evolved from a niche concern to a critical component of international strategic studies. The article charts the development of cyberconflict studies, highlighting key milestones that have shaped its current understanding. It also presents how the ongoing transition from viewing cyberspace as merely a battleground to seeing it as a continuous domain of competition requires a paradigm shift in strategic thought for both policymakers and military leaders. This study helped me coalesce my thoughts regarding our need not just in the evolution of concepts; but to consider how we can better navigate this dynamic, digitally contested landscape.

Hopefully in the next 1900 or so words, I’ll present solid thoughts on the evolution of cyberwar and cyberconflict as well as the pressing need for refining our thoughts on strategy and policy in the domain.

The Need for a Strategic Understanding of Cyberconflict: The study’s reflections on the evolution of cyberconflict naturally lead us to consider how we can leverage integrated models to maintain strategic advantage. In many ways, the thoughts presented in this study reinforce a model I have been developing called the Cyber-Integrated Revolution in Military Affairs (CIRMA). CIRMA represents a framework for understanding and engaging with both cyberconflict and influence warfare in the modern era. It emphasizes the integration of cyber capabilities and influence operations across all traditional military domains—land, sea, air, space—into a cohesive, strategic force.

Cyberconflict, as defined by the authors, represents a new frontier in the domain of international conflict, where the intrusion of adversaries into computer networks aims to achieve political, military, or economic objectives. The evolution of this field, from a niche subject within strategic studies to an increasingly diversified and mature discipline, illustrates the growing importance of understanding and navigating the strategic implications of cyberspace. For military and government leaders, particularly those involved in cybersecurity policy, this evolution calls for a deepened engagement with the concepts that have emerged to understand and counteract adversaries in cyberspace.

These evolving aspects of cyberconflict challenge all of us to think beyond traditional deterrence. How can organizations prepare to confront threats that touch not only technical but also political, ethical, and governance dimensions? The challenges outlined in the study reflect the pressing need for an interdisciplinary approach that encompasses not just the military and technical dimensions, but also the broader socio-political context in which cyberconflict takes place. The CIRMA model highlights that such an interdisciplinary approach is essential not only for technical defense but also for integrating influence operations to shape perceptions, narratives, and sentiments continuously.

A Sneak Peek at the CIRMA Model: A Comprehensive Framework for Cyberconflict and Influence Warfare: In CIRMA, we view cyberspace as an infinite game, emphasizing the need for continuous engagement to maintain strategic influence. By understanding cyberspace as an environment where influence must be persistently asserted, I think it provides a roadmap for proactive campaigns aimed at shaping perceptions and securing a competitive edge. Without this ongoing engagement, we risk losing footholds in a domain where influence is constantly contested, creating vulnerabilities that adversaries can exploit. Rather than focusing solely on episodic, disruptive incidents, CIRMA underscores the value of proactive influence campaigns aimed at shaping perceptions and maintaining a strategic advantage in a contested domain. This model is highly relevant in understanding the ongoing evolution of cyberconflict and offers a fresh perspective on how we can effectively adapt our strategies to address emerging challenges.

Key Developments in Cyberconflict Studies: The study identifies key milestones in the evolution of cyberconflict studies, noting that its emergence was shaped by several high-profile incidents, including Stuxnet and the DDoS attacks against Estonia. These events served as pivotal moments that brought cyber operations into the realm of strategic security considerations. According to the article, these incidents demonstrated the dual capacity of cyber tools: they can inflict significant physical and psychological damage and, simultaneously, reveal adversarial intentions and vulnerabilities.

These incidents remind us that no one is truly safe—whether it is a government entity, a private organization, or an individual, we are all stakeholders in the security of cyberspace. Imagine a scenario where an unprepared organization becomes the next headline due to a cyber incident—a reminder of the real consequences of inaction. Initially, the focus of research within cyberconflict studies was largely centered on the concept of "cyberwar" and its potential to disrupt nation-states. Scholars debated whether cyberspace could enable weaker powers to challenge stronger states in new, unconventional ways. Over time, however, the conversation shifted from cyberwar to broader, more nuanced ideas such as cyber persistence, intelligence contests, and cyber norms. This evolution underscores the importance of framing cyber operations not as discrete incidents, but as ongoing, strategic activities aimed at shaping the broader security landscape.

Similarly, I believe cyberconflict is not only about direct disruption but also about influence. Influence operations in cyberspace are aimed at manipulating narratives, shaping behaviors, and ensuring sustained strategic positioning. In alignment with CIRMA, the dual role of cyber tools as both disruptive and influential assets shows that cyber persistence is about continuous influence rather than isolated victories.

For policymakers, understanding these shifts is crucial. The early emphasis on the disruptive potential of cyberwar provided a limited perspective, often focusing on worst-case scenarios (“Cyber Pearl Harbor” ring any bells?). The newer focus on cyber persistence theory, which posits that states engage in a continuous state of cyber competition, emphasizes the need for resilience and sustained engagement in cyberspace rather than reactive measures alone. Leaders who truly understand the dynamics of cyberspace are those who embrace continuous learning and collaboration. Are you fostering a culture of continuous learning in your organization?

This question should prompt us all to consider whether we are doing enough to stay ahead in an ever-evolving domain. Being proactive is what sets resilient organizations and individuals apart from those merely waiting for the next crisis.

Strategic Implications for Policy: The strategic implications of this shift cannot be overstated. As the authors point out, the evolving nature of cyberconflict requires military and government leaders to think of cyberspace not just as a battleground but as a continuous domain of competition. This aligns with the concept of infinite games—in which success is defined not by final victory but by the ability to continue playing and maintaining influence. This perspective encourages policymakers to invest in sustainable capabilities that allow for ongoing competition, from persistent engagement in cyber defense to developing norms for state behavior in cyberspace.

I use my model to frame this continuous competition as a dual approach involving both cyber and influence operations. For military leaders, policymakers, and corporate executives, this dual approach requires tailoring strategies that align with each group’s unique interests and capabilities, thereby enhancing both effectiveness and impact. By fostering a cohesive strategy that combines cyber defense with influence operations, CIRMA ensures that stakeholders are equipped to proactively engage in this ongoing contest. Cyberspace must be viewed as an infinite contest where influence campaigns play a central role in shaping perceptions and maintaining strategic advantage.

A key challenge that emerges from the research is the tension between methodological rigor and practical policy relevance. As the field matured, a noticeable shift occurred from conceptual exploration to more empirically grounded studies. For instance, the move towards quantitative studies and experimental research designs reflects a broader demand for evidence-based policy decisions. Policymakers should recognize the value of this evolution—quantitative and case-study-driven research can provide actionable insights, helping bridge the gap between abstract theoretical models and real-world cyber incidents. If the evolution of cyberconflict has taught us anything, it is that the complexity of cyberspace requires each of us to rethink how we engage with it—both individually and collectively.

The diversification of research topics, particularly in the post-2018 period, also highlights an expansion in the scope of what constitutes cyberconflict. Early research predominantly focused on deterrence and defense, while more recent studies incorporate issues of governance, intelligence, and the normative implications of cyber activities. These thoughts combine with mine to reinforce that cyber capabilities must be integrated with traditional operations to maintain an advantageous position in this continuous game.

How can we integrate these lessons into our approach to cybersecurity, ensuring we are not just reactive but actively shaping a landscape that is unbounded by traditional borders and defined by nation-states, corporations, academia, as well as the civilian populace?

Real-World Application: Leveraging Insights for Policy and Strategy: The findings from this study have direct applications for shaping cybersecurity policy and strategy. For government and military leaders, it is imperative to foster interdisciplinary collaboration, as highlighted by the authors. Cyberconflict is inherently multidisciplinary—it touches upon strategic studies, international relations, law, and technical expertise. Engaging experts from these fields ensures that policy responses are both robust and adaptable to the complex dynamics of cyber operations.

As an adaption to strategy, I think we must create seamless integration of cyber operations with traditional domains (land, sea, air, space), along with influence campaigns, to create a cohesive and adaptive strategy. This approach is crucial for ensuring that operations in cyberspace are not siloed but are effectively coordinated across all domains of warfare, enhancing strategic adaptability and responsiveness. By fostering partnerships between military, civilian, and corporate entities, CIRMA helps to ensure that cyber and influence operations work in tandem, not in isolation. Moreover, the concept of cyber persistence provides a useful framework for operationalizing cybersecurity strategies. Rather than waiting for a high-impact cyber-attack to react to, states should continuously engage in cyber operations to shape the environment and preempt adversarial actions. This requires a rethinking of existing structures within national defense and intelligence, prioritizing the development of capabilities for ongoing operations rather than episodic engagements.

For the broader cybersecurity community, including business leaders and the general public, the discussion around intelligence and surveillance in cyberspace offers important takeaways. Consider the success stories of companies like Microsoft, who successfully warded off sophisticated attacks through enhanced threat intelligence and rapid incident response; Maersk, which rebuilt its IT infrastructure from the ground up in response to a major ransomware attack, emerging more resilient; and JPMorgan Chase, which invested heavily in cyber talent and technology to bolster defenses and stay ahead of evolving threats.

These cases serve as powerful examples of the benefits of a forward-thinking approach. The privatization of spyware, and the subsequent influence of non-state actors on cyber activities, calls for stronger public-private partnerships in cybersecurity. I view these partnerships as pivotal, recognizing that civilian entities are essential, proactive participants in shaping and defending the cyber landscape. Their involvement ensures a comprehensive defense strategy, leveraging the strengths and resources of both public and private sectors. Businesses, especially those in tech and critical infrastructure sectors, need to be integrated into national cybersecurity frameworks as both targets and key defenders in the cyber domain. The term “Secure by Design” should be uttered so frequently that it becomes ubiquitous.

Toward a Proactive Cyber Strategy: The evolution of cyberconflict studies, as detailed in the article, reflects the growing recognition of cyberspace as a critical domain for national security. The maturation of this field—from its early focus on cyberwar to the nuanced understanding of cyber persistence and intelligence contests—offers valuable lessons for those in positions of power. A proactive cyber strategy must be rooted in continuous engagement, interdisciplinary collaboration, and a deep understanding of the dynamics that shape cyberspace as a domain of conflict.

My perspective on cyber and influence warfare reinforces that continuous competition and proactive engagement are not only necessary but also foundational to maintaining strategic advantage. For military and government leaders, adopting this new paradigm means not only developing advanced cyber capabilities but also fostering partnerships across academia, industry, and allied nations. By doing so, we ensure that cyber strategies are both reflective of the evolving nature of conflict and resilient against the complex, multifaceted threats of the digital age. The CIRMA model highlights the importance of integrating influence operations and technical capabilities seamlessly, ensuring that every action in cyberspace is part of a broader, cohesive strategy.

As we move forward, the question remains: how will each of us integrate these insights into our own strategies, ensuring we are not merely responding to the next wave but actively shaping the tide? This proactive stance is not just about defense; it is about being an active participant in a constantly shifting landscape, shaping outcomes, and asserting influence where it matters most.?Each of us has the potential to be a hero in the ongoing narrative of cybersecurity—our actions today will determine our strength tomorrow.

One Question

Where has your mind been focused? What old truths are you or others clinging to that need to be challenged?

Have a wonderful week,

I’ll see you Sunday.

-e