Close
About
FAQ
Home
Collections
Login
USC Login
Register
0
Selected
Invert selection
Deselect all
Deselect all
Click here to refresh results
Click here to refresh results
USC
/
Digital Library
/
University of Southern California Dissertations and Theses
/
Code 'war' theorizing: information and communication technology's impact on international relations theorizing, negotiation, and cyber relations
(USC Thesis Other)
Code 'war' theorizing: information and communication technology's impact on international relations theorizing, negotiation, and cyber relations
PDF
Download
Share
Open document
Flip pages
Contact Us
Contact Us
Copy asset link
Request this asset
Transcript (if available)
Content
Code ‘War’ Theorizing:
Information and Communication Technology’s Impact on International Relations
Theorizing, Negotiation, and Cyber Relations
Mayagüez J. Salinas
Faculty of The USC Graduate School
Dornsife College of Letters, Arts and Sciences
Political Science and International Relations
Doctor of Philosophy
University of Southern California
December 13, 2018
Salinas | 1
“You bring me 10 hackers, with [in] 90 days I’ll bring this country [USA] to its knees.”
-Jim Settle
1
“I know of no development that poses a greater threat to this nation than a massively,
digitally connected world where every aspect of national interest can be affected through
digital domain in a largely unconstrained way by any body who has a few bucks in a
manner that defies logic of geography and reach and investment against a target that is
so distributed and still so connected.”
-Susan Gordon
2
1
Jim Settle is the former head of the FBI's computer security section, as reported in The
Australian, June 18, 1996 (Lamb 2002).
2
Susan Gordon is the principal deputy director of US National Intelligence. This quote
was from a Q&A at the Pacific Council on February 21, 2018.
Salinas | 2
Table of Contents
List of abbreviations 3
List of tables, figures, and charts 4
Chapter 1: Welcome to Cybered Spaces 6
Chapter 2: An Intersectional Puzzle 35
Chapter 3: The Case of the Disappearing Bargaining Range 59
Chapter 4: Info Lemons to Data Lemonade 89
Chapter 5: Good Ol’ Code ‘War’ Adversary 118
Chapter 6: What Can We Do? 141
Chapter 7: Conclusions: CTRL + ALT + RETHINK 155
Bibliography 162
Appendix A: Proof 1: First-mover’s probability of success is higher than failure 172
Appendix B: Proof 2: (Counterfactual) First-mover’s probability of success is 173
lower than failure
Appendix C: Variables researched for all countries 174
Salinas | 3
Abbreviations
CPU – Central processing unit
IP – Internet Protocol
IT – Information Technology
ICT – Information and Communication Technology
MCE – Malicious Cyber Engagement
QRE – Quantal Response Equilibrium
RDT&E – Research, Development, Testing and Evaluation
USD – United States Dollar
Salinas | 4
List of tables, figures, and charts
Figure 1: Narrowing the scope of the literature review 36
Figure 2: Initiator profile 65
Figure 3: Target profile 67
Figure 4: Cyber bargaining range (assuming divisibility) 78
Figure 5: Cyber bargaining range with lower costs and increased probability 79
Figure 6: Conditions under which a bargaining range exists 80
Figure 7: Cyber bargaining range (assuming indivisibility) 81
Figure 8: Conditions under which no bargaining range exists 82
Figure 9: Conditions under which a bargaining range exists with signal 83
Figure 10: Decision Tree 84
Figure 11: Cyber Engagement Continuum 105
Figure 12: Flow of Russia Argument 126
Table 1: Sample coding from US/Russia Dyad 96
Table 2: Fixed-effects negative binomial regression #1 108
Table 3: Fixed-effects negative binomial regression #2 108
Table 4: Zero-inflated negative binomial regression #1 109
Table 5: Zero-inflated negative binomial regression #2 110
Table 6: Fixed-effects negative binomial regression #3 111
Table 7: Fixed-effects negative binomial regression #4 112
Table 8: Zero-inflated negative binomial regression #3 113
Table 9: Zero-inflated negative binomial regression #4 114
Chart 1: Number of people who have left Russia 128
Salinas | 5
Chart 2: How wealth is spread: the US vs. Russia 130
Chart 3: Soviet/Russian political history versus oil price 132
Chart 4 : Internet penetration rate in Russia 134
Chapter 1: Introduction Salinas | 6
Chapter 1: Welcome to Cybered Spaces
The purpose of this research endeavor is simple in its purpose even if its
execution is more burdensome and only raises more interesting and relevant questions
that require more burdensome research. I have had many questions surrounding the so-
called “cyber war” being waged by both state and non-state actors, alike. After the
numerous recent high-profile hacks that have negatively affected nation-states, the need
to systematically analyze the defining and contributing aspects of these encounters took
on a greater sense of urgency for me personally and with other scholars within the
discipline as a whole. You cannot turn on the television without hearing someone
spouting his or her uninformed opinion on the “cyber war” being waged. This rise in
occurrences and subsequent news coverage led to a rise in the level of curiosity among
war scholars (i.e. political scientists and international relations theorists). However, many
of the early attempts to do this needed analysis left much to be desired by the few
interdisciplinary scholars who have an understanding of both the political science and
computer science necessary to effectively perform such an analysis.
While these early attempts should be commended, they were, first and foremost,
plagued by the lack of assembled data with which to use for any rigorous analysis. Next,
the need for academics to say anything knowledgeable about the topic has (in my
opinion) forced them to attempt to erroneously overlay already established political
science and international relations theories onto the cyber realm without acknowledging
the defining fundamental differences of cyber space; differences that are significant
enough to cause the theories to not neatly fit. Even the language used to describe these
Chapter 1: Introduction Salinas | 7
state-to-state malicious cyber engagements (“war,” “attack,” “weapon,” etc.) is laden
with the implicit definitions and descriptions of traditional kinetic conflicts. This has hurt
our theorizing that has been done to date. From the very beginning, the seemingly
insatiable desire to assign cyber space as the “fifth domain” of conflict and war
demonstrates, at minimum, a basic misunderstanding of how cyber space functions and
how these functions connect it to the traditionally understood conflict domains of land,
air, sea, and space.
At its core, these malicious cyber engagements (MCEs), as I prefer to call them,
are either about addressing information asymmetries between two actors, or an actor
sabotaging politically, economically, or militarily expedient targets of opportunity
located in another. Neither of these motivations is new in Political Science and
International Relations theorizing. However, there are three characteristics that give
cyber space special merit in theorizing when these motivations are being considered. The
first is the difficulty in positively attributing the origins of an attack. The second is there
does not yet exist an internationally accepted institutional framework with credible
enforcement mechanisms in place to deter actor behavior or to punish any infractions that
may take place. The last is the low cost of entry to develop and use cyber tools. These
three characteristics are salient in putting the decision to launch a malicious cyber
engagement against an adversary as a viable option for a nation state. Furthermore, cyber
space’s characteristics tips the potentially attacking nation-state’s decision-making scales
in favor of maliciously engaging with another state actor where there exists either an
informational asymmetry or the strategic need to sabotage something.
Chapter 1: Introduction Salinas | 8
The attribution problem when taken with the lack of credible institutional
deterrents and enforcement mechanism means that cyber space is not the area of study
where blind importation of war and conflict theories are going to offer convincingly
sufficient explanations of what we actually see happening. The difficulty in ascertaining
an MCE’s origin and the low cost to deploy it have such a significant effect on the
attacking nation’s decision-calculus that we would be remiss if we did not include it as a
variable in any credible attempt at analyzing MCEs.
Furthermore, the issue of indivisibility’s effect on bargaining is another area that
requires special consideration when analyzing state-to-state malicious cyber
engagements. In cyber space, when information stored on a hard-drive or a server is
‘stolen,’ it is actually copied. This is in stark contrast a physical object that when stolen
ends up in a different location (and not in the original). Additionally, an object like a
parcel of land can potentially be physically divided if a dispute over it should arise. Data
creates an “all or nothing” indivisibility problem where either all of the data is known or
none of it is ascertained. This characteristic tightens the assumptions around any potential
agreement that can be negotiated between two actors. Given this fact, new formal models
need to be created to account for this narrowed bargaining range that results from these
facts.
Some of the best theorists in the world have already laid the foundation to analyze
why nations decide to launch attacks on one another. I have wisely relied on their
seminal works to serve as a starting point in my own analysis of MCEs, taking into
account the aforementioned characteristics. However, these authors’ models stopped
short of including attribution, indivisibility, and lack of credible enforcement
Chapter 1: Introduction Salinas | 9
mechanisms. Thus, I take on the task of including these variables in my models. If they
are not included in my model as an explicitly designed variable, I, at least, acknowledge
them and explain their effects on the models.
In the rest of this chapter I will describe how I think we should think about the
Stuxnet attack, the one attack that is commonly referenced whenever the topic of cyber
space and International Relation is brought up. Then, I will discuss the core questions
that I pondered after fully understanding the technical and political aspects of the Stuxnet
attack, most notably whether or not we can even call an MCE an act of war? Then, I will
present two other real world cases to begin to prime our thinking of what actually is
taking place when an MCE is initiated on a target. Next, I highlight the areas of cyber
space that I believe need to be fully understood and acknowledged before we can begin to
theorize, specifically, the attribution problem, the importance of non-state actors, and
rethinking the domains of war in the context of cyberspace.
My intention is to lay the foundation to understand how all of these variables that
are uniquely represented in cyber space change some of the most accepted International
Relations theory. This ultimately leads to the new theorizing and hypothesis testing that
is laid out in the rest of this dissertation.
Operation: Olympic Games
I have tried for the better part of four years to not use the word ‘Stuxnet’ in my
conversations around national cyber security, whether it was in front of the classroom or
in one-on-one conversations with academic colleagues. Personally, I feel it is cliché to
Chapter 1: Introduction Salinas | 10
say it too early in an episode of spirited discourse and it is also telling if that someone is
parroting (if you even call it that) the mainstream understanding of it throughout the
course of the conversation. Every poorly written academic article that I have read on
cyber security within the context of international relations has leaned on this now
infamous offensive cyber operation like a figurative kickstand for misplaced theorizing.
This usually leads to involuntary eye-rolls for those that truly understand the technical
aspects of the ubiquitous “first state-to-state cyber attack.” Those in the ‘know’ chuckle
to ourselves every time we hear the word uttered. While that may sound harsh, it is the
reality of what has been going on.
3
Ironically, I soon realized that using Operation Olympic Games (the actual name
used for the attack within the intelligence community) and the argument around whether
or not the attack was successful is the perfect unifying tool to explain our field’s current
understanding of cyber security in international relations and to contribute to future
theorizing in the discipline. Was it a failure because it only slowed down Iran’s nuclear
enrichment program as opposed to shutting it down? Was it a failure because the
attackers’ identity was eventually deduced? Or was it successful because the
aforementioned was exactly what the authors of the code intended? I can use the this
singular point of accepted misunderstandings as an ontological entry point to generally
explain the true nature of cyber security within international relations theorizing, while
presenting my own epistemological interpretation of why states behave in the manner in
which they do at the cyber level. There is sufficient elite buy-in on this singular cyber
3
It is worth noting that I began coding in 1984 and worked as a software systems
architect before beginning graduate school at the University of Southern California in
2013.
Chapter 1: Introduction Salinas | 11
event that a cogent generalizable argument on why the state actors involved made the
decision to attack would seriously be considered in the discourse moving forward.
Furthermore, there is value in challenging the core understanding of something that the
majority of scholars have interpreted wrongly.
There are number of different facets in the understanding of Operation Olympic
Games that provide some generalizable insights into state-to-state malicious cyber
engagements (MCEs) as a whole. The first is whether or not it was a success or a
failure. In exploring this question there are some interesting theoretical ideas that
become immediately salient. In order to define something as a being successful or a
failure we have to unpack the intentions behind the “attack” and through which actors’
lens are we viewing these intentions. Generally speaking, the salience of positively
identifying an attacker and a target, and their intentions are things that led me to consider
game theory as a practical theoretical tool to explore the questions surrounding state-to-
state MCEs, given the salience of these specific variables in most game theoretic formal
models. Specifically, in the case of Operation OG, understanding the intentions behind
the American and Israeli intelligence agencies’ intentions against the Iranian nuclear
program force us to fully explore at a technical level whether or not the tool did what its
authors created it to do in order to say with any certainty whether or not the attack was
successful, instead of calling it a failure based on a limited understanding of the
instructions written in the code itself.
Next, while neither the United States nor Israel has publically (or officially)
claimed responsibility for the attack, it is universally accepted in the surrounding
discourse that they were, in fact, the attackers. Part of the method with which attribution
Chapter 1: Introduction Salinas | 12
was deductively obtained, was the cost/benefit analysis of not only who had the resources
to incur the costs of the attack but also who stood to benefit the most if the attack was
successful. A measured cost/benefit analysis, much like translating actors’ intentions into
ordered and transitive preferences, further lends itself to the use of game theory as a tool
of theoretical analysis. Additionally, positive attribution is arguably the single most
important issue affecting a formal model of a two-actor repeated game on malicious
cyber engagements. In the specific case of Operation OG, Iran’s decision to launch a
retaliatory attack, Buckshot Yankee, against a global super-power, with full knowledge of
the seeds of doubt that would be sowed by the attribution problem in cyber space, is
indicative of the traditional measures of power being less salient in modeling a dyadic
interaction in this realm (Capaccio 2013).
I will use the nomenclature normally imposed on a discussion of Operation OG as
the impetus to force the reader to reconsider the blind importation of the language of
traditional kinetic warfare onto malicious cyber engagements. I assert that words
traditionally used to describe nefarious state-to-state interactions, especially in the case of
Operation OG, such as “war,” “weapon,” and “domain” if wantonly repurposed to use for
cyber theorizing, are laden with their implicit meanings that become detrimental to
formal models of malicious cyber engagements. It has been often said that Operation OG
was an “act of war.” Furthermore, it has also been said that the code used to execute the
attack is akin to a nuclear “weapon.” So much so that in the United States, per
Presidential Policy Directive PPD-20, only the President can approve cyber offensive
attacks, as was the case with Operation OG (Federation of American Scientists 2012).
Chapter 1: Introduction Salinas | 13
Ironically, in the case of Operation OG, it was originally domiciled in the
Department of Defense but was moved to the intelligence community, begging the very
question of whether or not the operation was a military one, or one of intelligence (Wall
2011). Surely, “weapons in the fifth domain of war” would be best served by the
Department of Defense but not if after close inspection they are deemed to be more akin
to the tools of the intelligence community. This structural move within the government is
noteworthy because it shows that at its core it at least makes us on the outside question
MCEs are military operations or ones of intelligence.
Another interesting area of analysis that arises from a closer look at Operation OG
is the prevalence of relational power dynamics at the center of the realist school of
thought traditionally found in the western flavor of international relations theorizing.
Unpacking the US/Israel alliance versus Iran, and Iran’s direct response (Buckshot
Yankee) and its chosen US targets, raises some interesting questions/puzzles that
challenge some of the conventional wisdom of international relations theory as it is
taught in the US. The stronger US/Israel alliance did not deter Iran from retaliation, as
would have been the case in traditional kinetic conflict. Do our traditional measures of
power even matter when it comes to malicious cyber engagements? Which alternative
measures of power (if any) correlates better to my dependent variable, an actors’ decision
to attack? Is the independent variable of power the only variable of any consequence, if
at all? These queries collectively form an interesting puzzle that I will address in this
dissertation.
The issues of international norms and global governance are other areas that come
to the fore in an in-depth analysis of Operation OG and the retaliatory MCE, Buckshot
Chapter 1: Introduction Salinas | 14
Yankee. There exists a tension between how a nation-state should behave if a malicious
cyber engagement is indeed an act of war (as we traditionally understand war), and how
one behaves if it is not. Specifically, Iran, Israel, and the United States are all members
of the UN (with the US being the only state of the lot with a seat on the UN Security
Council). Article 51 of the UN Charter provides the language that describes under what
conditions member states can strike one another, both preemptively and in retaliation.
There are institutional mechanisms in place that allow a case to be presented to the UN
general assembly and have an attack approved should one be desired. However, there is
not any verbiage specifically covering actions against another state in cyber space. There
are a few things that can be true with this being the case. Either malicious cyber
engagements have not been securitized and do not yet constitute an act of war in the eyes
of international community, or the institutions governing the international community, as
a reflection of their norms needs to reframe MCEs as such. The UN General Assembly
was never addressed before launching Operation OG or Buckshot Yankee.
4
While I believe that both the international and domestic components of cyber are
equally important, I have made the conscious decision to solely focus here on the
international component because of the manner with which theorists wantonly throw
around ‘Stuxnet’ as an example for or against cyber war despite not fully understanding
it. There is positive value in using something with which people are somewhat familiar.
However, its purpose and elegance is something that has not been fully embraced by the
4
“Originally devised by Ole Weaver, the concept of securitization provided a fresh take
on the increasingly tiresome debate between those who claimed that threats are objective
(i.e. what really constitutes a threat to international security) on one hand, and those that
maintained that security is subjective (i.e. what is perceived to be a threat) on the other”
(Oxford Bibliographies 2014)
Chapter 1: Introduction Salinas | 15
non-technical academic community. I believe that in the process of sussing out these
particulars will bring to the fore very interesting and relevant questions around how
nations interact with each other in cyber space.
Offering better-informed empirical insights into the perceived success or failure
of what many call the first act of cyber war has obvious academic value (Herb 2016).
Currently, the way in which the mention of Stuxnet is used in the literature makes it feel
like a ‘participation trophy’ of sorts that meaninglessly appears on every one’s academic
mantle for merely donning the uniform on game day. However, as I have explained, I
will use it as one of the empirical examples to test the effectiveness of my formal model
and see how well our current IR theories fit.
Democratic peace theory is another foundational international relations theory
that is generally accepted that we can explore in the context of Operation OG. While Iran
ranked low on the standard Polity scale and the US and Israel are both highly ranked,
Operation OG does not go against the core premise of democratic peace theory.
5
However, while exploring the dyadic nature of malicious cyber engagements on the
whole, I observed quite a few instances where nations with positive scores for regime
type engage in conflict, which does not fit neatly in what democratic peace theory says
should happen. To see democratic dyads engaged in cyber conflict, at the very least,
signals to me that there is an opportunity to explore national polity scores as an
independent variable for conflict, and offer a view of MCEs that places them on an
5
“The Polity IV dataset covers all major, independent states in the global system over the
period 1800-2015 (i.e., states with a total population of 500,000 or more in the most
recent year; currently 167 countries)… The "Polity Score" captures this regime authority
spectrum on a 21-pont scale ranging from -10 (hereditary monarchy) to +10 (consolidated
democracy)” (Center for Systemic Peace 2017)
Chapter 1: Introduction Salinas | 16
escalating continuum that includes cyber ‘war’ as the highest form of malicious
engagement instead of simply being a binary state of being. If one of the things I am
asserting is that malicious cyber engagements are so qualitatively different than anything
else we study in international relations theorizing, then taking a look to see how they fare
in the context of one if its most canonical theories, seems appropriate to explore.
My goal is not to randomly prove or disprove canonical theories of international
relations. My purpose is two-fold. The first is to show why the blanket assignment of
‘war’ to malicious cyber engagements is problematic while theorizing and stems from an
innocuous yet detrimental misunderstanding of information and communication
technology (ICT). By unpacking what an MCE means in the context of the war domains,
it becomes clear that the act of hacking by itself does not constitute war. Secondly, if I
am correct in saying malicious cyber engagement are themselves not acts of war, then our
theories of conflict and war should not hold up. It is prudent for us to explore under what
conditions do some of these theories begin to lose their explanatory power.
One of the classic questions posed in international relations and economics,
specifically game theory and two-player extensive form games, is whether or not the
player/actor moving first is afforded an advantage over the player moving last, the first-
mover advantage. In state-to-state malicious cyber engagements, this question takes on
an interesting salience because of the unique attribution cover actors benefit from in
cyber space, instilling hesitation on the part of the player moving last. Furthermore,
given that the technical nature of offensive cyber operations mirror those on the defensive
side for the first two phases of an attack, if there does exist a first-mover advantage, how
important is properly discerning the signal sent by the “attacking” nation? Within the
Chapter 1: Introduction Salinas | 17
context of Operation OG, Israel and the United States relied more on traditional
espionage tactics to initially infect the virus into the network at Natanz, so in hindsight,
there was no doubt that it was an offensive cyber operation. The question still remains,
did it matter who attacked whom first?
Lastly, given all of the aforementioned unique characteristics of cyber space
and/or malicious cyber engagements that have been misunderstood by both the academic
and political communities, it is not beyond the realm of reason to also consider if the
global institutions in place in their current iterations are equipped to deal with these
subtle yet critically specific nuances. The global governance apparatus in place, such as
the United Nations, serves as a credible enforcement mechanism for those times when
there is a violation of established international norms and mores. However, if
international norms have yet to be formally memorialized on the floor of the UN general
assembly and/or the Security Council, or the securitization of cyber issues are arguably in
the infant stages of crisis management, then the political and technical understanding of
the issue is paramount. The separation between the two should be examined.
In short, the ability to differentiate offensive intentions from those that are
defensive in nature is one of the first critical and requisite steps to understanding how to
modify existing international relations theories to fit cyber space, and perhaps more
importantly, it paves the way for the development of innovative and novel new theories
in the space. Furthermore, purely technical positive attribution in cyber space without
any human intelligence is almost impossible. This fact has a profound affect on the
bargaining range between two actors about to potentially engage in a conflict dyad. It
means the probability of getting caught with a hand in the proverbial cookie jar is lower.
Chapter 1: Introduction Salinas | 18
Couple this with the low costs to write and launch cyber tools – and malicious cyber
engagements between two state actors become more likely.
Furthermore, once the MCE dyad is consummated, we have to be careful about
using the language of kinetic conflict to describe what we see taking place, especially
since these words come laden with the implicit policy position and expected behaviors
from the traditional kinetic conflict sphere. These very same kinetic conflict behaviors
have been the focal point of numerous international relations theories, including the
democratic peace theory. Interestingly, the evidence of known malicious cyber
engagements studied for this dissertation shows that the truism “democracies do not fight
other democracies” does not hold true (Levy 1988, Gelpi 2001). Lastly, given the
“offense as defense” nature of malicious cyber engagements (and the attribution
problem), there seems to be a clear advantage afforded to the actor that acts first. This
will also be explored.
Core Questions
Who attacks whom and why in cyber space? My cyber security research is
motivated by a seemingly straightforward question. Of course, as we begin to peel away
the layers of this question more questions emerge. Which state actors are most likely to
be the perpetrators of malicious cyber engagements? Which state entities make for the
most appealing targets to these attackers? Which tools will most likely be used to attack
and for what ends? And when is it rational for state leaders to decide to use these tools?
Chapter 1: Introduction Salinas | 19
Conflict and war is an integral part of political science and international relations.
After all, “war is politics by other means,” so says Clausewitz. But is ‘cyber war’ a
dysphemism? When analyzing cyber space, do broadly accepted positivist international
relations theories such democratic peace and the bargaining range of war explain state
behavior in cyber space? Can scholars simply blindly import, without revision, these
accepted theories to explain state-to-state malicious cyber engagements (MCEs)? In an
effort to answer these questions we have to unpack in the context of International
Relations how and why malicious cyber engagements are different than traditional kinetic
conflicts, despite scholars’ well-known innate desire to overlay the latter’s nomenclature
on the former.
If malicious cyber engagements are in fact cyber ‘war’ in the traditional
understanding of the word as academics and policy professionals insist, then the accepted
explanatory theories of who fights and why should explain the state-to-state behavior in
cyber space. Do we see balancing centered on measures of relative powers among states?
Do discreet measures of power serve to embolden or deter behavior of states in cyber
space? Do the reduced costs of engaging with a state in cyber space make fighting the
preferred option over negotiating? After close analysis, we see that the attributes of
cyber space do not produce answers to these questions that are in line with traditional
kinetic conflict (i.e., balance of power, democratic peace, bargaining theory of war, etc.).
It is this puzzle of why these foundational theories collapse under the weight of cyber
space to which this project seeks to offer solutions, along the way producing fresh,
timely, and interesting data and research.
During the research endeavor, I systematically uncovered more than 7,000
Chapter 1: Introduction Salinas | 20
reported malicious cyber engagements between 2011 and 2016, where approximately 300
of which are of the state-to-state nature. It is within this subset of cases, using formal
modeling, that I explore the effects of signaling, first-mover advantage, reduced attack
costs, and difficulties in positively attributing attacks on a specific actor in cyber space.
Furthermore, I use econometrics to measure the effects of a state’s relative power, regime
type, education level of its population, freedom of press, amount of Internet diffusion,
disparity in wealth distribution, the presence of a publicly traded stock market, and the
size of the military-industrial complex.
What emerges from this application of an ensemble of techniques are profiles of
attacking states and their desired target states, when do they decide to attack and what
method is used. From a theoretical perspective, in arriving at answers to the previously
mentioned questions, significant definitional problems are addressed and corrected, such
as using the language of kinetic war for malicious cyber engagements and conflating
technical terms such as intrusions, exploits, and vulnerabilities. These clarifying steps
help theorists think about the respective concepts without the baggage of the implicit and
implied meanings of the words that force certain erroneous analysis paths. From a policy
perspective, addressing these theoretical issues, clears the way for policy experts to
consider aspects of cyber space with a correctly refined lens, thus producing more
efficient governing rules and legislation. Overall, not all state actors are created equal
and traditional theories centered on the measures of kinetic power do not provide
sufficient insight into dyadic state conflict. Some have attributes that make them more
prone to being attackers, while others have characteristics that make them prime targets.
Unpacking these key differences gives us some insight into the limits of kinetic conflict
Chapter 1: Introduction Salinas | 21
theorizing, and forces us to ask the question if canonical accepted theories of war fail to
explain malicious cyber engagements in cyber space, we must ask ourselves if can we
then call it cyber war?
Real-World MCE Examples
The Northrup Grumman-designed fighter jet has many proprietary design
elements that allow it to go undetected to modern radar technology, and minimize its heat
signature, rendering it virtually invisible to heat detection systems used for defense.
These design features give the F-35 many tactical advantages over the older, less
sophisticated aircrafts being used in air combat by other nations.
6
Furthermore, the
astronomical total costs incurred by the US for the entire F-35 Lighting II program
(through its entire life cycle including, its research, development, test, & evaluation
(RDT&E)) is approximately $1.5T USD; a significant financial burden that can be
incurred by few, if any, countries other than the United States (Joint Strike Fighter 2016).
Clearly, the details of this top-secret government/private sector program would be
of particular interests to any nation not named the United States seeking to gain an
advantage in the domains of conflict.
7
The sunk costs of the RDT&E and the tactical
6
The US ranks #1 in all the measures of air superiority: the number of total aircraft,
fighters/interceptors, attack aircraft, transport aircraft, trainer aircraft, helicopters, attack
helicopters, and serviceable airports. (Global Firepower 2018)
7
I do not theorize under the assumption that cyber space is the fifth domain of conflict. I
assert that it is the tie that seamlessly binds the four traditional domains of conflict
together: land, air, sea, and space. Labeling cyber space as the least common
denominator of the other four domains is a move that has not been made in the
Chapter 1: Introduction Salinas | 22
advantages of the design would incentivize any motivated nation with a desire to narrow
the military gap to the United States in the combat theater. The desire of the US
government to tout its seemingly ever-expanding superior military capability, coupled
with Northrup Grumman’s need to inform investors of positive business developments to
keep the company valuation and share prices as high a possible means that there is a
plethora of press releases and news stories gloating seemingly innocuous details about the
program.
8
These interests are in direct conflict with the more salient need to keep the F-
35’s designs secret from adversarial nations. In the pre-Internet days, this was not an
issue because in order steal the plans foreign intelligence experts needed physical access
to the files to make microfilm copies. However, the Internet is a game changer that has
been neither fully understood nor appreciated.
The Internet facilitated the ability to remotely copy these files without the need to
physically be in their presence, as long as one has access to the network. The Chinese
government is well aware of this fact and used it to their advantage to steal the F-35’s
plans directly from Northrup Grumman’s servers over the Internet. They knew the
project existed, the specifics of the aircraft’s capabilities, and which government
contractor was responsible for developing it through nothing more than corporate press
releases and public news coverage. In short, the US government and Northrup Grumman
painted an attractive target on the F-35 project for their adversaries, one that provided
scholarship so far. Canabarro and Borne state very clearly, “cyberspace is the new
operational domain for waging war” (Canabarro and Borne 2013). Many scholars have
accepted this to be a true premise, often starting their arguments here (Rid 2011,
Valeriano and Maness 2014).
8
Northrup Grumman (NYSE:NOC) is a publicly traded company. With this classification
comes the legal requirement and obligation to disclose the details of the projects to which
it is allocating resources.
Chapter 1: Introduction Salinas | 23
information critical to the hacking process, should they deem the plans worth stealing.
9
In the past, proximity was a necessary condition for this type of espionage. However, in
today’s environment it is not required given the inherent characteristics of the Internet, its
underlying architecture, and the ubiquity with which it is relied upon in both the public
and private sector.
The Chinese not only hacked the details of the F-35 program; they used the
schematics stored on the stolen files to include the same advantageous design elements
on their next generation J-31 fighter jets. This specific malicious cyber engagement
negated much of the F-35’s touted advantage in relation to China, but once fully
implemented on the Chinese aircraft, it raised their advantage in relation to everyone but
the US. Dave Majumdar says, “The Chinese don’t have to match the F-35 one-for-one.
The Chinese just have to do enough damage to the US military to make it too expensive
to fight, [my emphasis]” (Majumdar et al. 2015). Majumdar’s statement gets at the crux
of both my and Fearon’s puzzle, the costs of fighting. This particular MCE not only
saved the Chinese the huge sunk costs of the initial research and development, it also cut
the post hoc costs that would result from the advantages the weapons system would levy
on the Chinese if it were to ever be deployed on them. It is this negating/offsetting of the
advantage offered by the new technology being built by an adversary, and the cost
savings from not having to build if from scratch that so significantly affects the
9
A complete hack has four distinct phases, reconnaissance, scanning, exploitation, and
maintaining control of the system. All four are necessary and sufficient conditions for a
successful pen test/attack. The recon phase is strictly limited to outside-the-network
observation and information gathering; (i.e. the target has no way knowing this phase is
taken place).
Chapter 1: Introduction Salinas | 24
bargaining to the point that we need to reevaluate the already accepted bargaining theory
of war.
The Chinese J-31 program was being independently developed at the same time
as the American F-35 program. However, the human-resource-rich United States was
developing a better product at a faster pace. Instead of investing the massive amounts of
time and money to narrow the gap on their aircraft’s development, the Chinese chose to
just steal the American’s plans. Materially speaking, it is significantly cheaper for the
Chinese to deploy resources on the MCE than it is to try to develop an aircraft on par
with the F-35 from scratch. In a hypothetical scenario, could the US and China have used
diplomacy instead of “fighting”? It is when we begin to answer this question that we see
how the introduction of the Internet into the background changed Fearon’s original
question. Using diplomacy to negotiate over something divisible such as an area of land
is possible.
However, as mentioned earlier, computer files are not divisible in the same way
land is. For example, if China were to attempting to fight over a strategic parcel of land
controlled by another nation, the Chinese could either seize what it could by force, or the
two nations could negotiate diplomatically for a mutually suitable distribution of the land,
similar to what we see happening in the South China Sea. Another example is if the
United States and Russia do not wish to engage in a spiraling arms race they could enter
in an arms agreement that cap the number of specific weapon that can be manufactured
over a specified period of time, similar to the SALT I &II and START I &II agreements
(Arms Control Association 2017). Both of these examples illustrate state-to-state
diplomacy being used instead of war, over issues that are easily divisible. Interestingly,
Chapter 1: Introduction Salinas | 25
in the second example the quality of equipment between the two actors is comparable.
Conversely, today, if the Chinese decide that they want to steal the plans of a newly
developed weapons system from an adversary, one in which there exists a large quality
and capability disparity, there is neither the willingness nor the ability to divide them.
Another relevant real-world example of malicious cyber engagements involving a
major national actor on the global stage is Russia’s effective use of state-sponsored
citizen hackers to disrupt the 2016 US Presidential election. The current US news cycle
is being cannibalized by stories of “state-sponsored Russian hacking” levied against the
United States. Whether it was the spear-phishing attack that peeled back the curtain on
the innermost conversations of Secretary Clinton’s presidential campaign officers, or the
infiltration of the manufacturers of the voting machines to be used on Election Day, the
Russians waged a concerted cyber campaign against the very bedrock elements of
procedural democracy.
10
The credibility of the US’ “free and fair” elections has, at most,
been undermined and, at minimum, questioned.
Similar to the Chinese example mentioned earlier, the Russian subversion
example mentioned above highlights the need to be probative of the applicability and
blind importability of established international relations theories onto states’ behaviors in
cyber space. Barriers to entry of certain disruptive or detrimental behaviors by state
actors are dramatically lowered in cyber space, so much so that the potential benefits of a
10
“Spear-phishing is a targeted attempt to steal sensitive information…from a specific
victim, often for malicious reasons. This is achieved by acquiring personal details on the
victim such as their friends, hometown, employer, locations they frequent, and what they
have recently bought online. The attackers then disguise themselves as a trustworthy
friend or entity to acquire sensitive information, typically through [text messaging], email
or other online messaging” (Giandomenico 2017).
Chapter 1: Introduction Salinas | 26
successful intrusion far outweigh the costs incurred if it successful. Furthermore, the
difficulty of positively attributing an intrusion to a specific attacker lowers the probability
of the attack being unsuccessful.
In the case of the Russia election hacks, the Russians launched a misinformation
campaign on the United States, with a depth and scope of which we have never seen.
This was less of a hack, in the sense of a network intrusion, and more of a clever use of
social interactive behavior in cyber space. They simply leveraged their knowledge of
how information disseminates in cyber space to plant untrue and/or misleading stories
that placed both the (then) Democratic and Republican nominees in compromising
positions, and then no matter which candidate wins, the people are outraged and have less
long-term faith in the political system.
In the instance of the social engineering attack, targeting the Podesta email
account and the ultimate release through Wikileaks, the Russians displayed an intimate
and nuanced understanding of how partisan politics plays out in American democracy.
They pulled back the metaphorical veil on the way campaign staffers communicate
amongst themselves, much to the chagrin of potential voters who were already holding a
less than favorable view of Secretary Clinton. Despite not saying anything that their
Republican counterparts would say during the normal course of a presidential campaign,
the revealing of the certain written exchanges left the door open to paint the Democrats as
nefarious with dubious character, complimenting the narrative that was already being put
forth on Secretary Clinton. The forced resignation of Debbie Wasserman-Schultz was
the ultimate signal of Democratic “wrong-doing.” By some expert accounts, this was
enough to sway undecided voters towards Donald Trump (Martin and Rappeport 2016).
Chapter 1: Introduction Salinas | 27
Not fully understanding cyber space and the Internet has lead to a fundamental
misunderstanding of cyber security by theorists. Most casual and academic discussions of
cyber security organically devolve into an international and domestic component. People
either start their discussions at ‘Stuxnet’ and end at ‘Edward Snowden,’ or vice versa, not
realizing that these are two distinct but connected issue areas, one encapsulating the
international component of the issue and the other the domestic.
11
This dissertation will
remain on the international side of the suggested continuum.
Furthermore, the definitional problems that exist when labeling malicious cyber
engagements “cyber war” creates lines of misinformed theoretical reasoning that
obscures what is really happening on the ground. Cyber exploits are not weapons of
mass destruction in the Clausewitzian sense of the word (Carr 2013). We must remember
cyber exploits are written to take remote control of a machine, change its functioning
directives, or extract information out if it, not to kill. As stated in the previous section,
cyber space has previously been mislabeled as a “war” domain. Consequently, the
language of war got imported into the conversation on cyber space.
12
Specifically,
speaking about computer code as if it were a weapon on par with a loaded rifle, launched
missile, or a dropped bomb is fallacious. The conversation becomes further removed
from reality when talk of a ‘cyber Pearl Harbor,’ or a ‘cyber weapon of mass destruction’
11
Edward Snowden is a former systems administrator contractor for the NSA and CIA
who began leaking classified documents in June of 2013, the most significant being the
revelation of the global surveillance network (Greenwald et al. 2013).
12
To continue the cyber debate at “cyber war” is the equivalent of debating Tiger Woods
as the best pro basketball player of all time. He does something totally different than
what the word “basketball” implies. One can debate whether or not he is the best at what
he does, but there no question that he does not professionally play basketball.
Chapter 1: Introduction Salinas | 28
sneaks into the discussion.
13
However, when the true nature, characteristics, and intentions of cyber
engagements are evaluated and brought to the fore, we clearly see that the blanket use of
“war” to describe cyber engagements is actually a rhetorical tool and the necessary
condition of immediate casualties levied by some scholars on the definition of war are
very rarely ever the intention of a malicious cyber engagement.
The desire to construct the ultimate cyber weapons analogous to a cache of atomic
warheads (instead of an Electro-Magnetic Pulse (EMP) bombs) is understandable even if
it is misplaced. However, the academics who make the comparison conveniently eschew
the fact that a nuclear device not only kills the people in the immediate blast radius, it
also renders the impact and surrounding areas and their resources uninhabitable and
unusable (the complete opposite of the result of an EMP bomb).
14
Cyber weapons,
however, are very targeted.
Not the Fifth Domain
Academics and practitioners assert that cyber space is the fifth domain of conflict
and war. I contend that cyber space is not the fifth domain, it is the man-made medium
13
In a speech at the Intrepid Sea, Air and Space Museum in New York on October 11,
2012, Former Secretary of Defense Leon Panetta warned that “the United States was
facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to
foreign computer hackers who could dismantle the nation’s power grid, transportation
system, financial networks and government” (Bumiller and Shanker 2012).
14
Please refer to the following: Rid 2011, Gartzke 2013, Hansen and Nissenbaum 2009,
Liff 2013, Valeriano and Maness 2014
Chapter 1: Introduction Salinas | 29
that seamlessly binds the four traditional (and naturally occurring) domains of conflict
together: land, air, sea, and space. My view is more nuanced that the currently accepted
interpretation of cyber space. However, my distinction is critical to the proper theoretical
understanding of the Internet and cyber space. While it made sense in the earlier days of
Internet adoption to think of it in terms of being a domain, now that its purpose and place
has been fully realized we need to rethink this conception. A more appropriate analogy
would be that cyber space is the cement that holds bricks (the four conflict domains)
together. This would not have been readily apparent early on. However, now we know
that navigation, satellite imaging, system coordination, troop communications, and real-
time conflict theater analyses all rely on the Internet for their proper functioning in all of
the conflict domains. By rethinking of cyber space in this way, we can begin to detach
ourselves from the misleading nomenclature of war and weapons and recalibrate
ourselves with reality. More importantly, not viewing cyber space in this way provides a
clearer path to a rational explanation for why states engage in malicious cyber
engagements despite a cost/benefit analysis that seems to logically point to behavior to
the contrary.
Labeling cyber space as the least common denominator of the other four domains
as opposed being the fifth conflict domain is a move that has not been made in the
scholarship so far. I am stepping out and doing so because the move is valuable in
crafting theories and subsequent arguments that better capture the true nature and impact
of information technology. Un-labeling it as a “domain of conflict” forces us to not lazily
import traditional conflict definitions and behaviors and be proactive about truly
Chapter 1: Introduction Salinas | 30
assessing what qualitatively makes cyber space different from land, air, sea, and space
and the subsequent formulation of cyber theories.
Attribution Problem
Whether it is the current design of the architecture of the Internet, the covert
nature of cyber engagements, and the narrowing of the capability gap between state and
non-state actors make the process of attribution, identifying the actor or group
responsible for an action is more difficult than in engagements using traditional kinetic
weapons. This negatively affects the portability of International Relations theories. An
attacked state will have difficulty assigning blame if, and when, it comes under attack and
the attacker is not openly claiming credit. This will be further explained in Chapter 3 on
theory.
Non-State Actors
The power gap between individual non-state actors and state actors is not as
pronounced and definitive in cyber space as it is with traditional power measures in the
other four domains. This fact needs to be reflected in our theorizing. Individual non-
state actors must be seriously considered in any analysis of potential and possible cyber
conflict, especially their intentions and motivations. I am further refining the notion of
state actors and non-state actors being arguably equivalent in cyber space and affirming
that they are equal in terms of weaponizing code but they are not necessarily equivalent
Chapter 1: Introduction Salinas | 31
in the code’s deployment as a weapon. There is a difference. I did not find this explicit
distinction in the articles that I read despite its underlying importance in the debate.
In sum, my goal is to bring my engineering and information technology
knowledge to the cyber security subject within international relations theorizing to better
illustrate when malicious cyber engagement are likely between state actors. There are
qualitative differences that exist between cyber conflict and traditional kinetic conflict
that hamstring the blind importing of all theories of the latter onto the former.
While skilled international relations scholars, think-tank researchers and military
intelligence officers have taken explicit qualitative looks look at cyber and ICT both
independently and in the context of international relations (Eriksson 1999, Lamb 2002,
Nye [2011, 2013], Liff [2012, 2013], Junio 2013, Gartzke 2013, Valeriano and Maness
2014, Singer & Friedman 2014, Demchak and Dombrowski 2014), no one has attempted
to formally model the costs, preferences and pay-offs of malicious cyber engagements at
the state level.
Remaining Chapter Outliners
Chapter 2 will serve as the runway with which I will lay out the arguments that I
believe make a positive contribution to starting to answer my questions from the ICT,
Economics, and International Relations literatures; with the hopes of elucidating a
connection point where my proposed bargaining theory of cyber relations can build upon
what has already been offered by the titans in these respective disciplines. The ICT
literature was chosen as an area of introspection because a discussion of the Internet and
Chapter 1: Introduction Salinas | 32
cyber space lands squarely under the information and communication technology subject
banner. Despite the area being very general in its scope, there is still some foundational
understanding of ICT that can serve as a springboard for an analysis of the Internet and
Cyber space. Next, Economics was chosen because within it there is the useful
theorizing tool of game theory and its formal models. This area of study is useful
because it allows us to generalize rational actors’ preferences while establishing a
possible bargaining range where any possible two-actor negotiation would take place.
Lastly, because I am making the conscious decision to focus on state and state-sponsored
malicious cyber engagements, the theorizing centered on state-to-state conflict and war in
the International Relations literature should have something beneficial to say as we begin
to think about cyber space and its effect on international relations theorizing.
In chapter 3 is where my theory gets some wind underneath its proverbial wings.
It is here where I lay out the case on why I believe attribution’s effect on probability of
success, issue-indivisibility creating an all-or-nothing pay-offs, and an inability of a
targeted nation to initially differentiate an offensive posture from that of defense, all
ultimately create a very narrow bargaining range. I use formal modeling to
mathematically show just how narrow is this new bargaining range resulting from these
new cyber variables, greatly affecting our already established understanding dyadic
interactions. In effect, the relevant question evolves into another: if it is more rational to
maliciously engage a nation in cyber space, then why don’t we see more attacks than we
do? In an effort to unpack this question, I take a look at the independent variables that I
hypothesize contribute to the state-to-state MCEs that we know about.
Chapter 1: Introduction Salinas | 33
Chapter 4 is where my hypothesis testing takes place. Using another tool from the
Economics discipline, econometrics, I perform regression analyses using the independent
variables that I believe are salient in determining which nations are the attackers in a
dyad and which are likely to be targeted. I explain the variables and the methods used to
collect them. Then, I look at the effects of the following variables: Internet penetration,
how free is the nation’s press, the size of its military industrial complex, the size of its
stock market, the size of its intelligence agency, its level of inequality, how educated are
its people, and lastly how democratic is it.
A case study of Russia and its use of malicious cyber engagements is done in
chapter 5. I take a look at how specific historical inputs in the evolution of Russia have
contributed to the unique manner with which Russia deploys cyber tools on nation-states.
Peeling back the Russian case gives a glimpse at how the variables I hypothesize
contribute to identifying attackers and targets work together in practice, instead of pure
numbers.
I move beyond theorizing into the realm of policy recommendations in chapter 6.
It is very important for me as a practitioner to not just theorize for the sake waxing-
poetic, but to go a step further to offer some concrete recommendations on how we can
improve our security in cyber space after highlighting where we are. In my opinion, it is
not enough to only theorize in a bubble. We have a responsibility to actually put the
rubber on the road in a direction that bridges the gap that exists between policy makes
and academics.
Lastly, in chapter 7, I present my closing remarks, not only reiterating the limits
of what my research as uncovered thus far, but also laying out where scholars can probe
Chapter 1: Introduction Salinas | 34
for even more interesting questions and it is hoped to push the cyber literature further. I
believe this is part of my responsibility as an academic, to push the boundaries of
knowledge outward and upward, in incremental and digestible portions.
Chapter 2: Literature Review Salinas | 35
Chapter 2: An Intersectional Puzzle
‘Scanning’ the Literature for ‘Vulnerabilities’
If war truly is “politics by other means” and “political science is the analysis of political
activity and behavior,” then as a political scientist I feel obliged to keep pace as the “other
means” evolve or I run the risk of becoming someone more akin to a quantitative historian than a
true social scientist (Clausewitz 2004). The study of the absence of, prevention of, and lead up
to conflict, and in the worst cases war, is integral to the discipline of political science,
specifically, the sub-field of international relations. Thus, International Relations, at its core, as
a field has evolved from the study of nationality and race relations to the study of conflict
activity and behavior of states and their aggregate institutions. Our explorations of the reasons
why nations are engaged in fighting or negotiating to avoid it are paramount in the field.
International Relations theorists have borrowed from the economists’ tool kit and have used
game theory to model the costs and benefits of conflict and the probability of each actor’s
success.
In order to properly analyze what is happening in cyber space with regards to malicious
cyber engagements, given the specific characteristics of the Internet and cyber space, we need to
look the literatures of International Relations, Economics (specifically, game theory), and
Information and Communications Technology. The effects of technology on communication,
establishing a bargaining range between two rational state actors, and the events leading up to
conflict are need to be touched upon.
Chapter 2: Literature Review Salinas | 36
Figure 1: Narrowing the scope of the literature review
This review of the literature takes a look at the past International Relations writings that
are relevant to answering the general question of why nation-states fight, in addition to
highlighting those specific IR formal modeling works that deploy game theory as a tool in their
theory building. Furthermore, cyber space has emerged as the new frontier of state-to-state
conflict analysis. Since the underlying Internet falls under the purview of information and
communication technology, those past writings that deal with the intersection of ICT and IR
theory are also visited.
The Internet and cyber space has forced astute political scientists and international
relations theorists to rethink what defines a border, a combatant, and a weapon. We should be
looking at the very conception of war in the digital space. If the computer hacking that has been
taking place on the international stage is in fact “war,” then we should expect that cyber war
Chapter 2: Literature Review Salinas | 37
would adhere to the causal nuances of traditional state-to-state kinetic war that have been
theorized to date. Commonly accepted variables in the literature on the causes of war such as
balance of power (Fearon 1994), signaling (Sartori 2002, Slantchev 2010), along with
capabilities and uncertainty (Morrow 1989), costs of fighting (Bueno de Mesquita 1983, Fearon
1995), and information asymmetry (Lewis and Schultz 2003) should have some influence in
explaining the onset (or absence) of conflict between state actors in cyber space, if it is indeed
war.
At minimum, the questions surrounding these variables can be used to either reinforce or
deconstruct malicious cyber engagements (MCEs) as akin to traditional conceptions of war or
something yet to be fully understood by International Relations theorists. I found the following
questions in the causes of kinetic war literature all play a role in theoretically determining if
cyber war follows the same tenets as its more traditional counterpart:
o How will a state actor behave, given what they believe are their opponents
capabilities (Morrow 1989)?
o Why do states fight if war is more costly than negotiating a settlement before the
outbreak for fighting (Fearon 1995)?
o How will dyadic actors bargain with each other under conditions of information
asymmetry (Lewis and Schultz 2003)?
o How does the technological gap between adversaries affect the calculation of the
expected utility each side can expect from war (Bueno de Mesquita 1983)?
o What role does balance of power play when a state actor signals growing
capability (Fearon 1994)?
Chapter 2: Literature Review Salinas | 38
Furthermore, any attempt at formulating a formal model of cyber engagements should address
and adequately explain, “What prevents leaders from reaching ex ante (prewar) bargains that
would avoid the costs and risks of…” [what I am terming] malicious cyber engagements (MCEs)
(Fearon 1995, 380). Additionally, we “must find a way to capture games of incomplete
information and the signaling dynamics that arise” in these new and yet to be comprehensively
explored dyadic interactions (Lewis and Schultz 2003, 346).
Any coherent rationalist’s explanation for the new era of MCEs in state-to-state
interactions must do more than simply give reasons why hacking “might appear [to be] an
attractive option to a rational leader under some circumstances – it must show either why states
are unable to locate an alternative outcome that both prefer to” an MCE or, the alternative, why
we do not see an abundance of interstate hacking if it in fact provides more overall utility
(Fearon 1995, 380, Lewis and Schultz 2003). The new proposed theory of MCEs must do one of
three things: either explain what prevents rational leaders from using diplomacy to avoid
potential costly miscalculations when an engagement does take place, or explain why we do not
see more MCEs if it at first glance they appear to be the more rational option, or point to the
conditions under which the decision to hack or not becomes more rational (and subsequently)
preferable to the other.
Furthermore, it must do this while also taking into consideration the same stochastic
elements that are inherent in traditional kinetic conflict and war (Gartzke 1999). When looking
at the complete sample size of possible conflict dyads and considering capabilities, motives,
bluffing there are some cases that still cannot be analyzed using a rationalist’s framework. These
theories can provided, with some level of certainty, the necessary conditions for war, but are not
Chapter 2: Literature Review Salinas | 39
completely sufficient. It is within this subset of cases where the occurrence of war is best
described as random or stochastic.
Why do states fight if war is more costly than negotiating a settlement before the
outbreak for fighting (Fearon 1995)? He proposed that there are three possible causal
mechanisms for traditional kinetic war that are at play in a “specific international context”
(Fearon 1995, 381). I am interested in exploring whether or not his proposed mechanisms are
fully importable or only somewhat applicable to MCEs. At minimum, with the proper knowledge
of information and communication technology (ICT) and international relations theory, his
mechanisms provide a solid foundation upon which I explore the theoretical motivations,
interests, and preferences of the state-level actors behind MCEs.
15
16
“Cyber policy and security
generally require multidisciplinary thought and expertise…Thus, problems in cyber policy and
security often require knowledge from some combination of economics, psychology, sociology,
anthropology, law organizational theory, engineering, political science, and government, among
other” (Lin 2017).
The first mechanism Fearon (1995) offers is that rational leaders may not be able to reach
a negotiated settlement sans war because of “private information about relative capabilities or
resolve and incentives to misrepresent such information” (Fearon 1995, 381). The second
15
“ICT is an umbrella term that includes any communication device or application,
encompassing: radio, television, cellular phones, computer and network hardware and software,
satellite systems and so on, as well as the various services and applications associated with them”
(Search CIO 2018).
16
Admittedly, the formal model as a first approximation does not consider the incentives, costs,
and/or benefits of non-state actors for the sake of parsimony. An interesting observation is that
most of the current cyber literature exclusively concerns state actors at the international level
(Gartzke 2013, Valeriano & Maness 2012, Mejia 2014, Rid 2011), while either de-emphasizing
or completely ignoring the cyber engagements of non-state actors at home and internationally
with few exceptions (Nye 2011, Demchak 2011, Singer & Friedman 2014). None of these
studies contain any formal modeling.
Chapter 2: Literature Review Salinas | 40
mechanism says that the states would not be able to reach a desired bargain because of
commitment problems. One or more of the states would have an incentive to renege on any
agreement reached between the actors (Fearon 1995, 381). The last mechanism in Fearon’s
argument, the one that he finds the least compelling, is that states “might be unable to locate a
peaceful settlement both prefer due to issue indivisibilities” (Fearon 1995, 382).
However, only after close inspection of his mechanisms through an ICT lens, do we see
that Fearon’s (1995) argument and his corresponding model become strained and lose their
explanatory power when attempting to explain cyber “war.” This is an interesting puzzle given
the discipline’s overall acceptance of Fearon’s (1995) model and subsequent theory in explaining
the bargaining range of war. What is it about the inherent characteristics of ICT, specifically
cyber space, which causes Fearon’s (1995) proven and accepted claims to weaken? Why do
these same characteristics challenge the very conception of what we can define as war?
Interestingly, the notion undergirding my dissertation is that cyber war is not “war” at all,
when defined by the immediate loss of life and number of overall deaths, etc. I agree (with some
important distinguishing caveats) that malicious cyber exploits are the enhanced iterations of
traditional protests, embezzlement/larceny, corporate spying, espionage and sabotage and/or
conflict, none of which when considered in isolation constitutes “war” (Rid 2011).
The desire to import the language of war has extended so far as to elicit the comparison
of cyber tools with weapons of mass destruction, with compelling arguments in the literature
against making this theoretical move (Lamb 2002, Demchak 2011, Carr 2013). Instead of seeing
them as weapons of mass destruction, they are better viewed as weapons of mass disruption
(Lamb 2002, Demchak 2011, Carr 2013). The generalizability of Fearon’s model to all war and
conflict comes into question if we attempt to lazily attempt to shoehorn cyber “war” into his
Chapter 2: Literature Review Salinas | 41
seminal model without fully understanding what objectively makes cyber itself different. This
does not mean Fearon (1995) was wrong. On the contrary, I agree with his general argument as
it pertains to classical conceptions of war and armed conflict, along with countless other students
of war over the years.
However, I contend (while staying true to Occam’s Razor) that viewing a malicious cyber
engagement between two actors as ‘war’ in the Clausewitzian sense, in and of itself, is an
erroneous theoretical move that is usually made at the onset of cyber theorizing, and
unfortunately is done throughout the current cyber literature (Rid 2011, Valeriano and Maness
2014). Gartzke (2013) went so far to say cyber war is a ‘myth.’
17 18
19
At the macro level, this is
the more likely explanation for why Fearon’s (1995) model does not accurately capture the
nuances of these MCEs. (Costs, factors increasing the probability of success, not being able to
positively attribute an attack, and signaling offer explanations at the micro level as my model
will demonstrate.) Fearon’s (1995) model is often times called the “bargaining model of war”
[my emphasis]. If malicious cyber engagements are not war in the sense that Fearon was
defining it, then it makes sense that it does not fully explain MCEs. Fearon’s model lays a
credible foundation upon which I can build a new derivative theory. However, in my retooled
analysis I make the necessary adjustments to his model to offer a novel (and much needed)
rationalist explanation for malicious cyber engagements, expressed as a new formal model that
17
Occam’s Razor is the principle (attributed to William of Occam) that in explaining a thing, no
more assumptions should be made than are necessary. If given a choice between two equally
plausible explanations, the simplest is the better choice.
18
In On War, Clausewitz defines war as “an act of violence to compel our opponent to fulfill our
will.”
19
Violence and death, as prescribed by Clausewitz is not yet the intention motivating MCEs.
MCEs are intended to either steal information or to disrupt the proper functioning of a machine
or system. Using MCE to directly kill another human in not yet a reality.
Chapter 2: Literature Review Salinas | 42
necessarily updates the original offering to today’s digital context. Because MCEs have become
so conflated with the language of war, using Fearon’s (1995) model as the starting point for
developing a parsimonious formal model.
Early game theorists have given a blueprint of sorts of what a successful extensive form
model of negotiation should look like. Harold Kuhn (1961), in Game Theory and Models of
Negotiation, is explicit in his prescription of what a complete model should have and do. He
says, “(1) an extensive for adequate to describe the temporal sequence of negotiations, (2) a
theory of preferences which encompasses not only the objectives of the participants, but also
their estimation and modification through negotiation, and (3) concepts of solution which
incorporate both the dynamic nature of the negotiation and lack of information concerning
objectives” (Kuhn 1961, 4). These items are particularly salient in negotiations in cyber space
given the importance, or lack there of, of first-over advantage, the clear difficulty of positively
attributing an attack should one occur, and the difficulty in distinguishing defensive scanning
from offensive exploitation. These inherently force us to not only look the order of event
(moves), and the presence and importance of information asymmetry between the actors
regarding their preferences and intentions but also how the misperception of the opposing side’s
intentions can affect the next move.
Additionally, a critical analysis of using a formal model (in a social science discipline) to
shed insights on interactions between actors in cyber space would be incomplete without taking a
look at the dyadic interplay through the lens of Thomas Schelling’s (1960) book The Strategy of
Conflict. Early on, Schelling was very critical of how game theory was being applied in the
social sciences. He argues that “game theory has overshot the level at which the most fruitful
work may be done by abstracting away such essential ingredients as systems of communication
Chapter 2: Literature Review Salinas | 43
and enforcement (Schelling 1960, 119, Kuhn 1961,4). The study of state-to-state malicious
cyber engagements and its inherent attributes offer ample opportunity to include both
communication and enforcement in an analysis, as opposed to controlling for them. It can be
said that a cogent analysis must include these two variables because the study of cyber
necessitates the inclusion of characteristics unique to information and communication technology
(ICT). ICT by definition includes a communication component. Furthermore, the attribution
difficulties mean that even once cyber norms are established and accepted by participating
countries there still exists the problem of credibly enforcing sanctions on a defecting nation, if
the governing body does not know whom to levy.
What needs to be considered in offering a theoretical explanation for MCEs is that we
cannot predict in individual cases whether states will hack each other because, as Gartzke (1999)
pointed out (in the context of traditional kinetic conflict), the engagements are “typically the
consequence of variables that are unobservable ex ante, both to us as researchers and to the
participants” (Gartzke 1999, 567). My argument eliminates the “gradations of irrelevant
alternatives” that try to explain when there is a high probability of malicious cyber engagements
taking place within a dyad (Gartzke 1999, 567). My model is not intended to predict the future.
However, it is a tool that is making efficient use of game theory and the inherent probabilities
that lay within the discipline, pointing to under what conditions is an MCE likely to occur
between two state actors. Gartzke (1999), to be specific, argued that the outbreak of war lies in
the error term. He explicitly says, “Properly understood, the causal mechanisms that explain the
occurrence of war from crises in large samples are stochastic” (Gartzke 1999, 574). He also
says, “It has long been accepted that social processes possess an element of uncertainty, but the
Chapter 2: Literature Review Salinas | 44
centrality of uncertainty to rationalists explanations for war means that the advent of war is itself
stochastic. War is literally in the error term” [my emphasis] (Gartzke 1999, 568).
This preceding point is important to acknowledge in the cyber context while ascertaining
the likelihood of MCEs. Given how important information asymmetry will be shown to be in
calculating the most rational decision path based on overall utility, addressing information
asymmetry will prove to be a vital motivating factor for the initiator. Of equal importance, is
how the targeted actor interprets the MCE. There is uncertainty between state actors surrounding
each other’s capabilities, the total size of each other’s general and specific information space to
potentially bargain over, and positively attributing any MCE that does take place to a specific
state actor.
20
The main theoretical task facing students of war is “not to add to the already long list of
arguments and conjectures but instead to take apart and reassemble these diverse arguments into
a coherent theory fit for guiding empirical research”(Fearon 1999, 382). A coherent theory
needs both the logic and consistency that accurately reflect the thing to which it is being applied
to as opposed to redefining the thing to fit the theory (the latter being what has been done to date
on MCEs). Playing with the specific academic ‘Lego blocks’ that are the varying causes for war
presented in the literature (and stated above) yield an interesting observation to someone with
practical experience in both information and communication technology (ICT) and international
relations. When Fearon’s (1995) canonical model is taken apart and reassembled it is becomes
clear that these pieces are missing if we desire to parsimoniously yet adequately explain the
20
I am using the rationalist definition of uncertainty (meaning ignorance) as opposed to the
realist definition implying anxiety (Rathbun 2007). Rathbun (2007) says, “Rationalism
conceives of uncertainty not as anxiety but ignorance. States cope with uncertainty by
attempting to accumulate information about intentions. Learning is defined as constantly
updating beliefs based on the available data. States send and look for credible signals of
commitment on the issues at stake” (Rathbun 2007, 553).
Chapter 2: Literature Review Salinas | 45
frequency (or lack thereof) of malicious cyber engagements within the context of his prescribed
private information, commitment problems, and issue indivisibility. These are: the difficulty in
positively attributing attacks, the effects of non-strategic signaling and the difference between
bargaining over a physical object or space and information about that object. All of these
considerations must be made with full understanding of the lower costs to fight in cyber space
than in traditional conflict theaters. His model assumes an attacker can be readily identified, that
the actors’ signals are themselves strategic to the game, and negotiations are over material
objects that can be easily divided. Importantly, none of these given conditions apply in cyber
space.
Overall, the lower costs to initiate and participate in malicious cyber engagements in
effect narrows the bargaining range presented in Fearon’s (1995) model (because of its effect on
overall expected utility), making bargains less likely than he originally theorized, as I will
illustrate in the following section of this chapter. Simply stated, the tools of MCEs (i.e. software
and hardware) do not place nearly the same financial burden on states as traditional kinetic
weapons and provide a much lower barrier to entry. Given the inherent stochastic element in
predicting the outbreak of war, acknowledged by both Fearon (1995) and Gartzke (1999), Bueno
de Mesquita offers that positive expected utility is a good proxy to use to calculate what is in fact
rational for an actor (Bueno de Mesquita 1981). Bueno de Mesquita (1981) says, “war can be
rational if both sides have positive expected utility for fighting; that is, if the expected utility of
war (expected benefits less costs) is greater than the expected utility of remaining at peace”
(Fearon 1999, 386). By applying the contrapositive law of propositional logic to the preceding
Bueno de Mesquita quote we yield the following statement with an equivalent truth value: if the
expected utility of war is less than the expected utility of remaining at peace, then war is
Chapter 2: Literature Review Salinas | 46
irrational.
21
The form and function of both premises are equally useful in determining the
import of the original model onto MCEs. Also, this contributed to my decision to use expected
utility in my model to theoretically determine how the states evaluate when to use an MCE
versus using diplomatic channels.
Furthermore, in addition to analyzing overall expected utility Bueno de Mesquita also
took into consideration how technological gaps between dyads effected each sides’ calculation of
the expected utility from war (Bueno de Mesquita, 1983). Despite this specific article being
written in 1983, a time that predates the commercial public adoption of the Internet by eight
years, the question of the disparity of technological capabilities within a dyadic relationship is
just as (or maybe more) relevant today when it comes to ICT and a state’s cyber capabilities.
22
Using an econometric model and corresponding regression analysis, Bueno de Mesquita (1983)
found that “based on marginal changes in expected utility, technological differences and tit-for-
tat, is shown to account for one-third the variance” in battle deaths per million population per
month regardless of who was the first to attack (Bueno de Mesquita 1983, 347). As previously
stated, deaths are in most cases not the purpose of MCEs. However, Bueno de Mesquita’s
(1983) model does capture the relationship between the actors’ expected utilities, disparities in
their technological capabilities, their dyadic interaction and their expected outcomes from
engagement. Now that the general overall effects of costs have been cursorily mentioned, it is
imperative to take a qualitative look at the three critical pieces that are needed to ascertain the
21
The contrapositive law of propositional logic states that if one variable implies a second, then
it is true that the negation or absence of the second implies a negation or absence of the first or
P⇒Q ≡ ¬Q⇒¬P. For example, if we have the following true statement, “If it is a lime, then it
has vitamin C,” then we know the following statement must also be true. “If it does not have
vitamin C, then it is not a lime”
22
The Internet was made commercially available to the public on August 6, 1991 (Bryant 2011).
Chapter 2: Literature Review Salinas | 47
bargaining range of MCEs and under what conditions does the bargaining range disappear,
consequently affecting the rational behavior of actors in a dyad.
First, we need to consider the problem of positive attribution and its effect on the
bargaining range.
23
Intuitively it is reasonable to think the inability to positively identify the
source of an attack to the UN’s level of accepted positive attribution for retaliation would raise
the likelihood of an attack by a rational actor.
24
Said another way, if a state can gain a material
advantage over another without getting caught in the process, we can reasonably expect them to
act to gain the advantage. However, the difficulty in positively attributing an attack to a specific
actor has had a negative affect in cyber space (Clark and Landau 2011, Mejia 2014). What it has
done is create an environment where it is rational for an actor to move to lessen the information
asymmetry that exists around an adversary’s capabilities and perceived intentions. Lewis and
Schultz (2003) say, “Incomplete information creates uncertainty over which negotiated
settlements are mutually acceptable. Overcoming this uncertainty is problematic because states
generally have incentives to engage in strategic misrepresentation that make it difficult to
distinguish genuine threats from bluffs” (Lewis and Schultz 2003, 346). While Lewis and
Schultz (2003) are clearly talking about incomplete information before negotiations to prevent
conflict in a dyadic relationship (which is obviously salient), I am considering the effect of the
difficulties in positive attributing an engagement to a specific actor after an MCE has taken
place. Retaliation is not a viable post-attack option if the attacked state cannot be certain of who
is the actual perpetrator.
23
Attribution simply means identifying the cause of something, in this case, an attack.
24
Article 42 “permits the use force if authorized by the UN Security Council.” Article 51
“permits the use of force in self-defense against an armed attack” as an inherent right of the
individual state” (Mejia 2014, 115).
Chapter 2: Literature Review Salinas | 48
Furthermore, in cyber space seemingly malicious threats and bluffs could in fact just be
innocuous reconnaissance being done to address information asymmetry. The two are easily
confused. The initial actions of a defensive exploratory posture look identical to the actions of
an offensive aggressive posture as illustrated below.
Offensive actions: Reconnaissance >> Scanning >> Exploitation >> Exit/Management
Defensive actions: Reconnaissance >> Scanning
In short, the blurring of offense and defense has not only created a security dilemma, but
one that looks objectively different than it is normally understood in international relations
theorizing (Herz 1950). This security dilemma wells up in an environment where offense and
defense are in essence indistinguishable. Robert Jervis (1978) has argued, “anarchy and the
security dilemma may well foster arms races and territorial competition” (Jervis 1978).
But in
cyber space there is no physical territory, but a seemingly infinite informational space instead.
There is no arms race where there is a comparison of one’s number of kinetic weapons against
the number of weapons possessed by an adversary. It is the comparison of hackers to hackers,
people to people, knowledge-base to knowledge-base. The affects of these differences between
real space and cyber space need to be captured in any model of malicious cyber engagements.
The second variable that is needed to ascertain the bargaining range of MCEs is non-
strategic signaling. Their presence and effects are salient in adequately explaining the frequency
(or lack thereof) of malicious cyber engagements. By non-strategic signal I am referring to an
action taken by one state actor without any consideration of how the action will influence the
behavior of an observer, and subsequently the game. Something as simple as a state making
Chapter 2: Literature Review Salinas | 49
known a new or improved capability through incidental news coverage or a planned press release
is a non-strategic signal. The literature has covered the effects of strategic signaling in
bargaining. States feigning weakness to their adversaries (Slanchev 2010), what role does
balance of power play when a state actor signals growing capability (Fearon 1994), sinking costs
(Fearon 1997), and the effects of state reputation on bluffing during international disputes
(Sartori 2002) are a few of the different aspects of signaling that have all been explored in the
past by game theorists. However, none of these are specific to ICT or cyber space.
Given that the signal I am considering is private information being made known to the
public, and that cyber space is by definition network-connected individuals sharing information,
this specific kind of signal needs to analyzed and considered. In other words, the signal is a form
of self-reporting on the part of the targeted state, not only enticing an attacker, but also giving
them critical intelligence on the thing being sought after. Cyber space is unique because even if
it is merely an espionage and sabotage tool as some suggest, it is directly connects the attacker to
the desired target.
However, the literature has not covered signals that are non-strategic in nature and kind.
In the realm of cyber space, non-strategic signals are sent all the time by governments and
private contractors in the form of news and press releases. As I will explain, these seemingly
innocuous, non-strategic signals are the catalysts that start the incomplete information game
between two state actors. MCEs have one of two purposes, either to steal copies of information
or to sabotage the functioning of as system. (Unlike in a kinetic conflict, deaths are almost never
the purpose or direct result of an MCE.) These non-strategic signals let a potentially opposing
Chapter 2: Literature Review Salinas | 50
actor know exactly what information to attempt to steal or alter and the physical location of the
system that would need to be compromised in order to achieve these desired goals.
25
The last important characteristic that needs to be considered is the difference between
bargaining over a physical object or space and information about that object. There are Bayesian
equilibria for games with incomplete information (i.e. information asymmetry) (Harsanyi 1967).
For my bargaining game with incomplete information we have to acknowledge the incomplete
information sets that are considered by both actors. The first is neither player can for know for
certain what the other’s cyber capabilities are. Also, if the one of the goals of the new formal
model is determining the presence of the bargaining range between two players, then the
question of what are they negotiating over becomes salient. In kinetic war scenario, the sides
will be negotiating over an object that is both divisible and of known size. However, given the
nature of cyber space, the negotiations will be over unknown representative information about
real objects or systems, which is inherently indivisible yet, duplicable and have an unknown size,
the second incomplete information set.
26
Buchanan’s (1965) An Economic Theory of Clubs deals with the divisibility of public
and private goods and can loosely serve as a map with which I can analyze the salient point of
cyber. This is pertinent to the exploration of state-to-state negotiation around issues in cyber
25
For example, when it was announced that Boeing and Lockheed Martin were awarded the
contracts to build the 2018 Bomber as part of the Next-Generation Bomber (NGB) program, it
signaled to military adversaries who to attack for the plans. The Chinese already stole the
complete design plans for the F35 Lighting II (Gertz 2014).
26
If two states share information x both states know all of x, not each state knowing x/2. This is
what I mean by “indivisible.” This is qualitatively different than dividing up 1000 square
kilometers of land with each side receiving 500 square kilometers. It is also different than issue
indivisibilities, such as religious objects, that deify objects or spaces rendering them inherently
indivisible (Hassner 2009). Furthermore, a “meta-object” is information detailing the intricacies
of a real object (e.g. schematics on a defensive weapons system).
Chapter 2: Literature Review Salinas | 51
space because the sharing of information as a public good would eliminate the need to intrude on
another’s network by eliminating uncertainty. Furthermore, its relevance is further reinforced by
the core attributes of Buchanan’s theory; specifically that club goods are excludable, congestible,
and divisible.
These two inherent characteristics create formal modeling issues that are unique to cyber
space and were not captured anywhere in the literature on kinetic war and conflict. In order to
analyze this new setting of cyber space we must revisit Lewis and Schultz (2003) to
appropriately reflect on how will dyadic actors strategically bargain with each other under
conditions of information asymmetry in traditional kinetic settings (Lewis and Schultz 2003).
While Signorino (1999, 2003) and Smith (1999) did important work in the area of strategic
interactions during international conflict, the techniques that they developed did not take into
account games of incomplete information (Lewis and Schultz 2003, 346). Lewis and Schultz
(2003) built upon Signorino’s body of work bringing “that agenda closer to the application in a
way that will appeal to the IR literature” by specifically analyzing incomplete information and
signaling (Lewis and Schultz 2003, 347). The authors calculate their game’s equilibrium by
deploying the quantal response equilibrium (QRE) used by Signorino (1999) (Lewis and Schultz
2003, 347).
27
Even with Lewis and Schultz’s (2003) advancement on the original model, neither the
kind of information nor the non-strategic signaling found in MCEs is accounted for. However,
they did produce findings supporting that the information structure has “important implications
for the inferences one draws about payoffs based on observations of game outcomes” (Lewis and
27
“A quantal response specifies choice probabilities that are smooth, increasing functions of
expected payoffs. A quantal response equilibrium has the property that the choice distributions
match the belief distributions used to calculate expected payoffs.” (Goeree, Holt, and Palfrey
2016).
Chapter 2: Literature Review Salinas | 52
Schultz 2003, 359). The authors say, “It is not enough for the estimation to internalize the
strategy sets and sequence of moves – the information structure [my emphasis] must also be
taken into account” (Lewis and Schultz 2003, 359).
28
Ultimately, it is this consideration of
information (or absence of information) that will qualitatively and quantitatively influence each
actor’s behavior in games centered on MCEs.
The relationship between information, the absence of information, or quality of
information is paramount in malicious cyber engagements. This includes information
surrounding an opponent’s capabilities. Morrow (1989) probed how would a state actor behave,
given what they believe are their opponents capabilities. In the context of cyber space, these
capabilities for the most part lay in one of two places. They are either unknown or parity
between actors is assumed. Gartzke (2013) somewhat addressed this by putting forth that the
decision to act and the credibility of threats in cyber space is contingent on a state’s ability to
back up their cyber capabilities with their kinetic capabilities, thus canceling out cyber abilities
on both sides of the dyadic equation (Gartzke 2013, 43). Gartzke (2013) says, “cyberattacks
[sic] are unlikely to prove potent in grand strategic terms unless they can impose substantial,
durable harm on an adversary. In many, perhaps most, circumstances, this will occur only if
cyberwar is accompanied by terrestrial military force or other actions designed to capitalize on
any temporary incapacity achieved via the Internet” (Gartzke 2013, 43). While this statement
does capture the parity aspect of cyber abilities among actors, such an inference does not
acknowledge the entire scope of purposes and intentions of MCEs. It also misses a very critical
28
“Using an estimator that is premised on symmetric information to estimate, for example, the
effect of democracy on audience costs could yield a result that if the reverse [my emphasis] of
that which a model that incorporates incomplete information and signaling – the very features
that make audience costs an interesting object of study – would reveal” (Lewis and Schultz 2003,
359).
Chapter 2: Literature Review Salinas | 53
point. Gartzke (2013) does not consider the ubiquity of the Internet in not only in the civilian
sector but also in the military sphere. The kinetic capabilities of a nation-state are directly
contingent the proper functioning of the Internet that guides and controls them. This leaves a
significant hole in his theory.
As previously mentioned I do not agree with the language of traditional kinetic war being
imported into the conversation on cyber space. Specifically, speaking about computer code as if
it were a weapon on par with a loaded rifle, launched missile, or a dropped bomb is fallacious.
Again, MCEs have one of two very distinct purposes, either to steal copies of information or to
sabotage the functioning of as system. Gartzke (2013) is only assuming the latter when he
hinges the kinetic abilities so tightly with cyber capabilities. This would imply that states that
are not proven kinetic military powers could not be taken seriously in cyber space and the
decisions on both sides of the dyad would be made based solely on kinetic abilities and not cyber
abilities. This is potentially dangerous error. The critical differences between kinetic war and
MCEs need to be unpacked as I am doing throughout this chapter. Some authors have begun this
theoretical work. Demchak (2013), and Carr (2013) have elucidated that the conversation
becomes further removed from reality when talk of a “cyber Pearl Harbor,” or a “cyber weapon
of mass destruction” sneaks into the discussion.
29
If states, without acknowledging the
differences in the purposes between kinetic war and MCEs, proceed to assess an adversary’s
capabilities against a kinetic war standard of the ability to quickly inflict deaths, then there will
be a gross miscalculation of the price incurred by a successful attack launched against it. As I
29
In a speech at the Intrepid Sea, Air and Space Museum in New York on October 11, 2012,
Former Secretary of Defense Leon Panetta warned that “the United States was facing the
possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer
hackers who could dismantle the nation’s power grid, transportation system, financial networks
and government” (Bumiller and Shanker 2012).
Chapter 2: Literature Review Salinas | 54
will demonstrate, this ex ante miscalculation of the costs incurred has a negative affect on the
bargaining range in the dyadic relationship. Bargaining between the actors would be less likely.
In short, Morrow (1989) concluded, “because the sides cannot predict the consequences
of their actions, they instead form judgments based on the information they have available [my
emphasis]. These judgments are colored by their prior beliefs, occasionally leading to disaster
for both parties in the form of war” of the traditional, kinetic type (Morrow 1989, 964). Cyber
space has added a new layer of complexity to Morrow’s (1989) findings, specifically, its ability
to facilitate making any information available. Despite pre-dating the widespread
commercialization of the Internet, Morrow’s article captures the salience of information
availability. However, his findings do not take into consideration the misalignment between the
outside assessment of a state’s capabilities and the assigning these capabilities to a purpose that
differs from the intentions of those possessing those capabilities. It could be dangerous to assess
a tool as being incapable of immediate death if its intention is to not to kill but is still nonetheless
nefarious (i.e. to steal copies of information or to sabotage the functioning of as system).
Fearon (1994) asked what role does balance of power play when a state actor signals
growing capability (Fearon 1994). Given the how influential each side’s capabilities are
(whether true or perceived) in calculating the total size of the bargaining range in a dyad
(because of capabilities effect on the calculation of the probability of success), we have to
consider Fearon’s question in the backdrop of non-strategic signals and power as an ultimate
expression a state’s capabilities. Generally speaking Fearon (1994) uses an incomplete-
information model of international crises to look at observable dimensions of military
capabilities. He examines “the question of how relative military capabilities and relative
political interests influence the efficacy of threats made during international disputes” (Fearon
Chapter 2: Literature Review Salinas | 55
1994, 266). His findings supported that “the problem with the mainstream rationalist arguments
about the impact of relative capabilities and interests is not that the arguments are flat-out wrong.
There are situations in which an advantage in military capabilities of “intrinsic interests” should
be correlated with the success of a state’s threats and warnings” (Fearon 1994, 266).
However, a state’s true cyber capabilities are unknown to an adversary making it difficult
to assess which side has a true advantage. Offensive and defensive postures look precariously
similar. And while I am not dealing with the actors in my model making strategic threats and
bluffs, I am analyzing the effects of the non-strategic signals that are sent and received between
actors all the time in the form of incidental news coverage or a planned press release from either
the government, government contractors, or the private sector. Using expected utility (Bueno de
Mesquita 1980), my research will reconcile how there can exist a rationalist explanation for
cyber “war” (Fearon 1995) if cyber war itself is a myth (Gartzke 2013), taking into consideration
what is known about actor’s capabilities (Morrow 1989), incomplete information and signaling
(Lewis and Schultz 2003), while acknowledging that the predictability of such a singular dyadic
event resides lies in chance or stochastic events (Gartzke 1999). This will give us insight into
how a state actor will behave, given what they believe are their opponents capabilities (Morrow
1989) and does the technological gap between adversaries affect the calculation of the expected
utility each side can expect from war (Bueno de Mesquita 1983).
Admittedly, I am making the conscious decision to only perform a state-focused analysis.
I disagree with Lake and Powell’s (1999) assertion that “domestic actors often face strategic
problems that are quite similar to the strategic problems confronting states” (Lake and Powell
1999, 5). While I agree their desire to move away from these types of traditional analytical
distinctions in formal modeling, such as state versus non-state actors, it must still be done if the
Chapter 2: Literature Review Salinas | 56
strategic problems at both levels of analysis are demonstrably different. Lake and Powell (1999)
make the strategic problems the level of analysis. However, the motivations of non-state actors
are very different than those of their state actor counterparts in cyber space. Non-state actors
acting independently of the state are known for executing MCE’s for no reason other than
proving it is possible and the bragging rights that come with it. Their preferences and pay-offs
would complicate a formal model beyond the scope of this chapter. Lake and Powell (1999) did
call attention to the “micro-foundations” and “a fuller description of the strategic setting” to
emphasize any models assumptions and logical consistency (Lake & Powell 1999, 5), the same
things I think are salient in my model. However, for the sake of parsimony, I will only consider
the preferences and pay-off of state actors. The formal analysis of malicious cyber engagements
is a prime candidate for future research.
The last issue that need to be addressed in this review of both the cyber literature and the
relevant formal modeling literature is the differences in high and low political targets and
objectives in defining the preferences and subsequent strategies of actors. This bifurcation has
been questionable (Bergstein, Keohane, and Nye 1975, Cooper 1972-73). As it effects formal
modeling Lake and Powell (1999) say, “The high politics of war, peace, and security is assumed
to be different from the low politics of money, trade, and finance, and thus each type of politics
requires its own theoretical approach” (Lake and Powell 1999, 26). They go on to assert that
these should not be differentiated. However, central to my formal model and the empirical case I
present in the following chapters in support of the model is the notion that the values assigned to
high political and low political targets differ depending on state level factors. It is these
differences in valuation that directly affect the preferences and pay-offs that are formally
considered in the decision-making process of a state actor and makes it paramount to
Chapter 2: Literature Review Salinas | 57
acknowledge their qualitative differences. Furthermore, the very nature of the purposes of
MCEs falls into these two classifications. Whether it is to steal copies of information or to
sabotage the functioning of as system MCEs are going to be levied for either political or
economic gain when a state actor perpetrates it. If non-state actor executes an MCE, then the
reason can be to simply boost reputation or establish a proof of concept of the MCE, in addition
to personal political or economic gain.
Where do I fit? So what?
In sum, there is a place in the current literatures to explore the seemingly nuanced
arguments I am presenting here. The effects of these variables are significant enough that it
warrants a rigorous, albeit tedious, exploration. I believe when arguing the extreme positions
taken on an issue the only thing that can come of the approach are both sides talking past one
another. A real solution or something close to a reconciled answer usually resides in the middle
ground where nuance needs to be hashed out. This is the heavy lifting that I do in the following
two chapters.
In the chapter 3, I present my theory. I lay out how the variables interact with one
another and how they, in effect, narrow the bargaining range between actors. I hypothesize and
illustrate how the range is narrowed so much so, that it becomes clear that a rational actor should
make the decision to attack if another actor has signaled a target of either political or economic
opportunity. This raises the question of why we do not see a wanton proliferation of state-to-
state malicious cyber engagements. And when we do see an MCE occurring between two state
actors, what determines within the dyad which are the attacking states and which are those being
Chapter 2: Literature Review Salinas | 58
targeted. The confluences of variables that I hypothesize are salient in making these
determinations are tested in chapter 4.
Chapter 3: Theory Salinas | 59
Chapter 3: The Case of the Disappearing Bargaining Range
Why do nation states make the decision to maliciously engage with another state in cyber
space? This is the root question that is puzzling both those on the inside and outside of the ivory
tower, and is central to my research endeavor here. Earlier, I have discussed ad nauseum how
scholars have attempted to blindly import the language of war into the cyber realm. This
imposition of ‘war-speak’ could be seen as problematic for my own theorizing, in part, because I
do not believe that there is a cyber ‘war’ going on, per se. However, this proclivity of others can
prove to have theoretical benefit for me here. By showing the limitations of the most accepted
bargaining theory of war, I can begin to make the case that malicious cyber engagements are so
qualitatively different from acts of war that these theories fail to fully capture the decisions and
subsequent behaviors of the actors in a dyad. Therefore, we should be suspect when assigning
nomenclatures of war onto malicious cyber engagements. I think what we are witnessing in the
cyber realm is an evolution of the tools that were already utilized to enhance the types of
interactions, whether wanted or unwanted, that are a part of interstate interactions, specifically
espionage and sabotage; those acts of acquiring information to address information asymmetries
or making something not function as it was intended.
Neither of these two acts in and of themselves necessarily constitutes an act of war.
However, within the context of the backdrop of a specific heightened state-to-state interaction,
both could be the impetus that contributes to the sufficient conditions that lead to the breakout of
armed conflict or worse, all out war. By looking at the bargaining range that exists before the
onset of conflict/war and taking the theoretical step to include the effects of cyber tools on the
costs and benefits of engagement we discover two very important facts when it comes to cyber
Chapter 3: Theory Salinas | 60
space. First, the effect of lowered costs for one state to maliciously engage with another shrinks
the bargaining range that existed before we included these cyber variables in the model.
Secondly, the difficulty associated with positively identifying the initiator of an MCE lowers the
probability of getting caught, further reducing the pre-existing bargaining range to a point where
it becomes rational for a nation-state to always maliciously engage with another. With this being
the case, the question that is brought to the fore is why do we not see a wanton proliferation of
state-sponsored malicious cyber engagements in cyber space?
30
More importantly, what are the
necessary and sufficient conditions under which the MCEs that we do see were carried out?
These are the two guiding question that undergird the next two chapters.
In the first section of this chapter, I discuss how cyber space has affected the costs of
malicious cyber engagements between state actors. Using a simple formal model of the
bargaining problem faced by states in cyber engagements, I show under what broad conditions, if
any, “a bargain exists that genuinely rational states would prefer” to a malicious cyber
engagement (Fearon 1995, 382, Blaney 1988, James 40, 2014). If a bargaining range does not
exist that is preferred to conflict, then the puzzle becomes why do we not see more malicious
cyber engagements between states? If the range does exist, the original puzzle remains why do
the states not prefer these bargains to hacking, when a hack does place (in the spirit of the
already established theory)?
The second section argues that rational miscalculations of relative power in cyber space
is initially due to private information as Fearon (1995) concluded but it is exacerbated further by
the use of the Internet as the medium of announcing newsworthy breakthroughs and technical
30
An argument can be made that MCEs are, in fact, happening all the time but are simply not
reported. It may be the case that targets of MCEs may be disincentivized to self-reporting an
intrusion, for fear of incurred cost as a result of insurance premiums or bringing attention to a
vulnerability that can be exploited by a different adversary.
Chapter 3: Theory Salinas | 61
innovations in both the military and private sector. While these signals provide a potential target
list for malicious cyber engagements, it also raises the probability of a successful attack and
affects the likelihood that an attack may or may not happen, given the nature of how the Internet
functions at a fundamental level; the technical method of how information gets stored and passed
between users.
I also discuss positive attribution problems in cyber space and why they produce a “class
of defensible rationalist explanations” for malicious cyber engagements (Fearon 1995, 382). The
‘modern’ Internet still has inherent foundational characteristics that are integral to it functioning
that are in-line with its originally designed purpose. Specifically, the inability to be positively
identified by a targeted state, coupled with not being able to interpret a defensive posture from
the first two phases of one that is offensive in nature, makes not attacking the irrational choice,
all other things being equal. This will be analyzed to provide a general understanding on why we
see the malicious cyber engagements that do occur before I make the theoretical move to bring
cultural effects in as a variable in my case study of Russia in chapter five (Myerson, 1112). In
games with multiple equilibria, “anything in a games environment or history that focuses the
player’s attention on one equilibrium may lead them to expect it, and so rationally to play it.
This focal-point effect opens the door for cultural and environmental factors to influence rational
behavior” (Myerson, 1111). Then, I hypothesize what cultural and environmental factors are
likely to contribute to identifying the initiators and the targets of malicious cyber engagements,
which are tested in chapter four.
Chapter 3: Theory Salinas | 62
What are we talking about?
A state-sponsored malicious cyber engagement is an unauthorized intrusion on one
state’s network by another state or its agents with the explicit purpose of intercepting
communications and/or the stealing data or to change the functioning of some machine that relies
on a central processing unit (CPU) for its proper functioning. We must ask ourselves if a
nation’s ex ante cost/benefit analysis of carrying out a malicious cyber engagement against
another concludes that an attack would make rational sense to carry out, why do we not see a
wanton proliferation of attacks by every state that has the capability to do so? This is the
question I am exploring; analyzing if there exists a systematic approach to determining which
nations are more likely to be the initiators in a dyad and which will be targeted. Furthermore, I
am deciphering what type of exploit will most likely be used in the attack (depending on the
attacker). In order to explore the preceding set of questions, we need to clearly identify all the
costs associated with an attack, as well the expected benefits, if the attack is successful. We also
need to define what makes an attack successful, which forces us to articulate each actor’s
preferences. After all, we cannot say something is successful or not if we do not peg how close
what happened to what the perpetrator intended. Next, we will need to identify the factors that
will raise or lower the probability of an attack being successful. Lastly, we need to show how,
with mathematical precision, when all of these things are considered the rational move would be
to attack. Only then is the interesting puzzle illuminated, figuring out which states are most
likely to be the attacker and which are more likely to be attacked.
In the next few sections, I describe the actors in the dyad differentiating between the
attacking state and those that are being targeted. Then, I then unpack which costs matter in the
Chapter 3: Theory Salinas | 63
decision calculus based on the benefits they potentially offer to the attacker. Next, I show how
fully understanding the four phases of a malicious cyber engagement helps determine what
makes it successful or not, and highlight the difficulty in differentiating offense from defense and
how this creates hesitation in an actor and affects its behavior. This can only be done with a
discussion of the ordering and transitivity of the actors’ preferences, which I do in the subsequent
section. Lastly, I mathematically show how all these variables interact with each other to arrive
at either a decision to attack or not.
There are some guiding principles that are already established that can serve as the basis
for rationality and theorizing around rational behavior. John Von Neuman and Oscar
Morgenstern offer a basic and simplistic understanding of rationality.
1. Completeness – for any two simple lotteries A and B, a choice must be either
2. A ≥ B or A ≤ B
3. Transitivity – for any three lotteries A, B, C if A ≥ B and B ≥ C, then A ≥ C
(Brantly 2016, 126).
In order to build a theory of utility, according to Bueno de Mesquita, and Kahneman and
Tversky, it must have the following components:
1. Individual decision-makers order alternatives in terms of their preferences.
2. The order of preferences is transitive (as stated above) so that if A is preferred to
B and B is preferred to C, then A is preferred to C.
Chapter 3: Theory Salinas | 64
3. Individuals know the intensity of their preferences, with the intensity of their
preferences, with that intensity of preferences being known as utility.
4. Individuals consider alternative means of achieving desirable ends in terms of the
product of probability of achieving alternative outcomes and the utility associated
with those outcomes.
5. Decision-makers, being rational, always select the strategy that yields the highest
expected utility (Brantly 2016, 126).
Who Are the Actors?
The dyadic interaction that I am referring to is one between two rational state actors. In
these contentious dyads there is an initiating state and the state that is being targeted. I theorize
that the targeted state is a state that has experienced a certain level of Internet diffusion and has
an accompanying level of reliance on the Internet, both by the public and private sector that
creates targets of opportunity for an initiator. Additionally, the targeted state has sent a non-
strategic public signal of some sort, be it from a private sector individual with strategic
significance or a government entity that has indicated it is in possession of some of information
that is of interest to the potentially initiating nation. This could be in the form of simple news
coverage and/or press releases or legally required periodic public disclosures.
The initiating nation is a nation that has both the desire and the ability to act upon the
information revealed in the targeted state’s non-strategic signal. The desire stems from the
initiating nation deducing that coming into the knowledge of the proprietary information would
offer a strategic advantage of some sort, in and of itself, or would negate/offset an advantage
Chapter 3: Theory Salinas | 65
already held by the targeted nation over the initiator. The initiating nation’s ability to execute an
attack is contingent on them having an institutional apparatus in place to tap into the localized
talent with the ability and knowledge to carry out a malicious cyber engagement. These can
either be a hacking unit actually domiciled within the country’s government intelligence agency
or a non-government contractor acting at the behest of the government with its blessing. This is
assuming that preferences are determined the same. But this is an over simplification that I
discuss in my Russian case study in chapter five. “The other obvious way to bring cultural
effects into economic analysis would be to assume that individual preferences are culturally
determined” (Myerson, 1112).
Initiating Nations
Figure 2: Initiator profile
The figure above is illustrative of the type of nation that I hypothesize will likely be an
initiator of MCEs. I believe it is this unique confluence of variables that ultimately leads to a
Chapter 3: Theory Salinas | 66
nation being an initiator in a dyad. First, I theorize that the potentially initiating nation state
must have a top-rated intelligence agency. Part of executing a successful hack is the amount of
offline scanning the hacker can do before actually infiltrating a network. This is the assembling
of the dossier that gives valuable insight into the potential target and does not raise any
awareness in the target that they may soon be infiltrated (since it is done external to the network).
Having an already established top-tiered intelligence agency raises the quality of the dossier and
subsequently, to some extent, raises the probability of success.
Next, the initiating nation needs to have people (i.e. human resources) that possess the
skills needed to carry out MCE of all kinds from which to recruit into a specific operation, or
into the intelligence agency itself. Given the technical nature of MCEs, having a highly educated
population, especially in the maths and sciences, makes sense in being a contributing factor in
identifying potential initiators.
Third, I believe the initiating nation can in the aggregate be considered a wealthy nation.
However, I think we will see a certain level of economic inequality found in the population. It is
within this inequality that we find the incentives for a highly educated, technically proficient
citizen to make his or her skillset available for hire for use in perpetrating an MCE. Simply
stated, there is a market demand for their skillset they can readily supply.
Lastly, I believe the regime of the nation state most likely to be an initiator of an MCE
will be democratically weak (Reference Scott, Weapons of the Weak!). Being less democratic
implies a guiding moral and philosophical ethos that is more conducive to bending implicit rules
and implied international norms. There is a lower level of respect for the rule of law and
therefore, given the enticing nature of MCEs to address any perceived information asymmetry,
Chapter 3: Theory Salinas | 67
they are more likely to maliciously engage, especially in the absence of any credible enforcement
mechanism.
Targeted Nations
Figure 3: Target profile
I also believe there are a set of variables that will help identify the nations that are more
likely to be targeted for malicious cyber engagements. First, the level of Internet penetration
found in the nation is relevant. If a country is a step behind in its rate of technology adoption,
specifically Internet diffusion, then it will not be a suitable target for an MCE. If it still relies on
antiquated methods of communication and paper file storage then clearly hacking will not be the
optimal tool to use to for espionage and/or sabotage. There simply is not anything to steal
through the medium of cyber space. But if there has been mass adoption of modern ICT then
Chapter 3: Theory Salinas | 68
this particular nation state will be a prime target of a non-strategic signal is sent, especially if the
Internet has become part of the day-to-day functioning of the nation’s society.
Second, I posit that there needs to be a relative free press present in a nation state in order
to raise the instances of being targeted. The targeted state has to have some mechanism in place
to convey a non-strategic public signal of some sort, be it from a private sector individual with
strategic significance or a government entity that has indicated it is in possession of some of
information that is of interest to the potentially initiating nation. This could be in the form of
simple news coverage and/or press releases or legally required periodic public disclosures. Press
reporting on the business community can provide the apparatus through which an observant
initiating country can ascertain where to attack and that they can go after.
Third, I believe that a targeted nation will need to have a thriving stock market. The
mandate for periodic public disclosures on the updates of current business dealings and plans for
future business is low-hanging fruit for a would-be hacker, especially when coupled with a press
that actively reports business news. This helps contribute to the producing the non-strategic
signal that begins the process of deciding to launch an MCE by the initiating country. While this
signal is not intentional, it is critical in setting in motion the process of deciding to launch an
MCE by the observant, initiating nation.
Lastly, the vital area of defense spending and development is something that should
remain under the auspices of a nation’s government, if for no reason other than being free of the
obligation of public reporting. However, the presence of the military-industrial complex
signifies that the line between the private and the public sector in the critical area of defense
Chapter 3: Theory Salinas | 69
spending and development has been blurred.
31
It is in these strategic partnerships between the
public and private sector that a would-be adversary knows to pay special attention for a bit of
information that could prove advantageous, if acquired. I posit that there will be a high
correlation between nations that are targeted and those that foster this type of blurred
relationship.
In sum, this confluence of independent variables should give us some insight into which
states ultimately decide to use malicious cyber engagements, and those that are likely to be the
targets of them. This is valuable both from a theoretical and a practical policy perspective. For
theorists, testing these hypotheses will require a first attempt at applying econometrics to an
assembled dataset. There has not been this type of rigorous testing done on state-to-state dyadic
interactions in cyber space. The testing of specific theoretical claims is a valuable step for
theorists toward separating fact from intuitive conjecture and places us on a path to truly
understanding what is happening underneath the surface of the decision-making process. For
policymakers, the results will begin to provide some insight into where to allocate the limited
resources that are available for deployment in cyberspace. Nations cannot watch all countries all
the time. So if it is known which nations are most likely to be adversarial, officials can better
decide the proportional distribution of money and human resources. The malicious cyber
engagements that do occur do not happen out of pure happenstance. Taking a look at what
patterns and points of commonality exist in the malicious cyber engagements that are reported is
a vital first step in understanding a commonly misunderstood phenomenon.
31
The military industrial complex is a term that describes a relationship of mutual benefit
between the government and the private sector, first coined by President Eisenhower in his 1961
farewell address. In the case of the United States, it included “members of Congress from
districts dependent on military industries, the Department of Defense (along with the military
services), and privately owned military contractors (e.g. Boeing, Lockheed Martin, and Northrop
Grumman) (Weber 2012).
Chapter 3: Theory Salinas | 70
Actor Preferences
The preferences of an initiating country and a targeted country are obviously different.
One will assume an offensive posture, and the other will assume a defensive posture,
respectively. However, the manner in which each actor behaves to achieve these preferences
initially looks the same and can affect the manner in which the interaction is played out and
decisions made. Simply put, the first to phase of an attack or defensive reconnaissance actions
look identical. These similar behaviors can send an unclear signal in either direction that
convolutes whether a state is behaving in a defensive posture or in one of the offensive nature.
They introduce a consequential level of uncertainty into the game.
Initiating states wish to do more than simply intercept communications or steal secret
proprietary information. As mentioned in the previous section, in most instances they want to
remain undetected and leave a backdoor to get back in the vulnerable network at a later time.
Targeted states must defend against the unauthorized network scanning, exploitation, and the
subsequent backdoors left by attackers. Additionally, they must also ascertain the capabilities of
all the actors that could be potential attackers. This type of defensive posture requires a type of
reconnaissance on the initiator that can easily be confused for the early stages of an attack. If this
defensive signal looks identical to an offensive one, then the actor viewing the signal has to
deliberate on whether or not to launch what they would intend as a defensive, retaliatory attack.
It plays out as the cyber space version of the classic security dilemma (Jervis 1978).
Clearly cyber space creates a unique set of problems because offense and defense look so
similar with the only thing differentiating them is the actors’ intention. The old sports adage that
Chapter 3: Theory Salinas | 71
“the best defense is a good offense” applies to nations in cyber space. Cyber space requires that
a state wishing to harden their own systems must, in addition, to looking at their own network
hardware and software vulnerabilities take a look at the capabilities of the nations they are likely
to enter in a malicious dyadic interaction. This requires the passive and active scanning,
intelligence gathering of sorts, of networks. Signal misinterpretation while this determination is
occurring is very likely, making a defense look like offense. This leads to a potentially steep
downward spiral, which places a premium on nations using current diplomatic institutions to
communicate intentions. Strained diplomatic relations could further complicate the process of
interpreting the signal. Furthermore, the need for new specifically designed institutions with
credible enforcement mechanisms to cater to the nuances of cyber needs to be established to
prevent unnecessary malicious dyadic state interactions.
Costs and Benefits
Some of the costs associated with state-sponsored malicious cyber engagements are
easily quantifiable, while others are undeniably present, yet hard to account for. With regards to
the initiating state, those costs that are easily totaled for an attacker are those associated with the
labor used in the writing of the code, the costs to pay the analysts to execute the MCE, and the
sunk cost of the hardware and software used in the MCE. Relatively speaking, these costs are
low in comparison to the traditional kinetic weapons such as the nuclear bombs or missile
systems to which they are often compared. This is part of the reason why the underlying puzzle
Chapter 3: Theory Salinas | 72
that I am exploring is so interesting, the low cost of entry is not cost prohibitive to states not
designated as ‘superpowers.’
The benefits for the attacker carrying out a successful attack far outweigh the costs,
especially when the difficulty in positively attributing the attack at a level sufficient for
retaliatory action is considered. Making positive identification of the initiator nearly impossible
because of the prevalence of the practice of spoofing the origination of the attack. Since
malicious cyber engagements are tools used in modern espionage, the benefits are those that are
commonly associated with the tradecraft. Specifically, espionage is a tool used to address
information asymmetry between two actors. Secret or classified information, whether it is from
government officials or the proprietary information of private citizens or entities, all have an
implicit value, albeit difficult upon which to put a price. Staying true to the axiom, “a dollar
saved is a dollar earned,” when an attacker steals proprietary data and gains a full working
knowledge of sensitive information that came at tremendous research and development costs to
the target, the attacking state benefits not just from the R&D saving, but also from taking away
the advantage the proprietary item/information awarded the author. Furthermore, if the attacker
successfully intrudes without detection, the more time that passes since the MCE took place, the
initiator gleans the more benefit from it. This is because the targeted country is relying, and in
some cases depending, on secrecy that exists is theory, but not in fact.
The inference we can make for the costs incurred by a targeted state is that they lose the
advantage gained by whatever the information stolen was in reference to. The strategic
advantage the referent object awarded the author is negated the moment its capabilities are
known to an adversarial actor. This is further exacerbated the more time that the intrusion is
unknown to the target. This is especially true for a proprietary weapons system of any sort, in
Chapter 3: Theory Salinas | 73
which its effectiveness directly related to the target’s inability to counter its capabilities. It is
easier to defend if capabilities and methodologies are known. Furthermore, it produces a
compounded negative effect because if the MCE nullifies the advantage the money spent on
research and development awards, the R&D investment is essentially wasted.
There is obviously no benefit to a targeted state in getting hacked. The targeted state
could use the cyber version of misinformation, called a honeypot, which theoretically would
offer valuable counterintelligence information.
32
A honeypot is “a computer system that is set up
to act as a decoy to lure cyber attacks, and to detect, deflect or study attempts to gain
unauthorized access to information systems” (Cobb 2018). However, a honeypot is glaringly
obvious to a skilled hacker with the most basic of software tools and an observant eye. So
theoretically, an unsuccessful attack that utilized a honeypot as a lure would offer the targeted
state valuable reconnaissance data on the initiator such as location information in the form of the
originating IP addresses, and hardware and software being used. But the initiating state should
know that both a honeypot is being used and that they could be traced if they do not use
countermeasures. So I will call it an approximate strategic (and mathematical) wash and say
there is no benefit from the target’s perspective in being attacked.
What is a Successful Attack?
Defining what makes an attack successful is paramount in gaming out a negotiation
between two state actors. In addition to merely defining what success means in cyber space with
32
“A honeypot is a decoy computer system for trapping hackers or tracking unconventional or
new hacking methods. Honeypots are designed to purposely engage and deceive hackers and
identify malicious activities performed over the Internet” (Techopedia 2018).
Chapter 3: Theory Salinas | 74
regards to an attack, consideration for the probability of its success must be included in a state’s
rational decision calculus to do it in the first place. We need to be inside the head of the author
of the code and initiator of an MCE to be able to qualify an MCE as successful.
The difficulty in positively attributing an MCE to a state actor with enough confidence to
justify a retaliatory attack is the single-most important factor affecting the decision to ultimately
maliciously engage. As previously stated, a successful attack involves not only the planning of
the intrusion, skillful interception of communication, and acquisition of data, it also involves
getting out of the network undetected and in some case maintaining a ready point of entry for
later intrusions, if/when necessary. An alternative “successful” hack modifies the exfiltration
and maintenance phase of an attack and takes advantage of the difficulty in positively attributing
the attack to a specific actor. A tactical measure for an attacker to deploy taking advantage of
this attribution problem will be to spoof where the attack is actually originating from to make it
look like it is coming from somewhere else, from an entirely different initiator.
This raises the probability of an attack being successful if the attacker can instill enough
doubt on the origin of the attack to prevent retaliation from the targeted state. By making sure
there is a sufficient level of attribution uncertainty there is little to no cost to attempting the
attack, or let alone successfully infiltrating the network. Simply stated, from the view of an
attacking state, an attack is successful if it the network is successfully penetrated, the
communications intercepted and/or data stolen, and either exfiltration and maintenance of the
network is unknown or the true origin of attack is spoofed, creating retaliatory uncertainty. This
is what we need to keep in mind when modeling dyadic interaction.
Chapter 3: Theory Salinas | 75
Why being first to move matters?
There is a first-mover advantage when it comes to MCEs. As mentioned earlier, the first
two phases of a defensive posture in cyber space looks identical the first two phases of an
offensive one. The reconnaissance and scanning phases are integral to both effective offense and
defense. While a passive defensive posture takes a ‘wait and respond’ stance on potential
malicious cyber engagements, an active defensive posture is very probative and investigative.
Specifically, it is the phase two scanning of an adversary’s network to ascertain their capabilities,
not to exploit the network, which plants the seeds of hesitation in the nations being probed.
Responses to traditional kinetic attacks are usually proportional, of similar kind, and carried out
with a high level of certainty of who was the actual perpetrator. The difficulty in positively
attributing the initiator of an MCE with an acceptable level of certainty creates hesitation in the
targeted state because they do not want to launch an MCE on the wrong nation. Also, the true
size of the damage from an MCE is not always immediately know or quantifiable. This
hesitation is what creates the vital first-mover advantage in cyber space.
Subsequently, the probability of an offensive hack being successful goes up when the
targeted nation is hesitant to respond because it is both unsure who exactly is behind the MCE,
and cannot immediately ascertain the scope and magnitude of the intrusion itself. All the
targeted nation can hope to do is triage itself and stop the flow of information if the MCE is still
in progress and hope that whatever fragmented information has been stolen is not too critical to
its security. While it is trying to get a situation-report of the intrusion, information is steadily
being stolen. The initiating nation can use the confluence of uncertainties to its immediate
advantage.
Chapter 3: Theory Salinas | 76
The first-mover advantage is not limited to MCE that are intended to steal information.
In MCEs that are executed to alter the proper functioning of a system or machine, the targeted
nation does not even know a hack has taken place until things begin to malfunction. At this
point, the damage is already done and the same problem of positively identifying the perpetrator
still exists.
A Model of Dyadic Malicious Cyber Engagements
A Real-World Example
In order to begin building a formal model of malicious cyber engagements it is best to use
a real-world example that illustrates the actions of the actors in a conflict dyad. In this case, I
will use the United States/China dyad, specifically China’s nefarious acquisition of design
schematics of US’ newly designed F-35 Lightning II stealth military aircraft.
33
Given the costs of fighting, both in money spent and negated tactical advantage,
diplomacy would seem to be preferred to fighting in cyber space. However, the now infamous
cyber ‘attack’ still took place. There are specific characteristics of the Internet and cyber space
that offer an explanation as to why. Explaining and analyzing these specific characteristics is
where my work builds upon the formal modeling done by Fearon (1995). First, the equilibrium
33
While the United Kingdom ranks #1, the US comes in at #2 and China ranks 13th on the Booz
Allen Cyber Power Index (BACPI). Booz Allen sponsored research to be conducted by the
Economists Intelligence Unit in order to assemble a measure of relative cyber power among the
G20 countries. The index is “a dynamic quantitative and qualitative model, constructed from 39
indicators and sub-indicators that measure specific attributes of the cyber environment across the
drivers of cyber power” (Roberts 2014).
Chapter 3: Theory Salinas | 77
effects of the difficulties in ascertaining the true origins of an MCE on its perceived risks and the
decision to launch it in the first place must be considered. Next, the difference in attempting to
negotiate over something that can be divided as opposed to something that is indivisible yet
duplicable must be properly analyzed. This differentiation is key in assessing the differences
between the traditional conflict and malicious cyber engagements.
The two countries could come to an agreement to not spy on one another for a specified
period of time, similar to the arrangement that the US has with many European countries.
However, the problem of positive attribution means that if the disparity in capabilities is wide
enough, then it becomes more rational to try to obtain as much information as possible. The
Internet makes the acquisition of this information even easier than with traditional espionage
when the world was not as connected as it is today. Couple the extreme difficulty in positively
identifying an initiator with the lack of a centralized institution to serve as an enforcement
mechanism for a deal that is reached and we can see, in a general sense, why the F-35 plans were
stolen by the Chinese.
Thought Experiment
Taking cues from the original thought experiment provided by Fearon (1995), I offer one
that generalizes the F-35 example above and is a first step in better reflecting the broad strokes of
cyber engagements, taking into account the idea that engaging in malicious cyber engagements is
not costs prohibitive, and difficulties in attribution raises the probability of success. Suppose that
two states are bargaining over the division of $100 – if they can agree on a mutually amenable
split. For a very low price of $1 (assuming that the unit of analysis is rounded to the nearest
Chapter 3: Theory Salinas | 78
dollar), they can go to war, in which case each player has a better than 50-percent chance of
winning the whole $100 (i.e. a state’s probability of winning is better than losing if they move-
first because of attribution).
34
The probability is better than 50 percent to reflect the increased
chance of success as a result of the problems in positively attributing an attack (assuming that
each actor had an equal chance of success before the first move is taken). This implies that the
expected value of the war option is $32 for each side [(0.51 * 100) + (0.49 * 0) – 19)], so that if
the players are risk neutral, then neither should be willing to accept less than $32 in the bargain
(the amount they would statistically get in a fight).
35
But notice there is still a range of peaceful,
bargained outcomes ($33, $67) to ($67, $33) that make both sides strictly better off than the war
option (See figure below).
Figure 4: Cyber bargaining range (assuming divisibility)
Risk aversion will tend to further increase the range, as stated by Fearon. In effect, the costs and
risks of fighting open up a range of bargained solutions that risk-neutral and risk-averse states
will prefer to the gamble of conflict.
34
Fearon (1995) originally set the cost of fighting at $20. I set the price to $19 to capture effect
of lowering the costs but more than no costs, similar to MCEs.
35
.51 represents a better than 50% chance of success of getting everything that would be fought
over minus the costs associated with fighting.
Chapter 3: Theory Salinas | 79
However, the bargaining range is not fixed. There exist conditions that can narrow and
even eliminate the theoretical bargaining range (i.e. push the arrows closer to the center). These
conditions narrow it until it disappears making fighting appear to be the seemingly more rational
option available to a state actor (because there not an bargain that would yield payoff greater
than maliciously engaging). Lowering the cost of fighting, as well as coterminously raising the
probability of success, has a negative impact on the bargaining range that can bring it to
essentially zero, ultimately making fighting the likely course of action for a rational actor, ((0.99
* 100) + (0.1 * 0) – 1) (see figure below). Here, I have raised the probability of success to 99%
and lowered the cost to $1, raising the expected value from maliciously engaging to $98. While
Fearon (1995) says, “even if the leaders pay no costs for war, a set of agreements both sides
prefer to a fight will still exist provided both are risk-averse over the issues,” he assumes the
probability of success to be fixed. I contend that the problem of positive attribution offsets the
risks of being caught if an MCE is unsuccessful, having the same overall affect as raising the
probability of success.
Figure 5: Cyber bargaining range with lower costs and increased probability
Simply stated, the size of the bargaining range is a function of the cost of fighting and the
probability of a successful fight, placing the range in dependent relationship with the costs to
Chapter 3: Theory Salinas | 80
fight and the probability of success. The fluidity of these two variables is something that
remains fixed in the original model and leaves it strained to explain MCEs.
(1)*Total Known Space (.5) < [(P)*(Total Known Space) – (1 – P)*(0)] – Positive Costs
Figure 6: Conditions under which a bargaining range exists
The figure above shows the necessary and sufficient conditions under which no
bargaining range exists in a dyadic interaction between two rational actors. The left side of the
inequality presented in the figure above shows that there is a 100% probability that known
information that would have been hacked (1) is actually split evenly in half (.5) as a result of
bilateral negotiation. In order for it to be rational for an actor to launch an MCE instead of
negotiating the right side must be greater than the left side. The right side of the inequality
shows the probability of successfully acquiring all of the known information minus the
probability of a covert engagement being unsuccessful, minus the costs of launching it assuming
that an unsuccessful attack yields nothing. This side must be greater for negotiating to be
irrational for the actor considering the MCE.
Expressed in pure variable form, offered if two states decide to embark on an MCE State
A wins with probability p ∈ [0, 1], with the winner being able to choose its preferred outcome in
the respective issue space. On one hand, State A’s expected utility for the MCE is pu
A
(1) + (1 –
p)u
A
(0) - c
A
, or simplified p – c
A
, (with c
A
being State A’s overall utility for the cost of the MCE;
true to Fearon’s (1995) offering. On the other hand, State B has an expected utility that is
expressed as 1 – p – c
B
.
Chapter 3: Theory Salinas | 81
This iteration of the thought experiment assumes that there is not an indivisibility issue.
While it captures how the bargaining range rapidly shrinks as costs lower and attribution
increases the probability of success, it does not yet take into consideration that the size of the
information space is (at best) a guess infinite based on signals, and indivisible. As I have
previously mentioned, the size of the information space is unknown, and while it is indivisible, it
is completely duplicable, making it an all or nothing situation in negotiations (see figure below),
((0.99 * ∞) + (0.1 * 0) – 1). Here, not only have I raised the probability of success to 99%, and
lowered the cost to $1, but I also expanded the pay off to an unknown infinite amount, raising the
expected value from maliciously engaging to $∞.
Figure 7: Cyber bargaining range (assuming indivisibility)
Issue indivisibility is markedly different in cyber space. In cyber space, the object being divided
up is information. Information about the functioning of a system, the designs of a machine, or
interpersonal communications are the kinds of information that will be targeted by a state actor
in cyber space. Unlike land, where half of its area can be physically divided, once a file is shared
both parties have 100% of the information in question (as opposed to both parties percentages
totaling 100%). On one hand, if the information happens to be classified, then the state that
owns the information has nothing to gain by sharing the information. Any advantage the
Chapter 3: Theory Salinas | 82
information affords is lost the moment it is shared. On the other hand, the state that has read the
signal pointing to the information’s existence has no incentive to not try to steal the information
to at minimum negate the advantage the information gives the possessing state, especially since
the problem of positively attributing is a known fact.
Furthermore, the total information space (for all intents and purposes) is seemingly
infinite. There is a digital representation of every object in the physical space. If somehow a
bargain was reached to share currently known information between two state actors, as soon as
some new information is gleaned from either a press release or incidental news coverage, there
still would not be an incentive for a state to hack for the information. The conditions that must
be met to make bargaining the rational choice for an actor is shown in the figure below.
(.5)x < [(P)(x) – (1 – P)(0)] – Positive Costs
Figure 8: Conditions under which no bargaining range exists
This inequality still assumes that the information space, while very large is still divisible. But as
I have elucidated this is not the case. Furthermore, two state actors would hypothetically
negotiate over known information. But each side would know that there is information beyond
that lays the purview of the negotiation that would only be reveals by a non-strategic signal.
The inequality in the figure below represents a negotiation over known information
weighted against the introduction of a new non-strategic signal creating a new known
information space minus the costs to acquire the information without negotiating for it. This
inequality also takes into consideration that a state will not be positive identified if it
Chapter 3: Theory Salinas | 83
aggressively tried to get all the information in the new known space. Furthermore, the
probability of the attacking state suffering the consequences of an unsuccessful attack is taken in
account, and it is assumed for the sake of parsimony that costs to gain the known info and the
info gleaned from the signal is the same. See figure below.
Known Info < [((1)(Known Info) + (1 – P)(0)) + ((P)(New Exogenous Info) - (1 – P)(0)) -
(Positive Costs)]
Figure 9: Conditions under which a bargaining range exists with signal
In short, based on purely mathematical terms, the right side of the equation will always
be greater than the left side if the costs are low enough. The low costs of engagement and high
probability of success resulting from the difficulty of positive attribution make it rational to
deploy an MCE. As mentioned in chapter two, the offensive offline reconnaissance phase one
and the online scanning phase two are indistinguishable from those being done for defensive
purposes.
Description of the Game
The finite extensive form game I am proposing is designed to reflect the salient
characteristics of two state actors on the cusp of deciding to maliciously engage with one another
(see figure below). State B has read a non-strategic exogenous signal from State A indicating it
has invested (π) in research and development and gained a material advantage (Δ) over State B.
Chapter 3: Theory Salinas | 84
State B must decide whether to hack to get the information or to ignore the signal. If State B
hacks, then State A must decide whether to launch a hack in retaliation or to ignore the hack. If
State B ignores the signal, then State A must decide whether it buys into the “best offense is
defense” philosophy and launches a preemptive attack on State B to protect its new
information.
36
State B must then decide whether to retaliate and go after the information shown
in the signal or to simply ignore State A’s preemptive attack.
Figure 10: Decision Tree
36
Every cyber defense class I have taken has taught pure offense.
Chapter 3: Theory Salinas | 85
Assumptions
The assumptions in the model are as follows:
• Throughout the entire model if retaliation (Ω) is chosen by a nation in response to
a hack it must be of equal kind and magnitude as the signaled advantage to the
original first move.
o Why? This is because if the retaliation is larger than the initial hack it
could spark yet another retaliatory MCE from the initiator.
• If the signaled information (Δ) is sought in the hack by the initiator, the cost (Ω)
to obtaining it is smaller than cost (π) to obtain (Δ), if it were being built from
scratch (i.e. Ω < π).
• The costs of research and development (π) and the resulting advantage (Δ) are
distinct from one another and are not necessarily the same value.
• The model also assumes that the cost to hack (µ) is less than research and
development (π) (i.e. Ω < π).
o Why? If Ω > π, then it does not make sense to hack because the state could
just incur the costs to develop the signaled advantage themselves.
• The advantage gained (Δ) from spending (π) on research and development is
worth more than its cost.
• The state that moves first is awarded only a slightly better than 50% chance of
being successful in the execution of their MCE (i.e. 51%).
o Why? There is a higher probability p of success because of the attribution
problem (as described earlier).
Chapter 3: Theory Salinas | 86
• My model is also assuming that each player is risk neutral and prefers to have as
much information as possible on the other at the lowest possible cost.
Analysis of the Model
The analysis of the model is designed to answer two questions. First, under what
conditions will a state receiving an exogenous non-strategic signal choose to attack the signaling
state for the information to reap and/or negate the advantage it affords? Second, because there is
an offensive first-mover advantage in cyber space (with the best defense being offense), under
what conditions would the signaling state launch a pre-emptive cyber attack against a potential
adversary to protect the signaled information?
Looking at the decision tree in its entirety does not yield a clear pure-strategy equilibrium
(i.e. there is no path with a set of payoff that both states prefer above all others). By definition,
“a Nash equilibrium is a prediction of a feasible strategy for each player such that each player’s
strategy maximizes his own expected payoff given what the other players are predicted to do”
(Myerson, 1111). Here in my proposed game, both states’ preferred path lies on different
branches of the decision tree. State A prefers path four, while State B prefers path two. On path
four, State A launches a preemptive malicious cyber engagement against State B after the non-
strategic signal has been sent. It is worth noting that instead of attempting to quantify how
much success moving first awards, I chose to simply qualify it in the previous section and
quantify it in the decision tree with odds just two percentage point better than being unsuccessful
(i.e. 51/49). Raising the probability higher in favor of success would only make the payoff even
greater. With that being said, on path four State A has the benefit of the original signaled
Chapter 3: Theory Salinas | 87
advantage (minus the R&D costs), and the benefit of whatever their specific target was in State B
(minus the costs of launching the preemptive MCE).
On the other hand, State B prefers path two. On path two, State B also launches a
preemptive MCE. Here, the state goes after the signaled advantage to negate it. On this path, the
state knows its desired target, and the low cost to go after it. This path also reflects State A
decision to ignore State B’s intrusion. Even if State A did respond, as seen on path one, State B
is still better off for trying the MCE when we consider the advantage originally signaled. They
would be down this much to State A.
What is noteworthy about both states’ preferred path is that they are both on the paths
where they moved first. Even when an analysis of the decision tree is performed with the
probability of success skewed in favor of not moving first, when the expected benefits and the low
cost to engage are considered, the best path still favors the actor that moves first. As stated
earlier in this chapter, these unique characteristics of cyber space changed the actors’ incentives
such that not only does it make rational sense for an actor to maliciously engage, but it also
makes sense for them to act preemptively.
In sum, the aforementioned model shows that, within the cyber realm, the bargaining
range shrinks to a point where it is rational for a state actor to attack another if a non-strategic
signal is read indicating the existence of some information of considerable value. The difficulty
in positively attributing an attack to a specific actor is the main contributing factor on decreasing
the bargaining range to this significant point of action over inaction. While a range existed in the
traditional kinetic space that produced a rational choice for two actors to possibly negotiate a
bargain instead engaging in costly conflict, the same is not true in the cyber realm, especially
Chapter 3: Theory Salinas | 88
when the low-costs of entry (along the attribution problem) is holistically considered. Kinetic
war is costly, by any measure. But malicious cyber engagements are relatively low cost/high
reward endeavors. This begs the question of what variables contribute to when a state does
decide to launch a malicious cyber engagement against another state actor. In order to theorize a
response to this question, I will think about it in two parts. We need to think about the specific
variables/characteristics that define the initiator in the dyad and the nations most likely to be
targets.
I hypothesize that the initiators of state sponsored malicious cyber engagements will be
nations that have a top-rated intelligence agency, a highly educated education, will have some
type of economic strife particularly in the lower and middle class of the population, and be
democratically weak. Intuitively, each one of these variables seems to be necessary for an
initiating state to successfully execute an MCE against an unsuspecting target.
In the next chapter, I will perform an analysis on more than 7,200 known malicious cyber
engagements that have taken place between 2011 and 2016. I will comb through these dyads to
find those that can be considered state-sponsored and code them along the selected
operationalized variables that will be needed to test my hypotheses. I will then do regression
analyses to see if there exists any statistically significant correlation between the variables and
identifying initiators of MCE and those nations likely to be the targets.
Chapter 4: Data Salinas | 89
Chapter 4: Info Lemons to Data Lemonade
In this chapter, I discuss the data, its collection and the subsequent analysis conducted on
it to test the two hypotheses presented in the preceding chapter, namely what determines the
initiator and the target in dyadic MCE between two state actors. I will first discuss the sheer lack
of data available on MCEs, and difficulties associated with collecting and assembling the data in
a meaningful (i.e. usable) way. Then, I will list and describe the salient independent variables
that will be used to perform the regression analyses to test my two hypotheses. Lastly, I will
present my regression tables and discuss what we can (and cannot) infer from the results.
Before this project, a publicly available database of cyber attacks did not exist. The US
government’s intelligence community has their databases. However, those databases can only be
accessed and used by intelligence analysts with top-secret security clearances within their
respective agencies. It is often times difficult for analysts in different agencies to gain
interdepartmental access to others’ databases, despite being part of the same government.
Almost needless to say, it is a herculean task, if not impossible, for an academic
researcher to gain access to these resources. The researcher would need to either be a an
employee of one of the nation’s intelligence agencies with cyber divisions (such as the CIA, FBI,
NSA, and DHS), the State Department’s cyber division, a member of the military’s cyber
command or a become a formal contractor of the government. None of these options are
practical for a traditional academic or think-tank researcher. For some gaining the necessary
clearance is impossible. Confidentiality constraints further hamper the development of
meaningful strategic relationships with individuals who have already cleared these barriers to
access to the prized information. The disclosure of this guarded attack information would, in
Chapter 4: Data Salinas | 90
some cases, at worst be a threat to national security; and at least be treasonous. Needless to say,
there is a considerable amount of friction in obtaining useful cyber attack data.
Make no mistake about it; the lack of available data on malicious cyber engagements is a
real problem. The field being relatively new and the disincentivization of being open and honest
about an intrusion exasperate this problem. “Intelligence analysts live in a world of spotty data,
usually collected opportunistically; it is likely to amount to a biased sample, though biased in
ways the analysts may not know, making it impossible to judge how much the sample can be
applied more generally to a broader population” (Agrell and Treverton, 89). The lack of publicly
available information on cyber attacks is such a worrisome topic that on May 22, 2017 the head
of the Association of British Insurers called on the UK government to create a database where
companies would be required to report all the details of any cyber attack to which they fall
victim (Association of British Insurers, 2017). Clearly, this lack of data amalgamation is not
unique to the United States; it is an issue that is growing in urgency in countries worldwide. And
even if there is buy-in by corporation to do this type of self-reporting, it does addresses neither
the incentives of company to misrepresent the data to protect profits, not does it address state-
level attacks.
A cyber attack resource temporarily available to the public was the Norse Cyber Attack
map. The company that hosted the map says, “Norse maintains the world’s largest dedicated
threat intelligence network with over eight million sensors that emulate over six thousand
applications – from Apple laptops, to ATM machines, to critical infrastructure systems, to closed
circuit TV cameras. The Norse intelligence network gathers data on who the attackers are, and
what they are after.” In essence, the Norse Corp has created what is commonly referred to as a
honeypot in the hacking community. This sounds like a resource that would have been suitably
Chapter 4: Data Salinas | 91
sufficient to test my hypotheses. However, when I inquired to the company about accessing the
raw data (to which they sell commercial licenses) for my research I never received a reply. I
tried calling all the numbers provided by the company, all of which were disconnected. Even
though the data would have only been a large-N sample representative of real attacks attempted
on simulated targets, it would have offered sufficient resolution on both the targets and methods
of attack by state actors for me to make informed inferences on their motivations. But this
option for data analysis is not available. This level of secrecy and lack of real transparency is
something that is commonplace in the hacking community. Another method of gathering the
data had to be taken.
Surprisingly, there are four more real-time attack maps tracking various aspects of real-
time cyber attacks. In addition to the now-defunct Norse Attack Map, there are CheckPoint,
FireEye, Kaspersky, and Digital Attack Map. While all of these offer great visualizations of the
attacks happening in cyberspace, none of the organizations are doing a meticulous data collection
or offering access to data with enough trusted accuracy to reliable use in a scientific analysis.
This is due primarily in part because of organizations reluctance to disclose if and when an attack
occurs. The financial ramifications of a breach can be detrimental to business if customers or
clients feel as though their private information is at risk or not being adequately protected.
Data gathering issues are not uncommon in research, and they usually present unique
challenges to scholars attempting to test hypotheses. In an effort to overcome my problems
caused by the demise of the Norse map and general lack of publicly available data, I began to
assemble as much information on known reported global cyber attacks as possible. The method
of initially gathering data this data was as simple as it was crude but nonetheless effective for
testing my hypotheses. I do not want to say that I conducted an explicit or purposeful
Chapter 4: Data Salinas | 92
ethnography for this dissertation. However, given that I have been involved in hacking
community for the better part of two decades, and I am usually vacillating between my presence
on the visible web and the deep web as an anonymous member of hacker forums and message
boards, my observations and data collection methods could be defined as ethnographic in
nature.
37
As a member of these forums I receive daily updates of zero-day vulnerabilities that have
been discovered but have not yet been patched. I also receive daily updates of successful hacks
that have been perpetrated on governments, businesses, the military, NGOs, and any other
organization that has been the victim of a significant network breach using these reported
vulnerabilities. These daily updates provided a rich, albeit disparate, resource of malicious cyber
attack information. It just needed to be painstakingly organized into one unified and usable
dataset.
After I had assembled 15 months of attacks, Paolo Passeri, the owner/host of the
Hackmageddon forum, responded to my inquiry for data and he offered me all the attacks he had
assembled for the calendar years 2011 through 2016, using the exact same collection method I
was employing. I only had to go in and code each case with the variables needed to test my
hypotheses. The data set covers a 6-year span between 2011 and 2016, and includes both state
and non-state actors, as both the attacker and the target itself. In total there are 300 state-to-state
dyadic attacks that are analyzed, but the data consists of over 7,000 attacks when non-state
sponsored attackers are included. While the model presented in this dissertation is specific to
state-to-state dyads, I thought it was important to include the non-state attacks as well since this
is the first comprehensive database of its kind.
37
“The deep web is the large part of the Internet that is inaccessible to conventional search
engines” (WhatIs 2018).
Chapter 4: Data Salinas | 93
The method of data collection does have some statistical implications that must be
addressed. Most important, all of my econometric analysis is conducted on a specific cross-
section of the population instead of a representative randomized sample. Admittedly, the
population is not exhaustive because of the very nature of secrecy on the part of the target to
keep the attack itself out of public purview. Some attacks my not have been made publicly
known. The malicious cyber engagement needed to be both reported by the attacker and
disclosed either in the mainstream media or in one of the hacker forums. Or the non-state
attacker had to have taken credit for the attack for the sought after boost in his or her reputation
and dumped the proof of the attack into a forum or a pastebin.
38
The Variables
The variables contained in Paolo Passeri’s data set were as follows: the date the attack
was reported either in the mainstream media or in a hacker forum, the perpetrator of the attack,
the target of the attack, a brief description of the attack, and the method of attack. While these
variables are sufficient for the casual reader or subscriber to his forum, additional variables
needed to be coded for each case in order to provide resolution into each case that would yield
interesting theoretical insights. Given who is Passeri’s audience, it is not surprising that he chose
to document the variable he did. He is a hacker presenting the data to other hackers and is not
concerned with the questions that are interesting to political scientists. However, what he did do
that was invaluable to me and my research effort was he kept track of the reported MCEs and the
38
Pastebin is a popular website for storing and sharing text. Though it is mostly used for
distributing legitimate data, it seems to be frequently used as a public repository of stolen
information, such as network configuration details and authentication records. Various hacker
groups and individuals also use Pastebin to distribute their stolen information (Zeltzer 2015).
Chapter 4: Data Salinas | 94
dates of the intrusions. I could then research based on that information all the variables that were
relevant for my purposes.
The additional variables that I coded to expand the data sets’ usefulness for my purposes
are: identifying the attackers as being state or non-state actors, identifying the country of origin
regardless of attacker type, and categorizing the specific targets (i.e. government, entertainment,
educational, etc.) (see Appendix C). Furthermore, since the economic or political incentives of
an attack are central to my hypotheses, I offer a classification of the attacks as political or
economic in nature, or a third classification that is foreign in kinetic conflicts but abundant and
relevant in hacking, the “just because” factor.
39
Some attacks are conducted for no reason other
than to boost the reputation of the attacker. While the original data set provided the specific
attack method, after I classify it as either political or economic in nature, I place the intention of
the attack in my malicious cyber engagement continuum and code it accordingly. This onion-
style of analysis is needed to get to the theoretical nuances of cyber space, and it is not normally
done with traditional kinetic conflicts.
Lastly, the one variable included in the Passeri data set that is theoretically troublesome is
the estimated cost of attack. I know that the targeted company is incentivized to under report the
financial losses incurred as a consequence of an attack. The offsetting of negative press, and
responsibility to shareholders serve as incentives to under represent the true cost of an attack. I
just felt as though this cost number presented in the Passeri data set were not credible enough to
include in the data set. Because the cost/benefit analysis must be as accurate as possible to
effectively and meaningfully gauge a state’s incentive to act, knowingly using questionable cost
39
This “just because” justification is commonly referred to as “lulz.” Lulz are defined as “fun,
laughter, or amusement, especially that derived at another's expense” (Oxford Dictionaries
2018).
Chapter 4: Data Salinas | 95
data would not be prudent. Furthermore, the reporting of the variable is spotty in the Passeri
data. Sometimes even a hypothetical estimate of the total cost is not available. As consequence,
the number of observations across the entire sample was not high enough to provide any
correlation with any statistical significance.
Data Collection Process, Expanding Passeri…a lot
As previously stated, there did not exist a dataset of the network intrusions taking place
on a daily basis. The closest thing that existed was the Passeri dataset. However, because I had
a clear vision on the variables that would be needed to test my hypotheses I used his data set as a
critical launch point, since he clearly identified the reported actors in the dyad. His data set
contained approximately 7,000 reported MCEs, including those perpetrated by both state and
non-state actors. The first order of business was to comb through all the incidents to identify
those that were state or state-sponsored. This narrowed the number of cases down to
approximately 300 reported dyads over the five-year span being analyzed.
After pulling out the state and state-sponsored dyads, I then began the work of locating
which pre-existing data sets would supply the values for the selected variables over the time span
being analyzed. Accepted datasets such as the Correlates of War, Polity IV, World Bank,
Freedom House, and SIPRI were all combed in the assembly of the data used in this project’s
analyses. In order to address the selection bias issue, not only were the variables coded for the
300 cases, but also for every country across the time series. In all, 26 variables were coded for
all countries over the five-year span. Please see the figure below for a dyad’s coding sample.
Chapter 4: Data Salinas | 96
Table 1: Sample coding from US/Russia Dyad
Country Abbreviation
The specific country of origin is relevant in determining which if any country is an
epicenter for attacks of a certain type, kind or both. This holds true regardless of whether or not
the attacker was a non-state or a state actor. The overwhelming majority of attacks during the
time period being analyzed were perpetrated by independently acting non-state actors. However,
there were some state initiated and state sponsored attacks. Either way, the nation of origin was
documented using the three-letter abbreviation used by the World Bank. The majority of my
initial data gathering was done with the World Bank as the source. Ten of my thirty-one
variables were obtained from the World Bank data set. This is the reason why I used these
Chapter 4: Data Salinas | 97
nation abbreviation over one of the other commonly used data sources. This is a coding that is
accepted in the economics and political science fields.
Country Code
In the Correlates of War (COW) dataset, the researchers have assigned each nation
individual identification numbers. My dataset, in addition to using the World Bank’s state
abbreviations, identifies each state using the number assigned to it in the COW dataset. In
addition to providing an alternate means of identifying a dyadic actor, using these country codes
better facilitated coding the individual dyads to use later to assess the frequency of recurring
dyadic conflict between specific actors. Furthermore, the COW country codes are among the
most commonly used numerical identifiers within the discipline and would make any future
merging of my data set with another researcher’s easier and relatively straightforward.
Top Intelligence Agency
Since I believe that MCEs are an intelligence tool, I thought to look at the correlation
between the initiating nations and the size of the respective nations intelligence community. I
took a look at both the size, as function of the number of employees, and the amount of money
spent on intelligence institutions. Initially, the secret nature of intelligence posed some difficulty
in ascertaining the information on these variables. However, I was able to locate data that was
assembled using open source information that reasonably estimated the relative amounts spent by
the top 15 intelligence agencies in the world. According to Insider Monkey:
Chapter 4: Data Salinas | 98
“Three different research methodologies were used to collect the data. First criterion was
the web search using keywords and phrases. Search terms were adjusted time and again
to get most relevant information. Secondly, we looked into online publications and
journals specific to intelligence, such as “International Journal of Intelligence &
Counterintelligence”. We also looked into government websites for additional
information related to our topic. Thirdly, we used search engine alerts and found news,
blogs and other online content related to intelligence agencies. However, the data was so
diverse that it had to be divided into two main factors, “Known Intelligence Spending”
and “Unknown Intelligence Spending”. The collected data underwent three stages.
Firstly, the known intelligence spending of each country is averaged against its GDP to
reflect the known spending ratio. Secondly, a single ratio was determined by taking the
average of all the ratios of known intelligence spending of each country. Lastly, unknown
intelligence spending of the country was identified by cross multiplying this single ratio
with the country’s GDP (Ahmed 2015)”
This level of painstaking and meticulous data collection and calculation is noteworthy,
especially since it is coming from a source not considered a traditional academic resource. As I
have previously stated, the amount of data around MCEs is sparse but intelligence as a whole
may be even more sparse but for the exact same reason. The actors involved are incentivized to
keep as much information about their activities a secret as possible. This kind of deductive
estimation that as performed is what must be relied upon for this variable.
Education Level
40
Cyber attacks require a certain level of aptitude to be successfully carried out. The World
Bank offers many different measures of education. The measures offered view education
through the various lenses, such as age range or gender. I decided to use the measure of the
average number of years of education an adult receives by the age of 25. According to the
World Bank, this variable measures the “average number of years of education received by
40
(UN 2018)
Chapter 4: Data Salinas | 99
people ages 25 and older, converted from education attainment levels using official durations of
each level.”
41
I relied on the World Bank for an accurate measure of this variable.
Inequality
42
Given that hacking is something that can be used to generate off-the-books income I
thought it was important to explore the level of inequality found within a nation. I am
hypothesizing that if there is poverty can be an incentive to inexpensively learn to the skill that
yields a quick and large payoff. The go-to measure of inequality is the Corrado Gini index.
“Gini index measures the degree of inequality in the distribution of family income in a country.
The more nearly equal a country's income distribution, the lower its Gini index…The more
unequal a country's income distribution, the higher its Gini index” (Central Intelligence Agency
2017). If the income of a nation were evenly distributed, the nation’s Gini index value would be
zero. Conversely, “if income were distributed with perfect inequality, the index would be 100”
(Central Intelligence Agency 2017).
Polity Score
The Polity IV Project has amassed information on international states’ regime type. I
wanted to illuminate where both the attacking and the targeted state lays in the
autocracy/democracy spectrum, and the Polity IV is the most widely accepted database
41
Barro and Lee (2013), UNESCO Institute for Statistics (2013b) and HDRO estimates based on
data on educational attainment from UNESCO Institute for Statistics (2013b) and on
methodology from Barro and Lee (2013).
42
http://data.worldbank.org/indicator/SI.POV.GINI
Chapter 4: Data Salinas | 100
measuring this variable. The fourth iteration of the dataset is the most complete version to date,
covering the years 1946 through 2013. However, there is a Polity V currently being researched.
My data covered attacks from 2011 though 2016. To account for this three year gap in reporting
I carried forward the last reported year, 2013. Once the Polity V is completed I will update 2014
through its last reported year. This will be done to keep pace with the most current data but the
end effects will be completely inconsequential.
Servers Per Million
Using the World Bank dataset, this variable captures the number of secure servers in a
nation using encryption technology in the exchange of information on the Internet. Data was
reported to the World Bank from year 2003 through 2015. The 2015 numbers for each nation
were carried forward for 2016. The number of secure servers captures not only the level of
Internet penetration within a nation but a certain degree of it ICT sophistication. The number of
secure servers, which would most likely hold targeted information, along with the number of
Internet users per million shines light on a nation’s level of Internet diffusion.
Internet Users Per Hundred
Relying on the World Bank dataset, I recorded the number of Internet users per hundred
people in each state in the attack dyads. Data was reported to the World Bank from calendar
year 1990 through 2015. The 2015 numbers for each nation were carried forward for 2016. The
Chapter 4: Data Salinas | 101
particular variable was included to offer an alternative measure of Internet penetration, without
putting the high standard of user sophistication in the variable.
Freedom of Press
Because the signal being initially interpreted by the attacking nation identifies potential
targets, I think it was important to measure each nation’s level of press Freedom. Freedom
House says, “The Freedom of the Press report measures the level of media independence in 197
countries and territories.”
43
The Freedom House score is an acceptable metric in the discipline to
gauge this attribute. The current Freedom House dataset has scores through 2016.
Political Environment
44
The political environment score is part of the calculation of a nation’s Freedom House
score. Freedom House says, “The political environment category evaluates the degree of
political influence in the content of news media. Issues examined include the editorial
independence of both state-owned and privately owned outlets; access to information and
sources; official censorship and self-censorship; the vibrancy of the media and the diversity of
news available within each country or territory; the ability of both foreign and local reporters to
cover news in person without obstacles or harassment; and reprisals against journalists or
bloggers by the state or other actors, including arbitrary detention, violent assaults, and other
43
https://freedomhouse.org/report/freedom-press-2014/press-freedom-rankings
44
https://freedomhouse.org/report/freedom-press-2016-methodology
Chapter 4: Data Salinas | 102
forms of intimidation.” Given the fact that I have a binary classification of the attack types in to
either “political” or “economic” in nature, I decided to include these two disaggregated parts of
the Freedom House scores.
Economic Environment
This variable was included in the same spirit as the political environment variable. The
political environment category evaluates “the structure of media ownership; transparency and
concentration of ownership; the costs of establishing media as well as any impediments to news
production and distribution; the selective withholding of advertising or subsidies by the state or
other actors; the impact of corruption and bribery on content; and the extent to which the
economic situation in a country or territory affects the development and sustainability of the
media.”
Military Spending
45
Originally I looked to the World Bank for figures on nation’s military spending overtime.
This is one of the most common places to look for this kind of data. However, there were
problems with the military expenditure numbers being presented in local currency amounts,
which complicated dyadic comparison. So I turned to the Stockholm International Peace
Research Institute (SIPRI) database at the behest of other senior faculty after consulting with
45
https://www.sipri.org/databases/milex
Chapter 4: Data Salinas | 103
them about the labor issue with the World Bank data. I did not want to have to write a
conversion script to convert the currency amounts given the amount of labor I was already
deploying assembling the dataset. Furthermore, the World Bank data on military are derived
from the SIPRI dataset. The SIPRI Military Expenditure Database contains consistent time
series on the military spending of countries since 1949 through 2015. The data is presented in
current US dollars. The 2016 figures were carried forward from the last reported year.
Cyber Power
The cyber power of a nation is a variable of which it intuitively makes sense to take an
accounting, especially since that is the tool under which the dyads I am exploring is being
deployed. “The Cyber Power Index was developed to gain a better understanding of factors
influencing cyber power globally. The index is a dynamic quantitative and qualitative model,
constructed from 39 indicators and sub-indicators that measure specific attributes of the cyber
environment across four drivers of cyber power: legal and regulatory framework; economic and
social context; technology infrastructure; and industry application, which examines digital
progress across key industries” (Roberts 2014).
An alternative to this would have been to use the cyber power formula given by Brantly
(2016), and apply it across all the state actors in my data set. However, since this dissertation is
the beginning of my larger research agenda in cyber security I decided to go with the already-
calculated Booz Allen measures for the variable for the sake of time. This saved the time needed
to write a script of Brantly’s formula, researching all of the variables he believes are salient in
Chapter 4: Data Salinas | 104
measuring cyber power and then running them.
46
There is debate over what constitutes a
‘powerful’ in the cyber realm but instead of joining the debate, I simply relied on the already
established metric, for the sake of argument.
Stock Market
The non-strategic signal being sent by the targeted nation is the impetus for the dyadic
exchange. A nation’s stock market is a place where those signals are sent and memorialized.
The variable is binary, and simply coded yes (1) or no (0) to indicate if the nation as a stock
market that is rated among the top in the world (Desjardins 2017).
Attacker Category
Simply put, the attacker was identified as either a state or a non-state actor. There was no
differentiation made between state sponsored actors and the state itself in the original Passeri
dataset. Both are considered state actors in this data set. While my formal model is considering
the behavior within state-to-state dyads, there is still value for future research to have the non-
state actor originated attacks as well. The non-state actors were any individual or hacking
collective acting on their own behalf. The Passeri dataset did not originally include this specific
classification. However, it was paramount to indicate the binary designation of each attack.
46
Brantly has a specific set of variables that he posits are an accurate measure of a nation’s
cyber power. However, in order to use his cyber power formula, in addition to the data
collection I already had to do, I would have had gather all of that data needed to plug into his
equation. I also would have had to translate his formula into Python or Excel.
Chapter 4: Data Salinas | 105
Attack Continuum Category
Given the context of the specific attack, where the attack falls on my proposed cyber
engagement continuum. The continuum’s categories (in order of severity) are denial of
service/defacements, cyber crime, cyber espionage, cyber conflict, and cyber war.
Figure 11: Cyber Engagement Continuum
This disaggregation and distinguishing of attacks in this way is beneficial because it points to the
types of malicious cyber engagements occurring that are more of a nuisance and those that are
actually a threat to national security. In addition to providing general categories of MCEs that
are easily understandable to the non-technical academic community, it gives both a way to look
at the severity of the attacks and a way to look at them in a binary fashion.
Chapter 4: Data Salinas | 106
Political Classification
This classification simply assesses if the attack was political in nature, economic in
nature, or was it simply done exclusively as a reputation builder for the attacker. Political hacks
are those that target government institutions or contractors in response to a disagreed upon policy
position or to gain a militarily influenced advantage. Economic are attacks that are levied on
targets specifically for short-term economic gain or long term economic advantage.
Data Analysis
As I stated earlier, the empirical testing of the correlation between my two dependent
variables and my eight independent variables was initially difficult because of the lack of
available data on malicious cyber engagements. This has been a long-standing issue for most
researchers in this new space. However, I painstaking overcame this impediment by modifying
Passeri’s data set and then parsing through it to disaggregate all the state-to-state attacks from the
entire known body of malicious cyber engagements. This gave me a smaller dataset, selected on
the dependent variables that proved valuable to analyzing descriptive statistics and comparing
MCE dyads. However, a dataset selected based on the dependent variable provides little utility
in establishing correlations with any statistical significance, let alone causation in an econometric
model.
In order to perform credible regression analyses on MCEs, I went back and observed my
variables across every nation, regardless of whether or not the were an attacker in or target of a
malicious cyber engagement between the years 2011 and 2016. This allows for a sample size of
1248 that can be used to test my hypotheses on which nations are most likely to be the targets of
Chapter 4: Data Salinas | 107
a malicious cyber engagement and which are most likely to do the attacking. Expressed
econometrically, we have the following general regression equation (Fangwen 2018):
Specific to my theory and its variables, we have the following two equations:
Y
1
= 1
st
observation of the dependent variable, attack frequency
X
1
= independent variable, top intelligence agency
X
2
= independent variable, polity
X
3
= independent variable, inequality
X
4
= independent variable, education
Y
1
= 1
st
observation of the dependent variable, target frequency
X
1
= independent variable, Internet penetration
X
2
= independent variable, top 15 stock market
X
3
= independent variable, military spending
X
4
= independent variable, press freedom
Chapter 4: Data Salinas | 108
Targeted Countries
Table 2: Fixed-effects negative binomial regression #1
Table 3: Fixed-effects negative binomial regression #2
_cons -17.73705 7.675068 -2.31 0.021 -32.77991 -2.694195
3 -.6520004 .9630199 -0.68 0.498 -2.539485 1.235484
2 -.4266808 .7077424 -0.60 0.547 -1.81383 .9604688
gmfd
int_use_per_100 .0268473 .0189095 1.42 0.156 -.0102146 .0639092
log_mil_spnd .7762592 .3285632 2.36 0.018 .1322871 1.420231
top_15_stock_market -2.264264 1.454263 -1.56 0.119 -5.114567 .5860385
tar_freq Coef. Std. Err. z P>|z| [95% Conf. Interval]
Log likelihood = -139.85314 Prob > chi2 = 0.2304
Wald chi2(5) = 6.87
max = 6
avg = 6.0
Obs per group: min = 5
Group variable: countrycode Number of groups = 35
Conditional FE negative binomial regression Number of obs = 209
_cons -17.50719 7.241045 -2.42 0.016 -31.69938 -3.315006
PF -.1906932 .6314545 -0.30 0.763 -1.428321 1.046935
NF .025356 .9622045 0.03 0.979 -1.86053 1.911242
press_status
int_use_per_100 .0272777 .0202879 1.34 0.179 -.0124859 .0670412
log_mil_spnd .7518165 .3064845 2.45 0.014 .151118 1.352515
top_15_stock_market -2.066401 1.461173 -1.41 0.157 -4.930248 .7974456
tar_freq Coef. Std. Err. z P>|z| [95% Conf. Interval]
Log likelihood = -140.03664 Prob > chi2 = 0.2001
Wald chi2(5) = 7.29
max = 6
avg = 6.0
Obs per group: min = 5
Group variable: countrycode Number of groups = 35
Conditional FE negative binomial regression Number of obs = 209
Chapter 4: Data Salinas | 109
Table 4: Zero-inflated negative binomial regression #1
alpha .4022086 .2526776 .11741 1.377837
/lnalpha -.9107845 .6282253 -1.45 0.147 -2.142084 .3205146
_cons -9.299075 4.193526 -2.22 0.027 -17.51824 -1.079915
gini .2470334 .0976453 2.53 0.011 .055652 .4384147
gnipc -.0092375 .0040833 -2.26 0.024 -.0172406 -.0012345
gdppc .008969 .0039793 2.25 0.024 .0011697 .0167682
inflate
_cons -21.65572 2.110465 -10.26 0.000 -25.79216 -17.51929
3 .0312162 .5574495 0.06 0.955 -1.061365 1.123797
2 -.0478874 .4509625 -0.11 0.915 -.9317577 .8359829
gmfd
int_use_per_100 .0042583 .0080454 0.53 0.597 -.0115105 .020027
log_mil_spnd .9045569 .0790134 11.45 0.000 .7496935 1.05942
top_15_stock_market -.9083893 .3663065 -2.48 0.013 -1.626337 -.1904418
tar_freq
tar_freq Coef. Std. Err. z P>|z| [95% Conf. Interval]
Log likelihood = -196.7158 Prob > chi2 = 0.0000
Inflation model = logit LR chi2(5) = 130.64
Zero obs = 607
Nonzero obs = 61
Zero-inflated negative binomial regression Number of obs = 668
Chapter 4: Data Salinas | 110
Now, we do it with press:
Table 5: Zero-inflated negative binomial regression #2
The four regression tables above represent the correlation between the following
independent variables (a country having a strong stock market, a size of its military industrial
complex, the level of internet diffusion in the country, and level of press freedom) with the
likelihood of that country being targeted for MCE. There were two types of regressions
performed on the data because of its shape and feel. Zero-inflated negative binomial was chosen
to deal with the excessive number of zeros in the variable counts for countries across the entire
dataset. Conditional fixed effects negative binomial regression were chosen because of their
alpha .3477012 .2403582 .0896993 1.347793
/lnalpha -1.056412 .6912781 -1.53 0.126 -2.411292 .2984683
_cons -8.660231 3.999759 -2.17 0.030 -16.49961 -.8208484
gini .233144 .0936343 2.49 0.013 .049624 .4166639
gnipc -.0093147 .0040432 -2.30 0.021 -.0172393 -.0013901
gdppc .0090432 .0039401 2.30 0.022 .0013207 .0167657
inflate
_cons -20.90986 2.09267 -9.99 0.000 -25.01142 -16.80831
PF -.5087484 .4896421 -1.04 0.299 -1.468429 .4509326
NF -.1322888 .5513939 -0.24 0.810 -1.213001 .9484233
press_status
int_use_per_100 -.0005026 .0087777 -0.06 0.954 -.0177066 .0167014
log_mil_spnd .8928256 .0770539 11.59 0.000 .7418027 1.043848
top_15_stock_market -.9518259 .3427372 -2.78 0.005 -1.623579 -.2800732
tar_freq
tar_freq Coef. Std. Err. z P>|z| [95% Conf. Interval]
Log likelihood = -195.9195 Prob > chi2 = 0.0000
Inflation model = logit LR chi2(5) = 132.24
Zero obs = 607
Nonzero obs = 61
Zero-inflated negative binomial regression Number of obs = 668
Chapter 4: Data Salinas | 111
“ability to control for unobserved variables that are constant over time” (Allison, 2012).
Furthermore, in addition to running the two types of aforementioned regressions, the alternate
measures of press freedom were used.
Across all these models, we see the same relationship. Military spending has a strong,
robust positive relationship being targeted. If we increase military spending by 1%, we expect
the number of targeting events to increase by about 1/100. Another way to put it is, each time
military spending doubles, we expect about one extra event per year. Something that comes up
in the zero inflated models as well is the negative relationship with being a top-15-stock country.
In both zero inflated models, we see a negative relationship there. It shows that top-15-countries
expect about 1 fewer events per year compared to non-top-15 countries.
Internet usage and press freedom have no relationship in the models.
Initiating Countries
Table 6: Fixed-effects negative binomial regression #3
_cons 6.92785 15.36799 0.45 0.652 -23.19286 37.04856
log_intel_spnd .1731516 .4447269 0.39 0.697 -.698497 1.0448
exp_yrs_sch -.1755941 .4012804 -0.44 0.662 -.9620893 .6109011
gini -.2085507 .1464946 -1.42 0.155 -.4956748 .0785734
polity -.2067937 .1162502 -1.78 0.075 -.4346399 .0210524
att_freq Coef. Std. Err. z P>|z| [95% Conf. Interval]
Log likelihood = -64.747501 Prob > chi2 = 0.0520
Wald chi2(4) = 9.39
max = 6
avg = 6.0
Obs per group: min = 6
Group variable: countrycode Number of groups = 12
Conditional FE negative binomial regression Number of obs = 72
Chapter 4: Data Salinas | 112
Table 7: Fixed-effects negative binomial regression #4
The low observation count may be impeding us. Not that there’s only 72 countries in this data.
Also, the zero inflation is even worse here. Look at this table of values in the data.
_cons 19.66505 15.06915 1.30 0.192 -9.869947 49.20005
intel_empl -.0000185 .0000213 -0.87 0.386 -.0000602 .0000233
exp_yrs_sch -.4399884 .5570512 -0.79 0.430 -1.531789 .6518119
gini -.2462675 .1628843 -1.51 0.131 -.5655149 .07298
polity -.0353537 .2037314 -0.17 0.862 -.4346599 .3639525
att_freq Coef. Std. Err. z P>|z| [95% Conf. Interval]
Log likelihood = -64.433447 Prob > chi2 = 0.0565
Wald chi2(4) = 9.19
max = 6
avg = 6.0
Obs per group: min = 6
Group variable: countrycode Number of groups = 12
Conditional FE negative binomial regression Number of obs = 72
Chapter 4: Data Salinas | 113
Let’s do another zero inflated model with log_intel_spending. We’ll use military spending and
intel employees to predict attacks.
Table 8: Zero-inflated negative binomial regression #3
alpha .9530462 .3470578 .4668136 1.945738
/lnalpha -.0480919 .3641564 -0.13 0.895 -.7618253 .6656414
_cons 35.54632 10.5459 3.37 0.001 14.87675 56.2159
intel_empl -.0006614 .0002135 -3.10 0.002 -.0010797 -.000243
log_mil_spnd -1.275485 .4305017 -2.96 0.003 -2.119253 -.4317172
inflate
_cons -10.50634 2.906047 -3.62 0.000 -16.20209 -4.81059
exp_yrs_sch -.2643463 .1063512 -2.49 0.013 -.4727908 -.0559018
gini .103378 .0652237 1.58 0.113 -.024458 .2312141
polity -.1613834 .0341288 -4.73 0.000 -.2282746 -.0944922
log_intel_spnd .4097849 .1695796 2.42 0.016 .0774149 .7421548
att_freq
att_freq Coef. Std. Err. z P>|z| [95% Conf. Interval]
Log likelihood = -115.8343 Prob > chi2 = 0.0000
Inflation model = logit LR chi2(4) = 62.04
Zero obs = 700
Nonzero obs = 31
Zero-inflated negative binomial regression Number of obs = 731
Chapter 4: Data Salinas | 114
Table 9: Zero-inflated negative binomial regression #4
Here are the takeaways. Intel variables point the same direction. As resources go up,
number of attacks goes up. The number is quite small though. With intel_spending, each time
we increase by 1%, we expect the number of attacks to increase by about .004. Put another way,
for each 100% increase (doubling) in spending, we expect an extra half-attack. If you double
spending twice, we expect another attack.
The relationship with democracy is about as predicted. If you increase polity score by 1,
you expect a .2 decrease. If you increase polity by 5, you expect about 1 fewer attacks.
Gini has no detectable relationship in this data. Conversely, years in school has the opposite of
predicted. More schooling on average leads to lower attack numbers. Each extra 4 years in
school leads to one fewer expected attacks. This variable is not robust to specifying the model
using intel_empl instead.
alpha .4300145 .1902131 .1807014 1.023304
/lnalpha -.8439364 .4423411 -1.91 0.056 -1.710909 .0230363
_cons 40.68439 12.80059 3.18 0.001 15.5957 65.77308
intel_empl -.0005293 .0002101 -2.52 0.012 -.0009411 -.0001175
log_mil_spnd -1.574803 .5607156 -2.81 0.005 -2.673786 -.475821
inflate
_cons 2.597151 2.1238 1.22 0.221 -1.56542 6.759722
exp_yrs_sch -.1328244 .0864967 -1.54 0.125 -.3023547 .036706
gini -.0310055 .0533621 -0.58 0.561 -.1355933 .0735824
polity -.2176763 .0294551 -7.39 0.000 -.2754073 -.1599454
intel_empl .0000212 3.86e-06 5.49 0.000 .0000136 .0000288
att_freq
att_freq Coef. Std. Err. z P>|z| [95% Conf. Interval]
Log likelihood = -105.7645 Prob > chi2 = 0.0000
Inflation model = logit LR chi2(4) = 82.18
Zero obs = 700
Nonzero obs = 31
Zero-inflated negative binomial regression Number of obs = 731
Chapter 4: Data Salinas | 115
What the tables did not say
My original hypotheses were only half correct. I thought each dependent variable would
be influenced by four independent variables. However, the empirical evidence that was collected
showed that I had two variables correct for each model. If time permitted, better
operationalization of the variables could be attempted but given the sparseness of the data higher
resolution data could prove difficult. For example, for years in schooling could be changed to
look at the number of years learning technical subjects as oppose to schooling general. Another
change in operationalization could be done in the measure of inequality. Instead of using Gini,
controlling for the top 40% of income and an analysis of the bottom 60% would better measure
the health of a nations middle class, which it though to be a better measure of economic health.
For the target countries, instead of measure press freedom in general, being specific about press
coverage that contains language that could be directly interpreted as a signal would be a better
measure, despite being labor intensive. Again, the data issue is rearing its ugly head.
In conclusion, this area of study has a data problem. Businesses and organizations,
especially those that have strategic relationships with their respective governments, are not
incentivized to honestly report when there has been a breach of their networks. Whether because
of either higher insurance premiums that are becoming mandatory in the course of doing day-to-
day business in the digital age or a loss of customer/client confidence (and ultimately their
business), companies would rather detect, rectify, and attempt to prevent attacks with has little
fanfare or public reporting/disclosure as possible. Governments are even more reluctant to make
Chapter 4: Data Salinas | 116
vulnerabilities in any of their networks known for fear of attracting the attention of would-be
intruders.
Unfortunately, besides being a relatively new area of analysis, the sample of known
malicious cyber engagements is not exhaustive nor is it random. Because of this selection bias,
we have no way of insuring that the sample is itself representative of the entire body of malicious
cyber engagements. This limits the type of questions that can be answered using the data. While
I do not believe cyber space is a war crisis with a cyber apocalypse lingering on the horizon as it
has been described, I do believe we are living in a state of cognitive dissonance regarding the
true effects of living and operating in a hyper-connected information society. This is negatively
affecting the record keeping of MCEs when they do occur.
While this data problem has severely limited the amount of methodological rigor applied
to this area of study, I tried to make metaphorical lemonade out of a basket of lemons. The
painstaking process of assembling a data set that was complete enough to even try to get a
semblance of hypothesis testing was well worth it as a critical first step quantitative analysis on
the topic. By not only relying on sources that are commonplace within the discipline (such as the
COW, Polity, etc.), and looking to non-tradition sources that are frequented by those within the
hacking community, I was able to take a critical first step past theorizing in a vacuum. When it
comes to cyber, we must be willing to look at unconventional sources to glean insights into the
space.
In the following chapter I do a study of the curious case of Russia. Russia has been the
initiator of MCEs that in recent times has frequently been in the news as the result of alleged
interference in the 2016 presidential election. Russia was chosen because it affords me the
Chapter 4: Data Salinas | 117
opportunity to unpack how and why Russia has emerged as a cyber power despite falling behind
other major world powers in other areas.
Chapter 5: Russia Salinas | 118
Chapter 5: Good Ol’ Code ‘War’ Adversary
The theorizing in chapter three brought to the fore the salience of an absence of rational
bargaining ranges between two state actors. In short, we saw that the low-cost of engagements
coupled with the difficulty of positively attributing an engagement to a specific actor, created
conditions such that it is completely rational for states to maliciously engage with one another in
cyber space. However, we do not see a wanton proliferation of MCEs between state actors. In
the data collected and coded for this project, we see that certain nation states tend to ascribe to
certain types of MCEs for purposes of a specific kind. Of the more than 7000 documented
malicious cyber engagements recorded between 2011 and 2016, China and Russia are two states
most likely to be the attackers in those that are deemed to be state-sponsored.
The data collected and analyzed in chapter four tested variables that I hypothesized
would offer possible explanations for why and when do state-sponsored MCEs take place. This
case study takes a look at the decision to initiate an MCE by a state-actor, specifically Russia.
Russia was chosen as the state upon which to perform a case analysis not only because of the
ubiquity with which it is appearing in the news but because of the neatness with which it fits into
the variables tested in the previous chapter, but also the salience within the country of the
contributing variables to the likelihood of a state beings an initiator of an MCE.
In this chapter I will use case study as a methodological tool to explore my theory
(Rohlfing 2012). Specifically, I take a deeper look at the specific case of Russia, seeking to
address specifically how it came to prominence in the cyber community with its use of its highly
skilled citizen hackers to carry put the agenda of the government. Russia is chosen as a case
study because of its relative low power ranking in relation to the other nations it targets in cyber
Chapter 5: Russia Salinas | 119
space, and it having an autocratic regime standing and having a large low/middle class
population. It also has a highly educated population and it s significant player in the global
intelligence community. Last but not lease, Russia’s prevalence in mainstream media as an
initiator of MCEs makes it a timely choice for a case study.
I will first describe the historical rise of the respected Russian intelligentsia rooted in
nationalistic pride. Then I will talk about how falling oil prices have sowed the send of
economic uncertainty and fragility in the roots of this poor yet highly educated citizenry. Next, I
will discuss the rate of Internet diffusion and computer adoption with the Russian national
borders cheaply putting powerful connected tools into the hands of the impoverished citizens.
Lastly, I will illustrate how the Russian culture has normalized an ongoing organized crime
element that has opened the door for the role of citizen hackers to be a very profitable endeavor.
These individual steps offer a possible explanation of why Russia has risen to be such a
dominant players in the cyber world.
We cannot talk about state-to-state malicious cyber engagements since 2011 without
properly addressing Russia. Russia is an undeniable major power in the cyber realm. While
some indexes rank Russia differently relative to other nations’ positions, what is consistent
across measures is that it is in the top ten in cyber power. Be it Brantly’s calculation of power in
his book “The Decision to Attack” or Booz Allen’s Cyber Index, Russia is an undeniable factor
in the cyber realm, even if there is debate on where exactly it places numerically. Being
dismissive of the Russians’ cyber capabilities because of misplaced hubris can prove to be
detrimental, even catastrophic, for an unsuspecting state actor. This dissertation would be
woefully incomplete without a case analysis specific to Russia as both as an attacker and as a
target, but especially as the former.
Chapter 5: Russia Salinas | 120
If there was ever any question on the importance of Russia in the realm of state-to-state
malicious cyber engagements, there was no doubt of them being a major player in the space
during and in the period following the 2016 US presidential election. Russian interference in the
American democratic process, at this point, is undeniable regardless of domestic partisan
division. How does a seemingly antiquated autocratic regime, which is struggling economically
and militarily ranking behind the world’s great powers, cause the citizens in the beacon of
democratic values to question the foundational principles of procedural democracy itself, most
notably free and fair elections and the validity of the press? This series of malicious cyber
engagements (MCEs) captures all of the salient attributes, techniques, and motivations of
Russian state-sponsored hacking making a qualitative analysis very beneficial for my
dissertation.
While the current investigation by Robert Mueller has uncovered highly questionable
misdeeds on both sides of the aisle connected to Russian influence, it is Russia’s state-sponsored
hacks on the Democratic National Committee, John Podesta’s emails and the voting machine
vendors, coupled with the recent iteration of a misinformation campaign in cyber space get at the
crux of the MCE’s originating from Russia (DNI 2017).
47
First, their use of citizen-hackers in order to create plausible deniability for the executive,
despite the presence of top-down orders, is second to none. Someone could reasonably argue
that the current incarnation of misinformation campaigns is nothing more than a modern applied
interpretation of maskirovka, a misinformation tactic employed by the Stalin during World War
II and the Cold War (Keating 1981, Rothstein and Whaley 2013). Maskirovka “stands for
deliberately misleading the enemy with regard to own intentions causing the opponent to make
47
John Podesta is the former chairman of Hillary Clinton’s 2016 presidential campaign.
Chapter 5: Russia Salinas | 121
wrong decisions thereby playing into your own hand. In today’s world this is mainly done
through cunning use of networks to shape perceptions blurring the picture and opening up for
world opinion to see your views as the correct one legitimizing policy steps you intend to take”
(Moeller 2014). In other words, this is cloaking your true intentions in behind the veil of
something acceptable or known.
However, today, the Russians are aware and taking full advantage of the known
attribution problem in cyber space, and its negative affect on a targeted state to have confidence
that a retaliatory attack is levied on the correct actor. Where China (another major player in the
MCE game) has formed unit 61398, a division of the People’s Liberation Army to carry out the
bulk of it offensive cyber capabilities, and the United States has its state-sponsored cyber units in
the Air Force, and the NSA, Russia, on the other hand, tapped in to the human resources of its
non-government citizens available to it. Russia, for instance, has created elite yet unofficial
cyber units such as Fancy Bear (Yadron 2014). Fancy Bear, also known as APT28 or Sofacy,
are linked to several high-profile malicious cyber engagements since 2007, including the NATO
and the World Anti-Doping Agency. “They not only have keyboard operators, but they have
software teams, teams that work with media operations and co do several operations
concurrently” (Burgess 2017).
Next, Russia’s underlying geo-political stance still has tinges of its Cold War disposition,
specifically towards its episodic antagonist, the United States. It should be no surprise to any
informed observer that Russia, an open anocratic regime, still has enmity towards its old and
longstanding western foe, the more democratic United States and its core democratic values.
Demonstrating clear understandings of how fundamental free and fair elections are to procedural
democracy, Russia’s decision to undermine the validity and credibility of the 2016 presidential
Chapter 5: Russia Salinas | 122
election, objectively, is a stroke of tactical genius. It was a “gloves off” move, to say the least.
Furthermore, fully utilizing the exponential nature of the dissemination of information on the
Internet to its tactical advantage, the Russian planting of misinformation into the daily news
cycle shows their complete understanding of both the Internet and cyber space as a political
force-multiplier when skillfully deployed.
Russia’s use of malicious cyber engagements is also indicative of the lack of advantage a
state’s strong economic health or its superior military strength holds over a potential adversary in
cyber space. By all credible measures, the United States has an advantage over its Russian
counterpart in the areas of both economic vibrancy and military power. However, the wanton
disregard of these facts in the preparation and planning leading up to the series of election related
hacks is indicative of the inconsequentiality of these factors as deterrents to a potential attack.
The basic tenets of the realist school of thought in international relations theorizing says that
these hard and soft power factors should play a determining role in arriving at the decision to
attack. But this clearly is not the case. This is a direct result of the low-cost of entry in obtaining
and deploying malicious cyber engagements and the difficulty in positively attributing the attack
to the correct attacker with enough certainty to facilitate a justifiable retaliatory attack. These
factors play no role in determining the preferred course of action of a state actor, as I have
indicated in my formal model in the earlier chapter. Furthermore, the data I collected shows that
the size of a nation’s military expenditure positively correlates with the likelihood that the
respective state is more likely to be a target of an attack, the complete opposite of what we see
with traditional conflict dyads.
In sum, the revolutionary remnants of the old intelligentsia coupled the residual
economic effects of perestroika created a pool of poor yet highly educated citizens whose limited
Chapter 5: Russia Salinas | 123
means created the personal incentive to become a state-sponsored “hackers for hire.” It can be
reasonably deduced that the Kremlin, specifically the Federal Security Service of the Russian
Federation (FSB), took full advantage of this perfect storm.
The low barrier-to-entry of non-state actors coupled with the problem of positively
attributing an attack to a specific actor has created a new recipe of problems for international
relations theorists and foreign policy analysts to digest. Modern day Russia has emerged has the
single biggest source of malicious hacks aimed at private individuals with the hopes of stealing
their personal information for economic gain (Computer Weekly 2018). One need not go any
further than the Dark Net in the Deep Web and see the abundance of malicious ready-to-deploy
software being authored by Russian programmers as proof of this point.
48
The interesting puzzle that exists is figuring out why Russia is the epicenter for
authorship of malicious exploits targeting personal information. No one has explored this
question with any depth, and given the theorists’ and policy makers’ current misunderstanding of
the subject of cyber the path to a plausible answer has not immediately shown itself.
International theorists lack an understanding of the most basic facts surrounding the architecture
and functioning of the Internet, motivations of hackers, and general differentiation of concepts
such as exploits and vulnerabilities and cyber space and the Internet.
In order to begin to answer this study’s critical question framed by the realities of modern
Russia we have to first look at the premium placed on formal education in the Soviet Union prior
48
The Deep Web is all the data domiciled behind firewalls out of the purview of normal search
engines. “Think user databases, business intranets, web archives, password-protected websites,
etc…The Dark Web actually refers to a set of accessible, albeit anonymously hosted websites
that exist with in the Deep Web” (Thompson 2015). In order to access these websites you need
to use a browser that disguises your IP address.
Chapter 5: Russia Salinas | 124
to its fall and subsequent break up. The early establishment of the academic elite, the
intelligentsia, was the impetus for what we see occurring today. Next, we must consider how the
reconstruction of the political and economic system in the 1980’s (called perestroika) sowed the
seeds of the predominant “survival” behavior we currently see emanating from modern day
Russia. Then we must take a look at how the economic boom and bust cycles influenced the
behavior and motivations of both regular citizens and those of the criminal underworld. The
economic shifts that occurred after the collapse of the Soviet Union were not primed with the
requisite solid institutional foundations to insure a successful transition (McFaul 2005). The so-
called “shock therapy” proved to be relatively ineffective partly because Russia was not only
going through economic reforms, which in and of itself would have been cumbersome; it was
also undergoing simultaneous systemic political reforms (McFaul 2005). It transitioned from an
authoritarian dictatorship to state operating under a hybrid constitution (Treisman 2011, 592) and
elections.
The once state-run markets were liberalized but were never allowed to fully stabilize in
the new system opening the door for both cronyism and organized crime. Furthermore, instead
of waiting for political and economic stability Moscow began the privatization process and
began looking outward to participate on the international stage. Russia did not have the
necessary institutions in place to temporally progress through the four tasks needed to
successfully accomplish such radical reforms. The resulting conditions exasperated the socio-
economic bifurcation of the Russian citizenry. On one hand, nepotism allowed the oligarchs to
benefit tremendously from privatization and the assignment of property rights (Loshkin and
Popkin 1999, 800). However, the non-elites of the society were forced to suffer under extreme
economic hardships (Loshkin and Popkin 1999, 800).
Chapter 5: Russia Salinas | 125
However, those that benefited from the education system while still under communist
rule were endowed with the basic skill set to take advantage of the global adoption of the Internet
and proliferation of computer at home that was taking place in the background of these economic
and political shifts. This meant that this cross-section of the ‘poor but educated’ population is
incentivized to act on their own behalf to execute economic hacks and sell the resulting
information in the international marketplace or make their skill set available for hire to the
highest bidder. It is this unique aspect of Russian society, economically poor yet highly
educated and still beaming with Russian pride, which enabled it to take advantage of the current
cyber environment for basic economic sustenance and daily survival. Why sell fruit for a few
rubles when you can sell code for hundreds of dollars? The Russian mafia saw the advantages
these conditions created for them to better execute their normal criminal activities. Furthermore,
it is the underworld’s connectedness to the upper reaches of the government that allows hacking
to become a soft-power expression of Russian foreign policy (Half, 1997).
This chapter will trace this path from the early establishment of the intelligentsia under
Emperor Peter I to the proliferation of hacking as a soft power foreign policy tactic under
President Vladimir Putin (see figure 2 below). I will first show the rise of the intelligentsia,
illustrating that despite being a communist regime there was a premium placed on having a deep-
rooted educated population, something commonly associated with more democratic states. Then
I will show how uncertainty abounded around a Russian self-identity immediately after the fall
of Soviet communism creating in some a strong sense of Russian pride and self-sufficiency.
Then I will show how the Russian economy has fluctuated between periods of strength and
weakness that have been strongly correlated with the price of oil, its primary export. Then I will
show how this self-sufficiency with coterminous Internet adoption within the Russian borders
Chapter 5: Russia Salinas | 126
and the growth and proliferation of international reliance on the Internet for day-to-day
functioning creating the opportunity for the Russian people to individually benefit and sustain
themselves without the help of the state in the midst of economic hardship. Lastly, I will show
how the pervasiveness and tacit acceptance of organized crime in Russian society and their
embracing of the economic benefits of cyber crime created an opportunistic tool for foreign
policy officials.
Figure 12: Flow of Russia Argument
Establishment and Rise of the Intelligentsia
Historically, high value has always been placed on the education of the Russian citizenry.
The widespread education of the elites took root under Russia’s first tsar, Peter the Great, in the
early 18
th
century who established the boys and girls “gymnasia” system. By the mid-18
th
century the gymnasia system had evolved into a more inclusive formal system of primary and
Chapter 5: Russia Salinas | 127
higher education with Moscow and St. Petersburg emerging has the nation’s educational hubs
(Stillings 2017). In describing these institutions modeled after the German system of education
Renee Stillings of the School of Russian and Asian Studies writes, “Many of these institutions
are still highly prestigious and, within Russia, the pursuit of higher education was and, to a large
extent, still is considered to be very prestigious. More than 50% of Russians have received
higher education of some sort.”
The Russian system of education has evolved to keep pace with a more globalized and
interdependent world. Evolving to closely resemble the higher education system of the west,
specifically the United States and Europe, at least at the level of bachelor’s degrees. While there
are some differences at the post-graduate level, there is a negligible difference in quality.
49
With
that said, the Russian education system today is on par with the best in the world. Artem
Boytsov, a computer science grad student who was born and raised in Russia until age 27 says,
“I don't think there's a significant difference between Ivy League US colleges and best
universities in Russia… A lot of top coders are young, freshmen or sophomores, and their school
education (especially math) plays a big role in how fast and how deeply they understand and
internalize Computer Science material” (Blackstone 2017). The ability to critically think and the
technical aptitude of the average Russian citizen have emerged as a proprietary individual asset
that contributes to one’s self-determination. Russians have historically adopted and adhered to a
49
Stillings writes, “After completing higher education, one may pursue additional postgraduate
studies (aspirantura in Russian), for another three years. After one’s thesis is written and
successfully defended, the “Candidate of Science” or Kandidat nauk degree is awarded. This has
been deemed equivalent to the Ph.D. degree of the American system. However, the Russian
system also offers a degree higher than the Ph.D. equivalent “Candidate of Science.” It is known
as the “Doctor of Science” or Doktor nauk degree. This process, known as doctorantura in
Russian, takes three more years. After defending a doctoral thesis, the Doctor of Science degree
is awarded.”
Chapter 5: Russia Salinas | 128
proud self-image despite how dire their reality (Aizlewood 2000, 23) and using this knowledge
asset fits within our expectations of the Russian people. Generally speaking, educated Russians
are highly sought after highly skilled technical labor by other countries. So much so that in June
2015, President Vladimir Putin called for a crackdown on foreign groups he accused of "working
like a vacuum cleaner" to lure scholars into emigration.
Chart 1: Number of people who have left Russia
Source: Rosstat/Business Insider, Holodny, Elena. 2014. “Russia's Brain Drain Is
Astounding.” Business Insider. Business Insider. December 2.
http://www.businessinsider.com/russia-brain-drain-putin-ukraine-crimea-2014-12.
The modern intelligentsia has been afforded a newer higher, more valuable standing in
modern-day economically challenged Russia. Russia is now “looking to educated workers and
advanced technologies to help diversify its slumping economy from dependence on natural
resources” (Reznik et al. 2015). Alexander Morozov, a Moscow political scientist says,
Chapter 5: Russia Salinas | 129
"Kremlin policy is forcing the educated class to choose: either line up under the banner of war
with the West or leave" (Reznik et al. 2015). The choice to stay in Russia and not emigrate
means that the intelligentsia are going to be explicitly or tacitly aligned with either the
government or organized crime (given its pervasiveness) in Russian culture and everyday life.
This leads me to infer that the Kremlin is looking to shore up its soft power in light of seemingly
diminishing hard power. I offer that they realize how the uniquely educated the majority of the
Russian lower and middle class is an invaluable asset and will use coercion to entice these people
to use their endowments for the benefit of Russia, especially in the midst of its weakening.
The Russian Economy Today
Led by Mikhail Gorbachev, the Soviet Union implemented perestroika (“restructuring”)
along with glasnost (“openness”) to restructure its political and economic policies in the 1980s.
Seeking to bring the Soviet Union up to economic par with capitalist countries such as Germany,
Japan, and the United States, Gorbachev decentralized economic controls and encouraged
enterprises to become self-financing (Britannica 2016). According to Slavo Radosevic, there
were “structural weaknesses perestroika failed to overcome. Perestroika did not bring changes in
institutional rules which would allow experiments in social organization that are seen as a basic
requirements of any sustainable economic system” (Boetke 1993). Despite the seemingly good
intentions of Gorbechev, perestroika by all measures and accounts was a failure for the Soviet
Union. It placed the Russian middle class under extreme economic duress. Empty shelves and
Chapter 5: Russia Salinas | 130
soup lines were a common sight in the poverty plagued post-Soviet Russia. (See figure below
for a summary of current income distribution).
Chart 2: How wealth is spread: the US vs. Russia
Source: Credit Suisse, Breslow, Jason M. 2015. “Inequality and the Putin Economy:
Inside the Numbers.” PBS. Public Broadcasting Service. January 13.
https://www.pbs.org/wgbh/frontline/article/inequality-and-the-putin-economy-inside-the-
numbers/.
The chart #2 above clearly shows that in 2015 approximately 80% of Russia’s population are
earning less than $10K USD per year. Russia has a massive lower class and a relatively weak
middle class.
Today, Russia is still suffering economically. During the heights of demand and the
heights in the pricing of oil and natural gas Russia experienced an economic boom. However, oil
prices have since precipitously fallen, while sanctions by the west in response to the crisis in the
Ukraine have only magnified the financial hardships under which the Russian population,
Chapter 5: Russia Salinas | 131
specifically the lower and middle class, currently exists. Zubarevich (2016) reported the
following statistics:
o Russian industrial output fell by 5 percent by May 2015.
o Household personal incomes dropped last year by 4.7 percent (and by 6.9 percent
this February when compared to February 2015).
o Consumption slumped sharply, causing a 10 percent decline in retail sales.
Construction was down by 13 percent in September 2015, and by 7 percent for the
year overall.
o Investment continues to fall for the third consecutive year, and each year the rate
of decline increases. Last year alone investment dropped by 8.4 percent.
Jason Breslow of PBS’ Frontine reported a staggering statistic: 111 Russian oligarchs control
19% of all the nations household wealth (Breslow 2015). Furthermore, a August 2015
International Monetary Fund survey said the US led sanctions levied on Russia because of its
support for the separatists in Ukraine could shrink the economy by as much as 9% over time
(IMF 2015). Without any immediate economic relief in sight the majority of Russians are forced
into survival mode and must rely on their entrepreneurial spirit to sustain themselves.
An interesting observation is that the aggressiveness or passiveness of Russian foreign
policy has usually followed oil prices. Since Russia’s economic health is directly related to the
price of its primary export, the higher the price of oil the more emboldened Russia’s foreign
policy is on the international stage (see figure below). The Data Team at the Economist
Magazine write, “That the oil price correlated with Soviet politics is not surprising – in the
Chapter 5: Russia Salinas | 132
uncompetitive command economy oil and gas revenues accounted for 67% of all exports. But
the correlation remained just as strong after the end of the Soviet Union and transition to a
market economy, and oil and gas remained the main source of Russian export revenues” (Data
Team, 2016). Thus, it is not that far of a logical leap to argue that because malicious cyber
engagements when used by the government is an expression of its foreign policy position, its
aggressive use could also track with the economic fitness of the state using them.
Chart 3: Soviet/Russian political history versus oil price
Source: BP; Thomson Reuters The Data Team. 2016. “Oil price and Russian
politics: a history.” The Economist. The Economist Newspaper. January 21.
http://www.economist.com/blogs/graphicdetail/2016/01/red-and-black.
Chapter 5: Russia Salinas | 133
When taken together, Russia’s struggling economy and foreign policy stance, and proud
and educated lower and middle class create the conditions perfect for exploitation by the
organized crime element inside Russia’s borders. The Department of Justice reports, “Organized
crime in Russia is a institutionalized part of the political and economic environment”
(Finckenauer and Voronin 2001, 4). The perfect scenario has been created for the Mafia to use
both the Internet (discussed in the next section) and the grim economic situation of the people as
a tool for them to extract illicit rents from the international market and the cyber underworld.
Russian Internet Diffusion
According to the most current data provided by The World Bank, Russia has a population
of approximately 144 million people (World Bank 2016). Internet diffusion is estimated by The
World Bank to have reached approximately 70.5% of the Russian population (World Bank,
2016). According to Computer World Magazine, currently there are 18.2 million software
developers/computer programmers worldwide, with the United States leading the way with 3.6
million, and by 2018 Russia will have approximately 1.3 million computer programmers
(Thibodeau 2013). Russia is known to be the single biggest source of personal hacks attacking
people’s personal information. Furthermore, Russians are responsible for “some of the nastiest
viruses the IT world has experienced so far” (Blau 2004). Computer Weekly went so far as to
call Russia a “haven for hackers.” The figure below represents the amount of Internet
penetration in Russia between 2003 and 2010.
Chapter 5: Russia Salinas | 134
Chart 4: Internet penetration rate in Russia
Source: Public Opinion Foundation (POF), “All you need to know about Russian
e-Commerce in 2014.” 2014. SEO AND SEM FOR RUSSIAN SEARCH
ENGINES. August 4. http://www.russiansearchtips.com/2014/08/need-know-
russian-e-commerce-2014/.
By 2010, Russian had the largest Internet market in Europe “with the greatest online
penetration rate amongst the BRICs (Brazil, Russia, India, and China), with the most engaged
social networking on earth and a huge and sophisticated blogosphere with more interlinking
between different political poles than in the US” (Judah 2013, 145). The state took a conscious
step back and allowed the Runet (The Russian Internet) to develop organically without
government interference on its part (Judah 2013, 145). President Vladamir Putin disregarded the
advice of his advisors and decided to not erect a “great firewall” similar to the one being
deployed in China around the Runet (Judah 2013, 146). This was a purposeful laissez-faire
Chapter 5: Russia Salinas | 135
approach that fostered the conditions for the technically proficient population to think and
conceptualize without bounds or limitation, a very western approach.
Furthermore, second hand and sometimes new PC computers are cheap enough for
regular people to have them in their homes. The Raspberry Pi, a Linux based networked
computer, is selling brand new for as cheap as $5 USD. “These technologies…could be
implanted into Russia by any individual who wanted to” (Judah 2013, 145).
A major attribute of the Russian Internet was “it went mainstream in the second half of
the 2000s, exploding just at the start of the credit crunch, unlike in Western Europe where it had
taken place a decade before” (Judah 2013, 147). It would be foolish for us the think that
economic stress and poverty that the people were suffering from at the time was not at the
forefront of their minds as they explored and developed their Internet tools. The Internet served
as a magnifying glass, this time looking at solutions to their personal economic issues.
Mob Rules
The Russian mob and the organized crime that it controls is a staple of Soviet/Russian
culture. I do not think it would be controversial to say that in popular culture the Russian mob
has been romanticized almost as much as the Italian mafia. In their Department of Justice report
Finckenauer and Voronin say, “Russia is one of those unfortunate countries that has the receptive
environment in which organized crime thrives [my emphasis]. Organized crime is deeply rooted
in the 400-year history of Russia’s peculiar administrative bureaucracy, but it was especially
shaped into its current form during the seven decades of Soviet Hegemony that ended in 1991”
Chapter 5: Russia Salinas | 136
(Finckenauer and Voronin 2001, 4). This familiarity with this criminal element has served as
fertile ground for organized crime to be seen as approachable enough to be a viable option for
someone suffering economic hardships.
In the Internet age a highly educated yet impoverished population occupying the same
space as a thriving and legitimate criminal underworld creates an opportunity for the needs and
desires of both respective groups to be met in abundance with expediency. Diego Gambetta
(1988) says that, in general, mafias/organized crime groups “need to convince potential
customers of the quality of the products that they provide (i.e. protection) in order to gain
legitimacy” (Gambetta 1988, 127). However, specifically in Russia, the mob was already
ubiquitous in society at the emergence of the Internet and their legitimacy and control was well
established. Organized crime is normalized in Russian society, including its politics. “Because
of its connections to officialdom and to the shadow economy, organized crime took part in what
has become the enormously lucrative scheme of privatization. As a result, the assets controlled
by organized crime give it enormous economic power, and hence political power as well”
(Finckenauer and Voronin 2001, 7).
The Internet is a tool that makes many common pre-Internet functions and activities more
efficient. Worldwide communications are now done instantaneously while vast amounts of
information are processed and stored at exponentially faster speeds in significantly smaller
spaces than ever before.
50
This effect holds true for organized crime as well. The ultimate goal
of any mafia organization is the acquisition of material assets. The tools used to extract these
gains: robbery, prostitution, distribution of drugs, extortion, kidnapping/ransom, etc. are done
more efficiently with the Internet. Coercing someone to write a malicious software package for
50
Moore’s Law: “the number of transistors per square inch in integrated circuits had doubled every year since their
invention” (Investopedia 2013).
Chapter 5: Russia Salinas | 137
pay falls in-line with past Mafia behaviors and actually has a multiplier effect on the final
outcome. The mafia can force one person to work to produce the ability to sell the tool to harm
thousands. For example, “The Russian Business Network (RBN), a shadowy cyberstructure
[sic]…is reported to have sold hacking tools and software for accessing U.S. government
systems. According to the NATO investigators, however, political subversion is little more than
a sideline for these hackers. Their real goal: stealing money through scams, spam, and
infiltrating the networks of Western banks” (Newsweek 2010). The money earned working as a
hacker-for-hire is significantly more than any licit activity available in the struggling Russian
economy.
In order for Russian cyber strength to be used as a soft power tool one must accept that
there is seamless integration between the underworld and government officials. “It is most
important to recognize that the blurring of the distinction between the licit and the illicit is also a
trademark of post-Soviet organized crime that shows its ancestry in the old Soviet state and its
command-economy system” (Finckenauer and Voronin 2001, 5). Experts such as Yakov
Glinsky, Senior Researcher at the Institute of Sociology of the Russian Academy of Sciences in
St. Petersburg, estimate that “between 30 and 60 percent of the income of Russian organized
crime is spent on bribery and various forms of political lobbying” (Finckenauer and Voronin
2001, 23). This gives tremendous political cache to organized crime and creates a symbiotic
relationship that is not as predominant in other nations such as the United States. If the
malicious exploitation of foreign networks by non-state actors is wreaking havoc on other
adversarial nations, then it is in the government’s best interest to let the hacking continue or even
fund it under the auspices of plausible deniability.
Chapter 5: Russia Salinas | 138
It worth reemphasizing how the specific case of Russia reconciles with the assertions in
my theory and the data analysis perform to test my theory. When it comes to determining which
nation states are most likely to be an initiator I theorized that a nation-state would have to have a
an educated population to have a deep human resources pool of people with the aptitude needed
to execute needed hacks. I also said that there needed to be some economic stress present in the
lower and the middle class of the population to incentivize the capable citizens to sell the their
labor/skill to meet the demands of the market. Furthermore, I hypothesized that the nation state
needs to have a top-ranked intelligence agency with the ability to assemble the dossiers
containing the info needed to set up the MCE. Lastly, the nation-state needed to not be beholden
to democratic ideals that would philosophically restrict their behavior on the international stage.
Russia fits neatly into my theory because it has the four variables that I hypothesized are
most likely to contribute to a nation-state being the initiator in an MCE. The data did conclude
that Russia is, in fact, one of the most aggressive initiators of malicious cyber engagements in the
world, by shear number of dyads in which they were the initiator. However, my data analysis
concluded that of the MCEs that were made public between 2011 and 2016, the two variables
that significantly contribute to a nation state being an initiator are the amount of money spent on
intelligence and lower polity scores. Russia has a top rated intelligence agency and is not
classified as a democracy at all, but rather an open anocracy.
However, the level of education found in the Russian citizens cannot be easily dismissed
as being inconsequential to their prominence as state hackers. Their skill in technical subjects is
top tier, and intuitively it makes sense that this would produce an abundance of available and
relevant labor needed to execute MCEs. While the qualitative evidence is compelling,
Chapter 5: Russia Salinas | 139
quantitatively my theory would be best served to better measure the specificity of the kind of
education obtained by the citizens as opposed to education on the whole.
The level of inequality within Russia is undeniable. The recent drop in crude oil prices
has further exacerbated the economic strain that the country is experiencing. The motivation is
there for an educated citizen to better their situation using hacking as a means. Quantitatively
this did not bear out using the Gini measure. This variable too needs to be better operationalized
in the future.
Conclusion
In conclusion, given the prominence and tacit acceptance of organized crime in Russian
economic and political culture, the harsh economic conditions that the country is experiencing as
a result of falling oil prices, and the above-average education levels of the citizens, it seems
inevitable that Russia would be the epicenter for authorship of malicious exploits targeting
personal information in our heavily connected world.
Today’s intelligentsia has historical roots dating back to Peter I and is the source of
national pride in Putin’s Russia. The technical aptitude of the average Russian citizen despite
their socio-economic standing coupled with the rapid rate of Internet diffusion and PC
acquisition made for the perfect opportunity for organized crime. With no relief in sight from
the current economic hardships plaguing the country resulting from low oil prices, the
resourcefulness of the Russian people rose to the fore, much to the detriment of the rest of the
world and their personal data. The old missions, goals and/or aspirations of organized crime
have not changed in the Internet age. They saw an opportunity to use their already establish iron
Chapter 5: Russia Salinas | 140
fist to grab hold of the advantages the Internet affords them in perpetrating the age old activities
of robbery, prostitution, distribution of drugs and firearms, extortion, kidnapping and ransom.
The entrenchment of the mafia in not only the economic aspects of Russia, but in the
political sphere as well, created a soft power tool for Russian leaders, even if it is a result of them
doing nothing more than turning a blind eye the activities in cyber space. Russia is a force in the
cyber world, as much so as China, North Korea, and the United States. This was made possible
because of the inexpensive cost of computer hardware and the ability to write custom software.
The saying goes “necessity is the mother of invention.” The Russian people are dealing the
cards they were dealt, while the west made for an obvious target. The signals sent screaming
wanton consumerism, anti-Russian sentiments, and an overall superiority complex placed the
crosshairs squarely on the Russians favorite targets, the United States and Western Europe.
In closing, the question remains if the economic conditions were to improve in Russia,
would there be a shift from a majority of the hacks being economic in nature to ones that are
more political, similar to China? Or without changing the underlying structure and functioning
of the Internet, would the Russians be incentivized to not hack networks for financial gain that
remain very vulnerable?
Chapter 6: Recommendations Salinas | 141
Chapter 6: What Can We Do?
Universal language of MCEs
Hopefully, I have done a good job at showing why the language chosen to describe and
communicate the events of and around any malicious cyber engagement is so critically
important. Words carry with them implicit meanings and should not be blindly imported from
one area to another, especially those that are so associated with the lexicon of such an emotive
area as war, without deliberate and purposeful consideration to those meanings. As both Fearon
and Gartzke have noted, war is a state of being that a rational state actor will usually wish to
avoid after considering how costly it is to fight. The official foreign policy positions of a nation
are expressed through formally established state-to-state diplomatic institutions formed explicitly
to save war as a last resort. They actively demonstrate a state’s desire to use negotiation and
persuasion to avoid expensive wars with other nations that have differing policy positions.
While I understand the desire to want use the familiar language of traditional kinetic conflict
when describing malicious cyber engagements because it eliminates the need to have at least the
perfunctory conversations on terminology or verbiage. But close introspection reveals that it is
necessary to have this defining step in the proper discussion of policy in this vital issue area.
Words used in traditional kinetic conflicts are associated with policy positions that get
ingrained into our subconscious thought processes. As I have stated earlier in this dissertation,
cyber space and malicious cyber engagements are qualitatively different than ‘land, air, sea, and
space’ (i.e. the domains of war, LASS) and the ‘weapons’ used in them. Dyadic state-to-state
engagements are not, in and of themselves, acts of war. To keep speaking as if they are will
Chapter 6: Recommendations Salinas | 142
make it difficult to “respond in kind” to malicious cyber engagements without priming a war
mindset. There are critical factors to consider while establishing policy positions in cyber space;
namely, if lethality matters in defining the success or failure of an engagement, how cyber space
connects the LASS domains (as opposed to being a domain), and under what context is a specific
act an act of war.
Time and time again policy makers have failed to acknowledge how policy discussions
have been shaped by mistakenly assigning the language of traditional kinetic weapons as a 1-to-1
equivalent to malicious cyber engagements. Since the tools of malicious cyber engagements are
qualitatively different than kinetic weapons, any policy related to them needs to use specific
language to reflect these substantive differences. However, these foundational shifts, if
undertaken, will make sure that the policies accurately reflect the realities of cyber space and not
the over-inflated and misunderstood realities of policy makers being ineffectively imposed on the
issue area.
In the remaining sections of this chapter I take a look at how the main takeaways from
my analysis of cyber space, the actors, their preferences and intentions, and the characteristics of
the tools within in the space should be digested by policy makers when considered during the
authorship of new legislation. We need to address how policy formation is affected by a better
understanding of malicious cyber engagements with in the context of the traditional fields of
espionage and sabotage, the process of securitizing cyber as an issue without over or under
reacting and how these affect the establishment of international norms around this issue area.
Furthermore, I unpack how the next iteration of the Internet will look as we shift to more
security-minded networks and methods of communication. Lastly, I acknowledge the
importance of personal agency in one own cyber hygiene will play is protecting nation-states.
Chapter 6: Recommendations Salinas | 143
MCEs are a tool for traditional espionage and sabotage
Spying goes back to ancient times. Nations have been engaged in spy-craft on one
another since the advent of “modern” interstate war (i.e. since the inception of the 1648
Westphalian modern state). In a rivalrous dyad, efforts to remedy information asymmetries are
usually rewarded with an advantage to the actor who learns the most about the other. With this
being the case, the pursuit of information during times of peace becomes paramount to ensure
success in case of an outbreak of conflict or war. This is one of the core tenets of espionage.
Cyber space has not changed this fact. The advent of the Internet the subsequent expansion of
cyber space has led to the development of cyber tools that better facilitate espionage and, in
some cases, sabotage operations. Cyber space has not eliminated espionage. On the contrary, it
has facilitated even more avenues with which to carry out the practice.
Everything connected to the Internet is connected to each other. Couple this high level of
interconnectivity of everything on the Internet with the government’s and private citizen’s
dependence on storing data on these networked devices, and it is glaringly obvious to (those in
the know) that malicious cyber engagements can be used to virtually eliminate the distance
between enticing targets of opportunity. This tactical fact makes the stealing of information and
the sabotage of critical infrastructure components markedly easier in a state that has kept up with
the rate of Internet diffusion. Since the need for espionage and sabotage has not diminished, and
an argument can be made that the need is even greater today, rational actors are going to utilize
the tools that are available to them, especially since positive attribution is so difficult. Gone are
the days of the need for physical access to steal or make copies of files and documents.
Chapter 6: Recommendations Salinas | 144
Especially, since skilled intelligence analysts can access any network that is not air-gapped with
enough concerted effort.
51
Encryption solves this problem (which is talk about in a later section
of this chapter).
The strategic use of intelligence and espionage as part of statecraft must be revisited to
assess how malicious cyber engagements affect each of these state tradecrafts. To continue to try
to view and analyze the Internet and cyber space as less of a tool in military and intelligence
actions, will most likely not capture the true essence of neither, especially since both military
spending and the size of the intelligence community affects the likelihood of being an attacking
and a targeted nation during a malicious cyber engagements, respectively as my research as
shown. Consequently, to not capture the true essence of an issue area would lead to potentially
less effective policy outcomes.
Securitization
If the vulnerabilities that are inherent in the Internet are going to remain indefinitely, and
the developed world’s dependence on it are on the rise, then the need to assess and address these
security risks becomes paramount in both domestic and international governance. Let me be
clear, I am in no way trying to be an alarmist and declare the vulnerabilities in cyber space as a
full blown crisis. In my opinion, this would be counterproductive to producing any meaningful
discourse. However, a close introspective and nuanced look at the subject would reveal how
close we collectively are to these omnipresent vulnerabilities posing “an urgent threat to core
values or life-sustaining functions, which must be urgently dealt with under conditions of deep
51
An air-gap refers to computers or networks that are not connected directly to the Internet or to
any other computers that are connected to the Internet” (Zetter 2017).
Chapter 6: Recommendations Salinas | 145
uncertainty,” the very definition of a crisis (according to the IEPS). And with every potential
crisis comes the need to manage it, at both a technical and political level.
Cyber security policy is something that should be approached in an apolitical manner.
There is nothing to be gained by using a political lens to interpret actions before or after a
malicious cyber engagement. Given the technical nature of the Internet and cyber space, and the
salience of the aforementioned in domestic and state-to-state communication and information
storage, it is imperative that politicians (who normally have very limited technical experience),
work together with engineers and computer scientists to ascertain the complete body of facts on
the ground, before politicizing the issue around what they think it is. This ethos stands a better
chance of producing effective preventative and reactive policies, than purely politicized policies
formulated in a job-specific silo.
This forces us to ask the question of what is there to gain by making cyber security policy
a politicized issue. The costs for a partisan reality being treated as if it represents the actual
reality in total are too high, specifically because the effects of a malicious cyber engagement at
the state level will affect everyone equally, regardless of political leanings. The same can be said
at the national level in the global community. We need not look any further than the recent
WannaCry and notPetya ransom-ware attacks to see how cyber tools developed to be deployed
on specific targets can get out in the wild and indiscriminately affect any nations that happen to
stumble in its path (Newman 2017). It is this acknowledgement that will lead to dialog required
to accurately reflect both the possibility and the probability of vulnerabilities being exploited by
anyone.
Chapter 6: Recommendations Salinas | 146
Establishing and enforcing cyber norms
Once a full and complete understanding of what the Internet and cyber space are, there
needs to be an establishment of what behaviors, norms, and mores are acceptable in the medium,
again considering both the domestic and international levels. Once these are established, they
need to be formally documented and memorialized and then enforced by a credible governing
body, such as the United Nations.
In my opinion, the United Nations is the organization that is the best positioned to take on
these tasks critical to establishing cyber norms, or “rules of road.” The United Nations “is an
intergovernmental organization established in 1945 to promote international cooperation”
(NATO CCDCOE 2018). Cyber security is unequivocally an issue area that requires collective
action, coordination, and cooperation at the international level simply because of the level of
global interconnectedness. Its current membership boasts a roster of 193 nations of the world, all
of whom have already granted the UN the requisite cache to be a credible enforcer of
internationally recognized laws. Furthermore, the entire current UN Security Council
membership roster boasts key actors in the consideration of the upper echelons of cyber power.
While the UN in recent years has taken preliminary steps to add cyber as a relevant issue area of
consideration to its members, explicitly defining and enforcing cyber norms needs to receive
more prioritized attention from the group. This can only be done when the space is thoroughly
understood and vulnerabilities conveyed.
Chapter 6: Recommendations Salinas | 147
Internet 3.0
The Internet was originally designed without any consideration for the security of the
information being passed over it. Built in the 1950’s by researchers at Stanford University, the
University of California at Los Angeles, and Massachusetts Institute of Technology to facilitate
faster sharing of information, they asked that they not be obliged to pay any attention to the
security of the transmission of the data since they were the only three entities on it and using it at
the time. Eventually, the ARPA-net, as it was originally called, evolved into the DARPA-net
with its military applications, finally serving as the foundation of the Internet that became
commercially available to the public and is still the same at its foundation today. Security
measures were added post-hoc. This is a critical fact because it means that the commercial
Internet was memorialized with the original inherent security flaws.
When industry experts discuss the defense of an organization’s cyber infrastructure, there
is saying that goes, “it is not a matter of if your network has been attacked, it is a matter of
when.” A lot of truth is said in jest goes the old adage. The same can be said for the
aforementioned quote on cyber attacks. Implicitly, what this is saying is that every network,
including the government and its affiliate, is vulnerable and potentially susceptible to a curious,
resourceful, and self-initiated hacker actively looking for a weakness to exploit, state-sponsored
or otherwise. This is a direct consequence of the way the underlying network is structured. This
is a known problem around which many in the general public have simply chosen to live in a
state of cognitive dissonance. But ignoring a real problem does not mean it will automatically
rectify itself. Political elites and decision makers need to do more before something catastrophic
happens. I am not making an assertion of imminence, but one of probability and likelihood. As
Chapter 6: Recommendations Salinas | 148
Internet diffusion grows and more nations grow increasingly dependent on Internet-based
technologies for their defense and infrastructure needs, the potential for seemingly irreparable
damage to be done to critical infrastructure and services grows exponentially.
Given there would be both a seemingly impossible collective action problem to migrate
both the entire private and public sectors to a “security-first” Internet, and the tremendous
associated material costs of such a move, there needs to be a shift in how we use the current
iteration of the Internet. The size and the scope of the migration problem dictates that alternative
solutions must be urgently explored and adopted or we will continue to suffer from an increasing
number of intrusions and malicious cyber engagements.
Quantum computing offers a viable alternative to changing the underlying infrastructure
of Internet. This would be a shift in the organization of the information being transferred.
52
The
mechanics of quantum computing means that if any data is intercepted between a sender and a
receiver the data structure is compromised and is immediately known. However, quantum
computing is not yet widely used. China is the first and only nation to begin to migrate their
critical communication servers over to using quantum processing. Named the Jinan Project, their
network is “more secure than widely used electronic communication equivalents…Once fully
implemented, it will make it almost impossible for other governments to listen in on Chinese
communications” (CORDIS 2017).
52
“Quantum computing takes advantage of the strange ability of subatomic particles to exist in
more than one state at any time. Due to the way the tiniest of particles behave, operations can be
done much more quickly and use less energy than classical computers.
In classical computing, a bit is a single piece of information that can exist in two states – 1 or 0.
Quantum computing uses quantum bits, or 'qubits' instead. These are quantum systems with two
states. However, unlike a usual bit, they can store much more information than just 1 or 0,
because they can exist in any superposition of these values.” (Beall 2017).
Chapter 6: Recommendations Salinas | 149
Quantum computing solves two problems that result from global increases in Internet
diffusion and dependence. First, it solves the energy efficiency problems the world is predicted
to encounter if we keep on our current trend-line of en masse usage of computers for the
communication and storage of information (Beall 2017). But more importantly for our
discussion here in this dissertation, a quantum network, given how information is preserved in in
quantum state when it is sent, “tampering [with the information] immediately alters the
information being relayed, with the disturbance being instantly recognizable” (CORDIS 2017). If
the inevitability of a network breach remains a fact, then quantum computing not only ensures
that the information be rendered unreadable but it also send of metaphorical distress signal that
an intrusion has taken place.
The Rise of an Encrypted Society
The most important behavioral shift we can do right now, that is not cost prohibitive, is
the mass adoption of end-to-end encryption (E2EE) technologies. If the current incarnation of
the Internet implies that the vulnerabilities currently present will always facilitate the potential
stealing of data, then the next best thing to do is to encrypt the data being transmitted or stored so
that when it is stolen or intercepted it is illegible to the thief. It worth noting that the intelligence
community is not particularly fond of this option because it renders the current methods and
programs of mass surveillance of the population utterly useless especially those that are
automated based on data point algorithms (Bankston 2017).
53
The strain on resources to decrypt
53
The Intelligence Community Comprehensive National Cybersecurity Initiative Data Center is
located in Bluffdale, Utah. It is a one million square foot facility designed to collect and store at
least a couple of yottabytes of data (Bamford 2012). “…A yottabyte = 1,000 zettabytes =
Chapter 6: Recommendations Salinas | 150
and analyze the immense swaths of collected encrypted data would make any surveillance
program screech to a halt.
Advancements in super computing would still allow law enforcement to decrypt data on a
single individual at a time if an investigation warrants it relatively easily. However, the analysis
of bulk data would be, in essence, useless. Admittedly, this places the onus on the government
and law enforcement to seek out and employ the best talent to be able to “pick the locks” of
encryption technologies when needed. As of this writing, the debate between the protection of
personal data and law enforcement’s ability to access that data wages on.
The mass adoption of the use of encrypted messaging, email, and file storage eliminates
almost all of the negative effects of the stealing of data. This requires a behavioral shift on the
part of the population complete with the adoption of new norms of communication over the
Internet, and storing information both locally and in the cloud. The first step in achieving this is
first educating the population on the very real vulnerabilities that exist in cyber space. Then,
make them understand that it is better to take proactive steps to protect their sensitive and private
information than to leave the stealing of it to chance.
The military and its private sector contractors should be implored to make better use of
encrypted file storage and communication methods to ensure that the secrecy of sensitive
information remains undecipherable, even if and when it is in fact stolen. In the current
incarnation of the Internet’s structure, if you are in possession of proprietary or any other highly
valued information, you will be targeted at some point, including our military and government
agencies.
1,000,000 exabytes = 1 billion pettabytes = 1 trillion terabytes. For some sense of scale, you
would need just 400 terabytes to hold all of the books ever written in any language” (Hill 2013).
Chapter 6: Recommendations Salinas | 151
There are messaging services (such as signal), email add-ons (such as PGP), and
encrypted storage alternatives (such as Apple’s File Vault), that are currently available and easily
implementable that protect person-to-person communications and local file/data storage.
54
Convenience is usually the biggest compromise to heightened security measures. For example,
many people opt for a 4-digit passcode over a longer alphanumeric passcode to secure their
iPhones because it is either easier to remember or quicker to type in, or both. This is true,
despite the former being far less secure than the latter. If a hacker has access to your phone, a
four-digit passcode can be solved in 8 milliseconds after being loaded into a hacking suite.
55
As
opposed to the more than three decades needed to decipher the password if it was comprised of
nine alphanumeric characters (Better Buys 2018). Users must do a personal cost benefit analysis
that better reflects the true cost of an intrusion versus perceived benefit convenient access gives
them.
Carbon Weakness Versus Silicon Weakness
Silicon weakness refers to any vulnerability in either the hardware of a system or the
software running it that can be exploited by an attacker. The carbon weakness refers to the
person or people operating the software and hardware. The silicon weaknesses can be addressed
54
PGP, which is short for Pretty Good Privacy, is a public key encryption tool that encrypts data
being sent via email between users. Even if the message is intercepted en route in can only be
read and understood by the intended user (Electronic Frontier Foundation 2017). File Vault is
Apple’s built in opt-in full disk encryption (FDE) software that comes loaded in its operating
system (Fleishman 2015).
55
Kali Linux is the operating system commonly used by penetration testers, network engineers
and hackers. It comes loaded with automated hacking tools/bundles/suites that now require little
to no coding experience.
Chapter 6: Recommendations Salinas | 152
by simply keeping the software that is used everyday updated with the most current versions
released by the developer. Reputable developers release updates to their current versions of
software as soon as security flaws are discovered in an effort to keep zero day vulnerabilities
from compromising users’ machines. However, it is up to the user to proactively download the
updates as soon as they become available in order mitigate the threat presented by the
vulnerability. If the user does not take the necessary step use the update to protect their
machines, no security patch will protect the machine or the system on which it resides.
More importantly, systems administrators that set up and maintain networks critical to
government institutions and public infrastructure need to be especially vigilant about keeping
system software up to date with patches as soon as they are released by the developers. Many of
the recent attacks targeting the US government were made possible simply because a known
vulnerability was not patched in a timely manner by the system administrator. This is a prime
example of a carbon weakness. Many developers have bounty programs where they encourage
outside hackers to purposely look for vulnerabilities in their software and disclose them for a fee.
Once a vulnerability is found, the necessary patch is written and sent out as a software update.
Establishing a culture of preventative vigilance is vital in effectively protecting networks.
Furthermore, these systems should not still be using the developers’ default passwords.
Surprisingly, this is still a common practice done for the sake of convenience. Password hygiene
is vital to the security of any network. But it is paramount to government and infrastructure
networks that govern state secrets and systems vital to its proper functioning. It is the
responsibility of the system administrator to insure that the strength of passwords is high enough
to thwart any brute force attack levied against it. Lazily using password such as “password” or
“1234” are a sure-fire way to provide a would-be attacker an easy foray onto your system.
Chapter 6: Recommendations Salinas | 153
Alphanumeric passwords of at least 8 characters minimum that contain special symbols and
characters provide the highest strength. It should be adopted as standard operating procedure
that everyone uses passwords of suitable strength.
In short, while the strengthening of the hardware and software is a necessary condition to
protect a network, by itself it is woefully insufficient. Establishing a culture of awareness and
proactive vigilance against a possible attack in the people using the network, coupled with the
strengthening of its hardware and software, creates the necessary and sufficient conditions to
effectively secure and protect it. Addressing not only the silicon weaknesses of a system but its
carbon weaknesses as well will make sure your system is the least attractive option to attackers
who are looking for targets of opportunity. For those that are targeting your specific network,
hardening your system by addressing the silicon and carbon weaknesses will make it more
difficult to intercept or steal information. As I previously stated, given the way information is
transmitted and stored means that every network is vulnerable to some form attack. What we
can do is take steps to make it so that the task of penetrating the network is as difficult as
possible.
In conclusion, we as academics who communicate with policy makers have to lead the
way in shifting the cyber lexicon aware from that of war, unless we are actually talking about
them as tools being used in traditional kinetic war. This will do wonders in producing grounded
discourse that accurately reflects reality. Furthermore, this will help elucidate how cyber has
both helped and hurt statecraft operations, specifically those of the intelligence community.
People are the integral component of cyber space. If we were to take away the people,
we are simply left with the Internet. It is the disposition of people that must be considered when
we are thinking about vulnerabilities in their entirety. There needs to be positive shift in the
Chapter 6: Recommendations Salinas | 154
cyber hygiene of individuals and the standards that are put forth in organizations. The sacrifice
of a small amount of convenience in exchange for better cyber hygiene and the resulting gains in
informational security needs to be seriously reconsidered, especially if the Internet’s inherent
vulnerabilities are going to be omnipresent for the foreseeable future. These actions can be
inexpensively carried out and can significantly reduce the negative effects of a successful
malicious cyber engagement.
Chapter 7: Conclusion Salinas | 155
Chapter 7: Conclusions: CTRL + ALT + RETHINK
In conclusion, we must rethink how we currently think about cyber space as it relates to
war. Clearly the low costs to launch an effective malicious cyber engagement, the difficulty in
positively attributing an intrusion to a specific actor, and the presence of any first-mover
advantage (no matter how slight or chasmic) all coalesce to make MCEs unlike any other
tool/force multiplier we have seen in the traditional kinetic space. The normally accepted actor
behaviors in the critical period preceding the onset of traditional kinetic conflict or war are not
commonplace within the cyber realm. The assumptions found in conflict studies regarding pre-
emptive engagements, the ease of identifying antagonists, and who has the ability to effectively
participate in the space do not hold up in a discussion of cyber space. If nothing else we can
agree that cyber space is qualitatively different and required the independent analysis that was
presented in this dissertation. These differences collectively begged two questions: is cyber war
actually ‘war’? And if it is ‘war’, why does the bargaining theory of war not work on it? I
conclude that ‘cyber war’ is a misnomer, along with all the other nomenclature that has its roots
in war and carries with it their kinetic conflict meanings. Furthermore, I think the bargaining
theory of war is brilliant in its elegance and the variables that make it work, namely the costs to
engage in conflict and how likely a state is to be the emerge as the victor, are outside of the
bounds which the theory was created.
Based purely on a rational cost benefit analysis, it makes sense that a state, acting as a
rational actor, will maliciously engage with other state actors in cyberspace. Given the low costs
of participation and the difficulty in positively attributing an attack, we should see an abundance
of state-sponsored malicious cyber attacks happening all the time. But as we have seen, there are
Chapter 7: Conclusion Salinas | 156
specific contributing factors that determine which states will be the initiator in a malicious cyber
engagement and which of those will be targeted when an attack does indeed take place. These
are the dependent variables that this dissertation has unpacked, to identify initiating states and
targeted states.
As we have seen, there is a method to the seemingly stochastic manner in which
malicious cyber engagements take place. I originally hypothesized that initiators will be
determined by the following factors: the nations having a top intelligence agency, being weak
democratically, having high economic inequality among its citizens and have a very educated
population. However, after careful regression analysis I can see and readily admit that I was
only half-correct. The factors that proved to have the most significance in determining which
state is the attacker in a dyad are the size of the intelligence agency and how weak the state is
democratically. The other two predicted factors, economic inequality and education level, did
not have a statistically significant effect on predicting whether or not a state will likely be an
attacker in an MCE dyad.
In a similar vein I initially proposed that a state is more likely to be the target of a
malicious cyber engagement based on the following factors: level of Internet penetration in the
nation, if it has a relatively free press, along with a large military industrial complex, and it has a
thriving stock market. Yet again, I was only half correct. The factors that proved to have most
significance in determining which state is the target in a cyber dyad are its military spending and
the health of its stock market. The other two predicted variables, Internet penetration and
freedom of press, did not have a statistically significant effect on predicting whether or not a
state will likely be attacked in an MCE dyad. The current literature has a line of argumentation
that points to the salience of the level Internet diffusion in determining which nations are
Chapter 7: Conclusion Salinas | 157
targeted for in malicious cyber engagements. While it makes logical sense that the presence of
and reliance on the Internet would be a necessary condition for an attack, it is not wholly
sufficient. This is supported by the data.
In addition to providing some clarity on assertions being made in the current cyber
conversation, these findings also set up some promising research opportunities moving forward.
First, with regards to the current cyber conversation, the significance of increased military
spending being correlated with the raising of the likelihood of a nation being attacked goes
against what has been put forth in the literature thus far. This is not to say that that the assertion
that cyber conflict itself should mirror the protagonist/antagonist relationships found in
traditional kinetic warfare did not make sense at the time it was being offered. I admit that it
makes intuitive sense that the nations with the largest militaries are least likely to be attacked and
more likely to be the aggressor. However, this was not born out in the data. Military power and
cyber power do not necessary track one-to-one. This finding, in and of itself, is significant
because this goes against natural intuition and conventional wisdom, even that of some of the
best minds in the discipline. However, I say this with a hint of caution because of the relatively
small sample size of the data. As previously stated, the limited data in this area has always been
an impediment to any rigorous research, given the both the inherent secrecy of cyber attacks and
the lack of incentives to report a successful one. This is the case with most research in
intelligence related subjects. Nonetheless, I took an important first step to gain some clarity
about what is exactly happening between two state actors. Future exploration will pay dividends
in the future.
Next, of the independent variables that I hypothesized would be the most contributory in
determining the attackers in an MCE dyad, the size of a nation’s intelligence agency, especially
Chapter 7: Conclusion Salinas | 158
in a nation that has weaker democratic institution turned out to be the most salient. This is
relevant because the size of the military, as determined through military spending, when tested
was inconsequential in determining attackers. Again this runs contrary to our informed
intuitions. However, the size of a nation’s intelligence agency (both in spending and number of
employees) measures to be statistically significant along with the level of democracy of the
nation. Again, I say this with a hint of caution because of the relatively small sample size of the
data. However, this goes against what has been recently hypothesized in the cyber discussions
and challenges the types of power and how dyadic dynamics play out in cyber space. More work
needs to be done to analyze more state sponsored cases to give the results more statistical
strength, and more independent variables explored. But again this was an important first step in
the conversation.
So where does this leave us with regards to cyber security? As companies such as Apple
and Google work to further unify and integrate the Internet experience with every aspect of our
lives and Facebook works to further the Internet’s reach, the global private and public sectors are
only going to grow more dependent on the Internet in the future. And since the underlying
infrastructure of the Internet is not changing to one rooted in security, this means that there is an
ever-increasing number of vulnerabilities and potentially detrimental exploits to state attackers
with the will and the means to carry them out. If state-to-state malicious cyber engagements are
inevitable, then this calls for private citizens, business owners, academics, policy makers,
politicians and global governance institutions to be purposefully vigilant to mitigate the damage
of any attack successfully levied upon them. Yes, the information may be intercepted and/or
stolen, but if it is unreadable, the attack itself is unsuccessful because it did not accomplish what
it was intended to do. The connection between the protection of an individual person’s
Chapter 7: Conclusion Salinas | 159
communication and data, that of the state, and the global community are intertwined and thus,
equally important to protect. But what does it mean to be vigilant? And it what areas should this
vigilance be concentrated to be the most effective?
Vigilance starts with people utilizing their individual agency to address their own carbon
weaknesses (i.e. their role as a human user of the Internet). There has to be a norm shift from
users operating from a position of cognitive dissonance to one where the risk of intrusions is
known by tech-savvy people and technophobes alike. We have to move beyond taking a passive
stance, ignoring the realities of the inherent weaknesses of cyber space and how truly susceptible
networked individual are. A preventative, active stance not only protects the individual but the
entire network to which they are a part, by strengthening the weakest link in the figurative chain.
Even if active measures are taken to shore up the silicon weaknesses found in hardware and the
software upon which it operates, we are all better off by staying self-reflective on our soft cyber
underbelly and taking the steps to raise our personal defenses, which by default raises our
national protection to a measured degree. The trickle down effect of this behavior shift is
invaluable to being mitigating the desire to an attack at the state level.
Using encrypted messaging and email communications needs to become standard
operating procedure in both the private and public sectors. Businesses and governments need to
mandate this on the part of all their employees and contractors. A choice should not be given.
This may have some unwanted hints of paternalism, but I would say the costs of not taking this
decisive action are too high to not put forth such a mandate. Encryption technologies are
steadily improving and are easily deployable without impeding the speed of workflow.
Encrypted storage is another area where a mass shift in behavior will go a long way in
limiting the number of attacks or mitigating their success if they are attempted. There has been a
Chapter 7: Conclusion Salinas | 160
move in the recent years from storing everything natively on local hard-drives to migrating most
storage needs to the “cloud.” Services such as Google Drive, iCloud, and Dropbox are now
ubiquitous in both the public and private sectors. They seamlessly facilitate an individual’s
storage needs across multiple devices (such as mobile phones, tablets and computers), and they
make the process of sharing files with peers, regardless of the file’s size, a relatively painless
affair. Despite the conveniences that these services afford, their ubiquity makes them the perfect
point of entry to compromise a network.
Two-factor authentication is another behavioral shift that will make malicious cyber
engagements more difficult to carryout. CNET says the following, “Two-factor authentication
adds a second level of authentication to an account log-in. When you have to enter only your
username and one password, that's considered a single-factor authentication. 2FA requires the
user to have two out of three types of credentials before being able to access an account”
(Rosenblatt and Cipriani 2015). These are usually something only the user would know
(personal identification number, or password), have in their possession (ATM card or phone), or
uniquely be (biometric fingerprint or voice print). This simple move from single-factor
authentication to two-factor authentication creates an added barrier for would-be attackers that is
much more difficult to overcome. It can be deployed at the individual level without any
additional cost. We must consider the costs of not making this behavioral shift, not only on the
individual but also on everyone operating on the same network.
While both of these proactive steps (encrypted communication and storage) are deployed
at the individual level, the more widely they are adopted the more beneficial they are in
protecting the entire state from foreign adversaries. There is an upward ripple effect of
protection that emanates from the individual to the nation as a whole. In many cases of
Chapter 7: Conclusion Salinas | 161
malicious cyber engagements, it is the carbon weakness of the network (i.e. the individual
people), not the silicon weakness, which provides the point of entry that is the catalyst for the
entire attack or series of attacks. The craft of social engineering can lead to a crack in even the
best operating and security standards employed by an institution. Two-factor authentication
provides an additional layer of security in the unfortunate instances where and initial social
engineering attempt is successful. It will force the attacker to either find another method of entry
or find a to spoof the second level and authentication.
Lastly, we need to increase the reporting of cyber attacks when they do occur. The
difficulty of this project, like many research agendas, was the lack of available data. Given that
people are incentivized to not report when they are successfully targeted for a malicious cyber
engagement, selection bias on the cases that are available reported could be an issue. This is
especially true for private businesses that are beholden to shareholders but were targeted by state
or state-sponsored actors. Going back to run analyses on a fuller, more complete data set on my
identified contributing variables and new ones will help suss out why malicious cyber
engagements are not as stochastic as they first appear to be.
Bibliography Salinas | 162
Bibliography
“About Polity.” 2017. Polity Project. Center for Systemic Peace. Accessed December 21.
http://www.systemicpeace.org/polityproject.html.
“An Introduction to Public Key Cryptography and PGP.” 2017. Surveillance Self-Defense.
Electronic Frontier Foundation. May 22. https://ssd.eff.org/en/module/introduction-
public-key-cryptography-and-pgp.
Ahmed, Naseer. 2015. “Top 15 Intelligence Agencies With Biggest Budgets In The
World.” Insider Monkey. October 4. https://www.insidermonkey.com/blog/top-15-
intelligence-agencies-with-biggest-budgets-in-the-world-374011/16/.
Aizlewood, Robin. 2000. “Revisiting Russian Identity in Russian Thought: From Chaadaev to
the Early Twentieth Century.” The Slavonic and East European Review 78 (1): 20–43.
Allison, Paul. 2012. “Do We Really Need Zero-Inflated Models?” Statistical Horizons. August
7. https://statisticalhorizons.com/zero-inflated-models.
Anderson, Nicholas D. 2013. “Review of East Asia before the West: Five Centuries of Trade and
Tribute, by David C. Kang.” Journal of East Asian Studies 13 (1): 173–75.
Atkin, Michelle Louise. 2012. Balancing liberty and security: an ethical study of U.S. foreign
intelligence surveillance. Lanham: Scarecrow.
“Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The
Analytic Process and Cyber Incident Attribution.” 2017. Director of National
Intelligence. January 6. https://www.dni.gov/files/documents/ICA_2017_01.pdf.
Bamford, James. 2012. “The NSA Is Building the Country's Biggest Spy Center (Watch What
You Say).” Wired. Conde Nast. March 15.
https://www.wired.com/2012/03/ff_nsadatacenter/.
Bankston, Kevin. 2017. “Let's Have an Adult Conversation on Encryption.” Slate Magazine.
January 27.
http://www.slate.com/articles/technology/future_tense/2017/01/the_encryption_conversat
ion_needs_to_move_beyond_backdoors.html.
Beall, Abigail. 2017. “Inside the weird world of quantum computers.” WIRED. WIRED UK.
August 2. http://www.wired.co.uk/article/quantum-computing-explained.
Bergsten, C. Fred, Robert O. Keohane, and Joseph S. Nye. 1975. “International economics and
international politics: a framework for analysis.” International Organization 29 (01): 3.
Boettke, Peter J. 1993. Why perestroika failed: the politics and economics of socialist
transformation. London: Routledge.
Bibliography Salinas | 163
Bryant, Martin. 2011. “20 years ago today, the World Wide Web was born - TNW Insider.” The
Next Web. August 6. http://thenextweb.com/insider/2011/08/06/20-years-ago-today-the-
world-wide-web-opened-to-the-public/).
Buchanan, James M. 1965. “An Economic Theory of Clubs.” Economica 32 (125): 1.
doi:10.2307/2552442.
.
Buenco De Mesquita, Bruce. 2002. “Domestic Politics and International
Relations.” International Studies Quarterly 46 (1): 1–9. doi:10.1111/1468-2478.00220.
Blackstone, Samuel. 2017. “Russian students dominate at the computer programming olympics -
and American computer science...” Salon. June 19.
https://www.salon.com/2017/06/18/russian-students-dominate-at-the-computer-
programming-olympics-and-american-computer-science-students-are-unsurprised.
Blau, John. 2004. “Russia - a happy haven for hackers.” ComputerWeekly.com. May.
http://www.computerweekly.com/feature/Russia-a-happy-haven-for-hackers.
Brantly, Aaron Franklin. 2016. DECISION TO ATTACK: Military and Intelligence Cyber
Decision-Making. S.l.: UNIV OF GEORGIA PRESS.
Breslow, Jason M. 2015. “Inequality and the Putin Economy: Inside the Numbers.” PBS. Public
Broadcasting Service. January 13. https://www.pbs.org/wgbh/frontline/article/inequality-
and-the-putin-economy-inside-the-numbers/.
Bumiller, Elisabeth, and Thom Shanker. 2012. “Panetta Warns of Dire Threat of Cyberattack on
U.S.” The New York Times. October 11.
http://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-
cyberattack.html?_r=0.
Burgess, Matt. 2017. “Exposed: how one of Russia's most sophisticated hacking groups
operates.” WIRED. WIRED UK. January 12. http://www.wired.co.uk/article/how-
russian-hackers-work.
Canabarro, Diego R., and Thiago Borne. 2013. "Reflections on the Fog of (Cyber) War."
National Center for Digital Government Policy Working Paper 13-001: 2-18. Print.
Capaccio, Tony. 2013. “US General: Iranian Cyberattacks Are Retaliation For The Stuxnet
Virus.” Business Insider. Business Insider. January 18.
http://www.businessinsider.com/iranian-cyberattacks-retaliation-for-stuxnet-virus-2013-
1.
Carr, Jeffrey. 2013. “The Misunderstood Acronym: Why Cyber Weapons Aren’t
WMD.” Bulletin of the Atomic Scientists, no. 69.5: 32–37.
Bibliography Salinas | 164
Clark, David D., and Susan Landau. 2011. “Untangling Attribution.” Harvard National Security
Journal 2 (2): 25–40.
Clausewitz, Carl von. 2004. On War. London: Routledge.
Cobb, Michael. 2018. “What is honeypot (Honey pot)? - Definition from WhatIs.Com.” Search
Security. Accessed January 2. http://searchsecurity.techtarget.com/definition/honey-pot.
CORDIS. 2017. “China to launch world's first quantum communication network.” Phys.org -
News and Articles on Science and Technology. August 4. https://m.phys.org/news/2017-
08-china-world-quantum-network.html.
“COUNTRY COMPARISON : DISTRIBUTION OF FAMILY INCOME - GINI INDEX.”
2018. Central Intelligence Agency. Central Intelligence Agency. Accessed January 2.
https://www.cia.gov/library/publications/the-world-factbook/rankorder/2172rank.html.
The Data Team. 2016. “Oil price and Russian politics: a history.” The Economist. The Economist
Newspaper. January 21. http://www.economist.com/blogs/graphicdetail/2016/01/red-and-
black.
Demchak, Chris C. 2011. Wars of disruption and resilience: cybered conflict, power, and
national security. Athens: University of Georgia Press.
Demchak, Chris C., and Peter J. Dombrowski. 2014. “Rise of a Cybered Westphalian Age: The
Coming Decades.” Global Power Shift The Global Politics of Science and Technology -
Vol. 1, 91–113. doi:10.1007/978-3-642-55007-2_5.
Desjardins, Jeff. 2017. “Here are the 20 biggest stock exchanges in the world.” Business Insider.
Business Insider. April 11. http://www.businessinsider.com/here-are-the-20-biggest-
stock-exchanges-in-the-world-2017-4.
The Editors of Encyclopædia Britannica. 2016. “Perestroika.” Encyclopædia Britannica.
Encyclopædia Britannica, inc. August 22. https://www.britannica.com/topic/perestroika-
Soviet-government-policy.
Eriksson, E. Anders. 1999. “Viewpoint:Information warfare: Hype or reality?” The
Nonproliferation Review 6 (3): 57–64. doi:10.1080/10736709908436765.
“Estimating Password Cracking Times.” 2018. Better Buys. Accessed February 4.
https://www.betterbuys.com/estimating-password-cracking-times/.
“Fact Sheets & Briefs.” 2017. U.S.-Russian Nuclear Arms Control Agreements at a Glance.
Arms Control Association. June. https://www.armscontrol.org/print/2556.
“Fangwen.YU.” 2018. Correlation and Regression - FangwenYu - . Accessed February
26. http://www.cnblogs.com/fangwenyu/p/4216238.html.
Bibliography Salinas | 165
“The F-35 Lightning II .” 2016. F-35 Lightning II Program. Joint Strike Fighter. March 24.
http://www.jsf.mil/news/docs/20160324_Fact-Sheet.pdf.
Fearon, James D. 1995. “Rationalist explanations for war.” International Organization 49 (03):
379. doi:10.1017/s0020818300033324.
Finckenauer, James O., and Yuri A. Voronin. 2001. “The Threat of Russian Organized Crime.”
U.S. Department of Justice/Office of Justice Programs NCJ.187085.
Fleishman, Glenn. 2015. “How to encrypt your Mac with FileVault 2, and why you absolutely
should.” Macworld. February 5. https://www.macworld.com/article/2880039/how-to-
encrypt-your-mac-with-filevault-2-and-why-you-absolutely-should.html.
Gartzke, Erik. 2013. “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to
Earth.” International Security 38 (2): 41–73. doi:10.1162/isec_a_00136.
Gambetta, Diego. 1988. “Fragments of an economic theory of the mafia.” European Journal of
Sociology 29 (01): 127. doi:10.1017/s0003975600005610.
Gertz, Bill . 2014. “Top Gun takeover: Stolen F-35 secrets showing up in China's stealth
fighter.” The Washington Times. The Washington Times. March 13.
https://www.washingtontimes.com/news/2014/mar/13/f-35-secrets-now-showing-chinas-
stealth-fighter/.
Giandomenico, Nena. 2017. “What is Spear-Phishing? Defining and Differentiating Spear-
Phishing from Phishing.” Digital Guardian. July 27.
https://digitalguardian.com/blog/what-is-spear-phishing-defining-and-differentiating-
spear-phishing-and-phishing.
Gelpi, Christopher F. 2001. “Winners or Losers? Democracies in International Crisis, 1918–
94.” American Political Science Review 95 (03): 633–47.
doi:10.1017/s0003055401003148.
Greenwald, Glenn, Ewen MacAskill, and Laura Poitras. 2013. “Edward Snowden: the
whistleblower behind the NSA surveillance revelations.” The Guardian. Guardian News
and Media. June 11. https://www.theguardian.com/world/2013/jun/09/edward-snowden-
nsa-whistleblower-surveillance.
Half, Cameron. 1997. “The Russian Mafia: The Challenge of Reform.” Harvard International
Review 19 (3): 52–72.
Hansen, Lene, and Helen Nissenbaum. 2009. “Digital Disaster, Cyber Security, and the
Copenhagen School.” International Studies Quarterly 53 (4): 1155–75.
doi:10.1111/j.1468-2478.2009.00572.x.
Bibliography Salinas | 166
Harsanyi, John C. 1961. “On the rationality postulates underlying the theory of cooperative
games.” Journal of Conflict Resolution 5 (2): 179–96.
doi:10.1177/002200276100500205.
Herb, Jeremy. 2016. “Iran: Stuxnet 'failed' to stop nuclear work, as virus reportedly stops
operating.” The Hill. February 3. http://thehill.com/policy/defense/234529-iran-gloats-as-
stuxnet-reportedly-stops-operating.
Hill, Kashmir. 2013. “Blueprints Of NSA's Ridiculously Expensive Data Center In Utah Suggest
It Holds Less Info Than Thought.” Forbes Magazine. July 24.
http://web.archive.org/web/20140201010325/https://www.forbes.com/sites/kashmirhill/2
013/07/24/blueprints-of-nsa-data-center-in-utah-suggest-its-storage-capacity-is-less-
impressive-than-thought/.
Holodny, Elena. 2014. “Russia's Brain Drain Is Astounding.” Business Insider. Business Insider.
December 2. http://www.businessinsider.com/russia-brain-drain-putin-ukraine-crimea-
2014-12.
"Human Development Reports." Education index | Human Development Reports. Accessed
March 05, 2018. http://hdr.undp.org/en/content/education-index.
“Individuals using the Internet (% of population).” 2017. Individuals using the Internet (% of
population) | Data. https://data.worldbank.org/indicator/IT.NET.USER.ZS.
Investopedia Staff. 2003. “Moore's Law.” Investopedia. November 24.
http://www.investopedia.com/terms/m/mooreslaw.asp.
James, Patrick. 2014. Crisis and War. Montreal: McGill-Queens University Press.
Jervis, Robert. 1978. “Cooperation under the Security Dilemma.” World Politics 30 (02): 167–
214. doi:10.2307/2009958.
Jervis, Robert. 1978. Perception and misperception in international politics. Princeton, NJ:
Princeton University Press. 58–113
Judah, Ben. 2014. Fragile empire: how Russia fell in and out of love with Vladimir Putin. New
Haven: Yale University Press.
Junio, Timothy J. 2013. “How Probable is Cyber War? Bringing IR Theory Back In to the Cyber
Conflict Debate.” Journal of Strategic Studies 36 (1): 125–33.
doi:10.1080/01402390.2012.739561.
Kahneman, Daniel, and Amos Tversky. 1979. Prospect theory: an analysis of decision under
risk. Rochester, NY: University of Rochester, Graduate School of Management,
Managerial Economics Research Center.
Bibliography Salinas | 167
Kang, David C. 2012. East Asia before the West: five centuries of trade and tribute. New York:
Columbia Univ. Press.
Keating, Maj. Kenneth C. 1981. “Maskirovka: The Soviet System of Camouflage.” Defense
Technical Information Center. U.S. Army Russian Institute.
http://www.dtic.mil/dtic/tr/fulltext/u2/a112903.pdf.
Kuhn, Harold W. 1962. “Game theory and models of negotiation.” Journal of Conflict
Resolution 6 (1): 1–4. doi:10.1177/002200276200600101.
Lamb Sr., Lt. Col. Michael W. 2002. “Bytes: Weapons of Mass Disruption.” Air War College,
Air University Internal Document.
Lasswell, Harold D. 1941. “The Garrison State.” American Journal of Sociology 46 (4): 455–68.
doi:10.1086/218693.
Levy, Jack S. 1988. “Domestic Politics and War.” Journal of Interdisciplinary History 18 (4):
653–62.
Libicki, Martin C. 2014. "Why Cyber War Will Not and Should Not Have Its Grand Strategist."
Strategic Studies Quarterly: 23-39.
Liff, Adam P. 2012. “Cyberwar: A New ‘Absolute Weapon’? The Proliferation of Cyberwarfare
Capabilities and Interstate War.” Journal of Strategic Studies 35 (3): 401–28.
doi:10.1080/01402390.2012.663252.
Liff, Adam P. 2013. “The Proliferation of Cyberwarfare Capabilities and Interstate War, Redux:
Liff Responds to Junio.” Journal of Strategic Studies 36 (1): 134–38.
doi:10.1080/01402390.2012.733312.
Lin, Herb. 2017. “An Evolving Research Agenda in Cyber Policy and Security.” FSI | CISAC.
Stanford University. Accessed December 28.
http://cisac.fsi.stanford.edu/content/evolving-research-agenda-cyber-policy-and-security.
Lobell, Steven E., Norrin M. Ripsman, and Jeffrey W. Taliaferro. 2010. Neoclassical realism,
the state, and foreign policy. Cambridge: Cambridge University Press.
Lokshin, Michael, and Barry M. Popkin. 1999. “The Emerging Underclass in the Russian
Federation: Income Dynamics, 1992–1996.” Economic Development and Cultural
Change 47 (4): 803–29. doi:10.1086/452433.
“Lulz | Definition of lulz in English by Oxford Dictionaries.” 2018. Oxford Dictionaries |
English. Oxford Dictionaries. Accessed January 2.
https://en.oxforddictionaries.com/definition/lulz.
Bibliography Salinas | 168
Majumdar, Dave, Scott B. MacDonald, Lawrence J. Korb, Shannon McKeown, Jacob Heilbrunn,
and Maurice R. Greenberg. 2015. “America's F-35 Stealth Fighter vs. China's New J-31:
Who Wins?” The National Interest. The Center for the National Interest. September 25.
http://nationalinterest.org/blog/the-buzz/americas-f-35-stealth-fighter-vs-chinas-new-j-
31-who-wins-13938.
Martin, Jonathan, and Alan Rappeport. 2016. “Debbie Wasserman Schultz to Resign D.N.C.
Post.” The New York Times. The New York Times. July 24.
https://www.nytimes.com/2016/07/25/us/politics/debbie-wasserman-schultz-dnc-
wikileaks-emails.html.
Mcfaul, Michael. 2005. “Transitions from Postcommunism.” Journal of Democracy16 (3): 5–19.
doi:10.1353/jod.2005.0049.
Mearsheimer, John J. 2014. The tragedy of Great Power politics. New York: W.W. Norton &
Company.
Morgenthau, Hans J. 1967. Politics among Nations; the Struggle for Power and Peace. 4th ed.
New York, NY: Knopf.
Morrow, James D. 1989. “Capabilities, Uncertainty, and Resolve: A Limited Information Model
of Crisis Bargaining.” American Journal of Political Science 33 (4): 941–72.
http://www.jstor.org/stable/2111116.
Mejia, Eric F. 2014. “Act and Actor Attribution in Cyberspace: A Proposed Analytical
Framework.” Strategic Studies Quarterly Spring (8.1): 114–32.
Meyerson, Roger B. 2009. “Learning from Schelling's Strategy of Conflict.” Journal of
Economic Literature 47 (4): 1109–25. www.jstor.org/stable/40651534.
Moeller, Joergen Oerstroem. 2014. “Maskirovka: Russia's Masterful Use of Deception in
Ukraine.” The Huffington Post. TheHuffingtonPost.com. April 23.
https://www.huffingtonpost.com/joergen-oerstroem-moeller/maskirovka-russias-
master_b_5199545.html.
Neumann, John Von, and Oskar Morgenstern. 2007. Theory of games and economic behavior.
Princeton, N.J.: Princeton University Press.
Newman, Lily Hay. 2017. “The Latest Ransomware Outbreak Doesn't Make WannaCry's
Mistakes.” Wired. Conde Nast. June 27. https://www.wired.com/story/petya-ransomware-
wannacry-mistakes/.
Nye, Joseph S. 2011. “Nuclear Lessons for Cyber Security.” Strategic Studies Quarterly ,
January, 18–38. doi:10.21236/ada553620.
Bibliography Salinas | 169
Nye, Joseph S. 2013. “From bombs to bytes: Can our nuclear history inform our cyber
future?” Bulletin of the Atomic Scientists 69 (5): 8–14. doi:10.1177/0096340213501338.
“Presidential Policy Directive (PPD).” 2012. PPD-20. Federation of American Scientists.
October. https://fas.org/irp/offdocs/ppd/ppd-20.pdf.
Rathbun, Brian C. 2007. “Uncertain about Uncertainty: Understanding the Multiple Meanings of
a Crucial Concepts.” International Studies Quarterly 51 (3): 533–57.
http://www.jstor.org/stable/4621727.
Reus-Smit, Christian, and Duncan Snidal. 2010. The Oxford Handbook of International
Relations. Oxford: Oxford University Press.
Reznik, Irina, Ksenia Galouchko, and Ilya Arkhipov. 2015. “Putin Faces Growing Exodus as
Russia's Banking, Tech Pros Flee.” Bloomberg.com. Bloomberg. September 20.
https://www.bloomberg.com/news/articles/2015-09-21/putin-faces-growing-exodus-as-
russia-s-banking-tech-pros-flee.
Rid, Thomas. 2012. “Cyber War Will Not Take Place.” Journal of Strategic Studies 35 (1): 5–32.
doi:10.1080/01402390.2011.608939.
Roberts, Taylor. 2014. “Cybersecurity Capacity Portal.” EIU - Cyber Power Index Findings and
Methodology | Cybersecurity Capacity Portal. University of Oxford. June 12.
https://www.sbs.ox.ac.uk/cybersecurity-capacity/content/eiu-cyber-power-index-
findings-and-methodology.
Rohlfing, Ingo. 2014. Case studies and causal inference: an integrative framework. Palgrave
Macmillan.
Rosenblatt, Seth and Cipriani Jason. 2013. “Two-Factor authentication: What you need to know
(FAQ).” CNET. May 23. https://www.cnet.com/news/two-factor-authentication-what-
you-need-to-know-faq/.
Rothstein, Hy and Barton Whaley. 2013. "Catching NATO Unawares: Soviet Army Surprise
and Deception Techniques", The Art and Science of Military Deception, Artech House
Intelligence and Information Operations, Artech House Publishers, pp. 189–192
“Russia - a happy haven for hackers.” 2018. ComputerWeekly.com. Accessed January 28.
http://www.computerweekly.com/feature/Russia-a-happy-haven-for-hackers.
“Russian Federation.” 2018. Russian Federation | Data. The World Bank. Accessed January 28.
http://data.worldbank.org/country/russian-federation.
Schelling, Thomas C. 1960. The Strategy of conflict: Thomas C. Schelling. Cambridge: Mass.
Bibliography Salinas | 170
Schweller, Randall L. 2004. “Unanswered Threats: A Neoclassical Realist Theory of
Underbalancing.” International Security 29 (2): 159–201.
doi:10.1162/0162288042879913.
Singer, Peter W., and Allan Friedman. 2014. Cybersecurity and cyberwar: what everyone needs
to know. New York: Oxford University Press.
Stillings, Renee. 2017. “Menu.” Public Education in Russia from Peter I to the Present. The
School of Russian and Asian Studies. November 11. http://students.sras.org/public-
education/.
Survey, IMF. 2015. “IMF Survey: Cheaper Oil And Sanctions Weigh On Russia's Growth
Outlook.” IMF. August 3.
http://www.imf.org/external/pubs/ft/survey/so/2015/CAR080315B.htm.
Thibodeau, Patrick. 2013. “India to overtake U.S. on number of developers by
2017.” Computerworld. Computerworld. July 10.
http://www.computerworld.com/article/2483690/it-careers/india-to-overtake-u-s--on-
number-of-developers-by-2017.html.
Thompson, Cadie. 2015. “Beyond Google: Everything you need to know about the hidden
internet.” Business Insider. Business Insider. December 16.
http://www.businessinsider.com/difference-between-dark-web-and-deep-web-2015-11.
“Total Aircraft Strength by Country.” 2018. GlobalFirepower.com - World Military Strengths
Detailed. Accessed February 28. https://www.globalfirepower.com/aircraft-total.asp.
Treisman, Daniel. 2011. “Presidential Popularity in a Hybrid Regime: Russia under Yeltsin and
Putin.” American Journal of Political Science 55 (3): 590–609. doi:10.1111/j.1540-
5907.2010.00500.x.
“United Nations.” 2018. NATO Cooperative Cyber Defense Centre of Excellence. Accessed
February 5. https://ccdcoe.org/un.html.
Valeriano, B., and R. C. Maness. 2014. "The Dynamics of Cyber Conflict between Rival
Antagonists, 2001-11." Journal of Peace Research. 51.3: 347-60.
Wall, Andru E. 2011. “Demystifying the Title 10-Title 50 Debate: Distinguishing Military
Operations, Intelligence Activities & Covert Action.” Harvard National Security Journal.
December 2. http://harvardnsj.org/2011/12/demystifying-the-title-10-title-50-debate-
distinguishing-military-operations-intelligence-activities-covert-action/.
Waltz, Kenneth N. 2000. “Structural Realism after the Cold War.” International Security 25 (1):
5–41. doi:10.1162/016228800560372.
Bibliography Salinas | 171
“'WannaCry' highlights urgent need for cyber risk data. ABI.” 2017. Association of British
Insurers. May 18. https://www.abi.org.uk/news/news-articles/2017/05/wannacry-
highlights-urgent-need-for-cyber-risk-data/.
“What is deep Web? - Definition from WhatIs.Com.” 2018. WhatIs.com. Accessed February 26.
http://whatis.techtarget.com/definition/deep-Web.
“What is Honeypot? - Definition from Techopedia.” 2018. Techopedia.com. Accessed February
26. https://www.techopedia.com/definition/10278/honeypot.
“What is ICT (Information and communications technology, or technologies)? - Definition from
WhatIs.Com.” 2018. SearchCIO. Accessed February 28.
http://searchcio.techtarget.com/definition/ICT-information-and-communications-
technology-or-technologies.
Weber, Rachel N. 2012. “Military-Industrial complex.” Encyclopædia Britannica. Encyclopædia
Britannica, Inc. May 17. https://www.britannica.com/topic/military-industrial-complex.
Wendt, Alexander. 1995. “Constructing International Politics.” International Security20 (1): 71.
doi:10.2307/2539217.
Wright, Quincy. 1942. A Study of War. Chicago: University of Chicago.
Yadron, Danny. 2014. “Hacking Trail Leads to Russia, Experts Say.” The Wall Street Journal.
Dow Jones & Company. October 28. https://www.wsj.com/articles/hacking-trail-leads-to-
russia-experts-say-1414468869.
Zeltser, Lenny. 2015. “The Use of Pastebin for Sharing Stolen Data.” Lenny Zeltser Content.
March 16. https://zeltser.com/pastebin-used-for-sharing-stolen-data/).
Zetter, Kim. 2017. “Hacker Lexicon: What Is an Air Gap?” Wired. Conde Nast. June 2.
https://www.wired.com/2014/12/hacker-lexicon-air-gap/.
Zubaravich, Natalya. 2016. “Russian Economic Crisis Risks Stagnation, Degradation (Op-
Ed).” The Moscow Times. March 25. https://themoscowtimes.com/articles/russian-
economic-crisis-risks-stagnation-degradation-op-ed-52256
Appendices Salinas | 172
Appendix A: Proof 1: First-mover’s probability of success is higher than failure
Ω = retaliatory hack costs or preemptive hack costs
µ = cost to steal Δ
π = research and development costs
Δ = material advantage gained from R&D
Path I.
State A: -Ω + Δ’(P
a
) - Δ(P
b
) – π
State B: Δ(P
b
) – Ω - Δ’(P
a
)
P
b
> P
a
State A: -20 + 100(.49) – 100(.51) – 50 = -72
State B: 100(.51) – 20 – 100(.49) = -18
Path II.
State A: -π – Δ(P
b
)
State B: Δ(P
b
) - Ω
State A: -50 – 100(.51) = -101
State B: 100(.51) – 20 = 31
Path III.
State A: Δ – π – Ω + Δ’(P
a
) - Δ(P
b
)
State B: -Ω + Δ(P
b
) - Δ’(P
a
)
P
b
< P
a
State A: 100 – 50 – 20 + 100(.51) – 100(.49) = 32
State B: -20 + 100(.49) – 100(.51) = -22
Path IV.
State A: Δ – π – Ω + Δ’(P
a
)
State B: - Δ’(P
a
)
State A: 100 – 50 – 20 + 100(.51) = 81
State B: -100(.51) = -51
Path V.
State A: Δ – π
State B: - Δ
State A: 100 – 50 = 50
State B: -100
Appendices Salinas | 173
Appendix B: Proof 2: (Counterfactual) First-mover’s probability of success is lower than
failure
Ω = retaliatory hack costs or preemptive hack costs
µ = cost to steal Δ
π = research and development costs
Δ = material advantage gained from R&D
Path I.
State A: -Ω + Δ’(P
a
) - Δ(P
b
) – π
State B: Δ(P
b
) – Ω - Δ’(P
a
)
P
b
< P
a
State A: -20 + 100(.51) – 100(.49) – 50 = -28
State B: 100(.49) – 20 – 100(.51) = -22
Path II.
State A: -π – Δ(P
b
)
State B: Δ(P
b
) - Ω
State A: -50 – 100(.49) = -99
State B: 100(.49) – 20 = 29
Path III.
State A: Δ – π – Ω + Δ’(P
a
) - Δ(P
b
)
State B: -Ω + Δ(P
b
) - Δ’(P
a
)
P
b
> P
a
State A: 100 – 50 – 20 + 100(.49) – 100(.51) = 28
State B: -20 + 100(.51) – 100(.49) = -18
Path IV.
State A: Δ – π – Ω + Δ’(P
a
)
State B: - Δ’(P
a
)
State A: 100 – 50 – 20 + 100(.49) = 79
State B: -100(.49) = -49
Path V.
State A: Δ – π
State B: - Δ
State A: 100 – 50 = 50
State B: -100
Appendices Salinas | 174
Appendix C: Variables researched for all countries
Abstract (if available)
Linked assets
University of Southern California Dissertations and Theses
Conceptually similar
PDF
Information, public opinion, and international relations
PDF
Forced march to modernity: State-imposed cultural change and regime stability in 20th-century east Asia
PDF
The origins and evolution of the U.S. alliance network: how military allies transform and transact
PDF
Status, security, and socialization: explaining change in China's compliance in international institutions
PDF
Legitimizing self-determination: advancing the sovereignty of separatist movements
PDF
Circuit breakers: how policy entrepreneurs interrupted the electric flow with Peru’s first renewable energy legislation for the grid
PDF
Status seeking in hierarchy: Korea and Vietnam under Chinese hegemony in early modern Asia
PDF
Like father, like son? A succession-based explanation for conflict initiation by authoritarian regimes
PDF
Goldilocks’ signal for security cooperation in East Asia: China’s rise, hedging, and joint military exercises
PDF
Perceiving and coping with threat: explaining East Asian perceptions toward China’s rise
PDF
International politics and domestic institutional change: the rise of executive war-making autonomy in the United States
PDF
When passions run high: emotions and the communication of intentions in face-to-face diplomacy
PDF
Volatile nationalism: nationalism and its influence on maritime disputes
PDF
Challenges from below: the origins of status competitions in world politics
PDF
The business of nationalism: how commodification sustains bilateral tensions
PDF
Things fall apart: the unraveling of international institutions through withdrawal
PDF
A theory of status-quo terrorism: democracies in conflict and their proclivity to outsource repression
PDF
Economic policy-making in a changing environment: the politics of success in Peru vis-à-vis China
PDF
Mercantilism and marketization? Analysis of China's reserve accumulation and changes in exchange rate regime using the monetary policy trilemma
PDF
Public opinion and international affairs: a multi-method approach to foreign policy attitudes
Asset Metadata
Creator
Salinas, Mayagüez J.
(author)
Core Title
Code 'war' theorizing: information and communication technology's impact on international relations theorizing, negotiation, and cyber relations
School
College of Letters, Arts and Sciences
Degree
Doctor of Philosophy
Degree Program
Political Science and International Relations
Publication Date
11/30/2018
Defense Date
03/20/2018
Publisher
University of Southern California
(original),
University of Southern California. Libraries
(digital)
Tag
cybersecurity,foreign policy analysis,hacking,ICT,International relations,international security,negotiation,OAI-PMH Harvest
Format
application/pdf
(imt)
Language
English
Contributor
Electronically uploaded by the author
(provenance)
Advisor
James, Patrick (
committee chair
), Kang, David (
committee member
), Orosz, Michael (
committee member
)
Creator Email
guez@alumni.stanford.edu,mjsalina@usc.edu
Permanent Link (DOI)
https://doi.org/10.25549/usctheses-c89-108738
Unique identifier
UC11675526
Identifier
etd-SalinasMay-6991.pdf (filename),usctheses-c89-108738 (legacy record id)
Legacy Identifier
etd-SalinasMay-6991.pdf
Dmrecord
108738
Document Type
Dissertation
Format
application/pdf (imt)
Rights
Salinas, Mayagüez J.; Salinas, Mayaguez J.
Type
texts
Source
University of Southern California
(contributing entity),
University of Southern California Dissertations and Theses
(collection)
Access Conditions
The author retains rights to his/her dissertation, thesis or other graduate work according to U.S. copyright law. Electronic access is being provided by the USC Libraries in agreement with the a...
Repository Name
University of Southern California Digital Library
Repository Location
USC Digital Library, University of Southern California, University Park Campus MC 2810, 3434 South Grand Avenue, 2nd Floor, Los Angeles, California 90089-2810, USA
Tags
cybersecurity
foreign policy analysis
hacking
ICT
international security