Myriam Dunn Cavelty (@cybermyri) is a senior lecturer for security studies and deputy for research and teaching at the Center for Security Studies (CSS). She studiedInternational Relations, History, and International Law at the University ofZurich. She was a visiting fellow at the Watson Institute for InternationalStudies (Brown University) in 2007 and fellow at the stiftung neue verantwortung in Berlin, Germany 2010–2011. Her research focuses on the politics of risk and uncertainty in security politics and changing conceptions of (inter-)national security due to cyber issues(cyber-security, cyber-war, critical infrastructure protection) in specific.
Florian J. Egloff (@egflo) (DPhil Oxford) is a Senior Researcher in Cybersecurity at the Center for Security Studies (CSS) at ETH Zurich and a Research Associate at theCentre for Technology and Global Affairs at the Department of Politics andInternational Relations at the University of Oxford. His research focuses on the politics of cyber security, particularly with regard to intelligence policy and the role of non- and semi-state actors in cyber security. Florian’s current research projects focus on the politics of public attribution, the role of non- and semi-state actors in cyber security, and the use of cyber intrusions for political purposes. In addition to his teaching and research activities, Florian provides strategic consultancy, expert advice, and training, including on cyber foreign policy, attribution, and cyber security, to public and private sector entities.
From Cyber-exceptionalism to Restoring Normalcy: Cyber Campaigns and Strategic Intent
The more cases we can add to the pantheon of strategic cyber incidents, the more we can learn about state capabilities. Two trends – the normalization of low-level cyber conflict and the increase of cyber campaigns linked to covert state involvement – demonstrate that the tools for and use of cyber operations for political purposes have matured considerably in the past two decades.
However,“cyber” as a conceptual analytic category may have outlived its usefulness to understand state activity, in particular, strategic intent. Whilst analysts have continued to hold on to the cyber lens for a variety of reasons, state actors are increasingly operating in hybrid spaces between war and peace, between the military and intelligence units, between open and secret, between lawful and murky, and not least traversing the on- and offline world, seamlessly.
In this paper, we make a case for an embedded understanding of “cyber operations” that could ultimately lead to letting go of the prefix altogether. Theoretically, the article argues that rather than cyber-exceptionalism, there is value in situating cyber statecraft in older political science constructs. We show the merit of embedding the “cyber campaign” construct in a larger strategic and political context, in which “cyber campaigns” are just one tool amongst a larger toolset, potentially not even a very special one.
This allows us to shed new light into the question of strategic effects of cyber campaigns:if cyber campaigns are one manifestation of a larger strategic intent, their effects, and consequently their utility, need to be measured in the context of non-cyber state activity. After all, there is not yet consensus on how useful cyber campaigns are, if so, for what and in what contexts. Analyzing these campaigns holistically provides an initial pathway to answering these and further questions.