JD Work has over two decades experience working in cyber intelligence and operations roles for the private sector and US government, building and leading organizations to provide new capabilities for emerging missions. He now serves at the Marine Corps University Krulak Center for Innovation and Future Warfare. He holds additional affiliations with the Saltzman Institute of War and Peace Studies at Columbia University, and the Atlantic Council’s Cyber Statecraft Initiative.

Both practitioners and policy professionals alike have sought to establish and promote aspirational norms for the protection of medical sector infrastructure from cyber intrusion and attack. However, the global SARS-CoV-2 pandemic saw these aspirations dashed in multiple campaigns attributed to authoritarian states; alongside ongoing incidents by multiple continuing criminal enterprise actors. These cases have been discussed to date only within traditional frames of scientific & technical espionage (or illicit profit). Nonetheless, notable discontinuities from the inferred objectives of prior campaigns are apparent when considered in more detail based on specific victimology, timing, and against other national postures adopted by states’ infectious disease control, and military biodefense / biological warfare establishments.

Pandemic related targeting provides a unique lens to understand how states benefit from cyber espionage, both for S&T advantage but also political, economic, and other objectives associated with influence operations or information control efforts. This suggests more complexity among adversary consumers than commonly assumed. These incidents further highlight how adversaries react to emergent requirements within compressed timelines, and adapt to new missions and priorities under crisis pressures.

We seek to unpack the complex gains that cyber operations are seen to provide for sponsors. This paper proposes a new theoretic framing for understanding advantage derived from cyber espionage and offensive actions, grounded in observations of adversary behavior in these incidents. We further consider future implications for norms in the absence of effective response to these campaigns, especially where retorsion and other countermeasures are constrained by the recognition of humanitarian needs of populations under exceptional disease burden. Finally, we examine how these insights may be generalized across other future crisis scenarios beyond pandemic, where authoritarian regimes cyber campaigns may pose similar challenges to the international order.