Strategic Cultures of Cyber Warfare

CYBERCULT (Strategic Cultures of Cyber Warfare) is a project that explores the use and proliferation of offensive cyber capabilities – human, virtual or technical tools to exploit, destroy, degrade, or disrupt computer networks. The project is situated in an international cyber security environment in which an increasing number of states are using such capabilities to achieve their political, economic, and strategic objectives. The researcher was particularly interested in using a sociological lens to explore this area of international security and utilised the concept of ‘strategic culture’ to pursue the research – this relates to the existence of common ideas, behaviours, practices and discourse in national, sub-national and supranational communities that shape how states (and non-state actors) think about cyber conflict and the use of offensive cyber capabilities. As such, The MSCA research fellow explored three main research questions during the course of the fellowship:

1. What influence does strategic culture have on (a) the adoption and development of OCC in western states, and (b) the ways OCC are used by those states to enhance their security and support their strategic objectives?
2. What are the similarities and difference in the perceptions of cyber policymakers and practitioners within and between western countries about the utility of OCC?
3. What influence does strategic culture have on the development and use of OCC in western states as compared to material considerations, such as effects and costs?

The importance of the research relates to gaining a greater understanding of a source of significant international conflict and instability, as well as in providing relevant research to inform policy making processes, including at the EU and NATO level, that seek to enhance cyber security. The project therefore aimed to contribute to understanding a growing source of global insecurity and in its immediate relevance for policy.

The overall objectives of the project were:

1. To establish a strategic culture-based theoretical concept that explains the development and use of OCC by western powers.
2. To produce a data set on perceptions of OCC
3. To produce a comparative analysis of OCC adoption in three of the World’s leading cyber powers

The researcher developed the work across four Work Packages (WP). WP1 built the theoretical concept for the project and included a literature review and an assessment of historical-cultural factors in the emergence of new technologies, including analysis of the cyber and information revolution. This included a multidisciplinary research workshop, the development of a typology of offensive cyber capabilities drawing on different academic disciplines, and resulted in a published book chapter and two draft journal articles which are in the process of submission to two leading cyber security journals. WP2 involved developing a data set on the different countries, organisations and subcultures that were the focus of the project. The researcher developed an online survey and conducted interviews on perceptions of OCC in 8 countries connected to the western alliance system (the US, Israel, France, Germany, the UK, New Zealand, Japan and Estonia) and the EU and NATO. The analysis of the data has been used in a variety of publications already, including two published journal articles and two book chapters, with the final data analysis set to yield a further two journal articles, 3 book chapters and a book manuscript. WP3 was about building a comparative analysis of the cyber capabilities and strategic cultures of the US, Israel and Germany. The research has yielded two conference papers and a number of other presentations and engagement and will be published as part of the book manuscript resulting from the action. WP4 was about the communication of the results and the researchers project, the dissemination of the research to academic and policymaking communities, and engagement with the European cyber security policy community. The researcher achieved wide ranging impact, communicated the results of the project widely and through diverse channels including social media, national media, international policy events and academic outlets. He was also able to facilitate his host university becoming partners of the Global Forum on Cyber Expertise (GFCE) and the European Security and Defence College (ESDC) cyber training platform. Transfer of knowledge included the supervision of 11 masters students projects on cyber security, NATO and the EU, lecturing in ESDC trainings for EU officials, and running workshops as part of the Microsoft European Cyber Agora initiative and the Jean Monnet network, CYDIPLO – European Cyber Diplomacy.

This MSCA-IF pushed the boundaries of cyber security research. First, it has advanced the literature by providing a multidisciplinary typology of offensive cyber capabilities, highlighting how different subcultures and epistemic communities view cyber conflict. This has been missing in the literature. The most notable achievement of the project has been to publish a ground-breaking conceptualisation of cyber peace which was published in the number one journal in International Relations, International Affairs. This article identifies the social construction of the cyber warfare narrative, critiques the policy, practice, and research focus on cyber warfare, explores how desecuritisation is desirable as a first step towards a more peaceful cyberspace and explores how a positive form of cyberpeace can emerge based on human centric rights-based approaches to cyber governance and practice. This is one of the first major articles on cyber peace published. The researcher has also made a ground-breaking contribution to the cyber (de)securitisation literature, examining how securitisation processes emerged, and out of which historical and strategic cultural contexts, such as the global war on terror and the vacuum created by the end of the Cold War, and how the role of intelligence agencies and national security establishments have developed in ways that have caused cyber instability and contributed to the proliferation of offensive capabilities and the creation of societal security dilemmas. The work also broke new ground in linking the well-established societal security concept to cyber security, making the argument that societal actors have been most affected by cyber conflict and should have a greater role in the governance of it. Work due to be published from the project will also push the strategic culture literature forward (a) by extending strategic culture theory to strategic subcultures and using this concept to go beyond conventional, rationalist, or normative analyses of cyber security and cyber warfare; (b) by providing a theoretical bridge between strategic culture scholarship and recent critical security studies scholarship related to security practices (c) through redefining the debate on how to mitigate the effects of cyber warfare in the favour of a more cooperative cyber security environment. Societal impact of the project has been to further shift the debate towards peaceful use of cyberspace and through integration of the results of the research into a range of cyber capacity building projects focused on enhancing knowledge and skills on cyber in the European and global cyber policy community, including in the EU institutions and member states.