‘‘The danger might be entirely different than the fear:
an analysis of how states’ perceptions of each other’s
cyber operations create a security dilemma’’
A case study on the Russian Federation and the United States
A Thesis Presented to the Institute of Security and Global Affairs of Leiden University
Master’s thesis Thomas Kist | 1884425
Leiden University
Crisis and Security Management (MSc) 1st Evaluator: Dr. J. Shires
2nd Evaluator: Dr. H. Mazepus
Word count: 20547 14-06-2020
Acknowledgements
Writing this master’s thesis has been a challenge from the inception of the idea to its final product. In this process, there are those that deserve my gratitude.
Foremost, I would like to express my sincere gratitude to my thesis supervisor Dr. Shires, for supporting, guiding and challenging me throughout the entire writing process. He
consistently allowed this thesis to be my own work but steered me in the right direction when he thought I needed it. This thesis would not be completed without his assistance.
Finally, I would like to express my gratitude to everyone who, directly or indirectly, contributed to this research project.
Abstract
In the past few decades many scholars began to realise that the ability to manoeuvre in cyberspace in pursuit of political objectives is an increasingly important aspect of a state’s power (see Saltzman, 2013; Riordan, 2019; Modderkolk, 2019). What is more important, however, the ability of a state to manoeuvre cyberspace or another state’s perception that it can do so? In line with this question, this thesis is concerned with the analysis of whether the perceptions of the Russian Federation and the United States of each other’s cyber operations create a security dilemma. The security dilemma can escalate international tensions as an intended non-threatening action by one state could be perceived threatening by another state, potentially resulting to a decrease rather than an increase in the state’s security (Jervis, 1978). By focussing on whether the perceptions of the two states on the two main variables of the offence-defence theory to each other’s cyber operations create a security dilemma, this study deviates from contemporary research on the relationship between the security dilemma and cyberspace. In analysing the applicability of the offence-defence theory and the security dilemma mainly from a technical point of view, Buchanan (2016, p. 211), for instance, likely argues since he perceives that offence has the upper hand in cyberspace and that a state’s posture is indistinguishable as mainly offensive or defensive in cyberspace, a security dilemma is or will be created in the case of the Russian Federation and the United States.
This thesis, however, does not only study the two variables from a technical angle. This study also seeks to analyse how states’ perceptions of each other’s cyber operations (including cyber capability and posture) create a security dilemma. Although this study’s initial expectations were in line with Buchanan’s (2016) arguments, it turns out that due to the focus on what the two states perceive of the other in their state-published documents, the findings turn out to be different. While, just as Buchanan (2016), this study concludes that both states believe the other state perceives that offence has the advantage in cyberspace, this study contradicts Buchanan’s (2016) argument that the posture is indistinguishable as mainly offensive or defensive in cyberspace. It does so by claiming that the mutual cynical view of the Russian Federation’s and the U.S. of each other’s perceived intention makes it apparent that both states perceive that the other state’s posture is distinguishable as mainly offensive rather than defensive. While in this case, these variants create a world absent of a security dilemma, security problems might arise simply due to the Russian Federation’s and the United States’ mutual reactions to their perceptions of insecurity.
List of Abbreviations
CIA: Central Intelligence Agency DHS: Department of Homeland Security DNI: Director of National Intelligence FBI: Federal Bureau of Investigation IC: Intelligence Community
ICDI: International Cyber Deterrence Initiative ISIL: Islamic State in Iraq and the Levant NATO: North Atlantic Treaty Organisation NSA: National Security Agency
NCS: National Cyber Strategy of the United States NSS: National Security Strategy of the United States R&D: Research and Development
CISR R&D: Security and Resilience Research and Development Plan SIC: Senate Intelligence Community
S&T: Science & Technology U.S. (US): United States
Table of content
CHAPTER 1: A PERCEIVED PERILOUS CYBERSPACE: AN INTRODUCTION ... 2
CHAPTER 2: THE SECURITY DILEMMA: A THEORETICAL FRAMEWORK ... 7
2.1 OFFENSIVE OR DEFENSIVE CYBER OPERATIONS? ... 7
2.2 OFFENCE-DEFENCE THEORY ... 7
2.3 CONCEPTUAL MAP ... 10
2.4 THE ‘FOUR’ WORLDS OF CYBERSPACE ... 11
CHAPTER 3: METHODOLOGY ... 13
3.1 RESEARCH OUTLINE ... 13
3.2 DATA COLLECTION ... 14
3.3 DATA ANALYSIS ... 16
3.4 LIMITATIONS OF RESEARCH ... 18
CHAPTER 4: AN ANALYSIS OF THE PERCEIVED AND SIGNALLED CYBER CAPABILITY ... 20
4.1 CYBER CAPABILITY:THE RUSSIAN FEDERATION’S PERCEPTION OF AND SIGNALLING TO THE UNITED STATES ... 20
4.2 CYBER CAPABILITY:THE UNITED STATES’ PERCEPTION OF AND SIGNALLING TO THE RUSSIAN FEDERATION ... 25
CHAPTER 5: THE PERCEIVED AND SIGNALLED POSTURE: AN ANALYSIS ... 31
5.1 POSTURE: THE RUSSIAN FEDERATION’S PERCEPTION OF AND SIGNALLING TO THE UNITED STATES ... 31
5.2 POSTURE:THE UNITED STATES’ PERCEPTION OF AND SIGNALLING TO THE RUSSIAN FEDERATION ... 36
CHAPTER 6: THE PERCEIVED AND SIGNALLED PRESENCE OF CYBER CAPABILITY AND POSTURE IN THE RUSSIAN FEDERATION AND THE UNITED STATES: A DISCUSSION ... 44
CHAPTER 7: PERCEPTIONS OR REALITY? A CONCLUSION ... 53
CHAPTER 8: BIBLIOGRAPHY ... 56
CHAPTER 9: APPENDICES ... 60
9.1 DATA COLLECTION TABLES ... 60
Chapter 1: A perceived perilous cyberspace: an introduction
Asking who won a given war, is like asking who won a natural disaster. In his book ‘Man, the
state, and war: a theoretical analysis’ about the value of realism in international relations,
Kenneth N. Waltz reasons the notion that in war there is no victory, has gained increasing acceptance in his lifetime. Waltz wrote if one asks whether humankind can have peace where in the past there has been war, the answers are most often gloomy. He, however, also argues that this is perhaps the wrong question and that it might be better to ask the following question: ‘‘Can we have peace more often in the future than in the past?’’ (Waltz, 1959, p. 1).
Fast-forward to the 21st Century, the very definitions of what is ‘war’ and ‘peace’ seem to
be inherently different than they were at the time of the publication of Waltz’s book. Many contemporary scholars argue that understanding how conflict is evolving is essential to planning for peace, and that if there is one domain that has the power to evolve the meaning of warfare, disputes and peace, it is cyberspace1. The ability to manoeuvre in cyberspace in pursuit
of political objectives is thus perceived by many to be an increasingly important aspect of both national and military power and can, therefore, play an important during both times of peace and war (see Saltzman, 2013; Riordan, 2019; Modderkolk, 2019).
States, for instance, are perceived to launch cyber operations frequently. Examples of this contention are abundant. Online disinformation campaigns are accused of influencing the Presidential election in the United States (U.S.) and the Brexit referendum in the United Kingdom (U.K.), and reports of cyber-attacks against renowned corporations are daily events (Centre for Strategic and International Studies, 2020; Modderkolk, 2019). These examples suggest that we are in the course of a new era, similar to past transformations in the field of international security, such as the tank, the nuclear bomb or the aeroplane – innovations that caused radical changes in strategic thinking and behaviour (Riordan, 201). To Riordan (2019) it makes perfect sense that states indulge in cyber technologies because they have added a new dimension to international strategy, creating new threats and opportunities for cyberspace-based crime, espionage, and warfare. Saltzman (2013) even goes as far as to argue information technologies drive not only the Internet but also that ‘‘The cybersphere of action it created is replacing the conventional battlefield’’ (Saltzman, 2013, p. 41). Others also realised the
1Cyberspace is often seen as an equivalent to the Internet; however, this is not an accurate portrayal as
significance of cyberspace and have spoken about cold war in cyberspace (see Modderkolk, 2019).
The rise of digital threats by nation-states seems to be a visualisation of the in 2010 written words by Deputy Secretary of Defence William Lynn: ‘‘In cyberspace, the offence has the upper hand’’ (as seen in Slayton, 2017, p. 72). To Slayton (2017) and Buchanan (2016), the notion that cyberspace favours the offence is heavily influenced by the offence-defence theory and the (cyber) security dilemma. In writing about the offence-defence theory, Jervis (1978, p. 186) believes that the security dilemma escalates international tensions as he argues that an intended non-threatening action by one state could be perceived threatening by another state, potentially resulting to a decrease rather than an increase in the state’s security. Jervis (1978) presents two variables, ‘offence-defence balance’ and ‘offence-defence differentiation’, that help to explain how the security dilemma is formed. Important to note is that perception of states, not reality, is determinant in shaping the two variables and in subsequently explaining the security dilemma (Jervis, 1978). Simply put, perception entails ‘‘A belief or opinion, often held by many people and based on how things seem’’ (Cambridge Dictionary, n.d., para. 1).
Pertinent to this thesis, the perceptions of states on the main principles of the offence-defence theory that can help explain the creation of a potential security dilemma have not been applied to cyberspace in the form of a comparative case study. The main reason for this research gap is that most of what happens in cyberspace is conducted in secret and that studying cyberspace operations from the perspective of the offence-defence theory is therefore inherently challenging (Muller, 2019). Nevertheless, Buchanan (2016, p. 106) argues that the focus on perception is valuable in studying cyberspace, as perception has only occasionally matched up with reality, leading to costly miscalculations and mistakes. While he acknowledges the importance of perception in shaping the security dilemma, Buchanan (2016), however, is still more concerned with how the ‘true’ technical features of cyberspace rather than the states’ perceptions of these technical features influence the security dilemma. This thesis serves to bridge this research gap by focussing on whether, based on the main principles of the offence-defence theory, states’ perceptions of each other’s cyber operations create a security dilemma. This study is academically relevant not only because it analyses the perceptions of states on the main principles of the offence-defence theory and on whether these perceptions create a security dilemma, but it also seeks to test the assumptions of renowned academics such as Buchanan (2016) on the most likely outcome of the application of the two variables –
distinguishable or indistinguishable as mainly offensive or defensive – on states’ perceptions of each other’s cyber operations. Thus, although the vast majority of scholars argue that offence has the advantage in cyberspace, do states agree with this statement? If a state reasons offence has the advantage in cyberspace, does it also perceive that a different nation holds that same believe towards an offensive advantage in cyberspace? Moreover, when a state believes that the offence has an advantage in cyberspace, does the same state perceive it to be rational to behave mainly offensive in cyberspace? What is more, even if a state perceives a different nation holds a similar belief towards an offensive advantage of cyberspace, does the same state also perceive the intention of the other nation to be mainly offensive rather than defensive towards them?
The focus of this study is on a synchronic comparative case study on two cases: the Russian Federation and the U.S. There are several reasons that justify this case selection. The first reason is that both cases have a long conflicting history. This history, pivoting around rivalry and mistrust can be a source of perceptions, and thus pose as a compelling case of how those perceptions can create a security dilemma. Adding to this, the relationship has worsened over the past few years; following the alleged Russian meddling in U.S. Presidential elections, and armed confrontations in Syria, Georgia and Ukraine, the relationship has been pushed to the brink (Kornbluth, 2020). It is, however, not just the Russian Federation that targets the U.S., as the U.S. is perceived by the Russian Federation to continuously attacks its critical infrastructure, including its power grid in 2019 (Sanger & Perloth, 2019; Modderkolk, 2019). Following this attack, the Russian Federation warned the U.S. that such actions could escalate into a cyberwar. Thus, ‘‘The relationship is among the most critical bilateral relationships in the world, with implications well beyond the two states themselves‘’ (Centre for Strategic and International Studies, n.d., para. 1). This adversarial relationship is a significant reason why the Russian Federation and the U.S. are selected as the inter-state case on how two states perceive cyber operations of other nations, rather than, for instance, the U.K. and China, or the Netherlands and Iran. An additional reason why the U.S. is selected is that it is still seen as a critical global guarantor of security. Many European states, for instance, still perceive the U.S. as a significant player in providing European security – whether they like it or not (Pezard, Radin, Szayna & Larrabee, 2017). With the reliance of these countries on U.S. security practices, the U.S. can promote their foreign beliefs, including the way they perceive cyber operations of other nations. This global presence makes them a more prominent influencer than the likes of the Netherlands,
France, Germany or the United Kingdom – meaning that the U.S. is a more complete case to analyse.
Thus, this thesis aims to analyse, based on the offence-defence theory by Jervis (1978), whether the Russian Federation’s and the U.S. perceptions of each other’s cyber operations create a security dilemma. This is achieved by answering the following main research question:
‘‘Do the perceptions of the Russian Federation and the United States of each other’s cyber operations create a security dilemma?’’
In answering this question, the focus is on a synchronic comparative case study on the two cases since the advent of 2010. As in studying perceptions, it is vital to analyse both sides of the perceiving, the focus is on a comparative case study. The time frame (2010-2020) is chosen because this is the period in which both the Russian Federation and the U.S. started to communicate more frequently about cyberspace in official state-published documentation (Riordan, 2019). This study expects that both states’ perceptions of each other’s cyber operations create a security dilemma. In studying how the Russian Federation and the U.S. perceive each other’s cyber operations, and if these perceptions indeed create a security dilemma, five sub-questions are answered:
1. How does the United States perceive cyber operations of the Russian Federation (mainly offensive or defensive)?
2. How does the Russian Federation perceive cyber operations of the United States (mainly offensive or defensive)?
3. What is the United States signalling (if any) of its cyber operations to the Russian Federation (mainly offensive or defensive)?
4. What is the Russian Federation signalling (if any) of its cyber operations to the United States (mainly offensive or defensive)?
5. What are the similarities and differences between the signals and perceptions of cyber operations by the Russian Federation and the United States (mainly offensive or defensive)?
The first four sub-questions have been selected because they enable the answering of the fifth research question, which plays a vital role in this thesis as by analysing the similarities and difference of the two cases it enables the conclusion-making of whether perceptions the Russian
Federation and the U.S. of each other’s cyber operations create a security dilemma. Subsequently, the fifth sub-question enables the answering of the main research question, as, among others, the similarities and differences between the signalled and perceived action determine if there is a security dilemma. The first two sub-questions focus on how the two states perceive each other’s cyber operations. What is meant with ‘signalling’ in the third and fourth sub-question is whether the Russian Federation and the U.S. see its cyber operations as offensive or defensive, and also whether they portray their offensive or defensive cyber operations to be a response to any action taken by the other state. In analysing the perceiving and signalling, the focus is also on non-cyber related perceptions and signals. This is because non-cyber related perceptions and signals can also shape how the Russian Federation and the U.S. perceive each other’s cyber operations, and therefore potentially create a security dilemma. If a state, for instance, is perceived by the other state to signal it is seeking regional or global hegemony, the other state could perceive its cyber operations to be mainly offensive. In order to remain in the scope of this thesis, the actors that are involved in the ‘perceiving’ and ‘signalling’ include Russian and U.S. heads of state and governmental agencies that are involved in cybersecurity.
Chapter 2: The security dilemma: a theoretical Framework
2.1 Offensive or defensive cyber operations?
To clarify what is meant by ‘cyber operations’ in the research question, it comprises of offensive and defensive operations. Offensive cyber operations are ‘‘Intended to project power by the application of force in and through cyberspace’’. Defensive cyber operations, on the other hand, are ‘‘Passive and active cyber operations with the aim of protecting data, capabilities, and other designated systems’’ (Federation of American Scientists, 2020, p. 1). An ‘offensive’ or ‘defensive’ cyber operation, however, can hold a different meaning to a different group of nations, organisations and people (Schulze, 2018; Buchanan, 2016).
The most critical dimension in this thesis, however, is not that the intention of a cyber operation is offensive, and that the effect is also labelled as such. Instead, the importance is related to whether a country perceives the cyber operations of another nation to be mainly offensive or defensive against them. This rationale is based on Buchanan’s (2016) analysis of the ‘cybersecurity dilemma’. Buchanan (2016) claims that in their endeavour to assure cybersecurity, ‘‘States will sometimes intrude into the strategically important networks of other states and will threaten – often unintentionally – the security of those other states, risking escalation and undermining stability’’ (Buchanan, 2016, p. 3). Thus, in this thesis, a perception of a state, not reality, is determinant in defining whether a cyber operation is offensive or defensive.
2.2 Offence-defence theory
2.2.1 The ‘four worlds’ of the offence-defence balance
The offence-defence theory is relatively hopeful of international politics. This is based on the argument that when the defence has the perceived advantage over the offence, major war can be avoided (Glaser & Kaufmann, 1998). The theory is closely related with the realist theory since both assume that states ‘‘Seek to maximise their security by attempting to minimise the probability they will be conquered or destroyed by other states’’ (Lynn-Jones, 1995, p. 664). In his 1978 study called ‘Cooperation Under the Security Dilemma’, Robert Jervis identifies the security dilemma as a challenging process that increases tension between states. He argues that many of the means by which states endeavour to improve its security decrease the security of others (Jervis, 1978, p. 170). The intensity of the security dilemma and the notion of whether a
defensive action by a state may be perceived as threatening by another nation, or an offensive movement by a state be perceived as non-threatening to a different nation depends on two variables: ‘‘Whether the offence or defence has the advantage, and whether an offensive posture is distinguishable from a defensive one (Jervis, 1978, pp. 186-187). Jervis (1978, p. 211) combined these ‘‘Two variables to yield four possible worlds’’ (see figure 2.2 below).
Figure 2.2: A Four Worlds Model (Jervis, 1978, p. 211).
In his analysis, two factors form the basis of perceiving whether the offence or the defence has the advantage: geography and technology (Jervis, 1978, p. 194). Geography is essential as geographic features – in the form of steep mountains, narrow straits or a treacherous river – can be perceived to enhance the defensive position. Technology, on the other hand, plays a leading role in the offence-defence theory because when a state’s offensive capabilities are vulnerable to attack, the state can believe it must use those technologies before they are destroyed (Jervis, 1978). Here, Jervis (1978) reasons that the advantage leads to the offence as opposed to the defence. In addition to the factors that influence whether the offence or defence has the advantage, Jervis (1978) argues the offence-defence balance is also determined by whether an offensive posture is perceived to be distinguishable from a defensive one (Jervis, 1978, p. 199). With posture, it is meant how a government positions itself when talking about a particular matter. The believed distinguishable posture does not mean that based on such an offence-defence differentiation of posture, all security problems will be abolished. Nevertheless, it does say that if a state perceives it can distinguish whether a potential adversary’s posture as mainly offensive or defensive, it can ‘‘Give notice of their intentions by the posture they adopt’’ (Jervis, 1978, p. 214). If the offensive posture, for instance, is not perceived to be distinguishable from a defensive one, there is always a security dilemma – no matter whether the offence or the defence has the advantage (Jervis, 1978, pp. 211-212).
In sum, in the offence-defence balance, geography and technology determine whether the offence or the defence is perceived to have the upper hand, and a perceived distinguishable offensive or defensive posture determine whether there is a security dilemma (Jervis 1978, pp. 194, 211). In the offence-defence balance, the subjectivity of a state’s security experiences, not objectivity, is pivotal in determining whether a state believes the offence or defence has the upper hand and whether a state perceives a different country’s posture to be distinguishable as mainly offensive or defensive (Jervis, 1978; Buchanan, 2016, p. 105). This is important as Buchanan (2016, p. 110), for instance, argues that ‘‘Perceptions of offence-defence dominance amplify the cybersecurity dilemma’’. Thus, in the context of the offence-defence theory, countries are perceived to act on what they perceive to be true, and not on universal truth (Gortzak, Haftel & Sweeney, 2005, pp. 71-72).
2.2.2 ‘Doubly dangerous’: applicability of the offence-defence theory to cyberspace
In his analysis of the cybersecurity dilemma, Buchanan (2016) discusses the applicability of the offence-defence theory to cyberspace. In talking about the first variable, the offence-defence
balance, Buchanan (2016) argues in cyberspace, offensive action has an advantage. This is
because geography – which according to Jervis (1978) favours the defenders – is minimally present in the cyberspace. Since in cyberspace, almost all states are in virtual proximity with one another, there are few geographical constraints, which causes intruders to enjoy greater freedom of action. The second concept in the security dilemma, technology, is much more relevant in the cybersecurity dilemma. Technologies, unlike geographical features such as land and sea, are a human creation. ‘‘It is technology, and indeed flaws in technology that makes network intrusions possible in the first place’’ (Buchanan, 2016, p. 106). Therefore, in determining whether the offence or defence has the advantage in cyberspace, it is technology (or cyber capability), rather than technology and geography that is most significant (Buchanan, 2016, pp. 110-110). Locatelli (2013, p. 8) agrees with the notion that offence has the upper hand in cyberspace and claims this is also because progress in offensive cyber technologies is developing faster than in defensive technologies. Thus, what is meant with cyber capabilities in this thesis is the resources, knowledge, skills, procedures and operational readiness that are required to be able to have a perceived effect in cyberspace. Therefore, ‘‘Cyber capabilities are building blocks that can be employed in operations to achieve some desired objective’’ (Uren, Hogeveen & Hanson, 2018, para. 9).
In discussing the second variable of the offence-defence theory by Jervis (1978), namely the offence-defence differentiation, Buchanan (2016, p. 113) reasons it is inherently tricky to distinguish an offensive posture from a defensive one. He believes this is because both offensive and defensive technologies can be perceived as threatening by other states. By saying so, Buchanan (2016) refers to the words of Barack Obama, who in security dilemma-esque language said: ‘‘When you develop sufficient defences, the same sophistication in defences means that, potentially, you can engage in offence’’ (as seen in Buchanan, 2016, p. 112). In addition to the threatening technologies, Buchanan (2016, p. 119) also believes defensive cyber operations of one state can be perceived to be offensive by another. Buchanan (2016, p. 213) reasons if a state has managed to conclude that a particular intrusion is solely defensive in nature, the state is likely afraid that the intruder is capable of penetrating its network and that it might do so in the future. Although the nature of an intrusion can alter with a state’s intention, ‘‘The intrusion is threatening in a variety of ways that the traditional defensive technologies envisioned by mitigators, such as mines and fortifications, simply are not’’ (Buchanan, 2016, p. 213).
As Buchanan (2016, p. 119) perceives offence has the advantage in cyberspace and that a potential adversary’s posture is hardly distinguishable as either offensive or defensive, he reasons that in cyberspace, the security dilemma is severe. Transferring these notions to Jervis’ (1978, p. 211) Four Worlds Model, Buchanan (2016) likely believes we live in the first ‘doubly dangerous’ world.
2.3 Conceptual map
In figure 2.3 below, a conceptual map of the main concepts that are utilised in this research is listed; perceived security dilemma, perceived cyber capability and perceived posture. Cyber capability and posture are perceived to have a direct effect on the way states’ perceive each other’s cyber operations and therefore play an important in whether or not a security dilemma is perceived to be created (see Jervis, 1978; Buchanan, 2016).
2.4 The ‘four’ worlds of cyberspace
Based on the ‘Four Worlds Model’ of the offence-defence theory by Jervis (1978, p. 211), and the two concepts that are compared, namely cyber capabilities and posture, this thesis analyses which of the four worlds is most suitable to the Russian Federation and the U.S.
From a purely technical point of view of cyberspace, Buchanan (2016, p. 211) most likely argues that since he perceives that offence has the upper hand in cyberspace and that a state’s posture is difficult to distinguish as mainly offensive or defensive in cyberspace, the first world is most suitable in explaining in which world the Russian Federation and the U.S. live in. This thesis, however, does not merely study the four worlds from a technical angle. Instead, this study seeks to analyse how states’ perceptions of each other’s cyber operations influence in which of the four worlds the Russian Federation and the U.S. perceive they live in, which ultimately explains whether or not a security dilemma is created.
World 1: The state perceives that the other nation’s cyber capabilities favour offensive cyber operations, and the same state perceives that the other nation’s posture is indistinguishable as mainly offensive or defensive.
World 2: The state perceives that the other nation’s cyber capabilities favour defensive cyber operations, and the same state perceives that the other nation’s posture is indistinguishable as mainly offensive or defensive.
World 3: The state perceives that the other nation’s cyber capabilities favour offensive cyber operations, and the same state perceives that the other nation’s posture is distinguishable as mainly offensive or defensive.
World 4: The state perceives that the other nation’s cyber capabilities favour defensive cyber operations, and the same state perceives that the other nation’s posture is distinguishable as mainly offensive or defensive.
Despite the different scope, this study’s expectations are in line with Buchanan’s (2016), arguing that both states perceive that the offence has the upper-hand and that both states perceive that the other state’s posture is indistinguishable as mainly offensive or defensive. In particular, this study does not expect that the Russian Federation and the U.S. signal in its official documents that they perceive the other state to be involved in mainly offensive cyber operations, potentially severing the bilateral relationship.
What is meant by ‘distinguishable’ and indistinguishable’ in the second clause of each world, is that, if, for instance, the Russian Federation perceives the U.S. posture to be mainly defensive, the U.S. posture is perceived to be distinguishable by the Russian Federation. In the context of a perceived distinguishable posture, according to the offence-defence theory, there will never be a security dilemma. In this case, the third and fourth worlds are the only two worlds that can explain how the Russian Federation perceives U.S. cyber operations.
Chapter 3: Methodology
3.1 Research outline
This research investigates how states’ perceptions of each other’s cyber operations create a security dilemma. The comparison is a set of two cases; the way the Russian Federation and the U.S. perceive each other’s cyber operations since the advent of the 21st century. To test
which of the four described worlds is most applicable to both the Russian Federation and the U.S., this thesis adopts a qualitative comparative analysis. The two concepts that are compared are based on the offence-defence theory by Jervis (1978). In his analysis, two factors determine the offence-defence theory: whether the offence or the defence has the advantage and whether an offensive posture is distinguishable from a defensive one (Jervis, 1978, pp. 194, 199). In determining if the offence or the defence has an advantage, Jervis (1978) lists two crucial factors: geography and technology. Since geography is minimally present in cyberspace –as there are few geographical constraints –, potential intruders enjoy greater freedom of action (Buchanan, 2016). In terms of the analysis, this implies that in exploring whether the Russian Federation and the U.S. perceive each other’s cyber operations as mainly offensive or defensive, and on whether these perceptions create a security dilemma, the focus is on technology (cyber capability), and not on geography. Thus, from an offence-defence balance perspective, if a state views their cyber capabilities to be superior to the cyber capabilities of another country, it will likely perceive itself as having an offensive advantage. Having a subjective offensive advantage, however is not sufficient in the offence-defence balance: it is also essential to determine whether an offensive posture is distinguishable from a defensive one (Jervis, 1978, p. 199). In this thesis, the posture is determined by analysing if the Russian Federation’s and the U.S. intentions can be perceived to be distinguishable by each other as mainly offensive or the defensive.
Concluding, in world testing, the focus is on two factors. First, in determining if both countries believe whether the offence or the defence has an advantage, the emphasis is on whether the two states perceive each other’s cyber capabilities to favour offensive or defensive cyber operations. Second, in determining the posture, the emphasis is on whether or not the two countries perceive the posture of the other country is distinguishable as mainly offensive or defensive. As discussed, such a perceived distinguishability of the other country’s posture will not necessarily abolish the security dilemma, but the posture one state is perceived to adopt will give the other nation some subjective insights into its intentions (Jervis, 1978, p. 214).
3.2 Data collection
The world testing requires a significant sum of information on the cyber capability and posture: whether the Russian Federation and the U.S. perceive each other’s cyber capabilities and posture as mainly offensive or defensive against the other. The primary data of this thesis consists of official documents from the Russian Federation and the U.S. These documents are selected as they come closest towards the official signalling and perceiving of the two cases. The documents of the Russian Federation aid in researching the second and fourth sub-questions, while the U.S. documents enable the analysis of the first and third sub-question. Lumped together, the documents of the two states empower this thesis to answer the fifth sub-question. Ultimately, the answer to the fifth question enables the conclusion making of the main research question, which analyses whether or not the perceiving and signalling of the Russian Federation and the U.S. of each other’s cyber operations create a security dilemma.
The analysed documents of the Russian Federation and the U.S. include strategies, laws, doctrines, presidential and governmental decrees, speeches from political leaders and documents from different governmental agencies working in the area of cybersecurity and information security. In section 9.1, all the documents that are used in the data analysis are listed in a table, together with how the research questions capture the documents. These documents are considered as reliable and valid primary sources because both the Russian Federation and the U.S. use them to describe how they perceive the cyber capability and posture of the other. These documents also enable the identification of what the Russian Federation and the U.S. are signalling (if any) of its cyber operations to the other state. Although the true intentions of these sources cannot be proven to be hundred per-cent dependable because there is a likelihood that the governments do not tell the whole truth, it is the most reliable means to understand the way the Russian Federation and the U.S. perceive each other’s cyber operations, and in ultimately determining whether these perceptions create a security dilemma.
What is more, in this thesis, the potential lack of truth in the official documentation is not a severe problem. This is because in the context of perception, countries act on what they believe is accurate, and not on universal truth (Gortzak, Haftel & Sweeney, 2005, p. 71). Thus, if a state signals in its official documentation that it seeks to be mainly defensive, based on its subjective experience, the other nation could still perceive – and potentially signal the perception in its documents – the other to be mainly offensive.
Starting with the Russian Federation, there is one research problem: the author of this thesis does not speak Russian. This problem, however, is resolvable. This is because many official documents are translated into English. Documents of the Russian Federation that are analysed include the Presidential Address to the Federal Assembly (2016, 2018 and 2020), the Plenary Session of the International Cybersecurity Congress (2018), the National Security Strategy of the Russian Federation (2009), the Foreign Policy Concept of the Russian Federation (2016), the Military Doctrine of the Russian Federation (2010 and 2014) and the Doctrine of Information Security of the Russian Federation (2016). In addition to these documents, this study analyses The Putin Interviews, a transcribed version of a four-hour long interview between U.S. filmmaker Oliver Stone and Putin. This is a valuable source, as Putin extensively discusses how it perceives U.S. cyber capability, what it signals about the Russian Federation’s cyber capability to the U.S., how it perceives U.S. posture, and what it signals about the Russian Federation’s posture to the U.S. Important to note, however, is that there are certain limitations involved in analysing both official documents of the Russian Federation and an interview. As the official documents are state published and target Russian-speaking audiences, they appear to be more reliable than the Putin interview with Oliver Stone, a U.S. filmmaker that targets Western audiences. In addition to the reliability, the documents published by the Russian Federation are more closed and ambiguous than the interview as they are official documents containing only a neglectable degree of human emotions. While the emotions in the interview are crucial as they amplify Putin’s perceptions of U.S. cyber operations, it is vital to understand that his statements might not always be completely truthful, as he could also say what he perceives the Western audience would like to hear. Despite this, the ‘The Putin Interview’ significantly strengthens the analysis of this thesis as Putin’s statements contain a high degree of perceiving of and signalling to the U.S. In order to overcome the limitations mentioned above of the interview and to come closer to the ‘truth’ of what the Russian Federation perceives of U.S. cyber operations, the data from the interview is only included in the analysis and the discussion chapters of this thesis if it corresponds with data in the official state-published documents.
In studying the U.S., five documents are analysed. The decision to focus on five U.S. documents in comparison to eight documents of the Russian Federation is that the U.S. documents are significantly more sizeable. The selected documents include the ‘‘Background to Assessing Russian Activities and Intentions in Recent US Elections’’: The Analytic Process and Cyber Incident Attribution (2017), the National Security Strategy of the United States of
America (2017), the Report of the United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election (2019), the Worldwide Threat Assessment of the United States Intelligence Community (2019) and the National Cyber Strategy of the United States of America (2018).
3.3 Data analysis
The research method chosen to understand the designated case studies is qualitative content analysis. This method is used to identify patterns in the collected data, and it helps in determining whether the Russian Federation and the U.S. perceive each other’s cyber operations to be mainly offensive or defensive, and in analysing whether or not the two countries perceive the posture of the other to be distinguishable or indistinguishable as mainly offensive or defensive against them. By doing so, it is possible to examine which of the four worlds by Jervis (1978) is most applicable to the Russian Federation’s perception of U.S. cyber operations, and which is most suitable to the U.S. perception of the Russian Federation’s cyber operations. The perceptions of each other’s cyber operations enable the analysis of whether or not they create a security dilemma and ultimately explain if the findings correspond to Buchanan’s (2016) argument that the doubly dangerous first world is the world of states in cyberspace.
To smoothen the qualitative content analysis, the obtained data is analysed by coding both documents from the Russian Federation and the U.S. To be able to make conclusions out of the codes, thematic content analysis is applied, which is ‘‘The process of identifying patterns or themes within qualitative data’’ (Maguire & Delahunt, 1999, p. 3352). The decision to focus on thematic content analysis is based on the argument by Marshall and Rossman (1999) that an essential dimension of the thematic analysis of qualitative data is to bring structure, interpretation and order to a significant sum of collected data (Marshall & Rossman, 1999). Since this thesis focuses on the qualitative content analysis of a substantial data group, the application of thematic content analysis is thus perfectly justifiable.
The themes and codes are developed in a deductive manner, as drawn from the theory, and are complemented by an inductive analysis, in which there is no predetermined correlation with derived data and the theory. Essential concepts are operationalised into code definitions during the coding process. The codes are categorised into three main categories: cyber capability, posture and cyber operations. All the codes, dimensions and indicators are listed in table 9.2.
The collected data is evaluated by analysing the two main concepts that are incorporated in the four worlds; namely, the perceived offensive or defensive cyber capabilities and the perceived distinguishable or indistinguishable offensive or defensive posture of a state. These two concepts are analysed as they enable the testing and subsequent conclusion making of which world is more applicable to how the Russian Federation perceives U.S. cyber operations, how the U.S. perceives cyber operations of the Russian Federation, and ultimately in explaining how these perceptions create a security dilemma.
Starting with the first concept that is mutually present in all four worlds, namely the perceived offensive or defensive cyber capabilities, it is crucial to operationalise the concept. In this study, a cyber capability is defined as ‘‘Building blocks that can be employed in operations to achieve some desired objective’’ (Uren, Hogeveen & Hanson, 2018, para. 9). In cyberspace, these building blocks include technologies, skills, procedures and operational readiness. These can be perceived by other states to be required in order to affect cyberspace. In analysing cyber capability, the focus is on two dimensions: on whether one of the two states perceives the cyber capabilities of the other will be predominantly used for offensive or defensive cyber operations (referring to the ‘perceiving’ in sub-question one and two), and on whether one of the two countries published in its official documents that their cyber capabilities will be predominantly deployed for offensive cyber operations (referring to the ‘signalling’ in sub-question three and four). Therefore, the cyber capability in the four worlds is not determined by objectivity, but by subjectivity – in line with the offence-defence balance by Jervis (1978). In this context, a cyber capability is not only labelled as offensive if in official documents the U.S. reasons it seeks to focus on offensive cyber capabilities, but it is also considered as offensive if the Russian Federation perceives the U.S. to focus on offensive cyber capabilities mainly. Thus, indicators of perceived offensive cyber capabilities include that the state is perceived to emphasise on offensive capabilities in official state document, that the offensive use of weapons is perceived to dominate defensive countermeasures, that states are perceived to signal that they focus on offensive cyber capabilities, and that knowledge, skills, procedures and operational readiness are perceived to support offensive cyber operations (Locatelli, 2013; Uren, Hogeveen & Hanson, 2018, para. 9).
In analysing the second concept that is present in all four worlds, namely a perceived distinguishable offensive or defensive posture, it is also vital to operationalise posture. With
posture, it is meant how a government is perceived to and positions itself when talking about a
provide an insight into its perceived intentions. In contrast, a state’s perceived cyber capabilities can give the other state some understanding of whether it can realise its intentions with the cyber capabilities it possesses. Just as the analysis of cyber capability, posture also focusses on two dimensions: on whether one of the two states perceives that the posture of the other will be a signal of an intention of mainly offensive or defensive cyber operations (referring to the ‘perceiving’ in sub-question one and two), and on whether one of the two countries published in its official documentation that the posture of the other is distinguishable as mainly offensive or defensive (referring to the ‘signalling’ in sub-question three and four). As is the case with the cyber capability, the posture is not determined by objectivity, but by subjectivity. Thus, a posture is not merely considered to be distinguishable if, for instance, the U.S. has stated it seeks to launch offensive cyber operations against the Russian Federation. It is also considered distinguishable as mainly offensive if the Russian Federation has published it perceives the U.S. to be offensive and that it fears it will launch offensive cyber operations against them. Indicators of a perceived offensive cyber posture include perceived hostile content in official documents of the Russian Federation and the U.S., a perceived offensive national security perspective, a perceived offensive military doctrine, a perceived offensive information warfare strategy and the referencing in official documentation that the other state has conducted a series of hostile cyber operations since 2010. These hostile cyber operations could include acts that are perceived to signal disruption, including the stealing of money or intellectual property, the damaging of another state’s or organisation’s systems, (cyber) capabilities or critical infrastructure and the active spread of disinformation.
3.4 Limitations of research
There are at least three issues this research project might encounter. The first one is credibility, meaning confidence in the truth of the research findings. The second one is dependability, entailing the consistency of the results. The third one is confirmability, which implies a degree of neutrality by the research and respondents (Lincoln & Guba, 1985, pp. 289-293). In terms of credibility, this thesis is dependent upon the official Russian and U.S. documentation. Thus, if an essential dimension of one of these two states is not documented, it falls outside of the scope of this thesis. However, since the analysed documents are carefully selected based on the scope of this research, the potential obstacles are likely minimal. In terms of dependability and confirmability, it can be argued that the method of qualitative content analysis leads to biases and oversimplification. However, by objective making concluding out of this data, these
obstacles are overcome. This is, for instance, done by applying two different methods of triangulation. Triangulation rests upon the principle that having only one research method is often weak and can be bettered by triangulation (Pandey & Patnaik, 2014, p. 5747). To ensure that the research findings are well-developed, theory and perspective triangulation enable the use of multiple theoretical perspectives to examine and interpret data. Moreover, triangulation of sources enables the examination of the consistency of data sources within the same method, by, for instance, comparing different governmental documents from different periods (Pandey & Patnaik, 2014). In addition to triangulation, the main strength of the offence-defence theory is that it builds on the notion of uncertainty and perception. It acknowledges there are uncertainties with regards to capabilities, posture and intentions, and it also accepts states’ perception and secrecy (Jervis, 1978). Since this thesis is based on whether states’ perceptions of each other’s cyber operations create a security dilemma, the offence-defence balance by Jervis (1978) is perfectly suitable in that process.
Chapter 4: An analysis of the perceived and signalled cyber capability
4.1 Cyber capability: The Russian Federation’s perception of and signalling to the
United States
4.1.1 Cyber technologies
The research and development of cyber technologies
In answering to the question ‘‘When did Russia build its cyber capabilities’’ posed by Oliver Stone, Putin replied it has been a long and complex process (Stone & Putin, 2017, p. 407). To Putin, it all started with the notion that citizens of the Russian Federation have a very high education level and possess an excellent school of mathematics – which he perceives to be critical criteria for states that seek technological advances. According to Putin, the Russian companies are not merely heavily invested in software but are also deeply embedded in the research and development (R&D) of hardware. Put merely, R&D refers to the ‘‘Activities that companies undertake to innovate and introduce new products and services’’ (Kenton, 2020, para. 1). An additional prominent reason for why Putin reasons it to be essential to be self-sustainable with regards to technological R&D can be found in his 2016 Presidential Address to the Federal Assembly (Putin, 2016). In this address, Putin said that technologies, and in particular cyber technologies, are vital as they determine all spheres of life. More importantly, he views that ‘‘The countries that generate such technologies will get a lasting advantage and an opportunity …. those who fail to do this will be placed in a dependent and disadvantaged position’’ (Putin, 2016, p. 23). To fully exploit the potential of cyberspace, however, Putin believes it to be vital for the Russian Federation to build its digital platform – an information-sharing platform of the Russian Federation. In doing so, Putin claimed the platform must be compatible with the global information space (Putin, 2018a, pp. 12, 18).
The President is also wary of cyberspace as he argues there to be numerous risks associated with the digital sphere, which, among others, to him, include the global damages from cyberattacks that exceeded $1 trillion in 2017 (Putin, 2018b, p. 2, 4). In his Presidential Address to the Federal Assembly in 2016, Putin also argued to be cautious of cyberspace, claiming ‘‘We [the Russian Federation] must strengthen our protection against cyber threats’’, after which he hinted towards the creation of defensive cyber technologies that have the power to protect the
Russian Federation’s cyberspace infrastructure – without explicitly mentioning which technologies (Putin, 2016, p. 23).
Just as the Russian Federation’s domestic focus on the R&D cyber capabilities and Putin’s goal to develop a digital platform within the Russian Federation, the emphasis on the protection against cyber threats seems to signal a focus on the R&D of defensive-related cyber capabilities.
The Russian Federation’s quest for a sustainable technology sector
In his Presidential Address to the Federal Assembly in 2020, Putin noted that Russian companies must create innovative technologies and should develop them with Russian resources (Putin, 2020, p. 18). He deemed this to be vital, as since the fall of the Soviet Union in 1991 Russian companies and organisations decided to procure the vast majority of technologies from abroad, leading to an influx of technologies from the U.S. and Europe, which were being used by the Russian Federation’s intelligence services and defence ministry. The President contends, however, that in the past few years, the organisations became aware of the potential threats that imported technologies could bring with them. Therefore, Putin stated that the Russian Federation would seek for technological independence, which to him, will increase national security (Stone & Putin, 2017, p. 409).
To Putin, an additional reason of the Russian Federation to heavily invest in cyber technologies and other military technologies is not that the country fears other states will use its technologies against them (Putin, 2020, p. 18). Instead, he stated that ‘‘The main threat and our main enemy is the fact that we [The Russian Federation] are falling behind’’ (Putin, 2018a, p. 4). The President argued technological lag and dependence on technologies of other states, or companies located in other states, translate into reduced security and economic opportunities, and will ultimately result in the loss of sovereignty (Putin, 2018a, pp. 4-5). Therefore, Putin claimed that the Russian Federation views technological development as a vital step in enhancing its national security (Putin 2018a; Putin 2020). The President stressed that he is not threatening anybody with his calls for a more innovative Russian Federation, and also stated he nor the Russian Federation has offensive intentions. Instead, he claimed that technological development in the Russian Federation is a ‘‘Solid guarantee of global peace as this power [The Russian Federation] preserves and will preserve strategic parity and the balance of forces in the world’’ (Putin, 2018a, p. 39). More importantly, Putin asserted tha the countries ‘‘Who in the past 15 years have tried to accelerate an arms race and seek unilateral advantage against Russia, have introduced restrictions and sanctions that are illegal from the standpoint of international
law aiming to restrain our nation’s [The Russian Federation] development, including in the military area, I will say this: everything you have tried to prevent through such a policy has already happened. No one has managed to restrain Russia’’ (Putin, 2018a, p. 39).
This section demonstrates that Putin views technological independence as a vital step in realising national security. The focus on the domestic use of domestic resources does not suggest a purely offensive or defensive focus. However, Putin’s quote about the countries that have imposed sanctions against the Russian Federation can be perceived by the U.S. that the Russian Federation will do virtually everything to maintain its national security. This quote also signals that Putin does not agree with the sanctions imposed by other states – including the U.S., Canada and E.U. countries –, and that despite those sanctions, it will still seek for technological advancement and independence. What is more, the vast majority of sanctions were likely put in place to prevent the Russian Federation to develop technologies that can be perceived as threatening to other states. Thus, as Putin stated that the sanctions were fruitless, the U.S. might perceive that the Russian Federation is developing offensive capabilities.
4.1.2 Perceptions and misperceptions of capabilities
‘Incorrect’ United States’ perception of the Russian Federation’s capabilities
Vladimir Putin claimed in 2017 that it is likely the U.S. does not fully comprehend the power the Russian Federation has in terms of capabilities. Subsequently, Putin reasoned that the U.S. holds the perception that ‘‘The current level of science, of technologies, the current level of the defence industry of the United States are so high that it gives them grounds to believe that they will be able to make such a breakthrough that no one is going to be able to catch up with them’’ (Stone & Putin, 2017, p. 234). Putin, however, claimed that the vast majority of the Russian Federation’s capabilities are from the highest international standards, which, to him makes the Russian Federation thoroughly protected (Stone & Putin, 2017, p. 297). Although this paragraph does not hint towards purely offensive or defensive capabilities of the Russian Federation, Putin does signal that the vast majority of the Russian Federation’s capabilities are from the highest international standards, which can be perceived by the U.S. to be threatening. In Putin’s perception, the most important thing about the Russian Federation is not the amount of money it spends on the defence sector or technological development; it is about the Russian people. More precisely, his statement concerned the inner state of the Russian people; the inability to live without sovereignty (Stone & Putin, 2017, p. 233). In his 2020 Presidential
Federation can only remain if its sovereign and that the sovereignty of the Russian Federation is unconditional. In the context of people over technology, he reasoned it to be surreal that the United States seeks to spend more on its defence industry year after year. After claiming this, Putin uttered that the Russian Federation will analyse how the perceived build-up in military expenditure will impact the national security of the Russian Federation, acknowledging the fear that the increase might be an indicator of an imminent offensive U.S. attack targeting the Russian Federation (Stone & Putin, 2017, p. 397). Putin’s main point is that he believes the U.S. to be extremely materialistic and that the U.S. instead spends money on its technologies than it strives to build longstanding relations with the Russian Federation (Stone & Putin, 2017, p. 233).
While these statements do not hint towards offensive or defensive cyber technologies, they visualise some sort of Putin’s scepticism towards the perceived U.S. capability build-up. From a security dilemma point of view, Putin also seemed to suggest that if the U.S. ceased this perceived capability build-up, and instead invests more resources in strengthening its relationship with the Russian Federation, the creation of a security dilemma could be averted. 4.1.3 Intelligence activities
It is essential to note that this entire section is based on The Putin Interview as none of the other analysed documents of the Russian Federation elaborates on the country’s intelligence activities and its perceptions of U.S. intelligence activities. This study recognises that the inability to triangulate the data with other official documents is a significant limitation, but it also acknowledges this section contains essential information of how the Russian Federation perceives the U.S. cyber- and intelligence capabilities.
Intelligence capabilities of the Russian Federation
According to Oliver Stone, many Americans believe the Russian Federation to be just as powerful as the U.S. when it comes to mass surveillance. In response, Putin stated that the Russian Federation is not on par with the U.S., simply because ‘‘We [The Russian Federation] do not have the capabilities the United States has at its disposal’’ (Stone & Putin, 2017, p. 312). Putin praised the capabilities of U.S. intelligence services, as in comparing intelligence agencies and secret services in both countries, Putin believed that the U.S. is likely outperforming the Russian Federation (Stone & Putin, 2017, p. 109). The president reasoned this is the case because the U.S. has additional funding for special services, which the Russian Federation
cannot afford. Putin, however, also argued that he perceives the U.S. way of behaving in cyberspace as ineffective, as they, for instance, are expensive and are perceived by Putin to be unsuccessful in combating terrorism (Stone & Putin, 2017, pp. 430).
The President of the Russian Federation reasoned that the U.S. surveillance operations targeting its allies is improper and argued that spying on an ally undermines trust, which in the end damages a country’s national security. In this context, Putin claimed he believes the U.S. to be an ally of the Russian Federation, but he would not go as far as to say its relationship is more durable than the likes of the U.S. and Germany and Canada – two of the countries targeted by the NSA. Interestingly, Putin argued that he had nothing against the U.S. mass surveillance operations on the Russian Federation and was also not surprised that next to the U.S. – which is number one –, the Russian Federation is the country of which the U.S. collected most phone calls. Despite this, Putin claimed the special services of the Russian Federation also collect intelligence in the U.S. In discussing the intelligence operations of the Russian Federation, however, Putin stated that instead of emphasising on the U.S. like practices of mass surveillance, the special services of the Russian Federation conduct acts of target surveillance (Stone & Putin, 2017, pp. 312-313). He stressed that the decision to adopt the targeted approach had nothing to do with a lag of the Russian Federation’s cyber technologies, but rather with operational decisions (Stone & Putin, 2017, p. 313).
Putin’s words signal that he perceives the U.S. intelligence capabilities to be mainly offensively oriented towards the Russian Federation. Despite this, Putin stated that this U.S. approach does not bother him and also indirectly claims the Russian Federation is collecting intelligence in the U.S. – which can be perceived by the U.S. to consist of both offensive and defensive cyber operations.
4.2 Cyber capability: The United States’ perception of and signalling to the
Russian Federation
4.2.1 Cyber technologies
The research and development of cyber technologies
In the U.S. National Security Strategy (NSS) published in December 2018, Trump states that ‘‘Given the new features of the geopolitical environment, the United States must renew key capabilities to address the challenges we face’’ (Trump, 2017, p. 28). More specifically, in the U.S. National Cyber Strategy (NCS) published in September 2018, Trump stresses that the U.S. should improve cyber capabilities by dedicating a significant amount of resources to the R&D of cyber technologies. In the context of defensive cyber capabilities, the President, for instance, signalled that the U.S. will update the Critical Infrastructure Security and Resilience Research and Development Plan (CISR R&D) to collectively in the U.S. set priorities for addressing critical security risks to critical infrastructure (Trump, 2018, p. 9). The signalled objective is to not only realise the R&D of cyber technologies in collaboration with domestic public and private entities but also in close cooperation with international partners. In this context, the NCS also describes that ‘‘The world looks to the United States … for leadership on a vast range of transnational cyber issues’’ (Trump, 2018, p. 24). This international outlook is perceived by the Trump Administration to promote open and industry-driven approaches to cybersecurity challenges, subsequently resulting in a more resilient cybersphere (Trump, 2018, p. 10, 14).
Thus, a vital objective stated in the NCS is that the Trump Administration seeks to ‘‘Preserve United States influence in the technological in the technological ecosystem’’ (Trump, 2018, p. 14). It also signals that the U.S. strives to maintain its leadership in emerging technologies, as it perceives that the U.S. influence in cyberspace is closely connected with the technological leadership of the country. Trump also claimed that the U.S. will promote global awareness of U.S. cybersecurity tools and innovations, reduce trade barriers to a robust worldwide cybersecurity market and expose and counter repressive regimes that utilise cyberspace as a tool of repression (Trump, 2018, p. 15).
From a defensive point of view, this section acknowledges that just as Putin, Trump recognises that cyber technologies are essential for the U.S. to thrive and that the U.S. will do everything in its power to do so. On the other hand, while Trump signals that the U.S. aims to create a more resilient international cybersphere, the President also claims the U.S. will expose
and counter repressive regimes that use cyberspace to repress people, which can be perceived by the Russian Federation to be more related to offensive cyber- capabilities and operations.
Obstacles to cybersecurity and innovation
In the NSS, Trump argues that for more than a decade, malicious state actions have conducted cyber operations against the U.S., targeting intellectual property and technologies of both public and private organisations (Trump, 2017, p. 20). The Worldwide Threat Assessment of the U.S. Intelligence Community (IC), published in 2019 also states that they believe that the Russian Federation ‘‘Increasingly uses cyber operations to threaten both minds and machines in an expanding number of ways – to steal information, to influence our citizens, or to disrupt critical infrastructure’’ (Office of the Director of National Intelligence, 2019, p. 5). The IC even goes as far as to say they perceive the Russian Federation – together with China – to be the most significant cyber threats towards the U.S. What is more, the IC believes every adversary of the U.S. will increasingly rely on offensive cyber operations, with the perceived ambition to influence capabilities, policies and to advance their national security and policy objectives (Office of the Director of National Intelligence, 2019, p. 5).
The Worldwide Threats Assessment also points out an additional obstacle to U.S. technology development. It states that ‘‘For 2019 and beyond, the innovations that drive military and economic competitiveness will increasingly originate outside the United States, as the overall US lead in science and technology (S&T) shrinks’’(Office of the Director of National Intelligence, 2019, p. 15). At the same time, the IC states in its threat assessment that it perceives that states such as the Russian Federation will increase their efforts and invest more resources to acquire top talent, innovative companies and intelligence property both via licit and illicit means. The IC points out that Putin, for instance, is increasingly interested in robust science and technology capabilities as he views them to be critical to the Russian Federation’s sovereignty, national power and economic outlook (Office of the Director of National Intelligence, 2019, p. 15).
In this section, both Trump (2017) and the Worldwide Threat Assessment of the U.S. IC (Office of the Director of National Intelligence, 2019) heavily lean towards the notion that the Russian Federation seeks to develop offensive cyber capabilities to target the U.S.
4.2.2 Cyber capability perceptions
Perceived cyber capabilities of the Russian Federation
In the NSS, Trump reasons that adversaries study the American way of war and based on these assessments procure both conventional and cyber technologies that target U.S. strengths and seek to exploit perceived weaknesses (Trump, 2017, p. 27). The President also reasons that the Russian Federation is developing technologies designed to deny the U.S. regional and global influence. Due to, among others, these two notions, Trump argues modern-day deterrence is significantly more challenging to realise than during the Cold War. The NSS further states that cyber technologies, in combination with conventional military technologies, have allowed competitors to harm the U.S. across various domains – including land, air, space, maritime and cyberspace. The President further contends cyber technologies enable adversaries to substitute nuclear weapons with more ‘invisible’ cyberspace weapons. These adversaries are perceived by Trump to strategically target the U.S., which will potentially result in a crippled economy or a lack of ability to deploy U.S. military forces (Trump, 2017, pp. 27-28).
The IC also perceives it to be likely that the Russian Federation will try to utilise deep fakes or similar machine-learning technologies to create false – but convincing – audio, image and video files to manipulate the public opinion in the U.S. The IC believes the disinformation and misinformation campaigns that are perceived to be waged by the Russian Federation to be a threat to cybersecurity, and in particular, a threat to the users of cyberspace – as changing public opinion via cyberspace can influence U.S. policy, actions and elections (Office of the Director of National Intelligence, 2019, p. 7). The Trump (2017, p. 20) Administration is also afraid adversaries steal intellectual property valued at hundreds of billions of U.S. dollars. To Trump (2017, p. 21), this is a significant risk as ‘‘Stealing proprietary technology and early-stage ideas, allows competitors to unfairly tap into the innovation of free societies’’ (Trump, 2017, pp. 21-22).
These statements suggest that just as the vast majority of academics (see Buchanan, 2016; Slayton, 2017), Trump and the IC perceive that offence has an advantage in cyberspace. In the context of defensive or offensive cyber operations, this section also visualises Trump’s and the IC’s fear that the Russian Federation will launch offensive cyber operations against the U.S.
