Open access peer-reviewed chapter
Abstract
This chapter will examine the changing understanding of national security in the cyber age, particularly with the development of an extensive Gray Zone. Gray Zone activities are now cyber-enabled and this has changed the nature of the Gray Zone. The boundaries of this zone are being bent and flexed. Until some firmer global norms and red lines are properly established by states in the international system, it will be difficult for behavior in the Gray Zone to be predictable or stable. Our contemporary understandings of effective deterrence and coercion in the international system are based on predictability, communication and signaling; aspects of the international system that are absent or at least very challenged in the information age. States that currently benefit from ambiguity in the Gray Zone seem to lack incentive to establish the norms and limits of their actions in a way that would lead to stability. The ability to utilize deterrence and coercion tactics effectively in the cyber age may be the unseen incentive provided from states with an interest in maintaining a rules-based order.
Keywords
- Gray Zone
- deterrence
- cyberattacks
- national security
- United States
1. Introduction
Statecraft is defined as the skillful conduct of state affairs [1]. Promoting and protecting national interests and national security are the key aim of this activity. Each state will define its national interests differently and these interests will also change over time. The nature of conflict that challenges national interests is less changeable. War has been understood as the activity of armed conflict to achieve national interest, be it security and protection from others’ aims or for facilitating a state’s own aims by threatening another’s. Military force is the heart of war. There has been some debate over centuries about whether the nature of war changes or can be changed by technology and the debates sparked by disagreement over this involve the idea of the Revolution of Military Affairs [2]. The key question being, does the nature of war change because of certain technologies and innovations or is it just the tactics used to conduct it that are altered? Even where there are successful arguments for the changing nature of war, the kinds of technological advancements that cause this are very limited [2] and the number of times this has occurred through the centuries can be counted on one hand.
What is known as the Gray Zone, the statecraft that takes place that sits below the threshold of war is more changeable in nature. States conduct diplomacy, through espionage, sabotage, coercion, economic persuasion, and public diplomacy. The patterns and utility of each activity constantly changes according to the tools available to states, the most effective method of achieving the aim and the norms and taboos of diplomatic conduct as they change over time. The cyber age has brought some important changes to the way these activities are conducted and their effectiveness in achieving political interests. States are still adjusting to the utility of Gray Zone activities and developing understanding about how best to responds to cyber-based Gray Zone activities [3]. These matters are significant to international relations.
Current activity in the Gray Zone would suggest that states are struggling to define where red lines and thresholds of war are being crossed and some activities that could be seen as acts of war or provocation of conflict are being responded to with a much lower degree of response. This has potentially significant implications for the development of norms of
Through an examination of some of these changes, some key events and how they have been responded to, this chapter will examine these important questions and show that there is indeed some uncertainty about the role of war in statecraft in the cyber age.
2. The problem: defining the Gray Zone
The term “Gray Zone” can be traced to the US Special Operations Command paper written in 2015 [4]. It was used to describe the range of activities used in statecraft that can neither be defined as war nor peace, but rather as something in between. These are somewhat nefarious or malicious activities that do not present such a challenge to another state’s national interests so that they should be considered an act of war. There is no exact definition of the Gray Zone and that is because the concept of national interests and the threshold for war differs between states [4]. Therefore, there is little capability to precisely label activities as being in the Gray Zone in any objective way.
This, however, does not mean, and should not preclude, states from determining what they consider Gray Zone activities as opposed to acts of war. In terms of breaches to a state’s vital interests, it should be possible to know when an act is no longer a Gray Zone activity, but an act of war. There should be a clear line determining where the Gray Zone ends if not where it starts. States need to define their national interests and determine core/vital interests from within those broader interests to establish what is “acceptable” behavior by other states, even if it is not desirable. Within the confines of international law, states need to be able to recognize when their vital interests are threatened and a response and retaliation is warranted and legal. States then also need to determine how to respond according to the seriousness of this breach of national interests.
The process of determining these things must also account for international laws and norms, as relating to the declaration of war and what is considered a just
An important question that must be posed, however, is are these restrictions outdated? Has the concept of war changed so that the Gray Zone is now the warfighting space? Or have states’ determination of when it is “worth” going to war and what is “worth” fighting for changed?
Sovereignty is the key concept that underpins international law and the development of accepted norms of state behavior. It then also determines what should be
States need to understand what and when they consider their sovereignty to have been breached and their vital interests challenged and also what they should be able to do to protect themselves in different circumstances. This understanding will lead to the possibility of better and clearer negotiations on state behavior and also ensure that the hard international law is supported by acceptable norms. In this way, the Gray Zone in the cyber age will be more clearly defined also. There will be less room for ambiguity and, therefore, greater stability in international relations. Transforming the Gray Zone into normal statecraft short of war will ensure that unacceptable or accidental war is more likely to be avoided.
3. Changing old concepts
The last decade or so, as the implications of cyber technology and capabilities were becoming more visible and apparent due to the increase in cyberattacks being conducted, debate has arisen over whether old theories of strategy and war fighting are relevant or hold in the new cyber-enabled international system. Many scholars have questioned the applicability of concepts such as Douhet’s airpower theory, Jomini’s fighting at the decisive point, or Clausewitz’s principles of war and even Sun Tzu’s Art of War to the cyber age and the conduct of international relations using this technology [8, 9, 10]. There has also been work done on how small wars alter Grand Strategy through the shifting of power and elements within the international system [11]. It could be argued that this same process is operating through the cyber domain with different interactions and attacks slowly shifting the power relations and other elements of the international system in ways that lead to changes in the Grand Strategy of states. Certainly, cyber technology has caused a great deal of thinking and debate about these matters and about how states should interact with each other. The Gray Zone may be being used as a testing ground for future behavior and norm development and ultimately patterns formed around these interactions will lead to the resolution of at least some of these debates [3].
The scholarly debate and questioning of old strategies reflects the observations about the different ways in which cyber technology has impacted long held and understood concepts and tactics of diplomacy and statecraft. Some of these changes are examined below.
3.1 Public diplomacy
Public diplomacy is the concept of a state conducting diplomacy with the public of another [12]. Where “normal” diplomatic relations are conducted between officials from their respective governments, public diplomacy involves bypassing these officials and “speaking” directly with the society of another state. Public diplomacy is not a new practice, it has been a way for states to persuade another state of its virtues and to gain support for its policies and decisions through direct engagement with the people. Winning over the public is an effective mechanism for gaining persuasive power over another state, particularly a democracy. Public diplomacy is very closely related to soft power and it is about promotion of ideas and policies and convincing the society of another state of their worth [13]. Traditionally, the media, including newspapers and radio have been used for this purpose. State officials have also been known to make public appearances and make speeches that are broadcast for the consumption of the public in another state.
The internet and social media have brought innovation to this age-old concept. Using these technologies has increased the range, speed and breadth of the ability to communicate directly with people in another country. It has also allowed an element of anonymity to come into this concept. One of the key facets that makes public diplomacy an acceptable activity allowed by most governments is the fact that it is known who and how the communication with their publics is transpiring [14]. The advent of the internet and social media has removed this element of this form of statecraft. States can now be quite anonymous and spread messages in a much less transparent way. This presents a danger in that it can lead to a shift from public diplomacy into a Gray Zone tactic that is more nefarious, information or political warfare. Crossing the line of the threshold of hostility without necessarily causing conflict.
3.2 Coercion
Coercion is another tool of statecraft that has long been used by states to engage with each other and to seek out their own interests. In the cyber age, however, there have been differences made to the use of this tool that are important to interstate relations and the identification and protection of national interests.
Coercion is commonly used to refer to the idea of the use of force or threat of the use of force to influence another state’s behavior. It is often used to mean a combination of the idea of deterrence (or the prevention of activity) and what Thomas Schelling referred to as Compellence or providing incentive to undertake an activity [15]. Coercion has a long, long history in international relations and statecraft. The means by which states coerce others into behavior more aligned to their own interests changes constantly and is very much situationally dependent [16]. The severity of the force threatened, or used to support the credibility of the threat, also changes according to the interests in the behavior change and the severity of outcomes for the coercer should the behavior remain unchanged.
In order to determine how cyber has altered the nature of this tactic of statecraft, it is important to understand the concept of “force” and how we define that term. If we consider force purely to mean kinetic and traditional forms of military force, then we severely limit both our conception of how cyber tools can be used for this activity and also our recognition of when a state is coercing another. Economic coercion can be used to amend another state’s behavior just as much as military force. It is the pain that is caused that creates the incentive to alter behavior [17] and so we need to consider the idea of force more loosely so that we allow for different means for coercive behavior to be understood, particularly in the current cyber context. Where cyberattacks and cyber tools can be used to cause pain to an opponent and to degrade something of value to them, then cyber coercion can occur [16]. As will be seen below, sometimes cyber tools are also used in ways related to both military, diplomatic and economic coercion.
Cyberattacks have been used in recent years as an effective coercive tool. The reversibility of the impact of certain types of attacks makes them ideal for punishing a state’s behavior and then being able to remove that punishment once the behavior has been altered. The cyberattack on Sony Pictures is an example of the use of cyber tools for coercive purposes. The November 2014 attack on Sony Pictures was attributed to North Korea and involved an attack on the movie company because of its production of a film
Another example of the possible use of cyberattacks for coercion occurred in an attack on the Australian Parliament and government agencies in 2020 after Australia called for an inquiry into the origins of COVID-19. There were also other tensions in relations between China and Australia at the time. The attacks targeted a range of private sector organizations as well as political and government agencies. Although the attacks were not officially attributed to China, it is widely believed that they were the perpetrators of the attack. It also fits with the probably coercive intent. When factoring in which state had the most potential benefit from the attacks and the timing of the attacks, China makes sense as the perpetrator with coercion as the motive [20].
Cyber tools also make the possibility of coercing with less risk of escalation more feasible and, therefore, potentially more common. Coercion is arguably more effective with a reversible impact because the coercer can actually demonstrate their ability to implement the threatened imposition of cost and then remove it. The damage from more traditional force is not often as easily reversible. The implications are that cyber technology has also expanded coercion opportunities and capabilities to states that may otherwise not have had sufficient ability to threaten the power of another militarily superior state [16]. It provides an asymmetric advantage to less powerful states and also potentially non-state actors.
More discreet forms of coercion with cyber tools come in the form of what might be defined as part of political or information warfare. With cyber means, there is a greater possibility to undertake deceptive or covert coercion through the persuasion and influence over a foreign population [16]. Democratic states are most susceptible to this in that public opinion is a significant influence on policies and government decisions in these states. Authoritarian regimes, however, are not immune. One of the biggest vulnerabilities of authoritarian regimes is controlling information accessed by the population in order to maintain control. The concept of nefariously interfering with another state’s population to disrupt the decision-making processes of the government is not a new tactic or activity, but cyber technology has enhanced the capability in terms of potential reach of messaging and influence and also the ability to do so without being detected or having the intent of the activity revealed [16].
3.3 Deterrence
Deterrence is a form of coercion that is based on the prevention of a behavior encouraging another state to stop a behavior they are engaging in [21]. There are several forms of deterrence and these are effective in different scenarios.
There is deterrence by punishment. This type of deterrence can be used to reverse a behavior that has already been undertaken or use the threat of such punishment (with a credible backing of a state’s capabilities and will to carry out the threat) to prevent a behavior occurring. The idea is that a state will punish or punishes the behavior and so the outcomes for the state to be deterred will be so costly or damaging that, again, undertaking or continuing the behavior is irrational as the benefit of achieving the aims and interests sought is outweighed by the costs [22]. It relies firstly on rational decision-making and secondly on an ability to accurately calculate the cost of the outcome in relation to the benefit of non-compliance. The second of these conditions is harder to meet in the cyber age with the impact of cyber attacks being harder to determine, particularly in the idea of damage and cost imposition. It is also harder to build credibility as a coercer because of a lack of track record in cyber based attacks and responses and also the guarded secrets about a state’s cyber capabilities.
There is also deterrence by denial. The idea behind this type of deterrence is that the opponent or target of the deterrence needs to be convinced that continuing the behavior (or undertaking it in the first place) that a state is trying to deter will not result in the achievement of its aims or interests. Continuing or undertaking the action is then redundant and counter productive because it will not achieve the aims or benefit the state and this action would be irrational [22]. Again, in the cyber age the elements of a deterrence tactic that are necessary for its success, including the ability to signal how the deterring state would deny the opponent achieving its objectives are harder to implement in cyberspace.
In the cyber age, there has been a good deal of scholarly debate about the efficacy of deterrence as a tool of statecraft. According to Borghard and Lonegran, scholars who have promoted the idea that deterrence cannot work in cyberspace have been overly pessimistic. They claim that although deterrence by punishment is not very effective because of the unique features of interactions in cyberspace, deterrence by denial can be much more effective if properly understood and applied [10]. In a related argument, Uri Tor claimed that lessons from the idea of “cumulative deterrence” used by Israel in response to its neighbors could also be a more effective way to think about the applicability of deterrence in a cyber-enabled environment. The idea of cumulative deterrence is that deterrence does not happen as a one off interaction that prevents a nuclear attack, as was the common use of the model in the Cold War period, but rather it is an ongoing process of “training” the behavior of the opponent through multiple interactions and the pattern of response [23].
One of the major reasons that scholars provide for the lack of effectiveness of deterrence in cyberspace is the lack of ability to attribute attacks and actions. This view is becoming outdated as attribution capability improves in both a technical sense as well as in the ability to identify interests being served by attacks and the ability to deduce likely perpetrators becomes a more acceptable threshold of attributing incidents [24]. That is, our understanding of the specificity of the attribution and how the claims are made has matured and developed over time in favor of looser attribution. This is not to say that random and unjustified naming and shaming of a state would be tolerated, but neither is there a need to be able to prove without a shadow of a doubt who was behind the attack, matched by the evidence levels of technical elements of the attack and who undertook it [24].
Ultimately what is more detrimental to the effectiveness of deterrence in cyberspace is the ambiguity of a range of features. Firstly, states have been slow to develop “Red Lines” [23]. That is, states are not making the point of signaling when another state is pushing the edges of Gray Zone towards war. Without a clear understanding of an opponent’s red lines and vulnerabilities and pain points, implementing a deterrence strategy is very difficult. Communication is key to this understanding and arguably, this communication is lacking in the international system in the cyber age for a variety of reasons. Secondly, and relatedly, many states seem unprepared or reluctant to develop rules of the road for cyber interactions either explicitly by rejecting negotiations of international agreements or implicitly through failure to retaliate for attacks, even for attacks that seem to warrant a serious response. More on this later.
3.4 Trade
States can also utilize trade relations and mechanisms to engage with each other and to pursue their national interests. Although trade relations are seen as beneficial to states, as they promote commercial activities and stimulate economies, they can be disruptive or concerning for various reasons.
Firstly, even in what may appear on the surface a positive trade relationship, some states can be exploited by others. Any commercial arrangement or trade agreement can be written to benefit one side more than another. They will reflect the relative power relationship of the two states as well as their economic strength [25]. This is the case in cyber and non-cyber trade relations. The need to be connected and to have access to the latest technology in order to compete in a global economy that is driven by innovation and connectivity can be additional incentive for states with less indigenous cyber industry or ability to afford this technology to accept one-sided deals. There can be deliberate attempts to create trade relationships that are deeply one-sided and ill designed for mutual benefit as well as this being a more accidental result. This can be used as a form of economic coercion [26].
Secondly, there can be national interest and security concerns that arise from the nature of the product being sold. In the cyber and information age, this has become a large and growing problem. In the case of cyber technology being traded, however, there can be hidden traps in terms of a lack of standards, the inclusion of spyware on applications provided in a trade providing access to possibly sensitive information that another state could use maliciously [26]. States may be unaware of what technology or software can do and how other states will use access to their vital state functions through different technology and software that is traded. There is a greater capacity to deceive in cyberspace through trade relations than is generally the case in trade and commercial activity in tangible goods and more familiar services [27]. National security can be challenged in undetected and undetectable ways through cyber means making trade a more threatening activity than in the pre-cyber world.
Cyber technology and its application to tactics of statecraft have changed the nature of what were generally considered to be normal and acceptable interactions between states and of conducting international relations to be potentially much more threatening to national security. The nature of the Gray Zone, then, has also changed and become a more threatening environment in which states operate. Activities that were once considered acceptable may no longer be so benign, creating the problem or redefinition of the Gray Zone that was already hard to define.
4. Determining the thresholds of war
In order for states to be able to ensure their national interests are being protected in this new environment of conflict and state competition, decisions need to be made about what the thresholds of war are in this new context. To do this, the nature of war in this environment also needs to be understood from the point of view of engagement in war as an activity to help achieve a state’s interests and from the concerns around escalation of competition and conflict from the Gray Zone and into an outright war scenario and what the likely consequences of such actions would be.
A sensible and rational decision about what was worth risking war over is easier when there is a clear understanding about the nature of war, weapons, conflict, others’ interests and intents as well as what is likely to lead to escalation. There is also an element of determining the relative power of both sides and what they are likely to be able to achieve militarily from a kinetic conflict [28]. In the world of more traditional war and kinetic conflict it was much easier to determine these factors that lead to rational calculations on which to base decisions about war. In the cyber age, there is less understanding about each of these factors. What damage can be done with cyberattacks? How can that damage be measured in terms of tangible outcomes? Even the interaction between kinetic and traditional warfighting capabilities and weapons is hard to determine and understand. Measuring another state’s power in terms of its cyber capabilities is, therefore, also difficult.
Traditionally, decisions about power and relative strength of states, that have also been the basis for rational calculations about going to war, have defined power in terms of kinetic military strength. The quantum of arms was a relatively easy measure, though not necessarily a straight one to one calculation of certain weapons. Generally, though, the destructive capability of a weapon could be determined, measured and the capacity of weapons could also be determined and compared between militaries and states [29]. National power, then, was somewhat measurable. Of course, complications such as a state’s ability to mobilize it population, the motivations for war and the political strength of a leader or leadership to bring the will of its population to bear on a decision to go to war also mattered and were far less tangible.
Cyber power and the capability of cyber weapons is not so measurable as kinetic weapons and traditional military strength and capability [29]. Not only is the destructive capacity of a cyber weapon less straight forward, but the understanding of how combinations of different cyberattacks interact with each other and how much disruption can be caused is lacking among the general population of many states. The reversibility of damaged caused by cyberattacks also makes this calculation of destruction and power less certain.
Cyber is not the only new capability that has led to a rethink about states’ national interests and what should be defined as vital interests or not [21]. In the nuclear age, as the ultimate escalation threat became the destruction of humankind, there was a need for states to rethink what it was they were prepared to go to war over [30]. As Clausewitz made clear, once a conflict has begun, controlling escalation is not always possible [31]. Much of the Cold War was spent strategizing ways to prevent or manage escalation, certainly to avoid at least this ultimate destruction. Deterrent signaling and proxy wars became the predominant strategy of the latter Cold War period [32]. Although as scholars have pointed out, not all our learnings from nuclear deterrence are helpful to understanding how deterrence could and should work in the cyber age [9], but surely the lessons about avoiding and managing escalation should be carefully considered in the context of cyber-enabled conflict.
If national power and capability is more difficult to calculate, then the rationality of decisions about warfighting and defense of national interests can also be called into question. The value of national interests also need to be considered. A state needs to be to able to accurately assess its relative power and strength in order to be able to determine how much it can value a particular interest [21]. If it is not capable of defending itself against another state, then it must capitulate when challenged. If it has some power to defend itself against certain levels of attack or those from certain opponents, then it can make decisions about what it will risk in terms of defending different interests. In the cyber age that capability and relative power is harder to determine and it also gives greater strength to unexpected states [22]. The example of the Ukraine’s resistance to Russian attacks in recent years is a clear example of the shifting power balance in the international community in the cyber age. It also potentially demonstrates the inaccurate assessment of national power.
In democratic states, there are checks and balances on decisions to go to war that also need to be factored into this decision. The will of a state to contest for its national interests is, in part, determined by the ability to sustain support from the population. The population ultimately bears the cost of the war and provides the resources with which to fight it. Governments in democracies, then, are constrained by public sentiment as well as their collective assessment of the value of the national interest [33]. The wars in Afghanistan and Iraq over the decades since the turn of the century provide an instructive example of the value populations place on national interests and security and the impact that can have on war fighting. It is particularly illustrative of the consequences of governments and populations having mismatches in understanding of the value of different national interests and the need to defend them through war [34]. The Gray Zone may then be the only available ground on which to fight.
Some states have a vested interest in retaining, if not increasing, the ambiguity of the Gray Zone. For those undertaking quite nefarious and malicious activity aimed to threaten even vital national interests under the guise of what were once normal and acceptable activities statecraft, it is good to have the cover of the Gray Zone from which to operate. States with less traditional military power or kinetic capability with which to influence the international system and protect their national interest can operate quite effectively in the Gray Zone in a way that causes significant damage to another state’s national interests [3]. The problem is that this turns the Gray Zone into the war zone. Allowing this to occur without response or understanding of what is happening can lead to unintended loss of national sovereignty and erosion of national security and power.
5. Redefined war or redefined national security
An important issue to be resolved for states, then, in this cyber age, it has the nature of war changed or does it remain the same but with new weapons? Whatever the answer to that question, a related one needs also to be addressed, which is do we need to redefine our understanding of national security?
When we understand the context of decision-making and war resulting from clear answers to these two questions, then we can better define what is considered to be the Gray Zone. Or acceptable measures of statecraft that are short of war. Behavior states are happy to accept from other states without responding with war to address defines where the threshold of war lies and the Gray Zone ends.
It seems, however, that the current thresholds for war, particularly in response to cyberattacks, are quite high. The United States in recent times has seemingly accepted quite a lot in terms of vital interests being attack with minimal response, and certainly not a war. Russian attacks on the 2016 and 2018 elections that were designed to sway the outcome and seemingly interfered with the ultimate condition of sovereignty of the United States, the electoral process, did not provoke war. The US seems to have preferred to deal with these breaches with a doubling down on its ability to protect its institutions from future attacks than with retaliating (at least directly) to those already undertaken [35]. There is a need to caveat this claim with the possibility of things being done in the classified space unknown to the general public and unavailable for analysis.
Another attack posing a seemingly significant challenge to US sovereignty or vital national interests was the Chinese attack on the Office of Personnel Management in 2014–2015. The attack was a massive data breach that saw access gained to some 21.5 million Americans’ personal and sensitive data that was in the system for security clearance checks [36]. This was a very serious attack and the Obama Administration admitted it was such. The response to this was also to focus on improving US cyber defenses rather than punishing the perpetrators [37]. This was early days in the engagement of state sponsored cyberattacks and so it could be that a lack of understanding of how to respond appropriately may excuse relative inaction on the part of the Obama Administration. It may also be noted that this was an act of espionage and not an open attack on key sovereign functions of the United States government. Nonetheless, this was a serious attack on fundamental aspects of US national security.
It seems from the response to these attacks and the pattern being set of retaliation for challenges of this kind, which has continued in more recent years, that states, at least for now, are happy operating in the Gray Zone. For longer term norm development about crossing thresholds for war a rethinking of what it means to defend one’s national security may need to occur or eventually action will need to be taken against a state clearly breaching another’s sovereign rights. It may be that the concept of sovereignty needs to be redefined in the cyber age given how easily borders can be penetrated and foreign populations reached. If states are perpetually operating in the Gray Zone, even in ways that would traditionally have been thought of as the engagement in acts of war, then it will cease to be a Gray Zone and the nature of what was considered war will have changed. Where national security is gravely threatened in the Gray Zone and retaliation for those acts occur there also, the Gray Zone will have become the war zone.
6. Conclusion
The cyber age has presented challenges to concepts and activities in international relations that states thought were long settled. Cyber technology and the capabilities it brings have led to a questioning of the applicability of existing international law and norms. Bigger and more fundamental concepts such as what is meant by national security and where the threshold between the Gray Zone and war lies are also in need of rethinking. While states suffer from the impacts of cyberattacks and other Gray Zone activities that threaten different aspects of national security and retaliate without determining where the threshold of war actually lies, the Gray Zone remains the epicenter of the conduct of malicious international relations.
States need to give due consideration to the precidents being set and the patterns being established that impact the effectiveness of deterrence and coercion in the cyber age. Without clear red lines and declared thresholds for war, the Gray Zone remains an unstable and dangerous environment in which to conduct international relations. It may be that a transition is occurring that involves the rethinking of what is meant by national security and vital national interests and how they are defended. Or it may be that states are grappling with new tactics and means of engaging in conflict that remain (at least for now) in what is considered the Gray Zone. If that transition and rethinking are not happening blindly and states are indeed making conscious decisions about these concepts, then clear strategy is being applied. If, however, states are fumbling through without clear plans and recognition of the processes occurring in the security and international relations environment, then it is indeed a dangerous space in which the world is operating. Hopefully, if the latter is the case, an awakening will occur before it is too late.
References
- 1.
Soanes C, Stevenson A. Oxford Dictionary of English. 2nd ed. Oxford: Oxford University Press; 2003 - 2.
Fissel M, editor. The Military Revolution and Revolutions in Military Affairs. Berlin, Boston: De Gruyter Oldenbourg; 2023. DOI: 10.1515/9783110661415 - 3.
Wirtz J. Life in the “Gray Zone”: Observations for contemporary strategists. Defense and Security Analysis. 2017; 33 (2):106-114 - 4.
United States Special Operations Command White Paper: The Gray Zone. 2015. Available from: USSOCOM-GrayZones.pdf (publicintelligence.net) - 5.
Smith P. Cyberattacks as casus belli: A sovereignty-based account. Journal of Applied Philosophy. 2018; 35 (2):222-241 - 6.
Macedo S. Introduction. In: Doyle M, editor. Striking First: Preemption and Prevention in International Conflict. Princeton: Princeton University Press; 2008. pp. xi-xxiv - 7.
Schmitt M, editor. Tallinn Manual on the International Law Applicable to Cyberwarfare. Cambridge: Cambridge University Press; 2013. DOI: 10.1017/CB09781139169288 - 8.
Greathouse C. Cyberwar and strategic thought: Do the classical theorists still matter? In: Kremer J-F, Muller B, editors. Cyberspace and International Relations. Berlin: Springer-Verlag; 2014. pp. 21-38 - 9.
Fischerkeller M, Harknett R. Deterrence is not a credible strategy for cyberspace. Orbis. 2017; 61 (3):381-393 - 10.
Borghard E, Lonegran S. Deterrence by denial in cyberspace. Journal of Strategic Studies. 2023; 46 (3):534-569 - 11.
Lissner R. Wars of Revelation. Oxford: Oxford University Press; 2021 - 12.
Gregory B. American public diplomacy: Enduring characteristics, elusive transformation. The Hague: Journal of Diplomacy. 2011; 6 (3/4):353 - 13.
Nye J Jr. Soft power and American foreign policy. Political Science Quarterly. 2004; 119 (2):255-270 - 14.
Mazumdar T. Digital diplomacy: Internet-based public diplomacy activities or novel forms of public engagement? Place Branding and Public Diplomacy. 2024; 20 :24-43 - 15.
Van Angeren J. The opportunities and limits of compellence strategies [thesis]. Netherlands: Leiden University; 2006 - 16.
Valeriano B et al. Cyber Strategy: The Evolving Character of Power and Coercion. Oxford: Oxford University Press; 2018 - 17.
Schelling T. The diplomacy of violence. In: Art R, Waltz K, editors. The Use of Force. 2nd ed. Lanham: University Press of America; 1983. pp. 101-122 - 18.
Peterson A. The Sony pictures hack, explained. Washington Post. 2014. The Sony Pictures hack, explained - The Washington Post - 19.
Associated Press. North Korean programmer charged in Sony hack, Wannacry attack. PBS News. 2018. North Korean programmer charged in Sony hack, WannaCry attack | PBS NewsHour - 20.
Hurst D. Cyber-attack Australia: Sophisticated attacks from ‘state-based actor’, PM says. The Guardian. 2020. Cyber-attack Australia: sophisticated attacks from ‘state-based actor’, PM says | Australian security and counter-terrorism | The Guardian - 21.
Snyder G. Deterrence and Defense: Toward a Theory of National Security. Westport Connecticut: Greenwood Press; 1975 - 22.
Nye J Jr. Deterrence and dissuasion in cyberspace. International Security. 2016/7; 14 (3):44-71 - 23.
Tor U. ‘Cumulative deterrence’ as a new paradigm for cyber deterrence. Journal of Strategic Studies. 2017; 40 (1-2):92-117 - 24.
Blagden D. Deterring cyber coercion: The exaggerated problem of attribution. Survival. 2020; 62 (1):131-148 - 25.
Lillich R. Economic coercion and the “new international economic order”: A second look at come first impressions. In: Lillich R, editor. Economic Coercion and the New International Economic Order. Virginia: The Michie Company; 1976. pp. 107-122 - 26.
Benchea L. Impact of digitalization on economic diplomacy: Mega-trends and opportunities. The Romanian Economic Journal. 2023; 26 (85):13-20 - 27.
Huang K, Madnick S, Zhang F. Varieties of public-private co-governance on cybersecurity within the digital trade: Implications from Huawei’s 5G. Journal of Chinese Governance. 2021; 7 (1):81-110. DOI: 10.1080/23812346.2021.1923230 - 28.
Ayson R. Thomas Schelling and the Nuclear Age: Strategy as Social Science. London: Frank Cass; 2004 - 29.
IISS. Cyber Capabilities and National Power: A Net Assessment. Research Paper. 2021. Cyber Capabilities and National Power: A Net Assessment (iiss.org) - 30.
Art R, Waltz K. Technology, strategy, and the uses of force. In: Art R, Waltz K, editors. The Use of Force. 2nd ed. Lanham: University Press of America; 1983. pp. 1-32 - 31.
Paret P. Understanding War: Essays on Clausewitz and the History of Military Power. Princeton: Princeton University Press; 1993 - 32.
Yaacov B. The strategy of war by proxy. Cooperation and Conflict. 1984; 19 (4):263-273 - 33.
Kutz C. On War and Democracy. Princeton: Princeton University Press; 2016. DOI: 10.1515/9781400873937 - 34.
Shortridge A. The U.S. War in Afghanistan Twenty Years on: Public Opinion Then and Now. The Water’s Edge; 2021 The U.S. War in Afghanistan Twenty Years On: Public Opinion Then and Now | Council on Foreign Relations (cfr.org) - 35.
Landay J, Lewis S. US Intelligence Report Alleging Russia Election Interference Shared with 100 Countries. 2023. US intelligence report alleging Russia election interference shared with 100 countries | Reuters - 36.
Oversight Committee. The OPM Data Breach: How the Government Jeopardized our National Security for More than a Generation. Report. 2016. Available from: oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf - 37.
Nakashima E. Hacks of OPM databases compromised 22.1 million people, federal authorities say. Washington Post. 2015