The hack of the Democratic National Committee by the Russian government and the subsequent publication of confidential emails during the 2016 US presidential election elevated cyber security in the context of international affairs to an unprecedented level in the public’s consciousness, not only in the United States but around the world. In fact, it had already become clear that cyber security had risen to the pinnacle of world politics when US President Obama went in front of television cameras in December 2014 to publicly accuse the North Korean government of hacking Sony Pictures Entertainment. Very few policy issues ever rise to the level of the president of the United States, and even fewer elicit the president’s public statement about them. In a remarkable development, within only a few years the debate about cyber security shifted from efforts by experts to raise awareness among senior officials (such as Richard Clarke’s 2011 Cyber War monograph co-authored with Robert Knake), to an agreement between the United States and China and a G20 statement with explicit language about cyber security norms in 2015.
This development isn’t surprising. The Internet has expanded rapidly since its commercialization in the mid-1990s. In the early twenty-first century, a third of the world’s population has access to the technology, with another 1.5 billion expected to gain access by 2020. Moreover, the “Internet of Things” will lead to an exponential number of devices being connected to the network. As a result, the economic and political incentives to exploit the network for malicious purposes have also increased, and cyber security has reached head-of-state-level attention. In parallel, publications on the topic by academic, policy, industry, and military institutions have multiplied. Scholars within the international relations (IR) discipline, particularly its subfields of security studies and strategic studies, increasingly focus on the technology’s implications for national and international security. This includes studying its effect on related concepts such as power, sovereignty, global governance, and securitization. Meanwhile, the meanings of cyber security and information security have been highly contested. Broad definitions of the concepts incorporate a wide range of cyber threats and cyber risks, including cyber warfare, cyber conflict, cyber terrorism, cyber crime, and cyber espionage as well as content online, while narrower conceptualizations focus on the more technical aspects relating to network and computer security.
While scholars take technology’s implications for international security increasingly seriously, they continue to disagree about the level and nature of the threat as well as the appropriate policy responses that governments and other stakeholders should adopt. Most prominently, scholars debate whether cyberwar will or will not take place. Gradually, this scholarship and its state-centric focus is being complemented by a growing research agenda studying the threat posed by non-state actors and the proliferation of cyber capabilities.
States also have very different perspectives on cyberspace and its appropriate use, with an increasing number developing offensive cyber capabilities. Cyber security has become an integral part of governments’ national defense as well as foreign and security policies and doctrines, contributing to the construction of cyber security as a new domain of warfare. Efforts to develop rules of the road for cyberspace focus on the applicability of existing international law, potential gaps, the development of norms, confidence-building measures, and postulating deterrence postures. In short, as Joseph Nye succinctly argues, a cyber security regime complex has evolved, encompassing multiple regional and international institutions that play pivotal roles in shaping policy responses. Consequently, there is a growing consensus that resilience is emerging as one of the core pillars of the overarching cyber security regime while the hack-and-leak operation during the US elections revived the decades-old debate about the relationship between information operations and cyber operations.
Ultimately, if the events of the past few years have revealed anything, it’s that cyber security and its impact on international relations is evolving quickly and will remain at the top of world leaders’ agendas. Meanwhile, it remains an undertheorized field presenting an opportunity for academic research, but also poses significant challenges given the speed of change.
Featured image credit: code html java script by markusspiske. Public domain via Pixabay.