The book “Cyber Persistence Theory” by Michael Fischerkeller, Emily Goldman, and Richard Harknett suggests a paradigm shift of the strategic environment shaped by the Cold War and twenty years of fighting the Global War on Terrorism. Cyber Persistence Theory recognizes that cyberspace, the only manmade warfighting domain, adds a level of complexity to the strategic environment that cannot be fully conceptualized using the security paradigms shaped by Coercion Theory. Coercion is the ability to get an actor – a state, the leader of a state, a terrorist group, a transnational or international organization, or a private actor – to do something it does not want to do. Dr. Tami Biddle, author and distinguished fellow at the U.S. Army War College, states the following, “Coercion is about future pain, about structuring the enemy’s incentives so that he behaves in a particular way. It manipulates the power to hurt and involves making a threat to do something that has not yet been done.” The terms “hurt” and “pain” reveal a vital nuance in Coercion Theory. An opponent cannot be deterred from an action or compelled to take an action if they do not understand the “hurt” and “pain” that comes with deciding on the alternative. The traditional interpretation of “hurt” and “pain” as it applies to coercion is why some from the academic and policy communities take issue with the term “cyber war”. Thomas Rid, the director of the Alperovitch Institute for Cybersecurity Studies and a professor of Strategic Studies at Johns Hopkins University, argues that cyber war has not and will not occur. He believes no cyber-attack will meet Clausewitz’s criteria of war - that it must be violent, instrumental, and political. Instead, he categorizes cyber-attacks as either sabotage, espionage, or subversion. Erik Gartzke, a Professor of Political Science at the University of California San Diego, argues that “cyber-attacks have not transformed states pursuit of strategic advantage.” He claims that cyber operations can only be relevant in grand strategic terms if they accomplish the following tasks related to military violence in the physical domains: deterring and compelling, maintaining or altering power distribution, and resisting or imposing disputed outcomes. In other words, cyber effects must coerce an actor to take or not to take an action. Like Rid, Gartzke believes that the criterion for war in the traditional sense has not been met. Rid and Gartzke’s assertions demonstrate the complexity of using Coercion Theory to explain the impact cyber operations can have towards strategic objectives. The subtleties that the cyber domain presents to the strategic environment require its refinement of the models used for international relations. Failure to understand the paradigm shift will lead to an inability to measure the effectiveness of operations in cyberspace.
Cyber Persistence Theory suggests a paradigm shift where “cyberspace must be understood primarily as an environment of exploitation rather than coercion. Achieving strategic gains in the cyber strategic environment does not require concession of the opponent.” Cyber Persistence Theory posits that an actor can reset the cyber playing field without shaping the decision calculus of an opponent, and thus states must “anticipate the persistent resetting of security conditions in cyberspace by others and seek to do so in return.” Albeit just a theory, current events in the global landscape serve as evidence that state actors are already applying concepts from Cyber Persistence Theory to further their strategic objectives. This paper will examine the recent Chinese response to Speaker Nancy Pelosi’s visit to Taiwan and the U.S. response to Russian interference in the 2016 presidential election to illustrate how major powers are realizing the shift in the security paradigm driven by the nascent cyberspace domain. It will further demonstrate how China and the U.S. are applying concepts of Cyber Persistence Theory to gain advantages in the strategic and information environment.
On August 2, 2022, House Speaker Nancy Pelosi landed in Taipei, Taiwan for an official visit. Her visit marked the first time a House Speaker visited Taiwan in 25 years. The Chinese Communist Party (CCP) saw Speaker Pelosi’s visit to Taiwan as an act of contention, further igniting the already volatile China-Taiwan Cross Strait relations. In response to the visit, the People’s Republic of China (PRC) suspended talks with the U.S., communicated threats and warnings to the international community regarding interfering with “sovereign matters”, and conducted large scale military exercises in the Taiwan Straits. These exercises included firing missiles over Taiwan that landed right outside Taiwan controlled waters. These coercive responses indicate that the CCP still see value in operating within the traditional coercion-based security paradigm. Although extremely measured, the military exercises and firing munitions close to Taiwan owned waters are actions meant to demonstrate the pain China can impose on Taiwan. Whether or not these actions effectively deter further U.S.-Taiwan diplomatic engagements, they do allow for the U.S. and Taiwan to clearly calculate the costs of continuing to disrupt the status quo of the cross-strait relations.
However, the traditional coercive responses orchestrated by the CCP were not the only responses observed before, during, or after Speaker Pelosi’s visit to Taiwan. There was also an observation of actions taken in cyberspace and the information environment. Taiwan’s Digital Minister, Audrey Tang, reported that the volume of cyber-attacks against Taiwan on the day Speaker Pelosi’s visit was approximately twenty-three times the previous single-day record. The website for the Office of the President, the Foreign Ministry, the Defense Ministry, and the Taoyuan International Airport – the largest in Taiwan – were brought down by a distributed denial of service (DDOS) attack. Display screens at railway stations were also hacked to display protest messages against Speaker Pelosi’s visit. 7-Eleven stores in Taiwan reported that their store televisions were hacked to display the message “Warmonger Pelosi, get out of Taiwan,” and that one of the affected stores was a 7-eleven Speaker Pelosi visited during her trip. 7-Eleven is the largest convenience store chain in Taiwan. Moreover, the day Speaker Pelosi departed Taiwan, a false-flag Chinese hacktivist group named APT27_Attack declared “cyberwar” against Taiwan’s government and commercial organizations. They conducted what Trellix, a cybersecurity company, called special cyber operations against Taiwan for five days. The target of their attacks were the government offices, train stations, convenience stores, and the retail and manufacturing conglomerate, Uni-President. The strategic impact of these responses in the cyber and information domain were undoubtedly minimal. However, international news mediums widely covered the aforementioned actions. These cyber and information operations demonstrated the ability to amplify traditional military and diplomatic coercion through actions taken to manipulate and control elements of the cyber strategic environment. Outside the self-admittance of actions by the APT27_Attack Chinese hacktivist group, there has been no attribution for the response actions taken in the cyber and information realm after Speaker Pelosi’s visit to Taiwan. However, one can assume that the Chinese either orchestrated or supported these response actions. The mere fact is that the CCP did not condemn the attacks in cyberspace and the information environment is telling. Regardless, the response actions to Speaker Pelosi’s visit in the cyber domain and information environment address aspects of the strategic environment that are not addressed solely by traditional coercive means. The CCP recognized an opportunity to gain an understanding on actions in cyberspace and the information environment that impact the decision calculus of the U.S. and Taiwan. The CCP overt response actions to Speaker Pelosi’s visit clearly show that it still looks to shape the strategic environment using the more traditional, coercion-focused security paradigm. It is likely that the CCP also played a role in the cyber and information related responses to Speaker Pelosi’s visit as well, which would demonstrate their recognition of a shift in the security paradigm and the CCP’s desire to gain the advantage in the contemporary cyber strategic environment.
The response to the Russian Federation’s interference in the 2016 election, and the 2018 Department of Defense Cyber Strategy’s concept of defending forward, serve as evidence that the U.S. recognizes a shift in the security paradigm. In 2018, U.S. Cyber Command (USCYBERCOM) conducted an operation to block internet access to the Internet Research Agency, a Russian troll factory, to deter Russian cyber operations from disrupting the 2018 midterm elections. To prevent Russian hacktivist and proxy hackers from conducting operations in support of Russia’s interference campaign, USCYBERCOM also sent direct messages to Russian hackers revealing that the U.S. knew their identities. Additionally, in response to reported Russian cyber operations against U.S. critical infrastructure, USCYBERCOM prepositioned an implant on Russian energy infrastructure, with the intent of signaling the cost of Russian continued attempts to access U.S. critical infrastructure. The U.S. government and military’s predominant use of cyber operations in response to Russian interference with U.S. elections demonstrated their understanding of a paradigm shift in the strategic environment. The Russian threat in 2016 was not one of a destructive force that put the lives of U.S. citizens at risk; it was a threat to the legitimacy of the election process that assures free and fair elections in the U.S. The Russian disinformation campaign was delivered through cyberspace and the information environment. As dangerous as this threat was to American foundational narratives and values, it did not warrant a kinetic response. The Russians were posing a different type of threat in an ill-defined cyber strategic environment. The actions of the Russian Federation during the 2016 presidential elections forced the U.S. government to recognize the new security paradigm. The U.S. understood that responding to the contemporary threat posed by Russia would take an understanding of the contemporary cyber strategic environment.
Adversarial activity in cyberspace like the Russian election interference in 2016, shaped the content of the 2018 Department of Defense (DoD) Cyber Strategy. The strategy calls for the United States to defend forward “to disrupt malicious cyber activity at its source, including activity that falls below the level of armed conflict.” The responsibility for defending forward starts with USCYBERCOM and the concept is a shift in approach to the security of critical networks, critical infrastructure, and key resources of the U.S. With this strategy, the DoD’s posture for defending in cyberspace shifts from reactive to proactive. The concept of persistent engagement against malicious cyber actors (MCAs) guided the development of the strategy’s operational framework. Under this operational framework, USCYBERCOM commits resources and capabilities daily to “intercept and halt cyber threats, degrade adversary capabilities and networks, and continuously strengthen the cybersecurity of the Department of Defense Information Network (DoDIN) that supports DoD missions.” To persistently engage in cyberspace, USCYBERCOM must not only be ready to respond in kind to malicious cyber activity against U.S. critical networks, critical infrastructure, and key resources, but it must also be ready to preemptively take the proverbial fight to the adversary outside defended cyberspace. To achieve the strategy’s objectives, leaders in the DoD, engaging daily in grey (neutral third-party) and red (enemy) cyberspace, require the delegation of offensive cyber authorities to allow for faster and more agile decision-making. The Trump administration addressed this policy by publishing the National Security Presidential Memorandum 13 (NSPM-13). NSPM-13 is a classified document, so the details are not public. However, Brigadier General Alexus Grynkewich, the deputy for global operations on the Joint Staff from June 2017 to April 2019, provided a general overview of the policy. Brig. Gen. Grynkewich stated that NSPM-13 “provides a way, within certain policy constraints, for the president to delegate cyberspace authorities to the secretary of defense for a particular mission.” NSPM-13 essentially affords the DoD the ability to be more agile in their decision making by removing bureaucratic distractions from the approval process for executing offensive operations in cyberspace. These policy shifts fundamentally change the way that the U.S. government and DoD approach problems in the cyber strategic environment. The proactive language of the DoD Cyber Strategy and the leeway granted to the DoD to conduct cyber operations in spaces that were mostly off-limits in the past, demonstrate the government’s commitment to the concept of defending forward and persistent engagement. The 2018 DoD Cyber Strategy and NSPM-13 along with the U.S. government response to Russian election interference in 2016 also demonstrate that the U.S. government recognizes that cost imposition in the cyber strategic environment requires a different approach than the traditional coercive approach of threating violence or destruction.
Major powers in the current world order are making efforts to gain a decisive advantage in cyberspace and the information environment. Cyber Persistence Theory posits that the advantage goes to the entity that adopts the shift in the security paradigm and looks at the effects of cyber operations for what it is. Until cyber-attacks demonstrate the ability to cause “pain” or “hurt” in the same manner that a nuclear attack does, coercion of an opponent by means of cyber-attack will continue to be a misnomer.
However, pain and hurt have levels, and an opponent will feel all levels of pain and hurt in some way. If a nuclear attack is a gunshot and a cyber-attack is a paper cut, then death by a thousand paper cuts is the only way to coerce an opponent with cyber-attacks. Cyber Persistence Theory offers that there is value in inflicting 100, 200, or 500 paper-cuts, and suggests that actors must find a way to understand this value in the cyber strategic environment.
Social Sharing