OM DU VILL HA FRED, RUSTA FÖR CYBERKRIG : sveriges cyberförsvar ur ett avskräckningsperspektiv

Banic, Filip

January 2019

In accordance with the EU Network and Information Security directive (NIS directive), the Swedish government made it mandatory for specific authorities and organizations to report IT-related incidents to the Swedish Civil Contingencies Agency (MSB). In their report from 2017, MSB stated that due to the low frequency of incoming information, the report doesn’t give an accurate picture of the actual circumstances. The same year the European Commission adopted a cybersecurity package containing multiple initiatives aimed to further better member states resilience, deterrence and handling of cyber-attacks. Due to the insufficient information in MSBs’ report, it´s difficult to determine whether the Swedish cyber defence has the ability to deter antagonistic states to conduct cyber operations or not.   The purpose of this theory-consuming single-case study was to examine the Swedish cyber defence from a deterrence perspective and thereby provide new understanding regarding Swedens’ ability to deter within the cyber domain. To do this, a conceptual framework was constructed constituting of  Phil Williams’ theory on the requirements of successful deterrence, and David J. Lonsdales’ model for cyber deterrence. Contemporary Swedish political documents, doctrines, reports and statements made up the empirical material that has been examined through qualitative text analysis.   The result of the analysis revealed that the Swedish cyber defence, from a deterrence perspective, can be described as inadequate. Despite meeting the basic requirements for deterrence to succeed, the Swedish cyber defence lacks what Lonsdale calls a comprehensive flexible cross-domain offensive capability. The absence of a cross-domain retaliatory capability in the Swedish cyber defence repertoire has a negative incidental impact on deterrence credibility. According to Williams, it’s imperative that the defender possess necessary capabilities to fulfil a threat, otherwise the deterrence won’t seem credible and therefor lack effectiveness.

Cyberförsvar

cyberavskräckning

cyberdomän

defensiv cyberförmåga

offensiv cyberförmåga

Övrig annan samhällsvetenskap

Avskräckning ur ett cyberperspektiv

Hedman, Jenika

January 2021

The theory of deterrence has not changed much over time but the strategy of using it has. There are two types of deterrence: Deterrence by punishment and Deterrence by denial. The first is a more offensive kind of deterrence and the second a more defensive one. The Cold War set the perimeter for deterrence strategy and how it was used and has been the overall used strategy since. The same strategy however cannot be implemented in the cyber domain and therefore requires a suitable cyber deterrence strategy. This study aims to determine whether the Swedish cyber strategy is built on the components that are required for successful cyber deterrence.  The study will conduct a theory consuming method to establish the components required for successful and effective cyber deterrence, and then undertake a text analysis on Swedish strategy for cybersecurity using those components. The results show that Sweden is focused mainly on the defensive side of deterrence with better systems and protocols. According to the components in the theory both offensive and defensive methods are required for deterrence to work. This may therefore explain why the Swedish cyber deterrence strategy is not as effective as it could be.

cyberavskräckning

cyberförsvar

strategi

avskräckning genom bestraffning/nekande

Other Social Sciences

Annan samhällsvetenskap

Svensk cyberavskräckning - Utopi eller realitet?

Dahlström, Erik

January 2021

Utvecklingen inom cyberområdet är snabb och blir allt snabbare, samtidigt som den tekniska utvecklingen leds av den privata industrin. I takt med att cyber allt mer genomsyrar vår vardag innebär detta att möjligheterna men också riskerna ökar i allt snabbare takt. Syftet med denna studie är att undersöka Sveriges förmåga och ambitioner inom cyberområdet, med målet att utröna om Sverige har förmågan att försvara sig med och mot cyber och därigenom avskräcka en motståndare från att genomföra cyberangrepp. Denna teoriprövande fallstudie undersöker om Sverige har en ambition att uppnå en förmåga till avskräckning genom cyber. Resultatet visar att beroende på vilken abstraktionsnivå som studeras är ambitionen att uppnå förmåga till avskräckning mer eller mindre tydlig. Studiens viktigaste slutsats är att ambitionen är större, realiteten närmare, på den myndighetsgemensamma policynivån och dess viktigaste bidrag är dess framtagna analytiska ramverk och de möjligheter det ger att kunna undersöka andra fall. Vidare bidrar studien också med stöd till behovet att knyta forskningsfältet cyber närmare krigsvetenskap.

Krigsvetenskap

cyber

cyberavskräckning

Sverige

småstater

Övrig annan samhällsvetenskap

Svensk avskräckning i cyberrymden : En fallstudie på Sveriges cyberstrategi

Lundin, Erik

January 2021

The technology of the 21st century has brought immense benefits to humanity. For example, we can communicate via the internet and have a whole encyclopaedia at our fingertips in our mobile devices. But society has also become more vulnerable to cyberattacks and other aggressive cyberthreats. As shown by the war in Georgia in 2008 and in Estonia in 2007 there are states that now have the power and will to act violently in cyberspace. Sweden has a general strategy for deterring agressors but how is deterrence used in cyberspace and does Sweden actually have a specific cyberdeterrence strategy? Theorists in deterrence have concluded that deterrence in cyberspace differs in various ways from conventional deterrence. One of these theorists, Will Goodman, has identified several elements which can lead to success in cyberdeterrence. An analysis of Sweden´s cyberstrategy using these criteria shows that Sweden cannot live up to all of them. The results may be due to the relatively small size of the Swedish state but may also reflect the lack of any clear cyberstategy.

cyberavskräckning

Sverige

småstat

strategi

Övrig annan samhällsvetenskap

Cyber Deterrence Based Upon Conventional Premises : A Discourse Analysis of the US Cyber Deterrence Policy

Odhner, Caroline

January 2021

Deterrence as a military strategy aims to discourage an aggressor from initiating unwanted courses of actions by convincing the aggressor that cost exceeds the profit. In cyberspace, where the costs are lower, deterrence is disputed because of the natural interconnectedness and constant actions. The aim of this study is to investigate how the US understands cyber deterrence. This study is motivated by the current ambiguity regarding whether deterrence works in cyberspace or not. Using both theories of conventional and cyber deterrence together with theories of offense and defense, the study focuses on the US since they remain at the center of development regarding cyber deterrence. Through a discourse analysis using Bacchis What´s the problem represented to be approach, the investigation of US policy from 2018 shows that the US has adopted theories of cyber deterrence in their policy. However, the presumptions of the problem presentation have rather descended from theories of conventional deterrence. The solutions implemented indicate that the US has an advantage in cyber offense capabilities, but the study also shows that they are moving towards more defense-oriented capabilities in the future. In the stress of taking action, the US end up interfusing premises and actions which may affect the principle of intervention and thus the security of the American population.

deterrence

cyber deterrence

discourse

the US

offense-defense

policy

avskräckning

cyberavskräckning

diskurs

USA

offensiv-defensiv

politik

Public Administration Studies

Studier av offentlig förvaltning