Essays on Coercion and Signaling in Cyberspace

This dissertation explores how coercive diplomacy works in cyberspace through three interrelated papers, each titled, Coercion in Cyberspace: A Model of Encryption Via Extortion, Variation in Coercion: Costly Signals That Also Undermine Attack Effectiveness, and Seeking Clarity In A Domain of Deception: Signaling and Indices in Cyberspace. As more strategic actors seek to employ cyber weapons as an important part of their military arsenal, refining the theory of cyber coercion is becoming more important in understanding coercive diplomacy and crisis dynamics in cyberspace. Although existing cyber conflict literature argues that cyber weapons make poor tools of coercion, the current theory does not necessarily match important empirical instances of successful coercion using cyber means, such as the ransomware and data extortion. This dissertation seeks to close this gap between theory and practice by specifying the conditions under which cyber coercion works. Relatedly, the dissertation also explores the conditions under which costly signaling works in conveying such coercive threats.

The first paper presents a formal model of cyber coercion that relies on data encryption, as a means of explaining why cyber weapons often rely on a different coercive logic. Coercion in International Relations is often conceptualized as the threat to hurt used in reserve, applied in settings such as the use of nuclear weapons or strategic bombing. However, history is ripe with instances of a different logic of coercion that relies on the application of costs up front, followedby a promise to stop. Application of such a coercive logic can be seen in instances such as sanctions, hostage-taking, and sieges. Existing literature argues that cyber weapons make poor tools of coercion, however this only examines cyber weapons under the first logic. However, cyber weapons, when examined under the second logic, are often quite successful, as the prevalence of the ransomware threat demonstrates. This paper specifies the conditions under which coercion using data encryption works in light of the second logic, and what unique commitment problems can undermine coercion in this situation. By applying costs up front, some cyber weapons resolve a key strategic dilemma in which conveying specific information regarding how the attack will unfold can allow the defender to take mitigations that render the planned attack useless.

The second paper complements the first paper by presenting a formal model that explores the first logic, and specifies the conditions under which cyber coercion relying on the threat to hurt used in reserve works. A key theory in the existing cyber conflict literature argues that cyber weapons make poor tools of coercion due to the “cyber commitment problem," in which a coercer faces a tradeoff between the need to credibly demonstrate specific capability to follow through with a threat, versus the propensity of the defender to use such information to adopt countermeasures. This tradeoff is not necessarily unique to cyberspace, but applicable to technologies that rely on degrees of deception for attack effectiveness, such as submarine warfare. I present a formal model motivated by cyber weapons but applicable to a broad range of technologies in International Relations, showing that the severity of this tradeoff is not constant but varies depending on exogenous factors, such as the probability that a defensive countermeasure can successfully neutralize a threatened attack. When the probability is high, this shrinks the range of costly signals that a coercer can send to maintain a separating equilibrium, however it does not necessarily mean that costly signaling is not possible. This paper formalizes and expands the logic behind the “cyber commitment problem" and shows that coercion can sometimes work even under the first logic.

The third paper examines the role of indices – or observations that are believed to be hard to deceive as opposed to overt signals of intent – in coercive diplomacy and crisis communications in cyberspace. Because actors acting in and through cyberspace have yet to come to a clear shared meaning as to what certain actions in cyberspace conveys in terms of intent and/or resolve, the tendency to instead rely on independent observation and assessment of “indices” to interpret these actions are more pronounced in cyber conflict. This paper uses cybersecurity advisories routinely published by the Cybersecurity and Infrastructure Security Agency (CISA) to examine what kinds of indices were used by the U.S. government to make assessments about an attacker’s intent regarding restraint or escalation. Interestingly, the same kind of cyber attack, for example the malicious compromise of a water utilities facility, is interpreted differently as escalatory or accommodative depending on consideration of “situational indices" such as the larger geopolitical context and attribution to a particular state actor, beyond the technical facts. This paper assesses that indices are being used too broadly, even when they can be manipulated easily or are linked to perceptions and biases instead of facts. Such practices can lead to situations where the same costly signal sent by the sender in the context of coercive diplomacy or crisis communications can be interpreted differently by the receiver depending on the suite of indices they are relying on, raising the risk of misperception and crisis escalation in cyberspace.

Identiferoai:union.ndltd.org:columbia.edu/oai:academiccommons.columbia.edu:10.7916/pjw0-an07
Date January 2024
CreatorsJun, Dahsol
Source SetsColumbia University
LanguageEnglish
Detected LanguageEnglish
TypeTheses

Page generated in 0.0027 seconds