The small-n research question which I aim to research is, “What explains the variances in cyber strategy utilized by the China, Iran, North Korea, Russia, and the United States?”

The dependent variable for this question is ultimate selection of a cyberstrategy as outlined by Brandon Valeriano.[1] Similarly, Valeriano’s work will be used to operationalize the variable by classifying state cyber actions as espionage, disruption, or degradation-based attacks.[2] This itself reveals the other qualitative sources in the form of past and ongoing cyber-attacks which will need to be explored in order to create an index for consultation which draws variables such as the target, type of target, immediate and lasting effects, for example.

These case studies were selected due to their relatively high rankings on the Global Cybersecurity Index (GCI) as well as the fact that they represent the origins for the vast majority of cyber events.[3] These states are constant competitors on the internet battlefield and have been recognized as such with their servers representing the naissance point for malware.[4] That being said, these cases only spread across international state actors and do not take into account hacktivist groups like Anonymous and terror organizations like Al-Qaeda, which have equally proved adept on the cyber battlefield.[5]

While the dependent variable itself may be answered with only one of the independent variables (effect), the independent variables themselves are influenced by a wide array of cyber indicators inside a state from the GCI to the ICT Development Index (IDI).[6] Similarly, the Kaspersky Lab has helped to digest the actual malware by explaining their origins, makeup, sourcing, and effects.[7] An example of this, is their detailed report on the Stuxnet worm, with whom they credited to the United States’ National Security Association, which targeted Iranian centrifuges with an information gathering and self-destructing kill-switch.

Finally, the concept of national interest comes into play when viewing the dependent variable value of the separate case studies. For example, Iran certainly has the ability to conduct extra-territorial infrastructure attacks, showing that it could be claimed they follow a disruption-based strategy [8]. However, such an attack would merit a response in which they potentially could not whether, pointing toward the fact that they might prefer an espionage-based strategy.[9]

These qualitative sources approach the dependent variable from their own case studies but reveal through their data how an international state can employ their cyber forces. What remains to be seen, through a greater collection of sources, is if the national interest of a country paired with their actual malware creates a scale or independent strategies as shown through the operationalization of the dependent variable.

[1]Brandon Valeriano and Benjamin Jensen, “How Rival States Employ Cyber Strategy,” Oxford University Press, (2018).

[2]Ibid

[3]“Global Cyber Strategies Index,” Center for Strategic and International Studies: Technology Policy Program, pp. 1-6.

[4]Aleks Gostev and Costin G. Raiu, “Unravelling Stuxnet,” Kaspersky Lab, (29 September 2010).

[5]David Bieda and Leila Halawi, “Cyberspace: A Venue for Terrorism,” Embry-Riddle Aeronautical University 16, no. 3 (2015): 33–42.

[6]ICT Data and Statistics Division, “ICT Development Index,” International Telecommunication Union Publications,” (February 2019), pp. 3-204.

[7]Aleks Gostev and Costin G. Raiu, “Unravelling Stuxnet,” Kaspersky Lab, (29 September 2010).

[8]James Lewis, “Iran and Cyber Power,”Center for Strategic and International Studies,  (25 June 2019), https://www.csis.org/analysis/iran-and-cyber-power.

[9]Frank Cilluffo, “The Iranian Cyber Threat to the United States” (United States House of Representatives: The George Washington University Homeland Security Policy Institute, 2012).

I hope to explain the variances in cyberwarfare tactics utilized by international actors.

By finding empirical data and creating a matrix of the differing cyber tactics, and then applying them to international actors involved in the cyberwarfare landscape, I will be able to see how actors employ differing methods to achieve their cybersecurity goals. To achieve this, my research question needs meet the large-n standards of framing:

“What explains the variances in cyberwarfare tactics utilized by international actors?”

Data that has been collected to meet this question comes primarily from government and business sources. There is, however, historical difficulty in collecting empirical data points of this type as both state and business actors are often reluctant to release information proving that their cyber landscape has been penetrated. The first database chosen for extrapolation comes from the Home Office of United Kingdom and presents cybercrime committed against businesses based in England and Wales.[1] The second database comes from IPSOS Mori Social Research Institute and presents information through survey format by asking businesses the type of incursions which occurred as well as the damages that resulted from the hack.[2]

Managing this data in a meaningful way is where the answer to my research question will be able to be derived. These sources only provide information based around the United Kingdom so databases from other locales would also be needed to create a comprehensive large-n analysis. However, these databases alone present many of the independent variables which can be explored to answer the dependent variable presented in the research question.

Cyber Incursion Against the United Kingdom

This dataset presents a possible example of how a statistical analysis can be presented. While variables such as cost incurred, target, monetary cost, and number of incursions are important, the source variable is the most important as once an analysis is done of other targets, the perpetrators and their tactics can start to be drawn out. As presented by Ryan Maness’ codebook, all of these variables can be presented via numbers as at this moment, there are a finite number of incursion methods which can be given a numerical value.[3] While this dataset is restricted to the United Kingdom, it can be expanded to other actors using the same methodology. However, as said previously, a weakness in these databases are the lack of proper reporting by international actors who are reluctant to show they were penetrated.

[1]“Crime Against Business,” Home Office of the United Kingdom, (2017), doi: https://www.gov.uk/government/collections/crime-against-businesses

[2]“Commercial Victimisation Survey,” IPSOS Mori Social Research Institute, (2017), pp. 229-237. Doi: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/704095/commercial-victimisation-survey-technical-report-2017.pdf.

[3]Ryan C. Maness, Brandon Valeriano, and Benjamin Jensen, “Codebook for the Dyadic Cyber Incident and Dispute Dataset Version 1.1,” available at: https://drryanmaness.wixsite.com/cyberconflcit/cyber-conflict-dataset