I hope to explain the variances in cyberwarfare tactics utilized by international actors.
By finding empirical data and creating a matrix of the differing cyber tactics, and then applying them to international actors involved in the cyberwarfare landscape, I will be able to see how actors employ differing methods to achieve their cybersecurity goals. To achieve this, my research question needs meet the large-n standards of framing:
“What explains the variances in cyberwarfare tactics utilized by international actors?”
Data that has been collected to meet this question comes primarily from government and business sources. There is, however, historical difficulty in collecting empirical data points of this type as both state and business actors are often reluctant to release information proving that their cyber landscape has been penetrated. The first database chosen for extrapolation comes from the Home Office of United Kingdom and presents cybercrime committed against businesses based in England and Wales. The second database comes from IPSOS Mori Social Research Institute and presents information through survey format by asking businesses the type of incursions which occurred as well as the damages that resulted from the hack.
Managing this data in a meaningful way is where the answer to my research question will be able to be derived. These sources only provide information based around the United Kingdom so databases from other locales would also be needed to create a comprehensive large-n analysis. However, these databases alone present many of the independent variables which can be explored to answer the dependent variable presented in the research question.
This dataset presents a possible example of how a statistical analysis can be presented. While variables such as cost incurred, target, monetary cost, and number of incursions are important, the source variable is the most important as once an analysis is done of other targets, the perpetrators and their tactics can start to be drawn out. As presented by Ryan Maness’ codebook, all of these variables can be presented via numbers as at this moment, there are a finite number of incursion methods which can be given a numerical value. While this dataset is restricted to the United Kingdom, it can be expanded to other actors using the same methodology. However, as said previously, a weakness in these databases are the lack of proper reporting by international actors who are reluctant to show they were penetrated.
“Crime Against Business,” Home Office of the United Kingdom, (2017), doi: https://www.gov.uk/government/collections/crime-against-businesses
“Commercial Victimisation Survey,” IPSOS Mori Social Research Institute, (2017), pp. 229-237. Doi: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/704095/commercial-victimisation-survey-technical-report-2017.pdf.
Ryan C. Maness, Brandon Valeriano, and Benjamin Jensen, “Codebook for the Dyadic Cyber Incident and Dispute Dataset Version 1.1,” available at: https://drryanmaness.wixsite.com/cyberconflcit/cyber-conflict-dataset