The small-n research question which I aim to research is, “What explains the variances in cyber strategy utilized by the China, Iran, North Korea, Russia, and the United States?”
The dependent variable for this question is ultimate selection of a cyberstrategy as outlined by Brandon Valeriano.[1] Similarly, Valeriano’s work will be used to operationalize the variable by classifying state cyber actions as espionage, disruption, or degradation-based attacks.[2] This itself reveals the other qualitative sources in the form of past and ongoing cyber-attacks which will need to be explored in order to create an index for consultation which draws variables such as the target, type of target, immediate and lasting effects, for example.
These case studies were selected due to their relatively high rankings on the Global Cybersecurity Index (GCI) as well as the fact that they represent the origins for the vast majority of cyber events.[3] These states are constant competitors on the internet battlefield and have been recognized as such with their servers representing the naissance point for malware.[4] That being said, these cases only spread across international state actors and do not take into account hacktivist groups like Anonymous and terror organizations like Al-Qaeda, which have equally proved adept on the cyber battlefield.[5]
While the dependent variable itself may be answered with only one of the independent variables (effect), the independent variables themselves are influenced by a wide array of cyber indicators inside a state from the GCI to the ICT Development Index (IDI).[6] Similarly, the Kaspersky Lab has helped to digest the actual malware by explaining their origins, makeup, sourcing, and effects.[7] An example of this, is their detailed report on the Stuxnet worm, with whom they credited to the United States’ National Security Association, which targeted Iranian centrifuges with an information gathering and self-destructing kill-switch.
Finally, the concept of national interest comes into play when viewing the dependent variable value of the separate case studies. For example, Iran certainly has the ability to conduct extra-territorial infrastructure attacks, showing that it could be claimed they follow a disruption-based strategy [8]. However, such an attack would merit a response in which they potentially could not whether, pointing toward the fact that they might prefer an espionage-based strategy.[9]
These qualitative sources approach the dependent variable from their own case studies but reveal through their data how an international state can employ their cyber forces. What remains to be seen, through a greater collection of sources, is if the national interest of a country paired with their actual malware creates a scale or independent strategies as shown through the operationalization of the dependent variable.
[1]Brandon Valeriano and Benjamin Jensen, “How Rival States Employ Cyber Strategy,” Oxford University Press, (2018).
[2]Ibid
[3]“Global Cyber Strategies Index,” Center for Strategic and International Studies: Technology Policy Program, pp. 1-6.
[4]Aleks Gostev and Costin G. Raiu, “Unravelling Stuxnet,” Kaspersky Lab, (29 September 2010).
[5]David Bieda and Leila Halawi, “Cyberspace: A Venue for Terrorism,” Embry-Riddle Aeronautical University 16, no. 3 (2015): 33–42.
[6]ICT Data and Statistics Division, “ICT Development Index,” International Telecommunication Union Publications,” (February 2019), pp. 3-204.
[7]Aleks Gostev and Costin G. Raiu, “Unravelling Stuxnet,” Kaspersky Lab, (29 September 2010).
[8]James Lewis, “Iran and Cyber Power,”Center for Strategic and International Studies, (25 June 2019), https://www.csis.org/analysis/iran-and-cyber-power.
[9]Frank Cilluffo, “The Iranian Cyber Threat to the United States” (United States House of Representatives: The George Washington University Homeland Security Policy Institute, 2012).
Hi Tristan – I must admit that I don’t know that much your topic but I must also admit that it seems very interesting! I think that something that may pose a problem is data validity. While the sources are relatively reliable, since cybersecurity and cybercrime poses a difficulty in determining the true origin of malware, I think it may sometimes be incorrect. However, I do believe that this may be a problem with most other sources as well. Perhaps you can work your way around this by disclaiming the same?
Otherwise, fantastic post and good luck for your research!
Tristan — you have lots of good ideas here as you think about reconceptualizing your project for the small-n methodology, but I think it would be worth stepping back to make sure that you first focus on the dependent variable and the specific values that the DV takes in each of your case so that you know you have some variation in outcome to analyze. Remember that in this methodology a “what explains variation in…?” question no longer makes sense. The question should focus on the specific cases and the known outcomes that you are proposing to explain (e.g. “why did Kennedy pursue a transformative strategy and Johnson a non-transformative strategy in Vietnam?” to use the Saunders article as an example). We also need to know the value of the DV in each case now, so the data that you are discussing should help you decide what that value is (in your case, that would mean stating here what the value of the DV is in each of your cases based on the primary source data you examined).
Thinking about potential IVs is fine in principle, but remember that IVs themselves are causes. The discussion in the fourth paragraph isn’t entirely clear on which factors are proposed causes (IVs) that would explain why the DV takes a given value in a given case. Indicators like the GCI or the IDI that you mention are not “influences” in an IV but, rather, are data points that could tell you about the value of a particular variable in a given case.
With all of this in mind, make sure that you’ve established what the DV is, what potential values it could take, how you would capture it, and then what specific values the DV takes in each case as you continue your work on this methodology.