The State of the Field of Cyber Conflict

 Jason Healey is president and founding board member of the Cyber Conflict Studies Association and a senior research scholar at Columbia University’s School of International and Public Affairs. Christopher Hocking is a board member and the executive director of the Cyber Conflict Studies Association and a staff officer at Headquarters Air Force in Washington DC. You can follow them @Jason_Healey and @HockingRTB

Every academic discipline has a shared core body of knowledge that researchers in that field accept as foundational. Over the last few years, the Cyber Conflict Studies Association (CCSA) has worked to identify the foundational texts that should be familiar to anyone researching this area.

This work is important. The field of cyber conflict is growing faster than most other disciplines: not only are the underlying technologies booming but so is the audacity with which adversaries are using them for criminal and national security purposes. This makes it far more difficult for the cyber conflict community of researchers to identify what research has already been done especially as the most important work is often in non-traditional sources such as industry reports, news articles, blogs, or think tank analyses.

Compared to the rise of air and nuclear power, for example, research into cyber has yet to identify “settled truths.” Even though many of the foundational texts are decades old, they are often ignored as new researchers join a field where so much seems fresh and forward-looking.

To attempt to close these gaps, the CCSA—in partnership with the Saltzman Institute of War and Peace Studies at Columbia University’s School of International and Public Affairs—has held three annual workshops on the State of the Field of Cyber Conflict (SOTF).

The 2016 and 2017 conferences sought to identify the central questions of the field and which, if any, can be considered largely settled; the remaining or expanding gaps in the community’s knowledge and research; and the canonical works which should form the core of any literature review for researchers new to the field. At both conferences, participants examined cyber conflict using a sub-field approach for tactical and technical dynamics, international relations and strategic dynamics, intelligence, history, and legal issues.

The 2016 SOTF resulted in a 115-page report which characterized these research areas and created a working bibliography of each of them. 

The 2017 SOTF expanded the characterizations of the previous year and sought to answer critical questions in each subfield. This resulted in six whitepapers, jointly published by CCSA and SIPA, which represent the overall maturity of thinking in the field. 

The 2018 SOTF took a different approach. The pervasive and persistent nature of cyber conflict, combined with Russia’s application of proven information warfare techniques applied at scale against the integrity and confidence in the U.S. democratic process compelled a return to the most fundamental questions. This year’s SOTF examined the three fundamentally unresolved questions of the cyber conflict era:

• What is the nature of cyber and information power?
• What is the nature of cyber conflict?
• How has cyberspace changed the state and society?  

At the end of the event, participants generally agreed that social science, as applied up to this point, has not been sufficient to understand much less stem the tide of cyber conflict and instability. Writing in this blog in September, Melissa Griffith summed up why scholarly research about cyber conflict is a significantly more challenging task than for, say nuclear. There are significant start-up costs for an academic looking to study cyber conflict as it requires “both technical and policy knowledge to be effective,” and “much of the important data about incidents and how private or government actors reacted” is unavailable. The impacts of nuclear warfare are easily quantified absent a technical background. Conversely, the effects of cyber conflict are more nebulous and far more difficult to quantify. Quantifying discrete events of cyber conflict, as is done to develop theories of other kinds of conflict, may only count spikes such as when a long-running campaign like Stuxnet finally comes to light or sudden, spectacular incidents like NotPetya and Wannacry of 2017. The environment of persistent engagement where “adversaries continuously operate against … the threshold of armed conflict” means individual actions will confound easy quantification.

The SOTF reveals the scope and limits of the field’s shared knowledge. Traditional political science methods created the foundation for research resulting in the bibliographies and the important subfield questions. The unique nature of information about cyber conflict—companies tend to treat it as proprietary and state’s asymmetric emphasis on inbound attacks and classification of their outbound attacks, challenges the use of traditional methods to understand causation. The nature of modern political science pedagogy and methods inhibits the types of non-traditional research we believe to be essential to studying cyber conflict. To remain relevant to cyber conflict, the political science discipline must evolve to reflect the agility seen in cyber conflict.  

In the fifteen years since the founding of CCSA, the rate of occurrence and the actual and perceived consequence of cyber conflicts have only become more severe and the issues more confounding. The merge between “cyber” and “information” has blurred, making it difficult to identify whether those who create laws or those writing code set government policy in the space. Future SOTF workshops need to continue to push interdisciplinary boundaries, especially to include economists and sociologists to examine the fundamental and evolving nature of cyber conflict and be the connective tissue between researchers, practitioners, and policymakers.