Cybersecurity National Security Security & Defense Technology & Innovation

The 5x5

June 20, 2023

The 5×5—Cyber conflict in international relations: A scholar’s perspective

By Simon Handler

This article is part of The 5×5, a monthly series by the Cyber Statecraft Initiative, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the 5×5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative at

Over the past decade, scholarly debate over the topic of cyber conflict’s place in international relations has evolved significantly. The idea that cyber tools would fundamentally change the nature of war and warfare has largely given way to the idea that cyber conflict is merely a different way of doing the same old things, and primarily suited for engaging in an intelligence contest. Other, less settled questions range from whether cyber operations are useful tools of signaling to if these operations lead to escalation. These unsettled questions remain active in scholarly literature and, critically, inform policymaking approaches. 

We brought together a group of leading scholars to provide insights on cyber conflict’s role in international relations, how the topic can best be taught to students, and how scholars and policymakers can better incorporate each other’s perspectives.

#1 What, in your opinion, is the biggest misconception about cyber conflict’s role in international relations theory?

Andrew Dwyer, lecturer in information security, Department of Information Security, Royal Holloway, University of London; steering committee lead, Offensive Cyber Working Group

“[The biggest misconception is] that cyberspace is malleable and controllable. The environment is often presented tangentially and, when it is, it is often about how people use the terrains of computation. I think that a lack of attention on how the environment ‘shapes’ people is one of the greatest missing parts of international relations thought. Simply, the environment and terrain have much more impact than is typically accounted for.” 

Melissa Griffith, lecturer in technology and national security, Johns Hopkins University School of Advanced International Studies (SAIS) and the Alperovitch Institute for Cybersecurity Studies; non-resident research fellow, University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC)

“Much of the scholarship focused on the intersection between cyber conflict and international relations theory has concentrated on capturing the nature of the evolving cyber threat. This has led, in turn, to ongoing and vibrant debates over whether (a) deterrence strategies are feasible or valuable, (b) cyberspace favors the offense or defense, (c) cyber operations are useful tools for coercion, (d) cyberspace is escalatory, or (e) strategic competition in cyberspace is best understood as an intelligence contest, for example. While these are important areas of focus, they have previously overshadowed other lines of inquiry. Such as, why we see variation in how states respond in practice, a line of inquiry that requires leveraging international relations theories beyond those focused on grappling with what best captures the dynamics of this new threat space as a whole.” 

Richard Harknett, professor & director, School of Public and International Affairs (SPIA); chair, Center for Cyber Strategy and Policy (CCSP), University of Cincinnati

“[The biggest misconception is] that the most salient impact of cyber operations should be in conflict; that is, the equivalent of armed attack and warfighting. Much of cybersecurity studies, itself, has focused on the construct of cyber war and thus international relations theory has primarily treated ‘cyber’ as another form of war, when the majority of state cyber activity is actually a strategic attempt to gain relative power via an alternative to war. I argue from a realist-structuralist perspective that the most fascinating theoretical question is the interplay between states struggle for autonomy and the organizing principle of interconnectedness that defines the cyber strategic environment.” 

Jenny Jun, research fellow, CyberAI Project, Center for Security and Emerging Technology; nonresident fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council; Ph.D. candidate, Department of Political Science, Columbia University

“It is much more useful to think that conflict and competition have cyber dimensions to them, rather than to think that cyber conflict occurs in isolation.” 

Jon Lindsay, associate professor, School of Cybersecurity and Privacy, Sam Nunn School of International Affairs, Georgia Institute of Technology

“The biggest misconception remains that cyber operations are a revolution in military affairs akin to the invention of nuclear weapons. Cyber ‘conflict’ is better understood as the digital dimension of intelligence competition, between both state and nonstate competitors, which is an increasingly important and still understudied dimension of international relations.” 

Michael Poznansky, associate professor, Strategic & Operational Research Department, US Naval War College; core faculty member, Cyber & Innovation Policy Institute

Disclaimer: The opinions expressed below are the author’s alone and do not represent those of the U.S. Naval War College, the Department of Navy, the Department of Defense, or any government entity. 

“One potential misconception is that we need entirely new theoretical frameworks to understand cyber conflict. Are there are distinctive attributes of cyberspace that should give us pause from unthinkingly applying existing international relations theories to it? You bet. But the real task—which many have been doing and are continuing to do—is to figure out where we can apply existing theories, perhaps with certain modifications, and where novel frameworks are genuinely needed.”

#2 What would you like to see change about how cyber conflict is widely taught?

Dwyer: “As much as there is frequent discussion about ‘interdisciplinarity’ in the study of cyber conflict, all too often we teach through and in silos. That is, we teach ‘from’ an angle, whether that be international relations, computer science, psychology, and so on. I think this does a disservice to the study of cyber conflict. I am not claiming for a wholly radical empiricism here, but about one that is less grounded in theory as a starting place for exploration.” 

Griffith: “Notably, in this field, perhaps far more so than others, there is no uniform or widely pursued approach across classrooms, as pointed out by Herr, Laudrian, and Smeets in ‘Mapping the Known Unknowns of Cybersecurity Education‘. That said, students entering this field armed with social science and policy leaning coursework should be comfortable engaging with technical and private sector reporting alongside academic, government, and legal documents. At risk of straying beyond the focus of this topic (i.e., theory), I favor introducing students first to core technical foundations and operational realities—what is cyberspace and how has it evolved; how, when, and which groups hack; and how, where, and when does defense play out—before turning to policy, strategy, or theoretical debates. In my experience, this approach allows subsequent discussions of systemic, international, national, and subnational questions to be firmly grounded in the realities of the space.” 

Harknett: “Cybersecurity is not a technical problem, but a political, economic, organizational, and behavioral challenge in a technically fluid environment. Thus, how cyber insecurity can be reduced and state competition in and through cyberspace can be stabilized should be taught from multiple perspectives across the computing and social sciences and humanities. Basically, a more multidisciplinary integrated, rather than segmented, approach to courses and curriculum.” 

Jun: “There should be a greater effort to integrate literature on cyber conflict as part of bigger international relations themes such as coercion, signaling, trade, etc., and move away from viewing dynamics in cyberspace as monolithic. In many international relations syllabi, cyber conflict often appears at the very end (if at all) in about week thirteen as a standalone module. Often, the discussion question then becomes, “To what extent is cyber different from all of the traditional stuff we learned so far?” This not only leads to overgeneralizations about cyberspace and cyber conflict, but also nudges students into viewing cyber as something separate and distinct from other major themes and dynamics in international relations.” 

Lindsay: “Two things that would improve cybersecurity education would be 1) to situate it in the history of intelligence and covert action, and 2) to give more attention to the political economy of cyberspace, which fundamentally shapes the dynamics of cyber conflict.” 

Poznansky: “My hunch is that cyber conflict is often included in many international relations courses as part of a module on emerging technologies alongside space, autonomous systems, quantum, and so forth. Because cyberspace has relevance for almost all aspects of modern statecraft—warfighting, coercion, commerce, diplomacy—a better approach may be to consciously integrate it into modules on all these broader topics. Stand-alone courses also have high upside by allowing for a deep dive, but infusing cyber throughout discussions of major international relations concepts would offer a better foundation.”

#3 What is a piece of literature on cyber conflict theory that you recommend aspiring policymakers read closely and why?

Dwyer: “I think one of the best and underacknowledged written pieces is by JD Work, ‘Balancing on the Rail – considering responsibility and restraint in the July 2021 Iran Railways incident.’ In this piece, Work examines an incident on Iranian railways in July 2021. The explication of responsibility and restraint in offensive cyber operations is a must-read for anyone interested in the area.” 

Griffith: “Whether or not readers agree with them, Michael Fisherkeller, Emily Goldman, and Richard Harknett’s Cyber Persistence Theory (2022) sets the stage for a productive and ongoing theoretical debate over the structural conditions animating cyberspace. Though an exercise in theory development rather than policy prescription, the book is not merely of interest to academics. Echoes of the underlying logic can be found animating US Cyber Command’s Persistent Engagement and the UK National Cyber Force’s recently released, ‘Responsible Cyber Power in Practice,’ for example.” 

Harknett: “As Alexander George correctly wrote to bridge the gap between policy and theory, it is the theoretician that must cross-over the bridge to meet policymakers on their own turf. Two recent books that do a good job at this are Max Smeets’ No Short Cuts: Why States Struggle to Develop a Military Cyber-Force and a just released edited book from Smeets and Robert Chesney, Deter, Disrupt, or Deceive, which examines the debate between those who posit cyberspace as strategic competition and those who view it as an intelligence contest and thus apply research from intelligence studies. Misconceiving this fundamental categorization would have profound impact on policy development, and thus grappling with the difference between the two perspectives is important.” 

Jun: “Aspiring policymakers should be familiar with the arguments made in Cyber Persistence Theory by Goldman, Fischerkeller, and Harknett, as well as the back-and-forth debate leading up to the publication of this book in various journals and opinion pieces. Ideas laid out in this book embody much of the thinking behind the 2018 US government pivot towards Persistent Engagement and Defend Forward away from a strategy based on deterrence by punishment. Reading the book as well as the debate around it will allow an aspiring policymaker to trace how certain characterizations of cyberspace and its functions will lead to corresponding theoretical predictions, and how such assessments are translated into strategy documents by various agencies.” 

Lindsay: “I highly recommend the new volume by Robert Chesney and Max Smeets exploring the debate over cyber as an intelligence contest or something else. I also recommend that international relations scholars become more familiar with the Workshop on the Economics of Information Security community, which produces fascinating papers every year.” 

Poznansky: “I am going to cheat and highlight two. First is an article by Jordan Branch looking at how the military’s use of familiar metaphors to understand and describe cyberspace affected investments and policy decisions. Branch shows that the comparisons we invoke to understand new phenomena have real-world impacts. Second is a new book by Erica Lonergan and Shawn Lonergan on the dynamics of escalation in cyberspace. It tackles one of the most pressing issues in cyber conflict in a way that appeals to scholars and practitioners alike.”

More from the Cyber Statecraft Initiative:

#4 How has the theory of cyber conflict evolved in the last five years and where do you see the field evolving in the next five years?

Dwyer: “Undoubtedly, the greatest transformation has been the demise of ‘cyber war’ and ‘cyber weapons’ in both theory and practice. This has steadily been replaced (albeit over much more than the past five years) by cyber conflict as an ‘intelligence contest.’ In many ways, this is a welcome development. For the next five years, one might ask what then is distinct about cyber conflict; is it simply a transplant of conventional intelligence-related activity with new tools? I would wager not, and I hope that the cyber conflict studies community examines the role that technology plays that does not simply reduce computation to a tool with none of its own agency.” 

Griffith: “Two significant shifts stand out. One of the biggest was the pivot away from the early focus on war toward a recognition of the diversity of activity that occurs in the absence of and below the threshold of war. In the process, the theories and disciplines cyber conflict scholars brought to bear expanded beyond security studies approaches, which had largely dominated the field, to increasingly include intelligence studies, history, economics, law, etc. In the next five years, I hope to see that aperture continue to widen as we continue to move beyond those early ‘cyber war’ framings to an array of questions stemming from a diversity of disciplines and examining a greater diversity of countries.” 

Harknett: “Along with the work above, Ben Buchanan’s The Hacker and the State and Daniel Moore’s Offensive Cyber Operations have begun to examine the operational space as it is, rather than how people thought it would be. I think there is a significant pivot away from the cyber war construct occurring. Of course, my own bias is that Cyber Persistence Theory as presented by myself, Emily Goldman and Michael Fischerkeller offers a foundational piece of theory that explains a lot of the shifting in state strategy and behavior. I think the utility of the constructs of initiative persistence, campaigning, and strategic competition, will garner debate and may emerge or will be challenged as further research with this focus develops.” 

Jun: “In the past five years, there has been a shift away from efforts to study cyber deterrence to focus on the dynamics of cyber incidents and/or campaigns below the threshold of armed conflict that occur on a regular basis. The field is also becoming more methodologically diverse. In the next five years, the field is likely to focus on getting at the nuances of cyber activity occurring below the threshold of armed conflict. The scholarly community may seek to answer questions such as: when a state takes certain offensive or defensive actions in cyberspace, what do these actions signal, and how are they interpreted on the receiving side? How do we measure or evaluate the effectiveness of cyber campaigns? As other states acquire cyber capabilities and respond to cyber threats, what accounts for how their cyber strategies evolve?” 

Lindsay: “In the last five years, the field has taken a decidedly empirical turn. Cyber is no longer an emerging technology. It has emerged. We have decades of data to explore. This empirical turn complements the theoretical emphasis on intelligence that I mentioned above.” 

Poznansky: “There has been an explosion of work over the last few years devoted to better understanding what exactly cyberspace represents. Is it yet another arena of warfare with some new bells and whistles or is it more akin to an intelligence contest? How we understand the nature of cyberspace has major implications for how we theorize cyber conflict and, equally important, what sorts of policy implications we arrive at. There is much more to be done here.”

#5 How can scholars and policymakers of cyber conflict better incorporate perspectives from each other’s work?

Dwyer: “This is by far the hardest question; however, it is about understanding the needs and goals of both academics and policymakers. This simply requires 1) a firm commitment and foundation from policymakers to fund critical social science and humanities work that can sustain positive engagement and trust building; 2) recognition and support for academics in the translation of their work and impact in ways that are visible to their institutions; and 3) for academics not enter a room with preconceived notions of the solutions to policymakers’ problems.” 

Griffith: “There are a variety of models at our disposal, but one approach of note is on full display in Robert Chesney and Max Smeets’ recent edited volume, Deter, Disrupt, or Deceive, which explicitly puts authors who disagree—and who spearhead emerging schools of thought—in direct conversation with each other. This volume represents the culmination of roughly four years of formal and informal debate and has actively sought to continue the conversation through an ongoing, global series of workshops in the wake of its publication. Another model can be found in the field-building work of the Cyber Conflict Studies Association in United States and the European Cyber Conflict Research Initiative in Europe.” 

Harknett: “Again, the bridge between policy and theory has never been easy to traverse, but one essential element is adopting an agreed upon lexicon. There is, currently, this interesting phenomena in which the UK’s National Cyber Mission Forces’ Responsible Cyber Power in Practice document and the US Defense Department’s approaches of cyber persistent engagement and defend forward, as well as the broader 2023 US National Cybersecurity Strategy, align with the logic of initiative persistence and the structural reasoning of cyber persistence theory, with growing focus on continuous campaigns and seizing the initiative, rather than legacy constructs such as deterrence threats. Although full lexicon consensus has yet to solidify, it will be interesting to observe whether it occurs overtime.” 

Jun: “[Scholars and policymakers of cyber conflict can better incorporate perspectives from each other’s work with] more frequent conversations that raise good new policy-relevant research questions, efforts to ground theoretical and empirical research in what is actually going on, and efforts to turn conclusions from scholarly analysis into actionable policy agendas.” 

Lindsay: “This question is tricky because there are several different groups on either side of the gap, and it is important for all of them to talk. On the policy side, there are government policymakers and intelligence professionals, but also the hugely important commercial sector. And on the academic side you have international relations scholars, computer scientists, and many other social scientists and engineers working in related areas. Cybersecurity is a pretty wicked interdisciplinary problem.” 

Poznansky: “For scholars, being open to the possibility that many of the things we often bracket, in part because they can be hard to measure—bureaucratic politics, organizational culture, leadership, and so forth—is valuable. These factors probably explain more about cyber conflict than we care to admit. For practitioners, remaining open minded to debates that might sound purely academic in nature at first blush but in fact have immense practical relevance is also valuable. Whether cyberspace is mainly an arena for intelligence competition or warfighting—a debate, as mentioned, that is happening right now—matters for the prospect of developing norms, the utility of coercion, the dynamics of escalation, and more.”

Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab). He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

Related Experts: Katie Nickels, Christopher Porter, and Winnona DeSombre Bernsen

Image: "Smoking Gun" by Claudio Rousselon is licensed under CC BY 4.0