How Cyberwarfare Is Used to Influence Public Policy

Cyberspace differs from physical domains. How do we know a hacker’s motive or allegiance? Among the many cyber conflicts in cyberspace only a few escalate into a real world conflict. Those which do, however, beckon a reevaluation of existing policies. This paper argues current research is underrating the second-order impact from cyber-enabled political warfare on public policy. It makes a case for policy makers to consider changes of public policy beyond mere retaliation. Moreover it offers insights into the complex investigations process tied to cyber operations that fall out-of-pattern.


At present, most scholarship on the potential for escalation in cyberspace couches analysis in terms of the technological dynamics of the domain for relative power maneuvering. The result has been a conceptualisation of the logic of operation in cyberspace as one of ‘tit-for-tat’ exchanges motivated by attribution problems and limited opportunity for strategic gain. This article argues that this dominant perspective overlooks alternative notions of how cyber tools are used to influence. This, in turn, has largely led scholars to ignore second-order effects – meaning follow-on effects triggered by a more direct outcome of an initial cyber action – on domestic conditions, institutions, and individual stakeholders. This article uses the case of cyber-enabled political warfare targeting the United States in 2016 to show how escalation can occur as a second-order effect of cyber operations. Specifically, the episode led to a re-evaluation of foreign cyber strategy on the part of American defence thinkers that motivated an offensive shift in doctrine by 2018. The episode also directly affected both the political positions taken by important domestic actors and the attitude of parts of the electorate towards interference, both of which have reinforced the commitment of military planners towards assertive cyber actions.

Make sure to read the full paper titled Beyond tit-for-tat in cyberspace: Political warfare and lateral sources of escalation online by Christopher Whyte at

Credit: Jozsef Hunor Vilhelem

Cyber-enabled political warfare takes place on a daily basis. It is orchestrated by democracies and authoritarian states alike. A prevailing academic school of thought evaluates these cyber operations by a four-prong perimeter guidance: 

(1) Common intelligence-gathering
(2) Signal testing
(3) Strategic reconnaissance which may result in a
(4) Major cyber assault on critical infrastructure

On both sides, attacker and defender, it is incredibly difficult to determine whether a cyber operation is a tolerated everyday occurrence or a prelude to, if not the final attack against national security. This overpowering imbalance between signal-to-noise ratio has led to a dominant academic perspective that argues cyber operations are an endless loop of retaliatory instances overlooking clandestine long-term objectives. It begs the question: when does an instance of cybersecurity become a matter of national security? When does a cyber operation escalate into full-on warfare? In this paper, the author creates a notion for cyber operations as an instrument to influence public policy beyond mere breach of cybersecurity post escalation. Through examples of cyber-enabled political warfare, the author makes a case for vulnerabilities in democratic societies that originate from a failure to evaluate cyber-enabled political warfare under cyber conflict standards. Therefore creating a vacuum for policy development skewed to overstate potential cyber risks in public policy.    

Cyber operations resulting in cyber conflict are here to stay. In an increasingly accessible space of computer science and affordable hardware, nation states as well as hostile individual fringe groups find more and more fertile ground to develop new generations of cyber tools to pursue anything from criminal objectives to ideological influence operations to subvert public opinion. In the context of cyber operations being part of an everyday occurrence this poses the first problem of identifying a targeted cyber operation as a departure from regular everyday probes in cyberspace. Aforementioned affordability increases difficulty to assess the situation since the cyber operation may originate from a state-actor or is a proxy action driven by individual fringe groups that may or may not be adherent to a state-actor. Here, states need to decide between tolerance, which may result in a failure to detect a major assault on critical infrastructure or a measured response, which will always result in giving away signal that an opponent may abuse for future cyber operations. Of course, the former carries risk of escalating into a real world conflict. Whereas the latter carries the risk of setting the stage for a real world conflict under even less favorable circumstances. In this latter scenario the author creates a notion to consider the second order effects on public policy. In other words, when investigating cyber operations, it is necessary to review beyond the technical means and parse the attack with current affairs. This notion reverberates into the policy development process for the event of a shift in strategic policy.

“What pressure points and vulnerabilities dictate the utility of cyber operations and, subsequently, the shape of potential escalation?”

Democracies delegate the power of the people to elected leaders based on an information exchange system that requires integrity. Cyber-enabled political warfare seeks to exploit integrity by sowing distrust in the political system and its elected leaders. By example of the 2016 U.S. presidential elections, the author builds a case for clarity on how the cyber operations were not only a ‘tit-for-tat’ engagement in support of a particular candidate but rather deployed with a strategic, long-term objective to subvert the integrity of U.S. democracy. The disruption of the democratic process took place by 

(1) Identifying a lack of government regulation for social media platforms that have critical reach with the electorate
(2) Understanding flaws in the algorithmic design of information distribution via social media
(3) Increased cyber attacks on private information that carry disruptive elements once published
(4) Increased deflection of attempts to specifically attribute cyber operations. Therefore enabling plausible deniability
(5) A domestic political landscape that is so polarized that it tolerates foreign interference or is even further divided by domestic agent’s rhetoric and 
(6) A foreign actor (Russia) who is willing to exploit these vulnerabilities

Through these various inter-connected and standalone stages of cyber-enabled political warfare, the Russians were able to effectively undermine public trust in both political candidates, the democratic process and beyond that to an extent that triggered a critical reevaluation of the U.S. cyber strategy resulting in new public policy. The implication for policy makers is to critically consider lateral side effects of cyber operations beyond the method employed and damage done. The potential to influence decision-making of state leaders might be enhanced by these second order effects especially when misinterpreted. Aside from attribution, an effective policy response must take a holistic approach beyond closing a vulnerability in national security.    

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.