The authors of this report examine cases from Russia, China, Iran, and North Korea to understand whether and how states use cyber operations to coerce other states or actors, and highlight the challenges of identifying cyber coercion. They also propose ways to develop a deeper understanding of cyber coercion and how to counter it.
Fighting Shadows in the Dark
Understanding and Countering Coercion in Cyberspace
- What role do cyber operations play in interstate and international relations?
- Are states using cyber operations to coerce others?
- Have cyber operations sponsored by Russia, China, Iran, and North Korea met the definition of cyber coercion? If so, how?
What is cyber coercion, and how have states used cyber operations to coerce others? Based on unclassified, open-source material, the authors of this report explore how four states — Russia, China, Iran, and North Korea — have used cyber operations, and whether that use constitutes cyber coercion.
States like Russia and North Korea appear to be more likely to have used cyber operations as a coercive tool than China and Iran. The authors also find that, contrary to what coercion theory would predict, states often do not make distinct threats with unambiguous demands for changes in behavior. Rather, states use cyber operations to try to coerce their neighbors while denying responsibility, often hiding behind proxies and without issuing clear demands. Despite the low probability of success, the authors anticipate states will continue to use and may, in fact, come to employ cyber operations more often in the future to coerce. To prepare for this outcome, the United States and its allies need to work now to develop methods to discern cyber coercion as it emerges and strategies to counter it in the future.
Cyber operations intended to coerce are a small subset of overall cyber operations globally
- Espionage remains the predominant purpose of states' cyber operations.
- Russian cyber operations appear to have had some coercive intent in Ukraine and Montenegro.
- Chinese cyber operations show a continued focus on espionage, but potentially with some coercive intent as a secondary objective.
- Iranian cyber operations appear more focused on retaliating against regional neighbors and the West, rather than serving a direct coercive purpose.
- North Korea has routinely engaged in coercive acts in the physical world and sees cyber operations as another means to coerce others.
- The assessment of these cases indicates how the threat, threat actor, and the desired change in behavior is often unclear or ambiguous, though this ambiguity does not appear to prevent countries from pursuing these coercive campaigns.
- The United States and its partners need to develop a richer understanding of how cyber coercion might emerge, build systems to provide warning of impending operations, and craft strategies to deter and respond to cyber coercion.
Table of Contents
Conclusion and Next Steps