Signaling Intent, Resolve and Capabilities in Cyber Crises
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
Whether states engage in bargaining (zero-sum) or deterrence (non-zero-sum) games, they face the challenge of incomplete (no one has all relevant information) and often asymmetric (one side knows more / better than the other) information. Signalling is one of the means for states to address this issue.
It can be defined as "the purposive and strategic revealing of information about intent, resolve, and/or capabilities by an actor A to alter the decisions of another actor B to improve the chances that an outcome desired by A is reached when the desired outcomes of A and B are dissimilar" (Gartzke et al, 2017).
Signaling can help avoid a costly confrontation by revealing, privately or publicly, information. But such information need not be true. If one side can credibly pretend to be more resolved or capable than it actually is (i.e. bluffing), then it will have an advantage in negotiations and may even avoid conflict altogether.
Despite the expensive research on signaling since the 1960s, the theoretical value of certain signals has not always be empirically justified. Further, all signals are not equal in their effectiveness, and they can also be misinterpreted (Jervis, 2017). Because states are not necessarily unitary actors, domestic institutions, groups and individuals can all signal the resolve of the state as a whole (Allison and Zelikow, 1999). Domestic politics can also affect the credibility of signaling on the international scene (Fearon, 1997). Additionally, leaders' perceptions of their opponent's reputation, which falls under the theoretical microfoundations of foreign policy signaling, may explain the effectiveness of signaling under certain circumstances (Hall and Yarhi-Milo, 2012).
This research will explore how states signal intent, resolve and capabilities in and about cyberspace, and to what extent traditional signaling theory fits with recent empirical developments on cyber conflict.
Cross-domain deterrence and the substitutability of different signals in different domains is an under-researched yet emerging topic (Gartzke and Lindsay, 2019). Recent work suggests that coercive acts follow a logic of means (e.g. cyber vs missiles) rather than of effects (kinetic vs non-kinetic) (Kreps and Schneider, 2019). Forthcoming work by Gatzke et al suggests that differentiating means of signaling (military, economic, diplomatic) may "lead to further insights into the role of signaling in war and peace" (Gartzke at al, 2017). The US response to the Sony Entertainment hack, for instance, consisted in both economic sanctions against the DPRK and criminal indictment of one individual.
This project falls within the EPSRC "Global Uncertainties" research area, with cybersecurity as the subtheme. It will be conducted within the Department of Politics and International Relations.
It can be defined as "the purposive and strategic revealing of information about intent, resolve, and/or capabilities by an actor A to alter the decisions of another actor B to improve the chances that an outcome desired by A is reached when the desired outcomes of A and B are dissimilar" (Gartzke et al, 2017).
Signaling can help avoid a costly confrontation by revealing, privately or publicly, information. But such information need not be true. If one side can credibly pretend to be more resolved or capable than it actually is (i.e. bluffing), then it will have an advantage in negotiations and may even avoid conflict altogether.
Despite the expensive research on signaling since the 1960s, the theoretical value of certain signals has not always be empirically justified. Further, all signals are not equal in their effectiveness, and they can also be misinterpreted (Jervis, 2017). Because states are not necessarily unitary actors, domestic institutions, groups and individuals can all signal the resolve of the state as a whole (Allison and Zelikow, 1999). Domestic politics can also affect the credibility of signaling on the international scene (Fearon, 1997). Additionally, leaders' perceptions of their opponent's reputation, which falls under the theoretical microfoundations of foreign policy signaling, may explain the effectiveness of signaling under certain circumstances (Hall and Yarhi-Milo, 2012).
This research will explore how states signal intent, resolve and capabilities in and about cyberspace, and to what extent traditional signaling theory fits with recent empirical developments on cyber conflict.
Cross-domain deterrence and the substitutability of different signals in different domains is an under-researched yet emerging topic (Gartzke and Lindsay, 2019). Recent work suggests that coercive acts follow a logic of means (e.g. cyber vs missiles) rather than of effects (kinetic vs non-kinetic) (Kreps and Schneider, 2019). Forthcoming work by Gatzke et al suggests that differentiating means of signaling (military, economic, diplomatic) may "lead to further insights into the role of signaling in war and peace" (Gartzke at al, 2017). The US response to the Sony Entertainment hack, for instance, consisted in both economic sanctions against the DPRK and criminal indictment of one individual.
This project falls within the EPSRC "Global Uncertainties" research area, with cybersecurity as the subtheme. It will be conducted within the Department of Politics and International Relations.
Planned Impact
It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
Organisations
People |
ORCID iD |
| Lucas Kello (Primary Supervisor) | |
| Arthur Laudrain (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/P00881X/1 | 01/10/2016 | 31/03/2023 | |||
| 2068367 | Studentship | EP/P00881X/1 | 01/10/2018 | 30/09/2022 | Arthur Laudrain |