Are cyber capabilities a useful method for coercive diplomacy? If so, what conditions favor successful cyber coercion to produce a desired victim response? This research explores how cyber coercion can be used as a tool of statecraft to change an adversary’s behavior and examines two cases over three temporal values. Examining the two cases of North Korea versus Sony and Russia versus Estonia illustrates practical lessons about the constraints and abilities of the employment of cyber coercion as well as how victim responses operate on a spectrum and can change over time.
In examining George’s seven factors that favor coercive diplomacy and applying them to these cases, this research reveals four additional factors that ought to be included when addressing the dynamics that contribute to a victim changing their behavior in response to cyber coercion. The difference between a low-level attack (e.g. web defacement) compared with a high-level attack (e.g. paralyzing backbone servers) communicates two vastly different levels of threat to a victim and incurs extremely different costs for the victim. These technical aspects of cyber statecraft and their ramifications for cyber coercion are not covered by George’s earlier works on coercive diplomacy, as few people in the 1990s were even considering cyber as a threat landscape.
This research does not provide one generalizable theory of how to conduct cyber coercion; rather, it provides a Utilitarian theory that identifies additional factors that favor cyber coercion and contributes to a conditional generalization. Further, it introduces the idea of examining this change in behavior over time to properly assess the impact of cyber coercion on the totality of the victim’s behavior. Extending the time intervals reveals additional critical data necessary to fully analyze the nature of a cyber coercion dyad. Finally, it provides a hybrid method to attain attribution by fusing social science methodology with cybersecurity techniques. Together, this data and method serve to correct the conventional wisdom on two influential cases; this research traces the process that proves why a correction for each case is warranted; and, it shows how the choices an aggressor makes in its cyber coercive strategy can result in different outcomes for the victims
