Statecraft in Cyberspace
Does the cyber domain call for a fundamentally different framework for achieving international order in the 21st century, requiring statesmen to critically rethink the art of statecraft? Most likely not, for as in past eras when new technologies and global threats have arisen, statesmen are still occupied with the great issues of war and peace. In the era of the Internet, statesmen must take careful heed of matters of war, which remains the most terrifying and destructive experience of mankind.
The advent of the Internet led to a new critical domain where states conduct foreign and security policy, trade, and commerce. As nations have done for centuries past in the domains of air, land, sea, and space, they will seek to maintain sovereignty, ensure security, and pursue international stability, while using power to achieve their goals. Within the cyber domain, the technologically advanced states will utilize new cyber tools to achieve the goals of traditional statecraft. Those tools include:
- the use of social media for public diplomacy or propaganda
- support for increased capacity and access in less developed countries or the use of filters and firewalls to censor content
- economic concessions or sanctions through cyber means
- collaborative law enforcement investigations or criminal indictments
- the high end of the spectrum of security operations; espionage, covert action, and the use of force as elements of self-defense or acts of aggression
States will employ these cyber instruments, more frequently facilitated by their multinational corporations, to effect outcomes not only within the cyber domain but within the other domains as well.
The emergence of the cyberspace domain has challenged much of our historical experience by establishing a man-made domain that is ubiquitous and not threatening on its own, but has tremendous destructive potential. The threats emerging from cyberspace can be nebulous, ill-defined and difficult to attribute, and they exploit vulnerabilities that recognize no national borders. As the domain has outpaced domestic and international regulations, it has created chaotic outcomes. This calls for statesman to establish a political order that provides stability in a truly globally-interconnected system.
There are a number of challenges to developing effective statecraft in cyberspace that, although not entirely unique to this domain, require careful consideration given their associated tradeoffs.
First, although we have not seen the demise of the state - and state sovereignty remains a legitimate and generally accepted ordering principle of the international system - in the cyber domain, states are increasingly forced to share the stage with a variety of “good” and “bad” international actors, including terrorists, criminals, religious organizations, NGOs, and multi-national corporations. This reality will require states to amend their traditional methods of formulating and executing foreign policy, and to develop a more nuanced approach to statecraft.
Second, as technical attribution capabilities improve, states may be able to respond with military measures. It is also more likely that states will be required to share attribution data and analysis with other states to substantiate claims of fault and accord legitimacy to their measures.
Third, a new world of deterrence theory and strategic doctrine urgently needs to be developed for cyberspace. Such a policy cannot be based on a blanket approach to preventing all unwanted activity in this domain. Rather, it should be focused on specific types of weapons that should be regulated, whether it is their development, acquisition, use, or proliferation, based on a consensus of the grave harm that would come from their use.
More practically, agreements that delineate between acceptable and unacceptable targets may prove to be most effective. Given the extensive interconnectedness of private and public assets within cyberspace, this approach may be challenging, but it is necessary. States could draw upon international norms and agreements from other domains as well. The codified and universally accepted laws related to conflict management and the World Trade Organization are just two examples that would be useful in developing a nuanced, tailored deterrence strategy for the cyber domain.
Lastly, in all domains including cyberspace there will be unpredictable changes and inherent uncertainties that will make developing policy options difficult. There may exist a temptation to over rely on cyber tools, due to their ease of use and speed. Even in cyberspace, however, resources are never unlimited. Human skills prove difficult to cultivate and maintain, and the intricate interdependencies of technical platforms will continue to rapidly evolve. These two factors will constrain the ability to predict the consequences of actions in cyberspace.
In the era of the Internet, world leaders are traveling down a path that has never been traveled before, where the only certainty is uncertainty. Practicing statecraft in this new global world order will take courage and character. As in years gone by, statesmen working to establish international stability out of disorder will need vision and determination in order to forge a more peaceful international order and inspire others to do the same. Principles that have long existed among civilizations will be deployed in this new and complex arena, to re-conceptualize the balance of power and reach a new consensus on limits to state activities.