Skip to main content Accessibility help
×
Home

Sound the alarm! Updating beliefs and degradative cyber operations

  • Miguel Alberto N. Gomez (a1)

Abstract

To date, cyber security research is built on observational studies involving macro-level attributes as causal factors that account for state behaviour in cyberspace. While this tradition resulted in significant findings, it abstracts the importance of individual decision-makers. Specifically, these studies have yet to provide an account as to why states fail to integrate available information resulting in suboptimal judgements such as the misattribution of cyber operations. Using a series of vignette experiments, the study demonstrates that cognitive heuristics and motivated reasoning play a crucial role in the formation of judgements vis-à-vis cyberspace. While this phenomenon is frequently studied relative to the physical domain, it remains relatively unexplored in the context of cyberspace. Consequently, this study extends the existing literature by highlighting the importance of micro-level attributes in interstate cyber interactions.

Copyright

Corresponding author

*Corresponding author. Email: miguel.gomez@sipo.gess.ethz.ch

References

Hide All

1 Borghard, Erica D. and Lonergan, Shawn W., ‘The logic of coercion in cyberspace’, Security Studies, 26:3 (2017), pp. 452–81.

2 Valeriano, Brandon and Maness, Ryan, ‘The dynamics of cyber conflict between rival antagonists, 2001–11’, Journal of Peace Research, 51:3 (2014), pp. 347–60.

3 The Stability-Instability Paradox is thought to occur with respect to the use of cyber operations by state actors.

4 Liff, Adam P., ‘Cyberwar: a new absolute weapon? The proliferation of cyberwarfare capabilities and interstate war’, Journal of Strategic Studies, 35:3 (2012), pp. 422–6; Lindsay, Jon and Gartzke, Erik, ‘Coercion through cyberspace: the stability-instability paradox revisited’, in Greenhill, Kelly and Krause, Peter (eds), The Power to Hurt: Coercion in the Modern World (New York: Oxford University Press, 2018), p. 184; Valeriano, Brandon and Maness, Ryan, Cyber War Versus Cyber Realities: Cyber Conflict in the International System (New York: Oxford University Press, 2015), pp. 4577.

5 There are increasing arguments that call for its use in conjunction with other foreign policy instruments. This, however, is not in scope for this study.

6 Maness, Ryan and Valeriano, Brandon, ‘The impact of cyber conflict on international interactions’, Armed Forces & Society, 42:2 (2016), p. 305.

7 Hansel, Mischa, ‘Cyber-attacks and psychological IR perspectives: Explaining misperceptions and escalation risks’, Journal of International Relations and Development, 21:4 (2016), p. 534.

8 Borghard and Lonergan, ‘The logic of coercion in cyberspace’; Slayton, Rebecca, ‘What is the cyber offense-defense balance? Conceptions, causes, and assessment’, International Security, 41:3 (2017), pp. 72109.

9 The experiment was registered via EGAP prior to execution and analysis. Details are available at: {http://egap.org/content/sound-alarm-bias-and-consequences-cyber-risk}.

10 McDermott, Rose, Cowden, Jonathan, and Koopman, Cheryl, ‘Framing, uncertainty, and hostile communications in a crisis experiment’, International Society of Political Psychology, 23:1 (2002), pp. 50–3.

11 It is useful to note though that some of these may overlap with one another to achieve a desired tactical or strategic objective.

12 Valeriano, Brandon, Jensen, Benjamin, and Maness, Ryan, Cyber Strategy: The Evolving Character of Power and Coercion (New York: Oxford University Press, 2018), pp. 2252.

13 Buchanan, Ben, The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations (London: Hurst & Company, 2017), pp. 56.

14 Council on Foreign Relations, ‘Cyber Operations Tracker’, available at: {https://www.cfr.org/interactive/cyber-operations} accessed 28 November 2018; Valeriano and Maness, ‘The dynamics of cyber conflict between rival antagonists, 2001–11’.

15 Moving forward, all references to ‘cyber operations’ or ‘operations’ refer to ‘degradative cyber operations’.

16 Borghard and Lonergan, ‘The logic of coercion in cyberspace’, p. 474; Lindsay and Gartzke, ‘Coercion through cyberspace’, p. 173; Slayton, ‘What is the cyber offense-defense balance?’, pp. 87–91.

17 United States of America, ‘National Cyber Security Strategy of the United States of America’, available at: {https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf} accessed 28 November 2018.

18 Elisabeth Bumiller and Thom Shanker, ‘Panetta warns of dire threat of cyberattack on U.S.’, The New York Times, available at: {https://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html} accessed 28 November 2018.

19 Cyber Security Agency of Singapore, ‘Singapore Cybersecurity Strategy’, available at: {https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf} accessed 28 November 2018.

20 Elena L. Aben, ‘ASEAN to form cybersecurity group’, Manila Bulletin, available at: {http://www.pressreader.com/philippines/manila-bulletin/20160528/281547995138115} accessed 28 November 2018.

21 Gomez, Miguel Alberto and Dai, Candice Tran, ‘Challenges and opportunities for cyber norms in ASEAN’, Journal of Cyber Policy, 3:2 (2018), pp. 217–35.

22 Martin Libicki, ‘Cyberdeterrence and Cyberwar’, RAND Corporation, available at: {https://www.rand.org/content/dam/rand/pubs/monographs/2009/RAND_MG877.pdf} accessed 29 November 2018.

23 Perrow, Charles, Normal Accidents: Living with High Risk Technologies (New Jersey: Princeton University Press, 1984), pp. 62100.

24 Cavelty, Myriam Dunn, ‘From cyber-bombs to political fallout: Threat representations with an impact in the cyber-security discourse’, International Studies Review, 15:1 (2013), pp. 114–15.

25 Saltzman, Ilai, ‘Cyber posturing and the offense-defense balance’, Contemporary Security Policy, 34:1 (2013), pp. 4063.

26 Healey, Jason, ‘Winning and losing in cyberspace’, in Pissanidis, Nikolaos, Rõigas, Henry, and Veenendaal, Matthijs (eds), 8th International Conference on Cyber Conflict (Tallinn: IEEE, 2016), pp. 3749; Iasiello, Emilio, ‘Cyber attack: a dull tool to shape foreign policy’, in Podins, Karlis, Stinissen, Jan, and Maybaum, Markus (eds), 5th International Conference on Cyber Conflict (Tallinn: IEEE, 2013), pp. 451–70; Maness and Valeriano, ‘The impact of cyber conflict on international interactions’, pp. 301–23.

27 Valeriano, Jensen, and Maness, Cyber Strategy, pp. 22–52.

28 Furthermore, the extent with which cyber operations contributed to its success is also in doubt. This reflects the growing trend of considering cyber operations as one component of a larger strategic campaign.

29 Pytlak, Allison and Mitchell, George, ‘Power, rivalry, and cyber conflict: an empirical analysis’, in Friis, Karsten and Ringsmore, Jens (eds), Conflict in Cyber Space: Theoretical, Strategic and Legal Perspectives (London: Routledge, 2016), pp. 6582; Slayton, ‘What is the cyber offense-defense balance?’, pp. 72–109.

30 Joseph Nye, ‘Cyber Power’, Belfer Center for Science and International Affairs, available at: {https://www.belfercenter.org/sites/default/files/legacy/files/cyber-power.pdf} accessed 29 November 2018.

31 Slayton, ‘What is the cyber offense-defense balance?’, pp. 72–109.

32 Liff, ‘Cyberwar’, pp. 409–21.

33 Valeriano and Maness, Cyber War Versus Cyber Realities, pp. 45–77.

34 Nadiya Kostyuk and Yuri Zhukov, ‘Invisible digital front: Can cyber attacks shape battlefield events?’, Journal of Conflict Resolution (2017).

35 Buchanan, The Cybersecurity Dilemma, p. 20.

36 Gartzke, Erik and Lindsay, Jon, ‘Thermonuclear cyberwar’, Journal of Cybersecurity, 3:1 (2017), p. 45.

37 Jacquelyn Schneider, ‘Cyber and Crisis Escalation: Insights from Wargaming’, US Naval War College, available at: {https://pacs.einaudi.cornell.edu/sites/pacs/files/Schneider.Cyber%20and%20Crisis%20Escalation%20Insights%20from%20Wargaming%20Schneider%20for%20Cornell.10-12-17.pdf} accessed 29 November 2018.

38 Clarke, Richard and Knake, Robert, Cyber War (New York: Harper-Collins, 2010), pp. 30–1.

39 Jarvis, Lee, MacDonald, Stuart, and Whiting, Andrew, ‘Unpacking cyberterrorism discourse: Specificity, status, and scale in news media constructions of threat’, European Journal of International Security, 2:1 (2017), pp. 6487.

40 Justin McCarthy, ‘Americans cite cyberterrorism among top three threats to U.S.’, Gallup, available at: {https://news.gallup.com/poll/189161/americans-cite-cyberterrorism-among-top-three-threats.aspx} accessed 29 November 2018.

41 NATO Cyber Defence Centre of Excellence, ‘Cyber Security Strategy Documents’, available at: {https://ccdcoe.org/cyber-security-strategy-documents.html} accessed 29 November 2018.

42 This is not to say, however, that a uniform perception of threat exists amongst these states.

43 Belief in the occurrence of a low-probability, high-damaging event that occurs at a given point in time; Camerer, Colin and Kunreuther, Howard, ‘Decision-processes for low probability events – policy implications’, Journal of Policy Analysis and Management, 8:4 (1989), p. 565.

44 Reinhardt, Gina, ‘Imagining worse than reality: Comparing beliefs and intentions between disaster evacuees and survey respondents’, Journal of Risk Research, 20:2 (2017), pp. 169–94.

45 Camerer and Kunreuther, ‘Decision-processes for low probability events’, pp. 565–92; Gigerenzer, Gerd, ‘Out of the frying pan into the fire: Behavioral reactions to terrorist attacks’, Risk Analysis, 26:2 (2006), pp. 347–51; Viscusi, Kip and Zeckhauser, Richard, ‘Recollection bias and its underpinnings: Lessons from terrorism risk assessments’, Risk Analysis, 37:5 (2017), pp. 969–81.

46 Valeriano and Maness, Cyber War Versus Cyber Realities, pp. 45–77.

47 Buchanan, The Cybersecurity Dilemma, pp. 75–100; Gartzke and Lindsay, ‘Thermonuclear cyberwar’, pp. 44–5.

48 Valeriano and Maness, ‘The dynamics of cyber conflict between rival antagonists, 2001–11’, pp. 347–60.

49 Whyte, Chris, ‘Ending cyber coercion: Computer network attack, exploitation and the case of North Korea’, Comparative Strategy, 35:2 (2016), pp. 93102.

50 Chong, Dennis, ‘Degree of rationality in politics’, in Huddy, Leonie and Sears, David (eds), The Oxford Handbook of Political Psychology (New York: Oxford University Press, 2013), pp. 96129.

51 Herrmann, Richard, Voss, James, Schooler, Tonya, and Ciarrochi, Joseph, ‘Images in International Relations: an experimental test of cognitive schemata’, International Studies Quarterly, 41:3 (1997), pp. 402–33; Holmes, Marcus, ‘Believing this and alieving that: Theorizing affect and intuitions in international politics’, International Studies Quarterly, 59:4 (2015), pp. 706–20; Jervis, Robert, Perception and Misperception in International Politics (New Jersey: Princeton University Press, 1976), pp. 1331; Jervis, Robert, ‘Understanding beliefs and threat inflation’, in Thrall, Trevor and Cramer, Jane (eds), American Foreign Policy and the Politics of Fear (New York: Routledge, 2009), pp. 1639; Mercer, Jonathan, ‘Emotional beliefs’, International Organization, 64:1 (2010), pp. 131; Roach, Steven, ‘Affective values in international relations: Theorizing emotional actions and the value of resilience’, Politics, 36:4 (2016), pp. 400–12; Sasley, Brent, ‘Affective attachments and foreign policy: Israel and the 1993 Oslo Accords’, European Journal of International Relations, 16:4 (2010), pp. 687709.

52 Jervis, Perception and Misperception in International Politics, pp. 13–31.

53 Bar-Joseph, Uri and Kruglanski, Arie, ‘Intelligence failure and need for cognitive closure: On the psychology of the Yom Kippur surprise’, Political Psychology, 24:1 (2003), pp. 7599.

54 Lodge, Milton and Taber, Charles, ‘Three steps towards a theory of motivated political reasoning’, in Lupia, Arthur, McCubbins, Matthew, and Popkin, Samuel (eds), Elements of Reason: Cognition, Choice, and the Bounds of Rationality (New York: Cambridge University Press, 2000), pp. 183213; Taber, Charles, Lodge, Milton, and Glathar, Jill, ‘The motivate construction of political judgements’, in Kuklinski, James (ed.), Citizens and Politics: Perspectives from Political Psychology (New York: Cambridge University Press, 2001), pp. 198226.

55 Mercer, ‘Emotional beliefs’, p. 9.

56 Boulding, Kenneth, ‘National images and international systems’, Journal of Conflict Resolution, 3:2 (1959), pp. 121–2.

57 Both capabilities and cultural likeness may be significant to state interactions in cyberspace but are beyond the scope of this study.

58 Holsti, Ole, ‘The belief system and national images: a case study’, Journal of Conflict Resolution, 6:3 (1962), p. 247; Holsti, Ole, ‘Cognitive dynamics and images of the enemy’, Journal of International Affairs, 21:1 (1967), p. 17.

59 Dreyer, David, ‘Issue conflict accumulation and the dynamics of strategic rivalry’, International Studies Quarterly, 54:3 (2010), pp. 779–95.

60 Only a general idea of a previous event is retained in memory, which could result in mis-contextualisation when used in the future.

61 Blum, Scott, Silver, Roxane, and Poulin, Michael, ‘Perceiving risk in a dangerous world: Associations between life experiences and risk perceptions’, Social Cognition, 32:3 (2014), pp. 299300; Dreyer, ‘Issue conflict accumulation’, pp. 784–6.

62 Maness and Valeriano, ‘The impact of cyber conflict on international interactions’, p. 305.

63 Rid, Thomas and Buchanan, Ben, ‘Attributing cyber attacks’, Journal of Strategic Studies, 38:1 (2015), p. 25.

64 Kruglanski, Arie and Webster, Donna, ‘Motivated closing of the mind: Seizing and freezing’, Psychological Review, 103:2 (1996), pp. 68111.

65 Lerner, Jennifer and Tetlock, Philip, ‘Accounting for the effects of accountability’, Psychological Bulletin, 125:2 (1999), pp. 255–75.

66 Chong, ‘Degree of rationality in politics’, pp. 96–129.

67 Other aspects such as personality and leadership style may also severely impact the extent to which information is processed but these are not currently in scope; Bar-Joseph and Kruglanski, ‘Intelligence failure and need for cognitive closure’, p. 81.

68 While significant to the study of bias, the freezing effect is not tested explicitly in these experiments.

69 Rid and Buchanan, ‘Attributing cyber attacks’, p. 5.

70 Hansen, Lene and Nissenbaum, Helen, ‘Digital disaster, cyber security, and the Copenhagen School’, International Studies Quarterly, 53:4 (2009), pp. 1155–75.

71 Slayton, ‘What is the cyber offense-defense balance?’, pp. 72–109.

72 Bar-Joseph and Kruglanski, ‘Intelligence failure and need for cognitive closure’, pp. 75–99.

73 Lau, Richard and Redlawsk, David, ‘Advantages and disadvantages of cognitive heuristics in political decision making’, American Journal of Political Science, 45:4 (2001), pp. 951–71.

74 Factors such as task-specific instructions, length, and response format have been shown to influence the extent to which base rates are ignored.

75 Krosnick, Jon, Li, Fan, and Lehman, Darrin, ‘Conversational conventions, order of information acquisition, and the effect of base rates and individuating information on social judgments’, Journal of Personality and Social Psychology, 59:6 (1990), pp. 1140–52.

76 The scenario is loosely based on the ongoing dispute between China and several Southeast Asian states.

77 When terms are italicised, these refer to specific variables being studied.

78 See Appendix.

79 Although it has been shown that the response format can influence the emergence of bias, this is not the primary concern of this study and is consequently not tested.

80 Mintz, Alex, Redd, Steven, and Vedlitz, Arnold, ‘Can we generalize from student experiments to the real world in political science, military affairs, and international relations?’, Journal of Conflict Resolution, 50:5 (2006), pp. 757–76.

81 In light of the difficulty of acquiring political elites for these experiments, this serves as a viable proxy for the purpose of this study.

82 Aldrich, John and Lupia, Arthur, ‘Experiments and game theory's value to political science’, in Druckman, James, Green, Donald, Kuklinski, James, and Lupia, Arthur (eds), Cambridge Handbook of Experimental Political Science (New York: Cambridge University Press, 2011), pp. 89101.

83 Casler, Krista, Bickel, Lydia, and Hackett, Elizabeth, ‘Separate but equal? A comparison of participants and data gathered via Amazon's MTurk, social media, and face-to-face behavioral testing’, Computers in Human Behavior, 29:6 (2013), pp. 2156–60; Gomez, Miguel Alberto and Villar, Eula Bianca, ‘Fear, uncertainty, and dread: Cognitive heuristics and cyber threats’, Politics and Governance, 6:2 (2018), pp. 6172.

84 Casler, Bickel, and Hackett, ‘Separate but equal’, pp. 2156–60; Crump, Matthew, McDonnell, John, and Gureckis, Todd, ‘Evaluating Amazon's Mechanical Turk as a tool for experimental behavioral research’, Plos One, 8:3 (2013), p. e57410; Peer, Eyal, Brandimarte, Laura, Samat, Sonam, and Acquisti, Alessandro, ‘Beyond the Turk: Alternative platforms for crowdsourcing behavioral research’, Journal of Experimental Social Psychology, 70 (2017), pp. 153–63.

85 Prolific allows researchers to screen participants based on predefined criteria. There is, however, no guarantee that individuals were truthful when they provided the required background information.

86 Mintz, Redd, and Vedlitz, ‘Can we generalize …?’, pp. 757–76.

87 Hafner-Burton, Emilie, Hughes, Alex, and Victor, David, ‘The cognitive revolution and the political psychology of elite decision making’, Perspectives on Politics, 11:2 (2013), pp. 368–86.

88 McDermott, Rose, Political Psychology in International Relations (Michigan: University of Michigan Press, 2004), pp. 24–9.

89 Hafner-Burton, Hughes, and Victor, ‘The cognitive revolution’, pp. 370–3.

90 Aronson, Elliot and Carlsmith, Merrill, Methods of Research in Social Psychology (New York: McGraw-Hill, 1990), pp. 42–9.

91 This is not statistically different from the first experiment.

92 Since the vignette presented the base rate for states, in general, as the source of cyber operations; a perfectly Bayesian actor should indicate a value even lower than 14.3 per cent.

93 Simon, Herbert, ‘Invariants of human behavior’, Annual Review of Psychology, 41:1 (1990), pp 120.

94 Bjork, Robert and Whitten, William, ‘Recency-sensitive retrieval processes in long-term free recall’, Cognitive Psychology, 6:2 (1974), pp. 173–89.

95 Miller, George, ‘The magical number seven, plus or minus two: Some limits on our capacity for processing information’, Psychological Review, 63:2 (1956), p. 81.

96 Pennycook, Gordon, Trippas, Dries, Handley, Simon, and Thompson, Valerie, ‘Base rates: Both neglect and intuitive’, Journal of Experimental Psychology-Learning Memory and Cognition, 40:2 (2014), pp. 544–54.

97 Rid and Buchanan, ‘Attributing cyber attacks’, pp. 4–37.

98 Gartzke and Lindsay, ‘Thermonuclear cyberwar’, pp. 37–48; Maness and Valeriano, ‘The impact of cyber conflict on international interactions’, pp. 301–23.

99 Kim Zetter, ‘Inside the cunning, unprecendented hack of Ukraine's power grid’, Wired Magazine, available at: {https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/} accessed 29 November 2018.

100 Hafner-Burton, Hughes, and Victor, ‘The cognitive revolution’, pp. 368–86; Mintz, Redd, and Vedlitz, ‘Can we generalize …’, pp. 757–76.

101 Borghard and Lonergan, ‘The logic of coercion in cyberspace’, pp. 464–6; Fearon, James, ‘Rationalist explanations for war’, International Organization, 49:3 (1995), pp. 379414.

102 Borghard and Lonergan, ‘The logic of coercion in cyberspace’, pp. 456–9; Buchanan, The Cybersecurity Dilemma, pp. 48–9.

103 Gartzke and Lindsay, ‘Thermonuclear cyberwar’, p. 45.

104 Galinsky, Adam, Gruenfeld, Deborah, and Magee, Joe, ‘From power to action’, Journal of Personality and Social Psychology, 85:3 (2003), p. 453; Galinsky, Adam, Magee, Joe, Inesi, Ena, and Gruenfeld, Deborah, ‘Power and perspectives not taken’, Psychological Science, 17:12 (2006), pp. 1068–74.

105 This would have required the experiment to be re-registered and for additional funding sought.

106 Experiments 1 and 2 were also tested to include Region but no significant results were found.

107 Rid and Buchanan, ‘Attributing cyber attacks’, pp. 4–37.

Keywords

Sound the alarm! Updating beliefs and degradative cyber operations

  • Miguel Alberto N. Gomez (a1)

Metrics

Altmetric attention score

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed