Escolar Documentos
Profissional Documentos
Cultura Documentos
IULIAN F. POPA
Ph. D. candidate, Intl. Relations and Security Studies Doctoral School, Babe-Bolyai University
E-mail address: ifp2@georgetown.edu
Abstract
To date only a few scholars and security studies experts around the world referred explicitly the cyber
security dilemma within their research works. As I generally agree with Nicholas Rueter and Mike McConnell
findings on this topic, I strongly believe the classical security dilemma framework as defined and
conceptualized by Robert Jervis previously, emerges within cyberspace undoubtedly.
In other words, in terms of cyber security, this paper aims to identify and reveal the most likely
elements which describe the both cyber security dilemma escalation and de-escalation (referred herein as ease
or settlement). Therefore, I focus my attention on continuing Rueters work, by stepping forward his theory in
terms of factors or behavior leading to the occurrence and escalation of cyber clashes among international
cyber stakeholders. Last but not the least, I describe and review briefly the cyber security dilemma escalation
and settlement pattern.
Keywords: national security, cyber security, cyber security dilemma, security dilemma.
This work was possible due to financial support of the Sectoral Operational Programme for Human Resources
Development 2007-2013, co-financed by the European Social Fund, under the project number POSDRU/159/1.5/S/140863,
with the title Competitive Researchers in Europe in the Field of Humanities and Socio-Economic Sciences. A Multi-
regional Research Network.
1
John Mearsheimer, The False Promise of International Institutions, International Security, vol. 19, no. 3, 1994, pp. 5-49.
SD
SD Behavior Behavior Type Advantage Environment Type
Intensity
2 X Dangerous
Not Very
1 Offensive and Defensive Offense Aggressive
distinguishable intense
Arms race
Not
2 Offensive and Defensive Defense Intense Probably dangerous
distinguishable
Less aggressive
Not
3 Offensive and Defensive Distinguishable Offense Probably safe
intense
Low 2 X Safe
4 Offensive and Defensive Distinguishable Defense
intensity/ Very little dangerous
2
Idem, p. 10.
3
Philip G. Cerny, The New Security Dilemma: divisibility, defection and disorder in the global era Review of
International Studies, vol. 26, 2000, p. 623-646.
4
Dorian Jano, Aspects of Security Dilemma What We Have Learned from the Macedonian Case Perceptions, Spring-
Summer, 2009, accessed August 4, 2014, at http://sam.gov.tr/wp-content/uploads/2012/01/Dorian-Jano.pdf.
5
Charles L. Glaser, The Security Dilemma Revisited World Politics, Vol. 50, No. 1, Fiftieth Anniversary Special Issue,
1997, pp. 171-201.
6
John H. Herz, International Politics in the Atomic Age (New York: Columbia University Press, 1962), p. 231, apud Ian
Bellany, Defensive Arms and the Security Dilemma: A Cybernetic Approach Journal of Peace Research, Vol. 33, No. 3
(Aug., 1996), pp. 263-271.
7
Cf. Sean M. Lynn-Jones, "Offense-Defense Theory and Its Critics," Security Studies, Vol. 4, Summer, 1995, 672-674.
8
Robert Jervis, Cooperation Under the Security Dilemma World Politics, Vol. 30, no. 2, pp. 167-214, apud Idem.
9
Idem, pp. 186-214.
Scenario 1 2 3 4
Good governance Very unfriendly Unfriendly Less friendly Friendly
Therefore, even though we clearly witness nowadays the states are less willing to join good governance
arrangements, I argue the SD may be diminished to a certain extent by good governance, complex
interdependencies or rewards and punish approaches, even more as I strongly believe the SD is seriously
influenced by mistrust in international relations rather than the anarchy of the world if there is an intrinsic
one as neorealists suggest. Indeed, competitive states might have serious national security grounded fears based
on the fact their adversaries might become too powerful, but it might be wiser for global decision makers to also
regard SD as a social structure composed of intersubjective understandings in which states are so distrustful
that they make worst-case assumptions about each others intentions10. At least in cyberspace.
However, bearing in mind virtual space is even apparently, less physically violent and aggressive
compared to the real world, in the following I will briefly introduce the cyber security dilemma (CSD) and
analyze its current pattern.
Therefore, as Nicholas C. Rueter suggested11, I assume there is a security dilemma within cyberspace
also, namely the cyber security dilemma. Though I do not fully agree with Rueters arguments on cooperation
over cyberwarfare [] despite the security dilemma12, I suggest the CSD or the cyber arms race might be for
both state and non-state actors a convenient and less intense/aggressive alternative to the classical security
dilemma, due to increased operational flexibility and reduced entry costs13 in cyberspace.
10
Alexander Wendt, "Constructing International Politics " International Security, vol. 20, no. 1, 1995, p. 73.
11
Nicholas C. Rueter, The Cybersecurity Dilemma (Durham, NC, Duke University, 2011), pp. 1-7.
12
Idem, pp. 43-54.
13
Fred Schreier, On Cyberwarfare DCAF Horizon, No. 7 (Working Paper), 2005, p. 12, accessed on August 9, 2014, at
http://www.dcaf.ch/content/download/67316/1025687/file/OnCyberwarfare-Schreier.pdf.
14
Forrest Hare, Borders in Cyberspace: Can Sovereignty Adapt to the Challenges of Cyber Security?, in Christian
Czosseck (ed.), Kenneth Geers, Cryptology and Information Security Series Volume 3 (Amsterdam: IOS Press, 2011), p.
89.
15
The Parliament, Czech Republic Draft Act on Cyber Security (2014), p. 2, accessed on August 10, 2014, at
http://www.ccdcoe.org/cyber-definitions.html.
16
International Telecommunications Union, Recommendation X.1205 Overview of cybersecurity, accessed August 11,
2014, at https://www.itu.int/rec/T-REC-X.1205-200804-I.
tactical cyber means, the initial target being compelled to actively and/or passively defend its posture and offset
the induced imbalances via offensive and/or defensive cyber means as well.
Such unique situation, known as the CSD initialization (phase A and to B), may give rise to serious
tensions among the initial attacker and target due to the operational, tactical, and (why not?) strategic power
imbalances among them. Not surprisingly, almost in the same time or within a very short period of time the
initial attacker might become target as well, escalating significantly the dilemma (phase C to E) please see the
figure no. 1.
How CSD works?
As previously suggested17, and bearing in mind the context described above, I have identified that CSD
looks as a recursive loop, being invariably a systematic alternation between gradual tension escalation and
relief. In fact, the CSD initialization-escalation-settlement pattern looks very similar to a Gaussian conflict
escalation curve, excepting the pinnacle often regarded as collateral (mutually disadvantageous) stalemate or
mutually hurting stalemate, which in fact might be not fully disadvantageous for parties involved.
Firstly, even though to date the assumption above has only empiric grounds, the benefits of dilemma
initialization and escalation might have a serious lucrative logic to some extent (mainly phase D to phase G).
Therefore, despite criticism, I strongly believe not only the CSD initialization, but the escalation also is indeed
worth trying in most cases.
Secondly, as might have been expected, there is no genuine cyber security dilemma when the cyber
security based dilemma extends outside cyberspace. In such cases, the security dilemma is in fact a classical one
rather than a CSD.
Thirdly, as most of the global relevant non-state cyber actors increase their close cooperation
arrangements with various national governments and state actors, it is expected that CSD will shortly emerge
among relevant and/or competitive non-state actors, either global or regional, sharing enough tactical or
strategic interests.
What is CSD struggle?
I define the CSD struggle as the competitive actors ability to exploit and wisely use all the available
cyber techniques, means, and instruments to timely limit and overcome the opponents operational, tactical
and/or strategic advantages.
OCEO vs.
ST. PH. INTENSITY COMMENTS
DCEO
A Distinguishable No intensity initial target identification and acquisition;
1
B Distinguishable Low intensity initialization phase; OCEO and DCEO planning;
constructive or disruptive / destructive mutual responses;
C Distinguishable Moderate during this phase the CSD may still be reversible via good
2 cyber governance approaches;
Not
D Intense the CSD becomes irreversible; the tensions increase;
distinguishable
Not the tensions pinnacle is reached; bidirectional clashes
E Very intense
distinguishable have serious effects on the opponents;
tensions decrease as the melting point was reached; most
3
Not likely at least one party is or becomes no longer able to
F Very intense
distinguishable offset properly the induced power imbalance by means of
efficient offensive and/or defensive behavior;
Not although the parties start gradually disengage, OCEO and
G Intense
distinguishable DCEO are still prevalent;
4
parties initiate constructive approaches; this phase is not
H Distinguishable Moderate
mandatory;
de-escalation consolidation phase; each actor actively
I Distinguishable Low intensity contributes to CSD settlement while strengthening the
5 stabilization (not mandatory);
forced or non-forced CSD settlement; the dilemma may
J Distinguishable No intensity
be re-initiated at any time again;
17
Charles L. Glaser, op. cit., pp. 171-201.
Figure 1 CSD half loop pattern (in drawings18)
Conclusion
Nicholas C. Reuter, as cited above, was beyond any serious doubt right. Therefore, most likely, there is
a security dilemma within cyberspace, even though, military speaking, no one is able at the moment to clearly
assess whether or not there is an arms racing within the cyber domain.
Personally, from a neorealist academic approach which not necessarily I entirely agree with, I strongly
believe the CSD emerges within the virtual battlefield as well. Nonetheless, the international scientific
research on CSD is still at its very beginnings and therefore far from having irrefutable outcomes on this topic.
Generally speaking, the CSD resembles to its classical counterparts, but with some notable exceptions.
Briefly no matter what the theoretical perspective or paradigm (e.g. structural realism, constructivism, etc.)
these revolve around the following findings:
compared to its classical counterparts, the CSDs initialization has serious economic grounds
highly likely the most relevant ones, besides the military purposes; also there are strong clues the
18
Edited image. Original image courtesy belongs to The Association for Conflict Resolution, accessed on August 9, 2014,
at http://www.acrkentucky.org/wp-content/uploads/2013/04/resolving_conflict.jpg.
CSD may escalate on a social-engineering basis, as theese techniques and practices progress very
swiftly;
the CSD side effects are mainly of virtual type (non-kinetic), even though cyber security has an
significant military dimension and most of the critical infrastructures are highly cyber-dependent;
the CSD is unlikely to inflict a classical security dilemma at large scale; the vice versa it is highly
likely as it comes more closer to the nowadays global security environment realities;
the CSD goes beyond the state-to-state security dilemma framework, as the some competitive non-
state actors become nowadays as relevant as some state actors;
the CSD is less aggressive and violent compared to its classical counterparts;
while most of the time the classical security dilemma may leads to a stalemate, the CSD might have
a serious benefits for the parties involved.
Therefore, I argue the CSD is deeply rooted in the cyberspace security ecosystem. In the future, it has to
be assessed whether or not the CSD escalation favors its initiators to bypass the international cyber governance
framework and regulations regarding the proper conduct within cyberspace and military operations as well. To
the moment, I havent been able to clearly identify whether or not the international communitys past and
current (good) cyber governance efforts prevent significantly the CSDs escalation, as its initialization is
unavoidable for the moment19.
References
Bellany, Ian, Defensive Arms and the Security Dilemma: A Cybernetic Approach Journal of Peace Research,
Vol. 33, No. 3 (Aug., 1996), pp. 263-271.
Cerny, Philip G., The New Security Dilemma: divisibility, defection and disorder in the global era Review of
International Studies 26, 2000, 623646.
Glaser, Charles L., The Security Dilemma Revisited World Politics, Vol. 50, No. 1, Fiftieth Anniversary
Special Issue, 1997, pp. 171-201.
Geers, Kenneth, Strategic Cyber Security (Tallinn, NATO CCD COE, 2011) p. 63.
Hare, Forrest, Borders in Cyberspace: Can Sovereignty Adapt to the Challenges of Cyber Security?
Cryptology and Information Security Series Volume 3 (Amsterdam: IOS Press, 2011), p. 89.
Herz, John H., International Politics in the Atomic Age (New York: Columbia University Press, 1962), p. 231.
Higgins, Kelly Jackson, Aurora Attacks Still Under Way, Investigators Closing In On Malware Creators,
accessed August 8, 2014, at http://www.darkreading.com/security/news/222700786.
International Telecommunications Union, Recommendation X.1205 Overview of cybersecurity, accessed
August 11, 2014, at https://www.itu.int/rec/T-REC-X.1205-200804-I.
Jano, Dorian, Aspects of Security Dilemma What We Have Learned from the Macedonian Case
Perceptions, 2009, available, at http://sam.gov.tr/wp-content/uploads/2012/01/Dorian-Jano.pdf.
Jervis, Robert, Cooperation Under the Security Dilemma World Politics, Vol. 30, no. 2, pp. 167-214.
Lynn-Jones, Sean M., Offense-Defense Theory and Its Critics Security Studies, Vol. 4, Summer, 1995, 672-
674.
Mearsheimer, John, The False Promise of International Institutions International Security, vol. 19, no. 3,
1994, pp. 9-10.
Popa, Iulian F., Cyberspace Governance. New Governance Approach in Support to International Security
Conference Proceedings, The Complex and Dynamic Nature of the Security Environment (Bucharest,
The Centre for Defence and Security Strategic Studies - Carol I National Defense University, 2013),
pp. 369-379, accessed August 13, 2014, at http://cssas.unap.ro/en/pdf_books/conference_2013.pdf.
Rueter, Nicholas C., The Cybersecurity Dilemma (Durham, NC, Duke University, 2011), pp. 1-7.
Schreier, Fred, On Cyberwarfare DCAF Horizon, No. 7 (Working Paper), 2005, p. 12, accessed on August 9,
2014, at http://www.dcaf.ch/content/download/67316/1025687/file/OnCyberwarfare-Schreier.pdf.
Starr, Stuart H., Towards an Evolving Theory of Cyberpower Cryptology and Information Security Series,
(Amsterdam: IOS Press, 2011), pp. 18-52.
The Parliament, Czech Republic Draft Act on Cyber Security (2014), p. 2, accessed on August 10, 2014, at
http://www.ccdcoe.org/cyber-definitions.html.
Wendt, Alexander, "Constructing International Politics " International Security, vol. 20, no. 1, 1995, p. 73.
19
Iulian F. Popa, Cyberspace Governance. New Governance Approach in Support to International Security Conference
Proceedings, The Complex and Dynamic Nature of the Security Environment (Bucharest, The Centre for Defence and
Security Strategic Studies - Carol I National Defense University, 2013), pp. 369-379, accessed August 13, 2014, at
http://cssas.unap.ro/en/pdf_books/conference_2013.pdf.