Military and intelligence organisations should work with trusted private sector and international partners on “forward cyber defence” to dissuade cyber adversaries, according to a new report from the Royal United Services Institute (RUSI).

The report, entitled ‘Creating Restraint in Cyberspace: Forward Cyber Operations and Theories of Restraint’, by academic and US Air Force officer Sean Atkins, explores evolving approaches to cyber defence as Western countries weight up the cyber threat posed by the likes of Russia and China.

In recent years, states have faced aggressive cyber operations aimed at critical infrastructure and other systems of national importance, including election infrastructure, electricity distribution systems and financial services networks.

The report stated that countries including the UK face attacks of varying intensity and danger, ranging from intellectual property theft – such as North Korean attempts to steal COVID-19 vaccine development data – to disruption of essential services, as with Russian attacks on the Ukrainian power grid in 2016.

As this threat continues to trend in an increasingly dangerous direction, traditional cyber defences appear less sufficient, the analysis states.

As a result, some states are turning to new strategies that involve using cyber operations beyond the boundaries of their own systems.

“Although the ‘current cyber literature includes an increasingly rich debate on deterrence in cyberspace’, consideration of other pathways to restraint remains thin, and application to forward cyber defence has yet to be accomplished,” the report states. “As a result, how these operations fit within the logics of different paths to restraint remains poorly understood but is critical to achieving desired ends while reducing the risk of destabilisation and exacerbation of cyber conflict. “

Atkins examining how cyber operations might be carried out under foundational theories of restraint including deterrence by punishment and compellence, deterrence by denial, entanglement, normative constraints and tacit cooperation.

First, both costs and gains can be affected at multiple points of an adversary's calculus, and the utility and risks involved in doing so vary significantly across different theoretical pathways to restraint.

The report’s analysis suggests that forward cyber operations should prioritise intelligence collection for deterrence by denial and other restraint pathways, and targeting adversary cyber-operations infrastructure.

The report also argues that a state’s ability to leverage partnerships – both internationally and domestically between government and industry – significantly influences its ability to affect cyber adversaries' costs-gains calculus with forward cyber operations. States ‘with existing partnerships or the ability to develop new trusted partnerships’ have a considerable strategic advantage over those that do not.

As such, the report calls for governments to develop trusted, more operational cyber partnerships with key allies and select private firms that have the capability to exchange and leverage forward-derived information in implementing the various paths to restraint.

Finally, the report is clear that forward defence ‘involves more than intelligence or military organisations’.

It argues that states should bring together a broad range of government actors with distinct expertise, relationships and capabilities that can produce powerful forward effects. The report maintains that meaningfully integrating a broad range of capable actors into forward cyber defence strategies is essential.

Share Story: