Cyberattacks are traditionally made within quite specific categories. These categories align with direct tactical assumptions around the intent of an attack. On this model, an attack on a bank is readily categorized as a heist. An attempt to steal information about a fighter jet can be associated with technological espionage. However, not all attacks so easily fit into a category. Indeed, we are now witnessing a range of attacks that defy efforts to easily contextualize them.
A good example of this is can be seen from the current election. Russian President Vladimir Putin may have denied that Russia had anything to do with the hack of the Democratic National Committee (DNC) but he did declare it a public good. The U.S. response to the hack could easily be called lethargic. In the wake of the attack it took the FBI months to warn the DNC of the suspected Russian role. The hack of the DNC, and the breach of the United States Anti-Doping Agency (USADA) are hard to understand in terms of traditional intelligence collection. This probably explains why the response was muddled.
The traditional category of intelligence collection and analysis would not consider this information particularly useful. That is not to say the information is useless, but it did not provide information on the deployment of military capabilities or undermine the ability of the United states to conduct its own operations. Regardless of the attribution of individual hacks, it is fairly clear that Russia, or Russian activists, are frequently behind instances of cybercrime and cyberattacks.
The Director of National Intelligence, James R Clapper in his Worldwide Threat Assessment stated:
“Rather than a ‘Cyber Armageddon’ scenario that debilitates the entire U.S. infrastructure, we envision something different. We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on U.S. economic competitiveness and national security.”
This however incorrectly categorizes the target of several of the more prominent cyberattacks within the United States. They were not aimed at national security or economic competitiveness but rather at institutions and norms.
Authoritarian states have worked, with some success, to create international norms that are permissive to a level of cyber activity that is against the preferences of the United States and other democratic states. One only has to look at any attack map, such as this one operated by Norse Corp, to see just how normalized attacks have become. This, however, is not something that will overly favor authoritarian states, as they have significantly more to lose from open information than do democratic states.
This has created a paradox for authoritarian states, where efforts to steal technology and normalize attacks has given those states benefits in terms of actionable intelligence. Reasonably developed authoritarian states such as China and Russia, are however, the most dependent upon coercive internet spaces of all states. Should their monopoly of information be penetrated by efforts of democratic states to open them up, they could lose a great deal.
While those states probably have more to lose, it does not necessarily mean that democratic states have nothing to lose. Cyberattacks on USADA and the DNC are not the sort of targets described by Clapper for state-sponsored or -inspired hackers. That is because they are not attacking for economic gain but for equivalence. Anyone who has visited an authoritarian state can attest that much of the best propaganda they offer is in trying to develop moral equivalences between entities. Even if it is based on outright lies, such as the North Korean claim that they didn’t start the Korean War, the aim is not necessarily to develop an alternative truth but to create mistrust of any truth.
For the authoritarian state, the real benefit in attacking the DNC is to make it look as corrupt as themselves. There are now many Americans who believe that the DNC “rigged” the Democratic presidential primary in Hilary Clinton’s favor. The aim is to blur the lines between authoritarian and democratic state. If the two are equivalent, then when Russians get caught ballot stuffing, that’s “abnormal.” This shows that the aim is not just to collect information or gain economic advantage but rather to shape international norms that are more permissive to the continued existence of the authoritarian state.
This effort has been a common one of authoritarian states. In the 1990s, states in Southeast Asia attempted to claim that norms were culturally relative. Contemporary Chinese academics have repeatedly emphasized economic rights over political ones. While these efforts are common to diplomacy, they have now been pressed into cyberspace. This challenges cybersecurity thinkers to consider the intentions of states beyond simple tactical, intelligence and economic gains. Rather, these attacks must be seen within the context of their link to the continued normative preferences of authoritarian states and actors.
Robert Potter is a PhD Candidate at the University of Queensland. Previously he was a Visiting Scholar at Columbia University and took part in a research program in North Korea and China in 2013.