In the 21st century, the digital realm has emerged as a pivotal battleground for national power and international influence. At the forefront of this digital competition are two potent strategies-cyber posturing and cyber strategic coercion. These techniques, while interconnected, serve distinct roles in the broader context of geopolitical competition. Cyber posturing is the display of cyber capabilities to deter or influence adversaries. In contrast, cyber strategic coercion employs cyber tools to compel an adversary to alter behaviour, often leading to economic, social, or political disruption.
Cyber Posturing: Signalling Strength and Intent
Cyber posturing refers to the strategic actions and signals a country, organisation, or non-state actor sends regarding its capabilities, intentions, and readiness in cyber security. It can involve various activities, from public statements and demonstrations of cyber capabilities to developing and deploying advanced cyber tools. Cyber posturing aims to achieve multiple objectives, such as deterrence, signalling intent, or shaping perceptions among adversaries and allies.
Defining Cyber Posturing. Cyber posturing refers to a state or non-state actor’s strategic actions to protect its cyber capabilities, either in preparation for conflict or as a demonstration of power. Just as a nation might showcase its military hardware or nuclear arsenal during tension, cyber posturing involves actions or public signals designed to communicate resolve, strength, or deterrence in the digital domain. Cyber posturing includes various activities, from showcasing offensive cyber tools in public forums to conducting limited cyber operations to signal resolve. It can be overt—such as publicly revealing cyber capabilities—and covert, involving more subtle actions meant to project power without confrontation. According to Cyber security expert Herbert Lin, cyber posturing is a form of “strategic ambiguity,” where a state’s true capabilities and intentions are not fully clear, keeping adversaries on edge and uncertain of the consequences of escalation. This uncertainty can help maintain a balance of power, as adversaries may be deterred from acting out of fear of unknown retaliation.
Purposes of Cyber Posturing. Cyber posturing is often difficult to measure directly because it involves ambiguity and strategic ambiguity; the true intent behind cyber actions can be hard to decipher, creating uncertainty among adversaries and possibly preventing miscalculations.
- Deterrence. The primary goal of cyber posturing is to deter adversaries by demonstrating a credible cyber retaliation capability. For example, the United States National Cyber Strategy emphasises the importance of using cyber capabilities to defend its national interests and to deter hostile cyber actors. U.S. actions, such as publicly attributing cyber attacks to foreign adversaries, are part of a broader cyber posturing strategy to make clear that cyber aggression will provoke a significant response. A nation or group may seek to deter potential adversaries from attacking or engaging in malicious cyber activities by demonstrating advanced cyber capabilities. The idea is to make the cost of an attack seem higher than any potential benefit, much like nuclear deterrence during the Cold War.
- Signalling Capability. By showcasing advanced cyber capabilities, nations signal their technical prowess and their ability to shape international norms. Cyber posturing can be used to align with global cyber security standards, thereby influencing the perception of a nation’s role in international cyber governance. Countries might use cyber posturing to signal their strength or preparedness in the cyber domain. This can include publicising or testing offensive cyber tools or defending against high-profile attacks to showcase resilience.
- Coercion or Influence. A nation may use cyber means to coerce or influence another country through direct attacks or create an impression of vulnerability that pressures the other side to act in a certain way. This could involve denial-of-service attacks, data breaches, or other disruptive cyber actions.
- Demonstration of Intent. By engaging in cyber posturing, actors might communicate specific geopolitical intentions. For example, if a country wants to demonstrate support for an ally, it may engage in cyber defence collaboration or publicly disclose its cyber capabilities.
- Cyber Warfare Preparation. Nations may posture in cyberspace to prepare for future cyber warfare, either to gain an advantage or to ensure readiness in a cyber conflict.
Examples of Cyber Posturing. Russia has frequently engaged in cyber posturing to reinforce its global influence and project power over adversaries. The 2007 cyber attack on Estonia disrupted government and banking operations and is one of the earliest instances of cyber posturing. Though Russia denied involvement, the attack sent a clear message about the power of cyber operations. David S. Alberts, a U.S. defence strategist, noted that the attack illustrated how cyber operations could be used to “exhibit the coercive power of digital tools” without resorting to kinetic military force. China has also engaged in cyber posturing, particularly in the South China Sea, to project its military capabilities and deter other nations from challenging territorial claims. Chinese cyber activities, such as the alleged theft of intellectual property from foreign companies, demonstrate cyber prowess meant to deter international interference.
Cyber Strategic Coercion: The Power to Influence Behaviour
While cyber posturing is about signalling strength, cyber strategic coercion involves using cyber tools to directly influence an adversary’s behaviour, often through the threat or execution of disruptive cyber actions. In this context, coercion is aimed at forcing an adversary to change its political, military, or economic behaviour, usually in the face of an ongoing crisis or negotiation. This form of coercion can be employed in various ways, from targeted cyberattacks that disrupt infrastructure or cause economic damage to more subtle tactics such as cyber espionage or manipulating public perception through disinformation campaigns.
Defining Cyber Strategic Coercion. Cyber strategic coercion operates on the principle of using threats, punishment, or the disruption of an adversary’s infrastructure to force a change in its behaviour. This is often done through cyber attacks that disrupt critical systems, steal sensitive information, or manipulate public perception. Thomas Rid, a leading scholar on cyber security, argues that cyber coercion is effective when it exploits the adversary’s vulnerabilities, pushing them into a position where they either concede to demands or risk escalating the conflict.
Methods of Cyber Strategic Coercion. Cyber attacks that cripple a nation’s economy or infrastructure are a potent form of coercion. Denial of Service (DoS) and ransomware attacks often damage the adversary economically, forcing them to the negotiating table. One of the most notable examples is the WannaCry ransomware attack in 2017, attributed to North Korea, which crippled hospitals, businesses, and government agencies globally. However, the impact of cyber strategic coercion is not limited to economic or infrastructural damage; it can also disrupt political processes, thereby exerting influence on a broader scale.
Examples of Cyber Strategic Coercion. Russia has employed cyber strategic coercion in its ongoing conflict with Ukraine. This includes cyberattacks aimed at destabilising the Ukrainian government, such as the 2015 and 2016 attacks on Ukraine’s power grid. These attacks were designed not only to cause direct harm but also to demonstrate Russia’s ability to disrupt critical infrastructure, coercing Ukraine to comply with Russian geopolitical goals. Iran has used cyberattacks as a form of strategic coercion, particularly against the West. In 2012, Iran’s Cyber Army launched a massive distributed denial of service (DDoS) campaign against Saudi Aramco, the state-owned oil company of Saudi Arabia, causing significant disruption. This attack, part of a broader cyber deterrence strategy, was seen as a retaliatory move following the imposition of international sanctions on Iran. North Korea has increasingly used cyberattacks to finance its regime, with operations such as the Bangladesh Bank cyber heist in 2016, which netted North Korean hackers over $81 million. This type of cyber strategic coercion is not just about inflicting damage on adversaries but also about coercing economic change by undermining the financial infrastructure of global institutions.
Key Elements of Cyber Strategic Coercion
- Threats and Demonstrations of Capability. States or non-state actors may use cyber operations to demonstrate their ability to inflict significant damage without using traditional military force. This can include publicising capabilities or engaging in limited cyber-attacks to signal intent and influence adversaries’ decision-making. For example, a country might conduct a cyberattack against a minor target to send a message about its capabilities, thus deterring an adversary from escalating a conflict or behaving in a manner the attacker disapproves of.
- Disruption and Denial. Cyber strategic coercion can disrupt critical infrastructure or services, creating economic or social pressure on a target. For instance, a nation might use a cyberattack to disrupt transportation, energy grids, or financial institutions, forcing an adversary to negotiate or comply with demands. A notable example of this tactic is the 2007 cyberattacks on Estonia, which disrupted government and banking services, ostensibly responding to a political dispute.
- Economic and Political Leverage. Cyber operations can also be used to influence a nation’s political or economic landscape. Cyber actors can weaken the target’s internal stability or manipulate public opinion by compromising data, spreading disinformation, or interfering in political processes. For example, disinformation campaigns, such as those seen during the elections, can be considered a form of cyber coercion, aiming to sway public opinion or disrupt the political process to benefit the actor behind the campaign.
- Coercive Diplomacy. Cyber operations can exert pressure on diplomatic negotiations. By threatening or carrying out cyberattacks, an actor can force a country to the table or push for concessions. This form of coercion often leverages the uncertainty surrounding the attribution of cyberattacks to pressure adversaries into compliance without needing to escalate to kinetic warfare.
- Limited Engagement and Escalation Control. Unlike traditional military force, cyberattacks are often more ambiguous in attribution, allowing states to engage in coercion while maintaining plausible deniability. This provides the attacker with the ability to escalate or de-escalate as needed. This ambiguity can be advantageous for coercion, as it leaves the targeted state uncertain about the full scale of potential retaliation, which might lead them to make concessions to avoid further escalation.
- Challenges and Considerations. One of the critical challenges in cyber strategic coercion is the difficulty of attributing attacks to specific actors. This ambiguity can complicate retaliatory measures, but it also means that the target may need help to assess the nature or scale of the threat entirely. While cyber coercion is often seen as a way to avoid full-scale military conflict, it still carries the risk of escalating tensions. A cyberattack might provoke a traditional military response or lead to unforeseen consequences, making it a double-edged sword. Cyber coercion can also test the limits of international law and norms. Many international agreements and conventions were written before the rise of cyber capabilities and the line.
Role of Cyber Warfare in Modern Geopolitics. Both cyber posturing and cyber strategic coercion have reshaped the nature of conflict and statecraft in the digital age. While the physical world constrains traditional warfare, cyber operations have no such boundaries, making it easier for states to influence global power dynamics. Cyberattacks are faster, cheaper, and often more ambiguous than traditional military operations, providing states with new tools for shaping international relations. The strategic ambiguity inherent in cyber operations—where attribution is usually unclear—gives states an advantage in using cyber posturing and coercion. The lack of clear attribution makes it difficult for adversaries to respond proportionally, potentially leading to heightened tensions and escalation risks. However, this very ambiguity also complicates the enforcement of international norms and laws governing cyber warfare. George Washington University’s Bruce Schneier states, “Cyber weapons exist in a grey zone where international law and traditional military rules do not apply with clarity.” This uncertainty will likely persist as cyber operations evolve, posing challenges to the global order.
Conclusion. Cyber posturing and cyber strategic coercion represent a new frontier in geopolitical power projection. By using the digital realm to signal strength or coerce adversaries, states can achieve their objectives without resorting to traditional forms of warfare. As demonstrated by the actions of nations like China, Iran, and North Korea, cyber operations have become integral tools in the arsenal of modern statecraft. Cyber posturing and strategic coercion are powerful tools for statecraft, enabling actors to achieve their geopolitical objectives through non-kinetic means. However, it requires careful calculation, as it can lead to unintended escalation or miscalculation due to the ambiguity and complexity of the cyber domain. The growing reliance on cyber tools for coercion highlights the need for robust international agreements on cyber conduct. As the world becomes increasingly interconnected, it is clear that the next stage in warfare will not only be fought on land, air, or sea but also in the cyber domain.
References:-
- Lin, H, “Cybersecurity and Cyberwar: What Everyone Needs to Know”, Oxford University Press, 2020.
- Rid, T, “Cyber War Will Not Take Place”, Oxford University Press, 2013.
- Schneier, B, “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World”, W. W. Norton & Company, 2015.
- Alberts, D. S, “The Influence of Information on Military Operations”, Journal of Strategic Studies, 2008.
- Chon, G, “North Korea’s Cyber Heists and the Global Financial System.” The Financial Times, 2016.
- Gartenstein-Ross, D, “Iran’s Cyber Strategy: A Framework for Analysis.” International Security Program, The Atlantic Council, 2014.
- Mueller, R, “Report on Russian Interference in the 2016 Presidential Election”. United States Department of Justice, 2019.
- FBI. “WannaCry Ransomware.” Federal Bureau of Investigation, 2017.
