So how secret are offensive cyber operations?
In the past, offensive cyber operations have been covert: the results and repercussions of the offensive action have not always been visible to the public eye, and identifying the perpetrator has not always been easy.
“Even the phrase “offensive cyber operations” was classified.
Not what it might mean, or what the targets might be, or what technologies would be involved – merely the phrase itself.”
Gen. Michael Hayden, former director of the NSA and CIA
(Bytes, Bombs and Spies, 2018. p.5).
As I show in this paper, offensive cyber operations are becoming part of states’ diplomatic toolbox, with more countries openly discussing cyberattacks than ever before.
Analyzing the possible outcomes of both publicity and secrecy, I provide a conceptual framework for understanding why attackers and defenders might choose each.
Iranian and Israeli cyberattacks and intrusions during 2020-2021 illustrate this framework.
This research demonstrates that each strategy along the axis spanning from silence to full publicity and attribution is enabled by, or serves, a particular set of circumstances on both the defender and attacker.
Each combination reflects a particular dynamic, demonstrating that the choice of strategy is more evolved than an outdated silence-or-publicity perception.
I’d love to hear your thoughts 🙂