Journal of Global Security Studies, 3(4), 2018, 402–416 doi: 10.1093/jogss/ogy022 Research Article Rethinking Secrecy in Cyberspace: The Politics of Voluntary Attribution Downloaded from https://academic.oup.com/jogss/article-abstract/3/4/402/5092710 by guest on 15 January 2020 Michael Poznansky1 and Evan Perkoski2 1University of Pittsburgh and 2University of Connecticut Abstract Cyberspace affords actors unprecedented opportunities to carry out operations under a cloak of anonymity. Why do perpetrators sometimes forgo these opportunities and willingly claim credit for attacks? To date, the literature has done little to explain this variation. This article explores the moti- vations behind voluntary credit-claiming for the two main actors in cyberspace: states and politically motivated nonstate actors. We argue that states are most likely to claim credit for their operations and to do so privately when the goal is to coerce an opponent. Nonstate actors tend to publicly claim credit for their attacks in order to showcase their capabilities, influence public opinion, and grow their ranks. We use case narratives to assess the plausibility of our argument and find strong support. This article places cyberspace operations in conversation with the larger literature on secrecy in interna- tional relations and advances a common framework for understanding how both states and nonstate actors operate in this evolving domain. Keywords: cyber warfare, secrecy, coercion, nonstate actors Introduction Connor 2015), and the Syrian Electronic Army left be- hind a brazen message when they compromised the US Secrecy is a defining feature of cyberspace. Cyber in- Army’s public website in June 2015 (Vinton 2015). truders can frequently disrupt networks, steal financial Why do some actors claim responsibility for cyber op- assets, and conduct espionage without ever revealing erations while others opt for anonymity? To answer this their identities. Recent scholarship goes a long way to- question, we explore the logic of credit-claiming for two ward explaining the consequences of rampant secrecy key sets of actors in cyberspace: states and politically mo- and deception in cyberspace, from the way it affects tivated nonstate actors (hereafter, nonstate actors).1 compellence and deterrence (Gartzke and Lindsay 2015; We argue that credit-claiming, including the man- Lindsay 2015; Borghard and Lonergan 2017; Nye 2017) ner in which culpability is communicated, depends on to its influence on the dynamics of conflict and escala- what the intruder wants to accomplish. For states, credit- tion (Gartzke 2013; Buchanan 2017). Yet, while cyber claiming is most appealing during operations that require intruders have ample opportunities to keep their spon- target compliance, otherwise known as cyber coercion. sorship a secret, not all choose to take advantage. To When states choose to make their identities known to the contrary, some willingly claim credit for their hand- coerce targets, they are more likely to do so privately iwork. For example, the group Anonymous frequently since public credit-claiming raises the odds of escalation. rebrands websites with personal logos after intrusions Anonymity is most attractive during operations where (Smith 2016). They are not alone; SOBH Cyber Jihad, based in Iran, claimed credit for hacking into the con- 1 We bracket nonstate actors without political trol system of a dam in New York (Gosk, Winter, and motivations. Poznansky, Michael, and Evan Perkoski. (2018) Rethinking Secrecy in Cyberspace: The Politics of Voluntary Attribution. Journal of Global Security Studies, doi: 10.1093/jogss/ogy022 © The Author(s) (2018). Published by Oxford University Press on behalf of the International Studies Association. All rights reserved. For permissions, please e-mail: [email protected] MICHAEL POZNANSKY AND EVAN PERKOSKI 403 success can be achieved without target compliance— sis bargaining (Baum 2004; Yarhi-Milo 2013; Brown cyber espionage and sabotage offer two such examples. 2014; Carson and Yarhi-Milo 2017), the role that covert Nonstate actors operate according to a different logic. action plays in managing escalation (Carson 2016), Drawing on insights from studies of armed and unarmed and the relationship between democratic peace theory resistance, we argue that nonstate actors in cyberspace and covert regime change (Downes and Lilley 2010; regularly claim credit for their intrusions in visible ways Poznansky 2015). These studies are tied together by an to signal credibility, influence public opinion, and grow overarching focus on how actors use secrecy to pursue their ranks. Owing to their relative weakness and obscu- their political goals. Students of cyber warfare have done rity, nonstate actors must first prove their capability be- a commendable job analyzing the many challenges se- Downloaded from https://academic.oup.com/jogss/article-abstract/3/4/402/5092710 by guest on 15 January 2020 fore doing anything else. crecy poses for perpetrator and victim alike (Gartzke This argument requires a conceptual shift in how we 2013; Gartzke and Lindsay 2015; Lindsay 2015; Rid and think about secrecy in cyberspace. Existing research typ- Buchanan 2015; Buchanan 2017; Nye 2017) but have ically treats secrecy as monolithic, but there are impor- largely neglected the determinants of secrecy at the stage tant distinctions worth bearing in mind. Perhaps most where sponsors can (dis)claim ownership of an opera- relevant is the difference between clandestine and covert tion.2 We address this issue directly. operations (Kibbe 2007). The former refers to missions Second, this study is among the first of which we are where secrecy and deception are employed to preserve aware that considers the goals and constraints of the two the strategic advantages afforded by surprise (Axelrod most important actors operating in cyberspace—states 1979; Slantchev 2010). The latter involves the use of se- and nonstate actors. Existing research tends to focus on crecy to conceal the sponsor of an operation (Forsythe the former (Gartzke 2013; Buchanan 2017; Borghard 1992; Gibbs 1995; Downes and Lilley 2010; Poznansky and Lonergan 2017; Nye 2017). But nonstate actors con- 2015; Carson 2016). Importing this distinction to the cy- duct cyberattacks at high rates and often in very visi- ber domain helps clarify when secrecy is an operational ble ways. Moreover, their attack capabilities are grow- imperative and when it is a choice that actors make. In ing and in some cases they “tak[e] tools and tricks from brief, the advantages afforded to targets who learn of nation-states and unleash them on companies and orga- imminent or ongoing operations means that cyber in- nizations” (Stoller 2017). Ignoring nonstate actors or as- trusions will almost always be conducted clandestinely. suming that their strategic logic mirrors that of states is Once an operation is complete, however, intruders are insufficient. Our approach is thus to ask the same ques- free to choose whether to claim responsibility. Put differ- tions for both sets of actors, reducing barriers that inhibit ently, cyber operations are almost always clandestine but a more complete understanding of cyberattacks. not necessarily covert. The failure to recognize this dis- tinction partly contributes to the widespread assumption that anonymity is an immutable feature of cyberspace The Problem of Secrecy rather than something actors select into. The conventional view of a cyber operation is an in- Rigorously testing these claims would require access truder quietly penetrating a target’s network to collect in- to the internal deliberations of state and nonstate ac- formation or cause damage, whether virtual or physical, tors to understand how decisions about credit-claiming without betraying their identity.3 This narrative—which are made. At present, this is a nearly impossible task assumes secrecy from start to finish—colors how the liter- (Buchanan 2017, 12). We are perhaps decades away from ature describes the challenges cyber operations pose. The gaining access to the types of declassified documents nec- relative ease with which perpetrators can surreptitiously essary to evaluate the deliberations of states; the problem penetrate networks and the difficulty of anticipating is even more acute for nonstate actors. As a second-best and defending against attacks underlies the notion that option, we leverage a range of sources—secondary mate- cyberspace is offense-dominant (Slayton 2017). More- rials, news reports, official government statements, and over, intruders’ ability to mask their identities makes interviews—to assess the plausibility of our argument. it hard for victims to confidently attribute responsi- Our study is closer to an exercise in theory construction bility for cyberattacks (Rid and Buchanan 2015; Nye than theory testing (Mahoney 2015, 201). 2017, 49–52). According to Lindsay (2013), “[f]orensics This article makes several contributions. First, it joins takes months, whereas the anonymous attack can present together a burgeoning literature centered on the dynam- ics of secrecy in world politics and another focused on 2 For important exceptions, see Betz and Stevens (2011), cyber warfare. In the past, scholars have examined the Borghard and Lonergan (2017), and Libicki (2009). importance of secrecy and private diplomacy during cri- 3 See Buchanan (2017) for a summary. 404 Rethinking Secrecy in Cyberspace itself and perhaps complete in milliseconds” (377). Al- though attribution