Sage Journals: Discover world-class research

Abstract

Investigating cyber conflict is enormously difficult. The domain is complex, quality data are sparse, international affairs are shrouded in secrecy, and despite its seeming ubiquity, cyber power has only recently entered the battlefield. In the face of these challenges, we must rise to meet the challenges of cybersecurity research by deploying creative methods that collect verifiable and probatory data, and which allow for predictive models of cyber behavior. Against this backdrop, our special issue offers a vision of cybersecurity research that embraces a culture of rigorous inquiry based on theoretically robust, and policy relevant investigation. We highlight two key features. First, research at the intersection of cybersecurity and political science must incorporate the human dimension of cyber conflict. A human security approach to cybersecurity places people as the primary objects of security and recognizes that individual-level analyses can shed light on macro-level trends. Second, cyber research must adopt rigorous, empirical methods. We embrace a broad tent of empirical data collection techniques – spanning qualitative and quantitative, experimental, and observational research. What is integral is that all scholarship abides by the highest standards of replicability and falsifiability. The articles contained in this special issue collectively form a proof of concept that expands the horizons of cybersecurity research from a substantive viewpoint (adding a human dimension to the prevalent military/strategic analyses), and from a methodological perspective (propounding the importance of empirical scrutiny). Together, these 10 pieces of scholarship collectively affirm that there is now a critical mass of substantively diverse and empirically rigorous research in the field of cybersecurity, and that we as a community are capable of making bold, theoretically grounded, and empirically tested claims that verify how cyber power is or is not altering the nature of peace, conflict and international relations.

Keywords

cyber conflict cyber power cybersecurity empirical research human security

Introduction

Research into cyber conflict is surging. The flood of scholarly attention is propelled by an enduring belief that the onset of the cyber era calls into question some of the foundational theories of international relations. Cyber power has ushered in a new domain of warfighting characterized by ubiquitous connectivity, accelerated speed of movement, the incorporation of new stakeholders, and ease of cross-border action – all of which challenge the security practices that were developed for a pre-cyber world (Choucri, 2012; Nye, 2011).

Yet this dramatic swell of research has been accompanied by a deep skepticism. Persistent erroneous proclamations of impending cyber doom have led to criticism that cyber research is characterized by speculation and conjecture. Scholars remain conflicted as to whether cyber power is escalatory or de-escalatory (Healey and Jervis, 2020; Libicki and Tkacheva, 2020; Lin-Greenberg, 2023); defensively or offensively advantageous (Slayton, 2016; Valeriano, 2022a); a new strategic domain or a furtherance of age-old intelligence contests (Brantly, 2016; Gartzke and Lindsay, 2015; Maschmeyer, 2021, Rovner, 2019); a complement or a substitute to conventional warfare (Egloff and Shires, 2023; Kostyuk and Gartzke, 2023; Schneider et al., 2022).

The derision heaped upon our collective capacity to understand cyber developments reached a peak during the Ukraine war, after pundits proclaimed that Russian cyber power would allow them to conquer Ukraine without firing a shot (see Maschmeyer and Kostyuk, 2022 for an account of the rampant hyperbole). In hindsight, these analyses proved laughable – more reminiscent of astrology than science. In truth, cyber operations formed a peripheral component to the war, forcing a hasty re-accounting of what we thought we knew about cyber conflict (Kostyuk and Gartzke, 2022; Lin, 2022; Maschmeyer and Dunn-Cavelty, 2022; Mueller et al., 2023).

We have enormous sympathy for researchers operating in the cyber research environment, and this article is not an attempt to admonish or rebuke. We acknowledge that conducting high-quality cyber research is uniquely difficult for several reasons. Cybersecurity is extraordinarily complex and continuously evolving, such that new research is swiftly rendered obsolete. If it were just the technology that was transforming that would be challenging enough, but it is state practice that evolves too, with cybersecurity doctrine and operational practices advancing as quickly as the underlying technology (Borghard et al., 2022; Branch, 2021;). Compounding matters, cyber conflict is shrouded in secrecy and remains a relatively recent phenomenon. Consequently, researchers are contending with a limited timespan from which to observe patterns and identify trends.

Against this backdrop, our special issue offers a vision of cybersecurity research that embraces a culture of rigorous inquiry based on theoretically robust, and policy relevant investigation. We highlight two key features that are necessary to rejuvenate this research direction.

First, research at the intersection of cybersecurity and political science must incorporate the human dimension of cyber conflict. In contrast to the view of cybersecurity being a purely rational, technical domain, it is flawed human actors who are cybersecurity decision-makers – people who are subject to myriad biases and prejudices. It is irrational human actors that are victims of cyberattacks – for whom a microfoundational analysis is paramount in understanding the effects of cyber operations. And it is fallible human actors who are audience to cyber operations – with journalists, employees, and businesspeople all subtly influencing the trajectory of cyber conflict. While most research on cyber conflict has remained at the strategic, operational, and international levels; this issue unveils a broader variety of stakeholders (i.e. the general public, the media, and decision-makers), and a broader variety of harms (i.e. psychological distress, socio-political outcomes).

Second, cyber research must widely adopt rigorous, empirical methods. The difficulty of empirically studying cyber conflict does not excuse its absence. Indeed, a new wave of research has begun to introduce creative empirical techniques to substantiate (or repudiate) the early theoretical expectations, demonstrating that empirical analyses are viable and valuable (Canetti et al., 2017; Gross et al., 2016, 2017; Kreps and Das, 2017). We embrace a broad tent of empirical techniques – qualitative and quantitative, experimental and observational – recognizing that each of these approaches sheds light on different facets of an emerging domain. What is integral is that the scholarship abides by the highest standards of replicability and falsifiability. There remains a vital role for theoretical works, but the preponderance of theory building must be matched by empirical enquiry.

Though each article contained in this special issue makes a standalone contribution, they collectively form a proof of concept that expands the horizons of cybersecurity research from a substantive viewpoint (adding a human dimension to prevalent military/strategic analyses), and from a methodological perspective (propounding the importance of empirical scrutiny). We are not the first to conduct such analyses. Nor are we the first to put forth this call (see Valeriano, 2022b). Rather, what this special issue accomplishes is to aggregate 10 pieces of scholarship that collectively affirm that there is now a critical mass of substantively diverse and empirically rigorous research in the field of cybersecurity, and that we as a community are capable of making bold, theoretically grounded, and empirically tested claims that verify how cyber power is or is not altering the nature of peace, conflict and international relations.

The human dimension of cyber conflict

Amid crucial debates on the strategic, operational, and international implications of cyber power and cyber conflict, the human dimension has received far less attention. In some senses, this omission is not surprising. Cybersecurity deals with bits and bytes as the foremost units of analysis, and the national security lens that predominates cybersecurity discourse means that states and agencies have been the foremost actors of interest (Deibert, 2018). Nevertheless, this macro-level perspective is beginning to give way to a human-centric approach. A human security approach to cybersecurity places people as the primary objects of security, and lowers the resolution of inquiry to smaller units of analysis. This approach bears much in common with the newfound emphasis on microfoundations that has materialized in the wider international relations literature (Kertzer, 2017; Mintz et al., 2021; Stein, 2017). The popularity of microfoundational research recognizes that many of our grand theories rest on lower-level mechanisms, and so too can individual-level analyses invigorate cyber research.

There are several specific dimensions by which a human-centric approach can expand our understanding of cyber conflict. First, we can look at people as victims or targets of cyberattacks. Public exposure to cyber-attacks generates severe consequences, often more severe than the transient damage to networked systems. Even minor cyberattacks can inflict tremendous damage by ‘traumatizing civilians, triggering profound psychological harm, undermining human security, and exacerbating cycles of violence’ (Shandler et al., 2023a: 1; Shandler et al., 2022). If most individual cyber strikes remain inconsequential, the cumulative mass of attacks can still give rise to noteworthy societal and political consequences. From this perspective, the foremost threat of cyberattacks is not necessarily the degradation of networked systems, but the insidious consequences of psychological harm, societal damage, and the erosion of public confidence in democratic institutions (Shandler and Gomez, 2022; cf. Matzkin et al., 2023). In the parlance of political psychology, perceptions of threat can be just as consequential as the threats themselves.

Several articles in this issue tap into this approach. Zeitzoff and Gold (2024) test public support for cyber tactics as part of environmental activist movements, showing that cyberattacks accrue wide public approval in certain political contexts. Jardine, Porter and Shandler (2024) examine how voters account for the innate uncertainty in cyberspace to forge preferences following attacks. The authors confirm that voters employ cognitive schemas to overcome ambiguity, and that people fall back upon politically guided views about the suspected country behind an attack.

What these articles have in common is that they position the general public as a crucial actor in cybersecurity, and verify that public reactions to cyberattacks give rise to potent political consequences.

The human dimension of cyber conflict also surfaces in behavioral analyses of decision-makers, which positions people not as victims, but as agents responsible for initiating and managing the course of security incidents. Understanding the escalatory and operational trajectory of cyber conflict requires us to understand the behavior of the humans in the loop, and the socio-cultural forces that impact decision-making (Lonergan and Lonergan, 2023).

In this issue, Jensen, Valeriano and Whitt (2024) report the results of a wargaming exercise that identifies decision-making patterns among a diverse group of actors encompassing military officials, private sector employees, and students. The wargame revealed that the uncertainty inherent in cyberattacks encourages actors to adopt conventional military responses, which reduces strategic escalation risks and offers space to bargain during crises. Lindsay (2024) employs an abductive approach to explain cyber performance by diving into the famous historical case of Bletchley Park. The analysis unveils the rich social tapestry that lies at the heart of cyber institutions. We learn that the cryptographers, analysts, and engineers of Bletchley Park, mostly men, enjoyed an informal and collegial experience that encouraged collaborative opportunities and helped to overcome the challenges of uncertainty.

Another actor that deserves attention is the media – a frame in which people take the role of audience members. Since cyber operations are typically conducted under a veil of secrecy, our shared understandings of cyber conflict are heavily shaped by abundant, hyperbolic depictions in popular media (Lawson, 2019; Shandler et al., 2023b). Media coverage of cyber incidents divulge attacks, and the selection of frames affect the understanding of researchers, public officials, and voters alike. Questions abound about which attacks the media chooses to divulge, and how the content is described. Two articles in this issue engage with these questions. Makridis, Maschmeyer and Smeets (2024) analyze a novel dataset of cyber operations reporting by the private sector that examines which attacks make it into the press. The predictive models indicate that cyber operations are treated differently in the media than other forms of conflict. Likewise, Oppenheimer (2024) leverages a dataset of cyberattacks against Five Eyes countries to identify two systemic sources of bias in cyber data – the attacker’s identity and the technical characteristics of the attack.

A common thread running throughout these articles is that they look beyond the first-order causes and consequences of cyber conflict. This approach echoes many of the conversations currently surrounding artificial intelligence. Just as large language models are subject to the biases of their inputs and the imagination of their users, so too are cyberattacks subject to the whims of human actors and the integrity of the available data. To fully internalize the causes and effects of cyber power, we must broaden and deepen the scope of our research, add new actors into the fray, consider causes that precede the execution of an attack, and entertain consequences that are removed from the immediate aftermath.

An urgent need for rigorous (empirical) research into cyber conflict

Much of the early cybersecurity research can be characterized as descriptive analyses of a new domain. We owe a debt of gratitude to those researchers who took upon themselves the immense challenge of mapping out the dynamics of cyberspace, regardless of the absence of verifiable data, and despite only nascent methods of inquiry. These foundational works bestowed terminology, distilled concepts, and shaped the pivotal research directions that still resound today (among a great many others, see Arquilla and Ronfeldt, 1993; Denning, 1999; Rattray, 2001).

The best way to respect this stellar research is to build upon its foundations – continuously challenging and probing its bases and incorporating the latest analytical tools and techniques. Cybersecurity practice and knowledge has now evolved sufficiently that we can empirically verify, repudiate, and inject nuance into scholarly debates. Efforts in this direction began a decade ago (Valeriano and Maness, 2014), yet with the masses of data now available, no longer should we accept theoretical speculation on the basis of the novelty or the secrecy of the domain. We must rise to meet the challenges of cybersecurity research by deploying creative methods that collect verifiable and probatory data, and which allow for predictive models of cyber behavior. We submit that this special issue includes numerous articles that set the benchmark for creative empirical research, and which abide by the gold standards of replicability, falsifiability, and even at times allow for causal inference.

No fewer than three articles in this issue introduce newly created large-N datasets that take up the challenge of quantifying cyber power, cyber norms, and cyber media coverage. Kostyuk (2024) introduces a cross-sectional time-series dataset with indicators of state cyber capacity during the years 2000–2018. The dataset unveils a new explanation for the rapid increase in states’ cyber capacity during this period – diffusion after allies. Canfil (2024) introduces the International Cyber Expression Dataset – a comprehensive amalgamation of more than 35,000 expressions regarding cyber policy by state actors on the international stage. This dataset will prove an unmatched asset in analyzing questions relating to cyber norm diffusion, cyber discourse, and international cyber politics. Additionally, the Cyber Conflict Media Coverage Dataset unveiled by Makridis, Maschmeyer and Smeets (2024) comprises the most complete dataset of cyber operations based on two decades of reporting from commercial threat intelligence providers. This new operational-level dataset provides new insights about which types of attacks attain media coverage and so shape discourse on cyber threats.

A trio of articles plunders the depth of existing datasets, revealing the rich bounty of data already at our disposal. Vićić and Gartzke (2024) employ semantic network analysis (SNA) to assess data seldom analyzed in cybersecurity research – the cache of Facebook advertisements used by Russia to try and influence the 2016 US elections. Their analysis reveals that despite being described as disinformation; the materials used in the Russian campaign were generally factually correct. Akoto (2024) draws upon the well-established Dyadic Cyber Incident and Campaign Dataset (Maness et al., 2019). Using a dyadic analytical framework, Akoto identifies a missing piece that explains why states employ cyber espionage operations – the similarities in levels of product complexities. Oppenheimer (2024) analyses a dataset of cyberattacks that emerged out of the Council on Foreign Relations Cyber Operations Tracker. He then affixes to this additional information about attack timing and attack methodology. This upgraded resource proves capable of resolving an enduring dilemma about missing or unobserved data in cybersecurity. By running survival models, Oppenheimer demonstrates that unreported cyberattacks are likely to involve state actors and sophisticated methods, bearing implications for our understanding of cyber restraint.

A crucial scholarly resource that remains underused in cyber research is experimental methods. Experimentalists must tread a careful ethical path in exposing participants to cyber threats that are capable of arousing severe harms (Backhaus et al., 2020; Canetti et al., 2017; Gross et al., 2016; Shandler et al., 2023a), yet the value of making robust causal arguments has powerful appeal. This issue includes three articles that utilize experimental approaches to draw causal inferences. Jardine, Porter and Shandler (2024) employ a conjoint design to study how varying degrees of certainty within cyberattack scenarios influence public support for retaliation. Jensen, Valeriano and Whitt (2024) employ an experimental methodology attaining evermore popularity in international relations – wargaming (Lin-Greenberg et al., 2022). Zeitzoff and Gold (2024) employed a vignette-based approach, exposing participants to a scenario in which activists sabotaged equipment of a coal company. These creative designs attest to the fact that experimental works in cybersecurity are feasible, valuable, and indispensable as part of a broader research program.

Just as these studies quash the mistaken view that quantitative research often lacks theoretical foundations, so too does a qualitative piece by Lindsay (2024) counter any expectations that a lack of p-values belies first-rate empirical research. Lindsay illuminates how ‘the pragmatic method of abduction can bridge the artificial divide between theory building and testing by using a critical historical case to pull theory up by its bootstraps’ (Lindsay, 2024). Abduction is particularly useful for new domains – such as cybersecurity – where concepts are still contested. By digging into a well-documented intelligence success such as that of Bletchley Park, an abductive analysis can generate theoretical concepts from empirical experience.

Each of these articles makes a distinct, theoretical contribution to cybersecurity research. Nevertheless, we expect that added value lies in their collective demonstration of ways by which researchers sidestep the challenges bedeviling cybersecurity analyses. In the face of conceptual complexity, data scarcity, and pervasive secrecy, it would have been easy for authors to supplement their works with speculation and conjecture. Yet we challenged the authors in this issue to seek out creative ways to make robust inferences about a phenomenon that is hard to directly observe and measure. The response has been affirming. Whether by using immersive experimental stimuli, and dedicated wargaming exercises, or by in-depth case studies, or generating novel datasets, the articles prove once and for all that high-quality empirical cyber research is now widely available.

Future directions in cyber research

Even as it resolves some burning dilemmas, this special issue raises pressing new questions about the future of cyber conflict:

Is cyber different from other emerging technologies? To what extent can conclusions drawn from cybersecurity scholarship implicate research on drone warfare, artificial intelligence, and quantum computing? How does the central human role in cyber conflict distinguish it from other technologies where the human factor is less pronounced?

How do terrorist organizations and other non-state actors project meaningful power in cyberspace? Preliminary evidence from the 2023 wars in Israel and Ukraine has positioned cyberattacks as a formidable weapon capable of terrorizing civilians and undermining public resilience. These case studies have reinvigorated the need to understand the asymmetric properties of cyber power in conflict.

As cyber threats become more common and less novel, will voters become resilient in the face of cyber threats? Or alternatively, can accumulating cyber threats snowball and spawn an aggregate effect by which a surplus of (individually inconsequential) attacks can manifest long-term consequences?

How will cyber power be deployed in future war efforts? Is what we saw in Ukraine indicative of cyber conflict generally, or is this an idiosyncrasy of a particular conflict? To what extent are leaders sensitive to public fears and attitudes surrounding cyber warfare?

These questions evoke an earlier tumult when cyber research called into question many of the foundational theories of international relations and security policy. As a field, we wondered whether or not our existing knowledge and theories were capable of explaining human behavior in a world rewired and reorganized by information technology. Though we have made progress, these new questions remind us that we are just now scratching the surface of empirical research into cyberspace.

As the guest editors, having spent the last decade introducing experimental methods into cybersecurity research and emphasizing a human-centric pathway to understanding cyber power, we are gratified that this approach has taken root in the discipline. At its best, cybersecurity research is an exemplar of genuine interdisciplinary scholarship. It offers a home to international relations researchers, political scientists, comparativists, security theorists, psychologists, and classical political behaviorists alike. As cyber power becomes ever more ingrained within the fabric of interpersonal and international relations, we warmly encourage future researchers from all these arenas to join us in investigating conflict in the cyber age.

Footnotes

Acknowledgments

We are grateful to all the authors in this special issue who share our passion and interest in empirical research and cyber conflict. We owe a debt of gratitude to the reviewers and the journal editorial team whose insights were fundamental to the quality of the final scholarship. We also thank Nadiya Kostyuk, Andres Gannon, Brandon Valeriano, and Lennart Maschmeyer for comments on earlier versions of this introduction. Final thanks are due to the organizers of and participants in the Workshop on Empirical Research on War and Peace in Cyberspace in July 2022 (Israel Science Foundation) hosted by DC and RS, at the University of Haifa, which provided the main impetus for this special issue.

Funding

The authors received no financial support for the research, authorship, and/or publication of this article.

ORCID iDs

Ryan Shandler

Daphna Canetti

References

Akoto

(2024) Who spies on whom? Unraveling the puzzle of state sponsored cyber economic espionage. Journal of Peace Research 61(1): 59–71.

Arquilla

Ronfeldt

(1993) Cyberwar is coming! Comparative Strategy 12(2): 141–165.

Backhaus

Gross

Waismel-Manor

, et al. (2020) A cyberterrorism effect? Emotional reactions to lethal attacks on critical infrastructure. Cyberpsychology, Behavior, and Social Networking 23(9): 595–603.

Borghard

Lonergan

Schneider

(2022) Reviewing US cyber posture: An analysis. SSRN 4077962. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4077962 (accessed 5 December 2023).

Branch

(2021) What’s in a name? Metaphors and cybersecurity. International Organization 75(1): 39–70.

Brantly

(2016) The Decision to Attack: Military and Intelligence Cyber Decision-Making (Vol. 5). Athens: University of Georgia Press.

Canetti

Gross

Waismel-Manor

, et al. (2017) How cyberattacks terrorize: Cortisol and personal insecurity jump in the wake of cyberattacks. Cyberpsychology, Behavior, and Social Networking 20(2): 72–77.

Canfil

(2024) Until consensus: Introducing the international cyber expression dataset. Journal of Peace Research 61(1): 150–159.

Choucri

(2012) Cyberpolitics in International Relations. Cambridge, MA: MIT Press.

10.

Deibert

(2018) Toward a human-centric approach to cybersecurity. Ethics and International Affairs 32(4): 411–424.

11.

Denning

(1999) Information Warfare and Security. Boston, MA: Addison-Wesley Reading.

12.

Egloff

Shires

(2023) The better angels of our digital nature? Offensive cyber capabilities and state violence. European Journal of International Security 8(1): 130–149.

13.

Gartzke

Lindsay

(2015) Weaving tangled webs: Offense, defense, and deception in cyberspace. Security Studies 24(2): 316–348.

14.

Gross

Canetti

Vashdi

(2016) The psychological effects of cyber terrorism. Bulletin of the Atomic Scientists 72(5): 284–291.

15.

Gross

Canetti

Vashdi

(2017) Cyber terrorism: Its effects on psychological well being, public confidence and political attitudes. Journal of Cyber Security 3(1): 49–58.

16.

Healey

Jervis

(2020) The escalation inversion and other oddities of situational cyber stability. Texas National Security Review 3(4): 30–53.

17.

Jardine

Porter

Shandler

(2024) Cyberattacks and public opinion – The effect of uncertainty in guiding preferences. Journal of Peace Research 61(1): 103–118.

18.

Jensen

Valeriano

Whitt

(2024) How cyber operations can reduce escalation: Evidence from an experimental wargame study. Journal of Peace Research 61(1): 119–133.

19.

Kertzer

(2017) Microfoundations in international relations. Conflict Management and Peace Science 34(1): 81–97.

20.

Kostyuk

(2024) Allies and diffusion of state military cybercapacity. Journal of Peace Research 61(1): 44–58.

21.

Kostyuk

Gartzke

(2022) Why cyber dogs have yet to bark loudly in Russia’s invasion of Ukraine. Texas National Security Review 5(3): 113–126.

22.

Kostyuk

Gartzke

(2023) Fighting in cyberspace: Internet access and the substitutability of cyber and military operations. Journal of Conflict Resolution 68(1):80–107.

23.

Kreps

Das

(2017) Warring from the virtual to the real: Assessing the public’s threshold for war over cyber security. Research and Politics 4(2): DOI: 2053168017715930.

24.

Lawson

(2019) Cybersecurity Discourse in the United States: Cyber-doom Rhetoric and Beyond. New York: Routledge.

25.

Libicki

Tkacheva

(2020) Cyberspace escalation: Ladders or lattices? In: Stevens

Floyd

Pernik

(eds) Cyber Threats and NATO 2030: Horizon Scanning and Analysis. Tallinn, Estonia: NATO Cooperative Cyber Defence Centre of Excellence, 60–73.

26.

Lin

(2022) Russian cyber operations in the invasion of Ukraine. Cyber Defense Review 7(4): 31–46.

27.

Lindsay

(2024) Abducted by hackers: Constructing a theory of cyber performance from the case of Bletchley Park. Journal of Peace Research 61(1): 87–102.

28.

Lin-Greenberg

Pauly

RBC

Schneider

(2022) Wargaming for international relations research. European Journal of International Relations 28(1): 83–109.

29.

Lin-Greenberg

(2023) Evaluating escalation: Conceptualizing escalation in an era of emerging military technologies. Journal of Politics 85(3): 1151–1155.

30.

Lonergan

(2023) Escalation Dynamics in Cyberspace. Oxford: Oxford University Press.

31.

Makridis

Maschmeyer

Smeets

(2024) If it bleeps it leads? Media coverage on cyber conflict and misperception. Journal of Peace Research 61(1): 72–86.

32.

Maness

Valeriano

Jensen

(2019) Dyadic Cyber Incident and Campaign dataset. Version 1.5. Available at: https://bit.ly/2F6UABm (accessed 5 December 2023).

33.

Maschmeyer

(2021) The subversive trilemma: Why cyber operations fall short of expectations. International Security 46(2): 51–90.

34.

Maschmeyer

Kostyuk

(2022) There is no cyber ‘shock and awe’: Plausible threats in the Ukrainian conflict. War on the Rocks, 8 February.

35.

Maschmeyer

Dunn Cavelty

(2022) Goodbye cyberwar: Ukraine as reality check. CSS Policy Perspectives 10(3). Available via: https://css.ethz.ch/en/center/CSS-news/2022/06/goodbye-cyberwar-ukraine-as-reality-check.html (accessed 5 December 2023).

36.

Matzkin

Shandler

Canetti

(2023) The limits of cyberattacks in eroding political trust: A tripartite survey experiment. British Journal of Politics and International Relations. Available at: https://www.researchgate.net/publication/375584056_The_limits_of_cyberattacks_in_eroding_political_trust_A_tripartite_survey_experiment (accessed 5 December 2023).

37.

Mintz

Valentino

Wayne

(2021) Beyond Rationality: Behavioral Political Science in the 21st Century. Cambridge: Cambridge University Press.

38.

Mueller

Jensen

Valeriano

, et al. (2023) Cyber Operations During the Russo–Ukrainian War: From Strange Patterns to Alternative Futures. Washington, DC: Center for Strategic International Studies.

39.

Nye

(2011) Nuclear lessons for cyber security? Strategic Studies Quarterly 5(4): 18–38.

40.

Oppenheimer

(2024) How the process of discovering cyberattacks biases our understanding of cybersecurity. Journal of Peace Research 61(1): 28–43.

41.

Rattray

(2001) Strategic Warfare in Cyberspace. Cambridge, MA: MIT Press.

42.

Rovner

(2019) Cyber war as an intelligence contest. War on the Rocks, 16 September.

43.

Schneider

Schechter

Shaffer

(2022) A lot of cyber fizzle but not a lot of bang: Evidence about the use of cyber operations from wargames. Journal of Global Security Studies 7(2): ogac005.

44.

Shandler

Gomez

(2022) The hidden threat of cyber-attacks – undermining public confidence in government. Journal of Information Technology and Politics 20(4): 359–374.

45.

Shandler

Gross

Canetti

(2023a) Cyberattacks, psychological distress, and military escalation: An internal meta-analysis. Journal of Global Security Studies 8(1): ogac042.

46.

Shandler

Kostyuk

Oppenheimer

(2023b) Public opinion and cyberterrorism. Public Opinion Quarterly 87(1): 92–119.

47.

Shandler

Gross

Backhaus

, et al. (2022) Cyber terrorism and public support for retaliation–A multi-country survey experiment. British Journal of Political Science 52(2): 850–868.

48.

Slayton

(2016) What is the cyber offense-defense balance? Conceptions, causes, and assessment. International Security 41(3): 72–109.

49.

Stein

(2017) The micro-foundations of international relations theory: Psychology and behavioral economics. International Organization 71(S1): S249–S263.

50.

Valeriano

(2022a) The failure of offense/defense balance in cyber security. Cyber Defense Review 7(3): 91–102.

51.

Valeriano

(2022b) Why can’t cyber scholars move beyond the basics? Cato Institute, 7 August. https://www.cato.org/commentary/why-cant-cyber-scholars-move-beyond-basics (accessed 5 December 2023).

52.

Valeriano

Maness

(2014) The dynamics of cyber conflict between rival antagonists, 2001–11. Journal of Peace Research 51(3): 347–360.

53.

Vićić

Gartzke

(2024) Cyber-enabled influence operations as a ‘center of gravity’ in cyberconflict: The example of Russian foreign interference in the 2016 US Federal election. Journal of Peace Research 61(1): 10–27.

54.

Zeitzoff

Grace

(2024) Cyber and contentious politics: Evidence from the US eco direct action movement. Journal of Peace Research 61(1): 134–149.

Introduction: Cyber-conflict – Moving from speculation to investigation

Abstract

Keywords

Introduction

The human dimension of cyber conflict

An urgent need for rigorous (empirical) research into cyber conflict

Future directions in cyber research

Footnotes

Acknowledgments

Funding

ORCID iDs

References