International Relations 101: International Security - Cyber Security Cyber Warfare Cyber Espionage Critical Infrastructure Protection

What This Is

Cyber security is the protection of digital information and critical infrastructure from unauthorized access, use, disclosure, disruption, modification, or destruction. This concept matters for understanding global affairs because cyber threats can have devastating consequences, from economic disruption to national security breaches. For example, the 2017 WannaCry ransomware attack, which affected over 200,000 computers worldwide, demonstrates the potential for cyber attacks to cause widespread harm.

Key Theories, Concepts & Thinkers

• Cyber Realism (Thomas Rid): States and non-state actors use cyber capabilities to achieve their interests, often through covert means – explains why cyber espionage and cyber warfare are on the rise.
• Liberal Institutionalism (Keohane, Nye): International institutions, such as the United Nations, can promote cooperation and stability in the cyber domain – underpins efforts to establish norms and standards for cyber behavior.
• Critical Infrastructure Protection (CIP) Theory: Protecting critical infrastructure, such as power grids and financial systems, is essential for national security and economic stability – informs policies to safeguard these systems.
• Cyber Deterrence Theory: States use cyber capabilities to deter adversaries from engaging in malicious behavior – explains why cyber deterrence is a key aspect of national security strategies.
• The Cyber Threat Landscape (Richard Clarke): The cyber threat landscape is constantly evolving, with new threats emerging from state and non-state actors – informs the need for continuous monitoring and adaptation.
• The Internet Governance Model (IGM) (John Bruns): The IGM is a complex system of governance, involving multiple stakeholders and institutions – explains why internet governance is a challenging and contentious issue.
• The Cybersecurity Framework (CSF) (NIST): The CSF provides a structured approach to managing and reducing cyber risks – informs policies and practices for cybersecurity.
• The Human Factor in Cybersecurity (HFC) (Robert M. Lee): Human behavior and psychology play a critical role in cybersecurity, with individuals often being the weakest link – explains why cybersecurity awareness and training are essential.
• The Cybersecurity Ecosystem (CSE) (Michael Assante): The CSE involves multiple stakeholders, including governments, industry, and civil society, working together to address cybersecurity challenges – informs the need for collaboration and coordination.

Step-by-Step Analysis

1. Identify the key actors and their interests: Who are the main actors involved in the cyber security issue? What are their interests and motivations?
2. Analyze the cyber threat landscape: What are the current and emerging cyber threats? How do they impact the key actors and their interests?
3. Evaluate the effectiveness of existing policies and practices: What are the strengths and weaknesses of current policies and practices for cyber security? How can they be improved?
4. Develop a comprehensive cyber security strategy: What are the key components of a comprehensive cyber security strategy? How can it be implemented and sustained?
5. Consider the human factor in cyber security: How do human behavior and psychology impact cyber security? What can be done to improve cybersecurity awareness and training?
6. Assess the role of international cooperation: How can international cooperation and collaboration address cyber security challenges? What are the benefits and challenges of international cooperation in this area?

Common Misconceptions

• Misconception: Cyber security is only a technical issue.
• Correction: Cyber security is a complex issue that involves technical, social, and political aspects. It requires a comprehensive approach that involves multiple stakeholders and disciplines.
• Misconception: Cyber attacks are only carried out by state actors.
• Correction: Cyber attacks can be carried out by state and non-state actors, including individuals and groups. The motivations and capabilities of these actors can vary widely.
• Misconception: Cyber security is only a national security issue.
• Correction: Cyber security is a global issue that affects individuals, organizations, and governments. It requires a coordinated and collaborative approach to address.

Exam / Essay Tips

• Typical question patterns: Essays may ask you to analyze a specific cyber security issue, evaluate the effectiveness of existing policies and practices, or develop a comprehensive cyber security strategy.
• Deploying theories: Be sure to deploy relevant theories and concepts to support your argument. This may involve explaining how cyber realism, liberal institutionalism, or critical infrastructure protection theory inform your analysis.
• Tricky distinctions: Be careful to distinguish between different concepts and theories, such as cyber deterrence and cyber defense, or hard power and soft power.
• Integrating historical and current examples: Use historical and current examples to illustrate key points and support your argument.

Quick Practice Scenario

Scenario: A major corporation is the victim of a sophisticated cyber attack, resulting in the theft of sensitive data. Using the cyber threat landscape theory, explain the likely outcome and how it can be mitigated.

Answer: The likely outcome is that the corporation will suffer significant financial and reputational damage. To mitigate this, the corporation should implement a comprehensive cybersecurity strategy that involves multiple stakeholders, including governments, industry, and civil society.

Explanation: This answer is grounded in the cyber threat landscape theory, which emphasizes the need for continuous monitoring and adaptation in the face of evolving cyber threats.

Last-Minute Cram Sheet

• Key theorists: Thomas Rid, Keohane, Nye, Clarke, Bruns, Lee, Assante
• Treaties: Budapest Convention on Cybercrime, Paris Agreement on Cybersecurity
• Dates: 2017 WannaCry ransomware attack, 2013 Snowden revelations
• Acronyms: CIP, CSF, IGM, CSE
• Trap distinctions: Cyber deterrence vs cyber defense, Hard power vs soft power, Anarchy vs chaos