Skip to content
Unit 19Cyber Conflict and Cyber StrategyChapter 7: Summary and Further Reading
All chapters
  1. 1. A Message from the Authors
  2. 2. What is Cyber Warfare?
  3. 3. Cyber arms control
  4. 4. Offence and Defence of Major Cyber Powers
  5. 5. Cyber Terrorism and the Protection of Critical National Infrastructures
  6. 6. The European Union’s Role in Cybersecurity
  7. 7. Summary and Further Reading
Your bookmarks

When you add chapters to your bookmarks they'll appear here.

Chapter 7

Summary and Further Reading

Summary I

Cybersecurity has become one of the buzzwords of our time, though not every malicious cyber operation deserves to be called cyber war. There are many operations below the threshold of war, be it hacktivism, cybercrime, cyberespionage or cyberterrorism. Nevertheless, what constitutes a cyber war has not yet been definitively defined. However, we have already experienced many cyber incidents in the real world, which give us an insight into the dangers created by cyberattacks.

When it comes to the military application of “cyber”, things are rather different than in the analog realm. Starting with defining what an actual cyber weapon is, seasoned concepts like deterrence fail to work in cyberspace as it is very hard, almost impossible, to attribute attacks to a certain actor or country.

Moreover, classic arms control concepts such as inspections or verification are difficult to implement – some would even say impossible. Consequently, only “softer” approaches such as non-binding principles and confidence-building measures have been applied to cyberspace so far. This does not mean, however, that stricter measures could not be implemented with greater effort, though here, the debate is only beginning.

Summary II

Because of the strategic implications of cyber security, militaries worldwide have started to develop offensive and defensive cybersecurity capabilities. While it is often hard to distinguish between civilian and military capabilities, there are now taxonomies helping us to gauge countries’ “cyber power.”

There are several important actors in cyber space. On one side, one can find the UK and the US, which have recently developed new policies and instruments, such as the American “Persistent Engagement” doctrine or the British “Active Cyber Defence” programme. Both the UK and the US have a prominent role in NATO, which has developed its own cyber defence whose operational focus is currently on the protection of the Alliance’s networks.

On the other side, there are China and Russia. The first uses cyber space to prepare for “physical” military operations and enable influence operations; the latter uses ICT means to advance its diplomatic claims and economic interest. Whilst there are several differences in their modus operandi, they both consider information operations as a valuable instrument in their security and defence policy toolbox.

In addition to nation-states, other relevant actors in the cyber realm are cyber terrorists. While one should exercise caution when assessing their threat, the current general consensus is that terrorist organizations are not as advanced as other actors. This is due to difficulties in gathering the right expertise to mount successful cyberattacks against critical Western infrastructure.

Finally, the EU has been another prominent actor in cyberspace since its first cybersecurity strategy in 2013. The EU has produced several important cybersecurity policies, including the Directive on Security of Network and Information Systems and the EU Cyber Security Act; it has also been active in the fight against terrorism online and to ensure 5G security. In foreign and security policy, the Cyber Diplomacy Toolbox constitutes an important step forward in preventing foreign cyber intrusions. Finally, it has attempted to coordinate its cyber defence policy with NATO, with a view to increasing information sharing, cooperation among their CSIRTs and doctrine development.

Additional Resources and Further Reading I

International Organisations

Think Tanks

Other Collections or Interesting Sites

  • EU Non-Proliferation and Disarmament Consortium collection of text on cybersecurity written by members of the EU Non-Proliferation and Disarmament Network
  • The Cyber Vault Project online resource documenting cyber activities of the US and foreign governments as well as international organizations – Highly recommended!
  • DARKReading tech-heavy site but well informed about current IT security incidents and latest developments
  • Fifth Domain website covering cyber issues with a strong focus on military aspects

Additional Resources and Further Reading II

General Works

  • Brantly, Aaron F./ Van Puyvelde, Damien (2019): Cybersecurity: Politics, Governance and Conflict in Cyberspace, Oxford: Polity Press.
  • Reardon, Robert/Choucri, Nazli (2012): The Role of Cyberspace in International Relations: A View of the Literature. In ISA Annual Convention, San Diego.
  • Singer, Peter W./Friedman, Allan (2014):
  • Cybersecurity and Cyberwar: What Everyone Needs to Know,
  • Oxford: Oxford University Press.
  • Whyte, Christopher/Mazanec, Brian (2019): Understanding Cyber Warfare. Politics, Policy and Strategy. London/New York: Routledge.

Deterrence and Arms Control

Various Cyber Issues

The EU Non-Proliferation and Disarmament eLearning Course aims to cover all aspects of the EU non-proliferation and disarmament agenda. It's produced by PRIF with financial assistance of the European Union. The contents of individual learning units are the sole responsibility of the respective authors and don't necessariy reflect the position of the European Union.