Published online by Cambridge University Press: 20 August 2021
States accused of perpetrating cyber operations typically do not confirm or deny responsibility. They issue ‘non-denial denials’ or refuse to comment on the accusations. These ambiguous signals are prevalent, but they are largely ignored in the existing cyber literature, which tends to treat credit claiming as a binary choice. The ambiguity of non-denial denials and ‘non-comments’ allows states to accomplish two seemingly opposed goals: maintaining crisis stability and leaving open the possibility of their involvement in the attack. By deliberately remaining a suspect, a state can manipulate rivals’ perceptions of its cyber capability and resolve. Refusing to deny responsibility can also shape rivals’ perceptions of allies’ capabilities, enhancing the credibility of deterrence. All of this can be accomplished without the escalatory risks that would come with an explicit admission of responsibility. Where previous research has focused on the dangers of escalation and the limitations of costly signalling with cyber, we show that non-denial denials and non-comments make cyber operations considerably more useful than the literature appreciates.
1 Arquilla, John and Ronfeldt, David, ‘Cyber is coming!’, Comparative Strategy, 12:2 (1993), pp. 141–65CrossRefGoogle Scholar; Borghard, Erica D. and Lonergan, Shawn W., ‘The logic of coercion in cyberspace’, Security Studies, 26:3 (2017), pp. 452–81CrossRefGoogle Scholar; Buchanan, Ben, ‘Cyber deterrence isn't MAD; it's mosaic’, Georgetown Journal of International Affairs, 4 (2014), pp. 130–40Google Scholar; Liff, Adam P., ‘Cyberwar: A new absolute weapon? The proliferation of cyberwarfare capabilities and interstate war’, Journal of Strategic Studies, 35:3 (2012), pp. 401–28CrossRefGoogle Scholar; Nye, Joseph S. Jr, ‘Deterrence and dissuasion in cyberspace’, International Security, 41:3 (2017), pp. 44–71CrossRefGoogle Scholar; Michael Poznansky and Evan Perkoski, ‘Attribution and secrecy in cyberspace’, War on the Rocks blog (8 March 2016), available at: {http://warontherocks.com/2016/03/attribution-and-secrecy-in-cyberspace/} accessed 17 March 2020; Poznansky, Michael and Perkoski, Evan, ‘Rethinking secrecy in cyberspace: The politics of voluntary attribution’, Journal of Global Security Studies, 3:2 (2017), pp. 402–16CrossRefGoogle Scholar.
2 Brantly, Aaron F., ‘Aesop's wolves: The deceptive appearance of espionage and attacks in cyberspace’, Intelligence and National Security, 31:5 (2015), pp. 1–12Google Scholar; Ben Buchanan, The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations (New York, NY: Oxford University Press, 2017); Lindsay, Jon R., ‘Tipping the scales: The attribution problem and the feasibility of deterrence against cyberattack’, Journal of Cybersecurity, 1:1 (2015), pp. 53–67Google Scholar; Rid, Thomas and Buchanan, Ben, ‘Attributing cyber attacks’, Journal of Strategic Studies, 38:1–2 (2015), pp. 4–37CrossRefGoogle Scholar.
3 Carson, Austin, ‘Facing off and saving face: Covert intervention and escalation management in the Korean War’, International Organization, 70:1 (2016), pp. 103–31CrossRefGoogle Scholar.
4 Thomas C. Schelling, Arms and Influence (New Haven, CT: Yale University Press, 1966).
5 Art, Robert J., ‘To what ends military power?’, International Security, 4:4 (1980), pp. 3–35CrossRefGoogle Scholar.
6 Poznansky and Perkoski, ‘Rethinking secrecy in cyberspace’, p. 406. See also Buchanan, ‘Cyber deterrence isn't MAD’; Nye, ‘Deterrence and dissuasion in cyberspace’.
7 Borghard and Lonergan, ‘The logic of coercion in cyberspace’. On costly signalling more generally, see Fearon, James D., ‘Signaling foreign policy interests: Tying hands versus sinking costs’, Journal of Conflict Resolution, 41:1 (1997), pp. 68–90CrossRefGoogle Scholar.
8 Borghard and Lonergan, ‘The logic of coercion in cyberspace’; Poznansky and Perkoski, ‘Rethinking secrecy in cyberspace’.
9 Non-denial denials may include mixed signals that confirm and deny responsibility simultaneously.
10 Brendan Valeriano and Ryan C. Maness, Cyber War versus Cyber Realities (Oxford, UK: Oxford University Press, 2015). See the supplementary material for cases sampled. For several examples of actors accepting responsibility for cyberattacks (although often the actors are not states and the attacks occurred in the context of open kinetic war), see Kostyuk, Nadiya and Zhukov, Yuri M., ‘Invisible digital front: Can cyber attacks shape battlefield events?’, Journal of Conflict Resolution, 63:2 (2019), pp. 317–47CrossRefGoogle Scholar.
11 Borghard and Lonergan, ‘The logic of coercion in cyberspace’; Buchanan, ‘Cyber deterrence isn't MAD’; Nye, ‘Deterrence and dissuasion in cyberspace’; Poznansky and Perkoski, ‘Rethinking secrecy in cyberspace’.
12 Borghard and Lonergan, ‘The logic of coercion in cyberspace’; Buchanan, ‘Cyber deterrence isn't MAD’; Nazli Choucri, Cyberpolitics in International Relations (Cambridge, MA: MIT Press, 2012); Finnemore, Martha and Hollis, Duncan B., ‘Constructing norms for global cybersecurity’, American Journal of International Law, 110:3 (2016), pp. 425–79CrossRefGoogle Scholar; Gartzke, Erik, ‘The myth of cyberwar: Bringing war in cyberspace back down to Earth’, International Security, 38:2 (2013), pp. 41–73CrossRefGoogle Scholar; Kostyuk and Zhukov, ‘Invisible digital front’; Liff, ‘Cyberwar: A new absolute weapon?’; Nye, ‘Deterrence and dissuasion in cyberspace’; Poznansky and Perkoski, ‘Rethinking secrecy in cyberspace’; Rid, Thomas, ‘Cyber war will not take place’, Journal of Strategic Studies, 35:1 (2012), pp. 5–32CrossRefGoogle Scholar.
13 North Atlantic Treaty Organization (NATO), ‘Cyber Defence Pledge’, press release (8 July 2016), available at: {https://www.nato.int/cps/en/natohq/official_texts_133177.htm} accessed 17 March 2020.
14 Office of the Director of National Intelligence, Background to: ‘Assessing Russian Activities and Intentions in Recent US Elections’, unclassified intelligence community assessment (6 January 2017), available at: {https://www.dni.gov/files/documents/ICA_2017_01.pdf} accessed 17 March 2020.
15 Nicole Perlroth, Michael Wines, and Matthew Rosenberg, ‘Russian election hacking efforts, wider than previously known, draw little scrutiny’, New York Times (1 September 2017).
16 Abigail Tracy, ‘Russia's foreign minister trolls 2016 election, calls both sides “p—s”’, Vanity Fair (12 October 2016).
17 Scott Shane, ‘The fake Americans Russia created to influence the election’, New York Times (7 September 2017).
18 Roland Oliphant, ‘Vladimir Putin says patriotic “artist” hackers may have attacked West on their own initiative’, Telegraph (1 June 2017).
19 Joe Uchill, ‘Putin: “Read my lips”, election interference claims are lies’, Hill (30 March 2017).
20 ‘Here's what Trump and Putin actually said in Helsinki: The press conference transcript – and what the White House edited out’, Foreign Policy (17 July 2018).
21 David E. Sanger and Emily Schmall, ‘China appears to warn India: Push too hard and the lights could go out’, New York Times (28 February 2021).
22 Sahil Joshi and Divyesh Singh, ‘Mega Mumbai power outage may be result of cyberattack, final report awaited’, India Today (20 November 2020); Sanger and Schmall, ‘China appears to warn India’.
23 Wang Wenbin, ‘Foreign Ministry Spokesperson Wang Wenbin's Regular Press Conference on March 1, 2021’, available at: {https://www.fmprc.gov.cn/mfa_eng/xwfw_665399/s2510_665401/2511_665403/t1857624.shtml} accessed 21 June 2021.
24 Rid and Buchanan, ‘Attributing cyber attacks’.
25 Borghard and Lonergan, ‘The logic of coercion in cyberspace’; Tim Maurer, Cyber Mercenaries: The State, Hackers, and Power (Cambridge, UK: Cambridge University Press, 2018).
26 Poznansky and Perkoski, ‘Attribution and secrecy in cyberspace’; Poznansky and Perkoski, ‘Rethinking secrecy in cyberspace’.
27 For one exception, see Carson, Austin and Yarhi-Milo, Keren, ‘Covert communication: The intelligibility and credibility of signaling in secret’, Security Studies, 26:1 (2017), pp. 124–56CrossRefGoogle Scholar.
28 John Simpson, ‘Russia's Crimea plan detailed, secret and successful’, BBC News (19 March 2014), available at: {http://www.bbc.com/news/world-europe-26644082} accessed 18 March 2020.
29 ‘Vladimir Putin admits Russian forces helped Crimea separatists’, NBC News (17 April 2014), available at: {http://www.nbcnews.com/storyline/ukraine-crisis/vladimir-putin-admits-russian-forces-helped-crimea-separatists-n82756} accessed 18 March 2020.
30 Herzog, Stephen, ‘Revisiting the Estonian cyber attacks: Digital threats and multinational responses’, Journal of Strategic Security, 4:2 (2011), pp. 49–60CrossRefGoogle Scholar; Rain Ottis, Analysis of the 2007 Cyber Attacks Against Estonia from the Information Warfare Perspective (Tallinn: Cooperative Cyber Defence Centre of Excellence, 2008), available at: {https://www.etis.ee/File/DownloadPublic/b924739a-01f6-4867-8e86-1d4527c22e31?name=Fail_2008_ECIW_Ottis.pdf&type=application%2Fpdf} accessed 18 March 2020; Jason Richards, ‘Denial-of-service: The Estonian cyberwar and its implications for U.S. national security’, International Affairs Review, 18 (2009).
31 Peter Finn, ‘Cyber assaults on Estonia typify a new battle tactic’, Washington Post (19 May 2007).
32 Ian Traynor, ‘Russia accused of unleashing cyberwar to disable Estonia’, Guardian (16 May 2007). Estonia did not return the Soviet monument to its original location, instead opting to shore up its alliances with partners in the OSCE and NATO. NATO's new cyber resources have since been brought to bear in response to alleged Russian cyberattacks elsewhere in the post-Soviet sphere. See Reuters, ‘Estonia Calls for EU Law to Combat Cyber Attacks’ (12 March 2008), available at: {http://www.reuters.com/article/us-estonia-interview-idUSL1164404620080312} accessed 21 June 2021; Bobbie Johnson, ‘No one is ready for this’, Guardian (15 April 2009), available at: {http://www.theguardian.com/technology/2009/apr/16/internet-hacking-cyber-war-nato} accessed 21 June 2021.
33 Kim Hart, ‘Longtime battle lines are recast in Russia and Georgia's cyberwar’, Washington Post (14 August 2008).
34 John Markoff, ‘Before the gunfire, cyber attacks’, New York Times (13 August 2008).
35 Adam Segal, The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age (New York, NY: Public Affairs, 2016). The combination of kinetic and cyberattacks is consistent with scholarly arguments regarding the role of cyber weapons as adjuncts to kinetic force. See Gartzke, ‘The myth of cyberwar’. Other scholars argue that cyber weapons are not yet effective coercive tools in war. See Borghard and Lonergan, ‘The logic of coercion in cyberspace’ and Kostyuk and Zhukov, ‘Invisible digital front’.
36 Markoff, ‘Before the gunfire, cyber attacks’.
37 Schelling, Arms and Influence, p. 104.
38 John L. Offner, An Unwanted War: The Diplomacy of the United States and Spain over Cuba (Chapel Hill, NC: University of North Carolina Press, 1992), p. 153.
39 For elites’ attempts to reduce public support for kinetic retaliation, see Jacquelyn Schneider, ‘Cyber and crisis escalation: Insights from Wargaming’, article under review (n.d.), p. 36.
40 For an analysis of such dynamics in the Cold War, see Austin Carson, ‘Facing off and saving face: Covert intervention and escalation management in the Korean War’, International Organization, 70:1 (2016), pp. 103–31. In future research, it could be interesting to test how easily audiences ‘forget the Maine’ after a non-denial denial, versus other rhetorical responses to the accusation.
41 Borghard and Lonergan, ‘The logic of coercion in cyberspace’.
42 Sanger and Schmall, ‘China appears to warn India’.
43 Ibid.
44 For a summary of Stuxnet, see Rebecca Slayton, ‘What is the cyber offense-defense balance? Conceptions, causes, and assessment’, International Security, 41:3 (2017), pp. 72–109.
45 William J. Broad, John Markoff, and David E. Sanger, ‘Israeli test on worm called crucial in Iran delay’, New York Times (15 January 2011).
46 Nicole Perlroth, ‘In cyber attack on Saudi firm, U.S. sees Iran firing back’, New York Times (23 October 2012).
47 The name of the erasing mechanism used in the attack (‘Wiper’) appeared to confirm Iranian involvement, recalling the ‘Wiper’ mechanism used to attack Iranian oil companies years earlier. The use of identical nomenclature is interpreted by some experts as a technological means for Iran to ‘tip its hand’ without explicitly taking credit. (See Perlroth, ‘In cyberattack on Saudi firm, U.S. sees Iran firing back’.) Indeed, a leaked National Security Agency memo attributed the attack to Iran and argued that Iran had learned from the earlier attack on its own oil industry. See ‘Iran – Current Topics, Interaction with GCHQ’, 12 April 2013 memo by US National Security Agency, published by The Intercept (10 February 2015), available at: {https://theintercept.com/document/2015/02/10/iran-current-topics-interaction-gchq/} accessed 21 June 2021.
48 Nicole Perlroth and David E. Sanger, ‘New computer attacks traced to Iran, officials say’, New York Times (24 May 2013).
49 David E. Sanger, ‘Document reveals growth of cyberwarfare between the U.S. and Iran’, New York Times (22 February 2015).
50 Schneider, ‘Cyber and crisis escalation’.
51 Barack H. Obama, International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World (May 2011), p. 14, available at: {https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf} accessed 19 March 2020.
52 Mark Mazzetti and Adam Goldman, ‘“The game will go on” as U.S. expels Russian diplomats’, New York Times (2 January 2016).
53 Julian E. Barnes, ‘U.S. begins first cyberoperation against Russia aimed at protecting elections’, New York Times (23 October 2018).
54 Alex Ward, ‘There is more evidence Russia interfered in the election: Fewer Trump supporters believe it’, Vox (18 July 2017).
55 Heather Harrison Dinniss, Cyber Warfare and the Laws of War (New York, NY: Cambridge University Press, 2012).
56 ‘Sony cyber-attack: North Korea faces new US sanctions’, BBC News (3 January 2015), available at: {http://www.bbc.com/news/world-us-canada-30661973} accessed 10 August 2021. Note that there have been questions raised about North Korea's culpability in this case; see Nicole Perlroth, ‘New study may add to skepticism among security experts that North Korea was behind Sony hack’, New York Times (24 December 2014).
57 Michael N. Schmitt (ed.), Tallinn Manual on the International Law Applicable to Cyber Warfare (Cambridge, UK: Cambridge University Press, 2013); Matthew C. Waxman, ‘Cyber-attacks and the use of force: Back to the future of Article 2(4)’, Yale Journal of International Law, 36:2 (2011), pp. 421–59.
58 Oona Hathaway, Rebecca Crootof, Philip Levitz, Haley Nix, Aileen Nowlan, William Perdue, and Julia Spiegel, ‘The law of cyber-attack’, California Law Review, 100:4 (2012), pp. 817–86 (p. 861). We have clearer expectations regarding how best to respond to cyberattacks in the context of jus in bello, or the conduct of hostilities. See Schmitt, Tallinn Manual on the International Law Applicable to Cyber Warfare.
59 Hathaway et al., ‘The law of cyber-attack’, p. 857.
60 Ibid., p. 862.
61 Ibid., pp. 867–73.
62 Barnes, ‘U.S. begins first cyberoperation against Russia’.
63 Schmitt, Tallinn Manual on the International Law Applicable to Cyber Warfare.
64 See Leeds, Brett Ashley, Ritter, Jeffrey, Mitchell, Sarah, and Long, Andrew, ‘Alliance treaty obligations and provisions, 1815–1944’, International Interactions, 28:3 (2002), pp. 237–60CrossRefGoogle Scholar (case 3445, the Chinese-North Korea Defence Pact).
65 This response would depend on the specific terms of the defence pact. NATO, for example, has determined that a cyberattack would not activate Article 5 of the North Atlantic Treaty (which invokes collective defence), but would instead only activate Article 4, which requires consultation but no further obligation. See Hathaway et al. ‘The law of cyber-attack’, p. 861.
66 Kozlowski, Andrzej, ‘Comparative analysis of cyberattacks on Estonia, Georgia and Kyrgyzstan’, European Scientific Journal, 3 (2014), pp. 237–45Google Scholar; Robert Mackey, ‘Are “cyber-militias’ attacking Kyrgyzstan?’, New York Times (‘The Lede’ blog) (5 February 2009), available at: {http://thelede.blogs.nytimes.com/2009/02/05/are-cyber-militias-attacking-kyrgyzstan/?_r=0} accessed 21 June 2021; Christopher Rhoads, ‘Kyrgyzstan knocked offline’, Wall Street Journal (28 January 2009).
67 Schelling, Arms and Influence, pp. 79–80. For more recent work on compellence, see especially Sechser, Todd S., ‘Goliath's curse: Coercive threats and asymmetric power’, International Organization, 64:4 (2010), pp. 627–60CrossRefGoogle Scholar.
68 Huth, Paul K., ‘Deterrence and international conflict: Empirical findings and theoretical debates’, Annual Review of Political Science, 2 (1999), pp. 25–48CrossRefGoogle Scholar.
69 Schelling, Arms and Influence, p. 88.
70 Borghard and Lonergan, ‘The logic of coercion in cyberspace’, p. 465.
71 David E. Sanger and Mark Mazzetti, ‘U.S. had cyberattack plan if Iran nuclear dispute led to conflict’, New York Times (16 February 2016).
72 Borghard and Lonergan, ‘The logic of coercion in cyberspace’; Buchanan, ‘Cyber deterrence isn't MAD’.
73 Borghard and Lonergan, ‘The logic of coercion in cyberspace’.
74 Office of the Secretary of Defence, Military and Security Developments Involving the Democratic People's Republic of North Korea, Annual Report to United States Congress (2013), pp. 11–12, available at: {https://fas.org/irp/world/dprk/dod-2013.pdf} accessed 23 March 2020.
75 For a related discussion of the signalling benefits of covert kinetic action, see Carson and Yarhi-Milo, ‘Covert communication’.
76 Julia Barton, ‘Neither Confirm Nor Deny’, Radiolab (National Public Radio), 12 February 2014.
77 Ibid.
78 Ibid.
79 David E. Sanger and William J. Broad, ‘Hand of U.S. leaves North Korea's missile program shaken’, New York Times (18 April 2017).
80 Ibid.
81 Ibid.
82 Barrie Barber, ‘Cyber war being lost, some experts now fear’, Dayton Daily News (11 September 2015).
83 Robert L. Jervis, The Logic of Images in International Relations (New York, NY: Columbia University Press, 1970).
84 Borghard and Lonergan, ‘The logic of coercion in cyberspace’.
85 For example, Kaspersky Lab argued that the Aramco attack was too unsophisticated to be attributed to a state. The Cutting Sword of Justice, an Iranian hacktivist group widely considered to be state-sponsored, claimed credit for the attack. See Kim Zetter, ‘The NSA acknowledges what we all feared: Iran learns from US cyber attacks’, Wired (2 October 2015).
86 Lorenzo Francheschi-Bicchierai, ‘There's evidence that the “Yemen Cyber Army” is actually Iranian’, Motherboard (26 June 2015). A former State Department official explained: ‘How could you do something that consumed a massive amount of bandwidth in Iran and not have the government notice, when it's monitoring the Internet for political purposes?’ See ‘U.S. says Iran behind cyber attack in Saudi Arabia’, Al-Arabiya News (13 October 2012).
87 ‘Sony cyber-attack: North Korea faces new US sanctions’, BBC News (3 January 2015), available at: {http://www.bbc.com/news/world-us-canada-30661973} accessed 21 June 2021.
88 Nicole Perlroth, ‘New study may add to skepticism among security experts that North Korea was behind Sony attack’, New York Times (24 December 2014).
89 Poznansky and Perkoski, ‘Rethinking secrecy in cyberspace’.
90 National Cyber Security Centre, Joint US-UK Statement on Malicious Cyber Activity Carried out by Russian Government (15 April 2018), available at: {https://www.ncsc.gov.uk/news/joint-us-uk-statement-malicious-cyber-activity-carried-out-russian-government} accessed 23 March 2020.
91 Perlroth, ‘In cyberattack on Saudi firm, U.S. sees Iran firing back’.
92 Ibid.
93 Mancur Olson Jr and Richard Zeckhauser, An Economic Theory of Alliances (Santa Monica, CA: RAND Corporation, 1966).