EPSRC/Dstl Project: Cyber Statecraft in an Era of Systemic Competition

Project Summary

The UK wants to develop and assert its identity as a responsible, democratic cyber power. This project will provide it with the conceptual tools and empirical knowledge to do so, contributing to the efficacy and impact of UK international cyber statecraft over the next decade.

Global cyber security and governance are at a critical juncture. Efforts to develop the rules, norms and values of cyberspace reflect shifting international power dynamics and express and sustain competing political visions of what and who cyber security is for. Liberal democracies like the UK uphold the existing multistakeholder approach to cyber governance and its adherence to openness and interoperability. This is challenged by China, Russia and their strategic partners, which pursue models of ‘cyber sovereignty’ that impose national territoritalities on cyberspace to bolster regime security and the domestic suppression of political expression and mobilisation. Between these competing poles lie diverse national and regional perspectives in the so-called ‘middle ground’ of global cyber security and governance.

The centrality of the international dimension of cyber security is reflected in the UK Government’s national strategies. The Integrated Review and subsequent National Cyber Strategy outline the UK’s ambition to be a ‘responsible, democratic cyber power’. Pillar 4 of the National Cyber Strategy, ‘Global leadership’, articulates the UK’s aim to exert influence in international cyber security based on liberal democratic values. These high-level strategic documents note that contesting the future of cyberspace dovetails with the UK’s broader foreign policy challenges and opportunities. This is a bold ambition. To achieve it, the UK needs to set clear objectives and embrace ‘cyber statecraft’, understood generically as strategic approaches for securing the national interest in and through cyberspace, using all levers of national power and marshalling the private sector and civil society in a ‘whole-of-society’ effort. However, questions and challenges persist about how to conduct cyber statecraft in an impactful fashion.

The project will address significant gaps in conceptual and empirical knowledge about the nature and character of cyber power, the diverse practices of cyber statecraft, the types of actors that conduct cyber statecraft (including, perhaps, non-state actors like firms), and case studies of cyber statecraft in action. It will provide theoretical foundations for the core concepts of cyber statecraft and cyber power and practical recommendations to policymakers and practitioners. The project addresses core concerns of UK security and cyber security policy, particularly in the international aspects and ambitions articulated in recent high-level government strategies. It also aligns with the aspirations of EPSRC’s Digital Security and Resilience Theme in engaging with the UK’s cyber security challenges and building national capacity and capability in this area. The project will establish a nationally important body of work that feeds directly into government and multistakeholder conversations and decision-making about the international aspects of UK cyber statecraft. Working with a diverse range of partners, the project team will deliver impactful research to academia, UK Government and wider society, informing policy and future research on best practices and competing approaches to cyber statecraft in an era of systemic competition.

The project comprises three Work Packages (WP), each of which relates closely to key themes of UK security strategy and supports the ambitions of UK Government and RISCS. These will be further enhanced by a cross-cutting Engagement Plan.

WP1. Theory, practice and evaluation of cyber statecraft.

WP2. Middle-ground cyber competition and statecraft.

WP3. Role of the private sector in cyber statecraft.

 

Project Team and RISCS Project Fellows

Dr Tim Stevens
PI
Dr André Barrinha
Co-I
Dr Joe Devanny
Co-I
Louise Marie Hurel
Co-I
Tim is a Reader in International Security at King’s College London, and Director of the KCL Cyber Security Research Group. His research is situated at the intersection of technology, politics and global security. He is particularly interested in information technologies and their roles in shaping and enabling global security practices. He has written extensively on the politics and governance of cybersecurity, especially in its strategic and international dimensions.André Barrinha is a Senior Lecturer (Associate Professor) in International Relations at the University of Bath. His work has been published in journals such as Contemporary Security Policy, International Affairs, Journal of Common Market Studies, and European Security. He is also one the authors of International Relations Now and Then (Routledge, 2nd ed.). Barrinha is currently working on cyber-diplomacy as an emerging field in international relations. In 2019, he was awarded the Best Article in Global Affairs Award for a co-authored piece with Thomas Renard on cyber diplomacy and the English School. He is the current chair of the ISA’s Science, Technology and Art in International Relations section.Joe Devanny is a Lecturer in National Security Studies in the Department of War Studies at King’s College London. He is deputy director of the Centre for Defence Studies at King’s. His research focuses on the role of cyber diplomacy and cyber strategy in wider national security strategy. He was a 2022-23 British Academy Innovation Fellow; during the fellowship he conducted research on cyber diplomacy with the UK Foreign, Commonwealth and Development Office.Louise Marie Hurel is a Research Fellow at the Royal United Services Institute's (RUSI) Cyber Programme. Her work and research focuses on international cyber security policy, private actors, expertise, cyber diplomacy and incident response. She is also a PhD researcher in Data, Networks and Society at the Department of Media and Communications of the London School of Economics and Political Science (LSE) where she focuses on the politics of incident response. Louise is the founder of the Latin American Cybersecurity Research Network (LA/CS Net) and serves as co-chair of the Global Forum on Cyber Expertise’s Advisory Board.
Jamie MacColl
Co-I
James Sullivan
Co-I
Dr Joanna Syrda
Co-I
Jamie is a Research Fellow in cyber security at the Royal United Services Institute (RUSI) and a Senior Research Associate at the European Cyber Conflict Research Initiate. His current research interests include ransomware, the UK’s approach to offensive cyber operations, and the role of private companies in global cyber governance. Prior to joining RUSI, he worked in cyber threat intelligence where he provided strategic and operational intelligence analysis on the cyber threat landscape.
Jamie holds an MPhil in International Relations and Politics from the University of Cambridge and was awarded the Sir Michael Howard Excellence Award in 2016 and 2018 during his BA at King’s College London. When he is not carrying out research into cyber threats and cyber security, Jamie can be found on stage with his band Bombay Bicycle Club.
James Sullivan is the Director of Cyber Research at RUSI. He founded and has grown a research group at RUSI that explores critical cyber public policy issues. Research themes include: the role of national cyber strategies, the cyber threat landscape, cyber security and resilience, cyber risk management, offensive cyber, cyber statecraft and diplomacy, and ransomware.
James has contributed to a variety of publications and media outlets such as the FT, BBC and CNN and has provided insights on aspects of the cyber threat to high-level fora such as the G7, the World Economic Forum and the White House’s International Counter Ransomware Initiative.
Joanna is a Lecturer in Business Economics at the University of Bath. She is an economist with a particular research interest in economics of digital security, understanding adoption driver and barriers, associated externalities and market failures, and the political economy of cybersecurity.
Evolving concepts, such as cyber power, require new and improved theoretical models. In this project she is responsible for developing measures of cyber power that can meaningfully help evaluate effectiveness of cyber statecraft.