The UK wants to develop and assert its identity as a responsible, democratic cyber power. This project will provide it with the conceptual tools and empirical knowledge to do so, contributing to the efficacy and impact of UK international cyber statecraft over the next decade.
Global cyber security and governance are at a critical juncture. Efforts to develop the rules, norms and values of cyberspace reflect shifting international power dynamics and express and sustain competing political visions of what and who cyber security is for. Liberal democracies like the UK uphold the existing multistakeholder approach to cyber governance and its adherence to openness and interoperability. This is challenged by China, Russia and their strategic partners, which pursue models of ‘cyber sovereignty’ that impose national territoritalities on cyberspace to bolster regime security and the domestic suppression of political expression and mobilisation. Between these competing poles lie diverse national and regional perspectives in the so-called ‘middle ground’ of global cyber security and governance.
The centrality of the international dimension of cyber security is reflected in the UK Government’s national strategies. The Integrated Review and subsequent National Cyber Strategy outline the UK’s ambition to be a ‘responsible, democratic cyber power’. Pillar 4 of the National Cyber Strategy, ‘Global leadership’, articulates the UK’s aim to exert influence in international cyber security based on liberal democratic values. These high-level strategic documents note that contesting the future of cyberspace dovetails with the UK’s broader foreign policy challenges and opportunities. This is a bold ambition. To achieve it, the UK needs to set clear objectives and embrace ‘cyber statecraft’, understood generically as strategic approaches for securing the national interest in and through cyberspace, using all levers of national power and marshalling the private sector and civil society in a ‘whole-of-society’ effort. However, questions and challenges persist about how to conduct cyber statecraft in an impactful fashion.
The project will address significant gaps in conceptual and empirical knowledge about the nature and character of cyber power, the diverse practices of cyber statecraft, the types of actors that conduct cyber statecraft (including, perhaps, non-state actors like firms), and case studies of cyber statecraft in action. It will provide theoretical foundations for the core concepts of cyber statecraft and cyber power and practical recommendations to policymakers and practitioners. The project addresses core concerns of UK security and cyber security policy, particularly in the international aspects and ambitions articulated in recent high-level government strategies. It also aligns with the aspirations of EPSRC’s Digital Security and Resilience Theme in engaging with the UK’s cyber security challenges and building national capacity and capability in this area. The project will establish a nationally important body of work that feeds directly into government and multistakeholder conversations and decision-making about the international aspects of UK cyber statecraft. Working with a diverse range of partners, the project team will deliver impactful research to academia, UK Government and wider society, informing policy and future research on best practices and competing approaches to cyber statecraft in an era of systemic competition.
The project comprises three Work Packages (WP), each of which relates closely to key themes of UK security strategy and supports the ambitions of UK Government and RISCS. These will be further enhanced by a cross-cutting Engagement Plan.
WP1. Theory, practice and evaluation of cyber statecraft.
WP2. Middle-ground cyber competition and statecraft.
WP3. Role of the private sector in cyber statecraft.
Project Team and RISCS Project Fellows