DR. KERSTIN ZETTL-SCHABATH
PUBLICATIONS
This research paper is the first to closely examine the actual application of the EU´s Cyber Diplomacy Toolbox (CDT) measures by EU institutions/actors over the last six years, which culminated in the revised version of its implementing guidelines in June 2023. In doing so, we shed light on the question as to how far the EU has used the CDT as a vehicle to push for a strengthened Europeanisation of cybersecurity policies, or rather, if it presents a pragmatic approach to reach a stronger balance between internal and external coordination, as well as to reach the preservation of national prerogatives for security-sensitive actions.
February 2024
Cyber-space is increasingly utilized as a conflict domain, especially for political and economic purposes in peace-time and political and military goals during armed conflicts. However, the line between state and non-state actors is becoming increasingly blurred in the context of cyber-conflicts. Therefore, this chapter is dedicated to state proxies in the digital sphere
July 2023
What role do non-state actors, so-called "proxies", play in state cyber conflicts? And how does (de-)escalation management differ depending on the regime type? The book compares the state cyber-proxy strategies of China, Russia, the USA and Israel with the help of a comprehensive cyber conflict data set for the years 2000-2019.
July 2023
April 2023
The Russian Federation and its proxies have conducted numerous cyber operations against Ukraine and states supporting its right to self-determination. These and earlier operations have resulted in serious damage and upheaval in Ukraine and elsewhere since 2014. However, many observers feared even more effective Russian attacks against critical infrastructure or integrated conventional-cyber military operations in the wake of the Russian invasion in February 2022. A year into the conflict, a protracted debate continues as to why Russian cyber operations did not meet these expectations, focusing on whether most operations had been successfully thwarted by Ukrainian cyber defences and assisting actors or whether Russian state and non-state actors have been unable or unwilling to widely deploy cyber operations. In contrast, this spotlight article provides nine observations on cyber conflict patterns during the first year of hostilities, focusing on state-non-state interactions and operational patterns while drawing on EuRepoC data and third-party analyses.
The Russian war of aggression against Ukraine is dominated by classic military operations. So far, there is not much sign of the expected cyber war. In the public debate, terms are often adopted casually. Thereby, cyber operations should be treated more as what they are (so far), namely primarily a means to the end of espionage, sabotage and subversion.
January 2023
December 2022
How to hack the hackers’ supply chains? In this article, I argue that the increasing diversification of the cybercrime ecosystem offers multiple options for states & law enforcement agencies to disrupt its services.
Since November 2022
“Advanced Persistent Threats” (APTs) have emerged over the past decade as a central term for particularly potent, persistent, and state-affiliated, if not state-integrated, cyber actors.
This series therefore presents the most prominent groups in the form of compressed profiles in a standardised, continuously-updated, and expanded process.
​
July 2022
When and how does state interaction in cyber-space result in norm development? In this article, we contend that governments take on roles vis-á-vis both domestic and foreign audiences, often resulting in conflicts between crosscutting internal and external role expectations. To alleviate these role conflicts, governments use various secret instruments of statecraft that, in turn, shape international norm development. We theorize the nexus between domestic and foreign role play and secrecy, thereby extending the understanding of role taking in international relations to the cyber-space. We argue that whereas the role conceptions of autocratic powers China and Russia have been geared toward cyber-sovereignty of the regime vis-à-vis internal and external others, the United States, as a democratic power, has sought cyber-security for both state and non-state actors in the international realm. Trying to hide some of their cyber-operations, the interaction between China, Russia and the US resulted in a distinct pattern of cyber-proxy use and state surveillance interaction that facilitated the stabilization of illiberal cyber-espionage norms and the spread of diverging notions of information sovereignty.
May 2022
This volume sheds light on the increasingly (geo-)political relevance of cyber conflicts and the importance of information asymmetries within them. The authors concretely examine the role of information asymmetries in the context of attribution, e.g. through the use of state proxies, in the resolution of cyber conflicts. In line with efforts to build and establish binding norms in the context of cyber operations, the third part of the volume explores the impact of such asymmetries on the diffusion and effectiveness of cyber norms
December 2021
The Heidelberg Cyber Conflict Dataset (HD-CY.CON) has been developed at the Institute for Political Science, Heidelberg University, under the guidance of Prof. Dr. Sebastian Harnisch. HD-CY.CON is a comprehensive dataset on malicious cyber operations, integrating categories of offline conflict research with characteristics of online conflicts. Drawing on a broad variety of news sources, technical threat research reports by IT-companies and information offered by state security agencies, HD-CY.CON (currently) comprises data on 1265 cyber incidents from 2000 – 2019. The data set includes operations by states and various non-state-actors, both as attackers and victims. While existing cyber conflict datasets focus on generic categories, such as "state or state-supported" cyber operations, the Heidelberg data set offers a more nuanced differentiation of political and technical attribution statements, including the attributing initiator and its characteristics. In addition, HD-CY.CON uses conflict categories of the Conflict Barometer by the Heidelberg Institute for International Conflict Research (HIIK), thus allowing a closer examination of interaction between between offline-, and online conflict dynamics. Cyber incidents are coded according to categories of the HD.CY-CON codebook and differentiated into three main incident types: data theft, disruption and hijacking. Moreover, they are accredited an intensity score, based on technical and socio-political indicators.
This literature review provides an analysis of the political science research landscape’s approach to power in cyberspace to date. Previous conceptualizations are compared and combined into an integrative model that differentiates mainly between power resources and power functions. To make these empirically visible, the proxy-concept is first discussed in terms of its theoretical implications and then used as an analytical reference category for discussing specific debates about power in cyberspace. These relate firstly to the use of offensive cyber proxies by autocratic states, secondly to the instrumentalization of defensive cyber proxies by democratic states, and thirdly to the respective role of state proxies for both regime types in the context of an agenda-setting function at the international level. In each case, a distinction is made between the two categories at the hard and soft power level, which makes it possible to more explicitly elaborate the limited, but in part existing, significance of material power functions that can be pursued by proxies in cyberspace. In all three empirical fields, power in cyberspace refers predominantly to information as a central resource, which is used primarily to manipulate existing asymmetries vis-à-vis external and internal actors on the part of autocratic and democratic governments. In this context, power plays an important role for offensive as well as defensive escalation control in the context of conflicts, but also power resources of non-state actors, which are aimed at discursively influencing international efforts to regulate cyberspace as a conflict resolution domain.
October 2021
July 2020
Academic and policy debates on the attribution of cyberattacks have yet to fully grasp the political dimension of this task. This article sets out some of the technical problems of identifying a perpetrator in cyberconflicts, but focuses mainly on the political dynamics of evading responsibility, and thereby blame, for cyberattacks. We have found that democratic and autocratic governments differ substantially in their conflict behaviour, for instance in their use of proxies
July 2020
Steigende Konfliktpotenziale im digitalen Raum erfordern die Schärfung transnationaler Verantwortung, sie erschweren diese aber auch. Aus völker-rechtlicher Perspektive wurde die Norm der Sorgfaltsverantwortung für den Cyberraum bereits umfänglich diskutiert. Wir knüpfen aus politikwissen-schaftlicher Perspektive an diese Debatte an, indem wir die Bedingungen für eine Normemer-genz zunächst theoretisch diskutieren und sodann die Staatenpraxis im engeren (vier kurze Fallstudien) und im weiteren Sinne (auf der Grundlage eines neuen Heidelberger Konfliktdatensatzes) untersuchen. Unsere Befunde zeigen, dass es zwar Ansätze für eine retrospektive Norm der Sorgfaltsverantwortung gibt, aber bislang kaum prospektive Normwirkung erkennbar ist. Die Staatenpraxis zentraler staatlicher „Normunternehmer“ verdeutlicht die bislang fehlende intersubjektive Anerkennung der Norm. Zudem legt der Abgleich mit systematisch erhobenen Cyber-Konfliktdaten der Jahre 2014–2016 nahe, dass insbesondere autoritäre Staaten wie Russland und China die regulative Wirkung der Norm durch den Einsatz von nicht-staatlichen Akteuren unterminieren. Insgesamt kann die noch im Frühstadium befindliche Normemergenz vor allem auf unterschiedliche Motivationen und Schwerpunkt-setzungen der Normunternehmer in ihrem Agieren zurückgeführt werden.
July 2020
​The study examines the influence of systemic as well as situational factors on the different democratic resilience to external, digital election meddling by Russia in the US 2016 and in Germany 2017. The comparison shows that the degree of polarization, the logic of the election campaign and the role of established media in particular can be assumed to explain the respective Russian meddling. At the same time, the effects of individual factors on the technical level (e-voting) cannot be assessed in isolation but in relation to each other.
July 2020
This spotlight articles summarizes the major cyber conflict trends for 2019, such as an increasingly offensive US cyber policy under Donald Trump and digital repression techniques by authoritarian regimes against domestic minorities. It was published in the HIIK conflict barometer 2019.
January 2018
The article conceptualises political conflict in cyberspace. Thus far, scholarship has focussed on the analysis of (unilateral) cyberattacks, measuring their scope and impact, especially in Western industrialised countries. But cyber conflict, defined here as an incompatibility of stated intentions between actors which guides their use of computer technologies to harm the other, has received much less attention. Our conceptual approach builds on the work done by Valeriano and Maness and others in the field of cyber conflict measurement. We argue, however, that the interactive, international and inter-agential nature of cyber conflicts has not been captured sufficiently in recent scholarship. By providing a new methodology to address the problems of information bias, attribution and the neglect of non-state actors, we hold that variance in cyber conflict dynamics as well as spill-over effects between off- and online conflicts may be better captured with the new approach. Our work seeks to extend the understanding of state and non-state conflict behaviour in cyberspace and our methodology may inform further extensive data collections.