On the strategic consequences of digital espionage

Abstract

Digital espionage has Cold War origins, but states are still determining how to respond when they are found to be its latest victims. In multilateral discussions about norms of responsible state behaviour in cyberspace, digital political espionage is the elephant in the room. Like other aspects of interstate intelligence competition, digital espionage is 'business as usual' but can also lead to tensions, particularly when operations become public. The strategic consequences of digital espionage appear significant, as asymmetries of state power and poor understanding of technical aspects of cyber operations lead to uncertainty about appropriate responses to 'cyber victimhood'. We offer multiple propositions to frame state responses to digital espionage, focusing on the relational power of the victim and spying states and their bilateral relationships. States will generally respond proportionately to state-on-state digital espionage, whilst domestic-political factors pressure them to adopt more robust, cost-imposing measures that may exacerbate the strategic consequences of digital espionage. We illustrate these propositions with three recent cases-the Snowden revelations (2013); the Office of Personnel Management breach (2014); and the SolarWinds breach (2020)-and explore the importance of calibrated responses to digital political espionage for strategic stability and state behavioural norms in cyberspace. ARTICLE HISTORY