Two explanations for the paucity of cyber-military, cross-domain operations

Abstract

This article investigates why states have launched so few cross-domain operations-in this case, operations between cyber and military domains-when they have launched so many cyberattacks. I explore a set of five hypotheses for why most cyberattacks do not occur at the same time as military strikes. My analysis reveals that of the five, two are compelling. First, state attackers make strategic decisions not to "cross the domain"for organizational reasons that are based on the internal division of labor. Second, many cyberattackers face significant technical challenges with cross-domain operations even if their cyber and military forces are integrated. The other three reasons are not as persuasive, including fear of conflict escalation, international law applied to cyberspace, and norms of cyberspace behavior.