Deter, Disrupt, or Deceive: Assessing Cyber Conflict as an Intelligence Contest

  • Published

Deter, Disrupt, or Deceive: Assessing Cyber Conflict as an Intelligence Contest edited by Robert Chesney and Max Smeets. Georgetown University Press, 2023, 301 pp.

There is an old parable about a group of blind men encountering an elephant for the first time. They try to determine what the animal is through touch but are each able to touch only part of the elephant—its trunk, its ear, and its side. From their limited perspective, they determine what they have encountered—one thinks the elephant is a snake, another a fan, and the third, a wall. This same theme applies to the analysis of cyber in Deter, Disrupt, or Deceive, edited by Robert Chesney and Max Smeets. In examining offensive cyber operations, each editor finds comparisons based on their own understanding and offers solutions. The articles are well-researched and documented but lack any broad connection to an overall cyber operations thesis.

The editors ask contributors to align cyber conflict as an intelligence contest—or “statecraft pursued through the means and methods traditionally associated with intelligence agencies”—before examining state and nonstate actor policies (5). Integrating all cyber conflict possibilities with such a narrow scope is a difficult task, even for someone like me, despite my career in intelligence. Still, the book provides interesting reading for anyone involved in cyber or intelligence operations.

In the first section, contributors analyze the theory and concept of intelligence contests and cyber operations. The underlying insight suggests that some cyber operations fit into this framework, but the perspective is focused on strategic contests, which support the ends of national policy, rather than intelligence missions, which are the means to achieve the ends. In the first chapter, Joshua Rovner outlines the book’s central thesis, which demonstrates the five elements of intelligence contests: collect more information than an adversary; exploit information for practical gain; undermine adversaries’ morale, institutions, and alliances; disable opponent intelligence capabilities; and pre-position collection assets for the future. Rovner’s analysis of historical precedents spanning England and Spain in the late 1500s to the Cold War yield additional thoughts referencing the difficulty in using intelligence gains and a demand for secrecy in intelligence. The various authors discuss how these elements apply, but like the blind men, they are limited in their perspective to provide broader insights by viewing cyber operations through the lens of an intelligence contest.

The first six articles build a United States cyber operations perspective using the published national cyber strategy. Michael Warner starts the arguments by stating intelligence functions as a secretive support activity rather than a cyber end. The articles then address challenges between US Code Title 10 detailing military operations guidelines, and Title 50, which addresses intelligence collection difficulties in conducting covert cyber operations; and the United States’ management of past cyberattacks.

Each article varies the approach slightly, but the common theme suggests cyber operations that focus on intelligence collection as operations are too difficult to manage and execute. The difference between intelligence collection and operations is that the former prepares for future conflict while the latter generates current or future effects. Cyber difficulties emerge as large operation secrecy, the technical scope needed to create effects, and deterrence model vagueness. Overall, the first section is interesting, but it highlights the need to further examine challenges in the US cyber model.

The next section addresses cyber internationally through China, Russia, and the United Kingdom. A retired People’s Liberation Army officer submits the Chinese perspective on cyber operations as the defense of China’s ideology. The author, Lyu Jinghua, suggests China’s cyber aims to grow the country without physically destroying adversary assets constitutes legitimate cyber usage. This varies greatly from the international stance that economic cyberattacks such as stealing corporate intellectual property are as harmful as physical attacks.

Valeriy Akimenko and Keir Giles’ article on Russia’s approach to cyber activity contends that their current cyber operations mindset is an extension of Russia’s long-term information operations. The case of Vasili Mitrokhin, a KGB defector who provided the UK’s intelligence agency MI6 with intelligence files that exposed Soviet agents, is referenced as demonstrating how Russia has always defended its ideology against Western influences by any means necessary. Russian operations based in the GRU, an intelligence directorate, and the FSB, a state security agency that emerged from the KGB, show the national emphasis on continuing information warfare approaches.

Moving from adversarial nations to the UK, the philosophy shifts to protection rather than exploitation. Unlike adversarial nations but similar to the United States, the UK publicly acknowledges its cyber efforts center on the Government Communications Headquarters (GCHQ) intelligence hub. The section shows how other nations link intelligence contests and operations without losing the capacity to generate cyber effects.

The book concludes with nonstate actors. Nonstate actors typically imply terrorist organizations, but in the book, it refers to contractual parties working for the government in an intelligence capacity and other parties operating within the cyber environment. These parties have emerged due to the US government’s general lack of cyber expertise. One key example, referenced in Lyu Jinghua’s article, was American cybersecurity firm Mandiant’s government-funded Chinese research. This government funding led China to conclude the Mandiant report constituted an ideological attack even when presented as pure research. The article demonstrates how government-funded cyber actors and government cyber action gaps will become inseparable in managing accountability. Thus, any action a private actor takes may be attributable to the US government. These discussions carry over to other state actions, such as use of social media by the Internet Research Agency (IRA) in St. Petersburg, Russia, to influence the 2016 presidential elections. The remaining discussion then addresses when contracted intelligence assets become official government action and whether those lines can be drawn effectively.

One clear gap in the book’s analysis was in its technical knowledge concerning current cyber operational capabilities. The comment appears multiple times that cyber is more appropriate for intelligence as technical access lacks connections to physical effects. The 2008 Turkish pipeline explosion, Stuxnet, and multiple Ukrainian power outages are the most common physical examples of cyber effects. The 2014 Target hack shows where an infiltration via network access given to a vendor in charge of a physical system—the refrigeration, air conditioning, and heating system—led to financial results. Growing trends in smart houses, integrated grids, and WiFi everywhere show where initial cyber effects could drive or support integrated actions. Those integrated actions currently match Russia’s information warfare plans, whereas China remains focused on economic growth. Failing to address these points means authors may not have fully considered the operational effects possible through cyber.

Overall, Deter, Disrupt, or Deceive summarizes some old arguments in a new format, updates the packaging, and presents the same solutions. The various authors do not reach an agreement on whether cyber should be considered merely an intelligence resource or a strategic policy tool. Lacking a conclusion is emblematic of the cyber field as a whole: the areas reachable through cyber grow daily, and no one agrees on the perfect approach. The central thoughts examined were scaling operations, maintaining secrecy, analyzing other nation’s strategies and civilianizing cyber functions. The answer likely lies somewhere in between; however, continuing to analyze the issue from only one perspective—identifying one part of the elephant, so to speak—will likely not move the debate forward. Still, I would recommend Deter, Disrupt, or Deceive to anyone who has been exclusively on either the intelligence or operations side of cyber for ideas in eventually bridging the gap with solid strategies supported by policy.

Dr. Mark T. Peters II, Lieutenant Colonel, USAF, Retired

"The views expressed are those of the author(s) and do not reflect the official policy or position of the US government or the Department of Defense."