Cyber espionage techniques and contemporary threats

Abstract
Cyber espionage has become a critical component of modern cyber warfare as nation-states increasingly rely on cyberspace. However, cyber espionage had generated concerns regarding its acceptability given its potential threats to national security. This study explores the proposition that cyber security should be deemed an acceptable state behavior while cyber attack is unacceptable. This study seeks to answer the question, “How is cyber espionage an acceptable state behavior for intelligence gathering though it is a form of unacceptable cyberattack?” Background information to provide the context for this study is discussed as well as a review of existing literature on the topic. A qualitative case study research design based on the Just War Theory will be utilized to conduct this research. Data will be collected from professionals in international relations and cyber security as well as existing publications on recent cyber espionage activities by China and Russia.
Keywords: cyber espionage, acceptability, proposition, state behavior, cyberattack, relationship, intelligence gathering, national security.
Introduction
Cyberspace has become an important element ins the operations of any given country because of today’s information age. The significance of cyberspace in a country’s operations is evident in its use at the operational level of modern warfare. At the strategic level, cyberspace is use to deter and influence the strategic balance of power in relation to the strengths and weaknesses of a state.[footnoteRef:1] However, the use of cyberspace in modern warfare has also been characterized by the emergence of cyber espionage, which is one of the most complex international problems in today’s world. Cyber espionage refers to the practice of obtaining secrets without the permission of the owner/possessor of the information.[footnoteRef:2] While it is a form of cyberattack, there is a proposition that cyber espionage is an acceptable state behavior. [1: Magnus Hjortdal, “China’s Use of Cyber Warfare: Espionage Meets Strategic Deterrence”, Journal of Strategic Security 4, no. 2 (2011):1] [2: Atul Agarwal & CERT-IN, “Cyber Espionage, Infiltration and Combating Techniques”, Indian Computer Emergency Response Team, 2013. https://www.cert-in.org.in/Downloader?pageid=5&type=2&fileName=CIPS-2013-0128.pdf]
Background Information
Cyber espionage has become one of the most important and complex international problem in today’s world. It is a practice that involves obtaining secrets without the permission of the owner/possessor of the information. The information is obtained for personal, political, economic or military advantage. Since this practice results in illegitimate possession of personal, sensitive, classified or proprietary information, it can generate numerous risks or threats to the owner/possessor of the information. Cyber espionage is carried out through various exploitation methods or techniques on individual computers, networks or the Internet. Some of these techniques or methods include the use of malicious software and computer viruses like Trojan horses and spyware. This practice basically entails intentional activities to infiltrate or penetrate computer systems or networks used by a rival to obtain information within or transmitted through these networks or systems.[footnoteRef:3] Cyber espionage has emerged as an international problem because of increased reliance on cyberspace by state and non-state actors. Nations across the globe including the United States, China and Russia are using cyberspace to commit cyber espionage. However, the legitimacy of this practice remains questionable amidst the proposition that it is an acceptable state behavior while cyberattack in unacceptable. [3: William C. Banks, “Cyber Espionage and Electronic Surveillance: Beyond the Media Coverage”, Emory law Journal 66, (2017):513.]
Problem Statement
Cyber espionage involves illegal practices that result in information theft that could be used to attack an adversary. It poses threats and risks to relations between states and has become a complex international problem in the modern world. Cyber espionage is largely viewed as a new intelligence gathering approach and strategy for national security decisions. However, cyber espionage remains a form of cyberattack, which is legally and ethically unacceptable.
Research Question
Is cyber espionage a method used by state for intelligence gathering a form of unacceptable cyberattack?
How is cyber espionage as an acceptable state behavior for intelligence gathering though it is a form of unacceptable cyberattack? Comment by Author: A good research question is essential to guide your research paper, project or thesis. It pinpoints exactly what you want to find out and gives your work a clear focus and purpose. All research questions should be: Focused on a single problem or issue.Here is a good reference to help youhttps://cdn.elsevier.com/promis_misc/jphys_5researchquestion_examples.pdf
Purpose Statement
Theory hypothesis and framework
Possible hypotheses for this study are:
Null hypothesis H0: cyber espionage is an acceptable state behavior.
Alternative hypothesis H1: cyber espionage is not an acceptable state behavior.
The purpose of this study is to examine the proposition that cyber espionage is an acceptable state behavior, despite being a form of cyberattack, which is deemed unacceptable. The evaluation includes an exploration of norms that are established to promote the acceptability of cyber espionage despite its potential damaging impacts on relations between states.
Significance of the Study
This study will help address existing concerns regarding the acceptability of cyber espionage though it seemingly promotes information theft. It is important to study this issue because cyber espionage has generated numerous concerns regarding its legitimacy and acceptability vis-à-vis cyberattack. Through examining this issue, the study will help address the existing gap in literature regarding acceptability of cyber espionage and its associated norms.
Literature Review
The issue of cyber espionage has attracted considerable attention in existing literature because of the challenges it poses to international relations. According to Libicki (2017), the idea that cyber espionage is an acceptable state behavior is questionable since cyberattack is unacceptable.[footnoteRef:4] This proposition comes at a time when the United States has rejected some forms of cyber espionage activities such as China’s financially motivated cyber espionage and the Russian doxing attacks. Over the past few years, China has shown greater interest in in cyberspace offensiveely courses of action unlike other state actors. This has continued to generate concerns as China uses cyber espionage to spy on and deter the United States.[footnoteRef:5] The National Counterintelligence and Security Center reports that cyber espionage poses significant threats to the security, prosperity and competitive advantage of the United States.[footnoteRef:6] As a result, cyber espionage affects the political and economic relationships between countries while changing the modern warfare landscape.[footnoteRef:7] [4: Martin Libicki, “The Coming of Cyber Espionage Norms”, 9th International Conference on Cyber Conflict, 2017. https://ccdcoe.org/uploads/2018/10/Art-01-The-Coming-of-Cyber-Espionage-Norms.pdf] [5: Ibid., 1] [6: National Counterintelligence and Security Center, “Foreign Economic Espionage in Cyberspace”, Office of the Director of National Intelligence, 2018. https://www.dni.gov/files/NCSC/documents/news/20180724-economic-espionage-pub.pdf] [7: Dana Rubenstein, “Nation State Cyber Espionage and its Impacts”, Washington University in St. Louis, 2014. https://www.cse.wustl.edu/~jain/cse571-14/ftp/cyber_espionage/]
Libicki (2017) stated that despite these threats, cyber espionage should be an acceptable state behavior, but with specific norms.[footnoteRef:8] Norms should be established to ensure that the results of cyber espionage are used for traditional intelligence purposes and national security decisions. In addition, use of the results of cyber espionage for cyberattack on critical infrastructure should be prohibited. Georgieva concurs by stating that intelligence agencies should collaborate to generate norms to guide cyber espionage for the international community.[footnoteRef:9] Weissbrodt (2013) seemingly rejects this proposition by contending that cyber espionage generates new threats to national security operations and should be prohibited.[footnoteRef:10] Countries like the United States should focus on addressing flaws in existing legal structures that promote cyber espionage in order to deal with the threat posed by computer systems and network operations. [8: Ibid., 4.] [9: Ilina Georgieva, “The Unexpected Norm-Setters: Intelligence Agencies in Cyberspace”, Contemporary Security Policy (2019):1] [10: David Weissbrodt, “Cyber-Conflict, Cyber-Crime, and Cyber-Espionage”, Minnesota Journal of International Law 22, no. 2 (2013):348.]
Theoretical Framework/Approach Comment by Author: The theoretical framework is the structure that can hold or support a theory of a research study. The theoretical framework introduces and describes the theory that explains why the research problem under study exists.
As shown in the literature review, existing literature provides divergent perspectives on acceptability of cyber espionage as an intelligence gathering framework. Existing studies seemingly focus on the establishment of norms to define acceptable cyber espionage by governments. These studies do not explicitly state whether or not cyber espionage should be deemed an acceptable state behavior. Consequently, there is a gap in literature on whether or not cyber espionage should be regarded as an acceptable new intelligence gathering approach.
This study seeks to address these gaps in existing literature through the use of the Just War Theory, which addresses justifications of why and how wars are fought. The theory has played a major role in the assessment and understanding of the moral and ethical use of new weapons and can be applied to cyberspace with respect to cyber warfare. Using this theory, the acceptability of cyber espionage as an intelligence gathering tool will be examined on the context that it is a form of ethically and legally unacceptable cyberattack. The Just War Theory will be applied in this study to understand the implications of accepting cyber espionage as a state behavior for intelligence gathering in relation to cyberattacks.
Research Design/Methodology
The researcher will explore the issue and answer the research question by way ofthrough conducting a qualitative case study. Case study is an approach to qualitative study that involves evaluation of complex phenomenon in its context. It can be explanatory or exploratory as it entails a deep understanding through various sources of data. For this study, the researcher will adopt an exploratory approach to qualitative case study to gain a deeper understanding of the acceptability of cyber espionage. Semi-structured interviews will be conducted on a representative sample from a group of professionals within this field and examine existing cases on cyber espionage by China and Russia.
Since this research is a qualitative design, the researcher will first code the data collected to main themes from the interviews. The themes will, thus, lead to a valid conclusion as the themes that will be supported by most respondents will be treated as the general response.
To identify an appropriate representative sample, the researcher will utilize purposive sampling approach. Individuals within the researcher’s professional networks will be contacted and approached to participate in the study based on their knowledge and expertise on the phenomenon being studied. Some of the potential ethical issues that could emerge include privacy of research participants and confidentiality. These issues will be addressed through ensuring that participation is voluntary. P and participants will not be required to provide any personalpersonally identifiable identification iinformation. The respondents will also be given a consent form to sign before the study. Additionally, data obtained from the participants will be utilized for the purposes of this study only.
Data obtained from the interviewees and the publications will be analyzed through thematic analysis. The thematic analysis will entail constant comparison and triangulation of the data to identify emerging themes that answer the research question. While the research design will help to answer the research questions, it is limited in terms of the researcher’s reliance on the two cases and interview data.
Conclusion
Cyber espionage has become a major and complex international problem in today’s world. Even though a proposition for cyber espionage to be viewed as an acceptable state behavior exists, the practice poses significant national security risks and threats. Therefore, it is increasingly important to establish whether or not cyber espionage should be regarded an acceptable state behavior while cyberattack is unacceptable. Exploration of this topic helps to determine the suitability and acceptability of cyber espionage as a new form of intelligence gathering for national security decision making.
Bibliography
Agarwal A. & CERT-IN. “Cyber Espionage, Infiltration and Combating Techniques.” Indian Computer Emergency Response Team, 2013. https://www.cert-in.org.in/Downloader?pageid=5&type=2&fileName=CIPS-2013-0128.pdf
Banks, W.C. “Cyber Espionage and Electronic Surveillance: Beyond the Media Coverage.” Emory law Journal 66, (2017).
Georgieva, I. “The Unexpected Norm-Setters: Intelligence Agencies in Cyberspace.” Contemporary Security Policy (2019).
Hjortdal, M. “China’s Use of Cyber Warfare: Espionage Meets Strategic Deterrence.” Journal of Strategic Security 4, no. 2 (2011).
Libicki, M. “The Coming of Cyber Espionage Norms.” 9th International Conference on Cyber Conflict, 2017. https://ccdcoe.org/uploads/2018/10/Art-01-The-Coming-of-Cyber-Espionage-Norms.pdf
National Counterintelligence and Security Center. “Foreign Economic Espionage in Cyberspace.” Office of the Director of National Intelligence, 2018. https://www.dni.gov/files/NCSC/documents/news/20180724-economic-espionage-pub.pdf
Rubenstein, D. “Nation State Cyber Espionage and its Impacts.” Washington University in St. Louis, December 2014. https://www.cse.wustl.edu/~jain/cse571-14/ftp/cyber_espionage/
Weissbrodt, D. “Cyber-Conflict, Cyber-Crime, and Cyber-Espionage.” Minnesota Journal of International Law 22, no. 2 (2013).