Outsourcing cyber power: Why proxy conflict in cyberspace may no longer pay

50 Pages Posted: 20 Jun 2020 Last revised: 27 Oct 2022

Date Written: May 27, 2020

Abstract

It is believed that states can achieve military and foreign policy objectives “on the cheap” by outsourcing cyber operations to willing proxy actors, be they cyber mercenaries, patriotic zealots, pranksters, or simply allies of convenience. By outsourcing, this logic goes, a host government can claim plausible deniability while cashing in on strategic gains. Puzzlingly, proxy-associated behavior across three datasets appears to show that activity associated with outsourcing has flagged. Do cyber proxies still pay? A formal model is used to hypothesize about how new norms of attribution (specifically, the willingness of victims to make accusations on the basis of circumstantial evidence) are developing. Sponsors who learn that they will take the heat regardless have fewer incentives to rely on proxies. Empirical evidence drawn from two cyber incident datasets offers support for this proposition. This should decrease our confidence that plausible deniability is the primary reason why states outsource their cyber operations to non-state hackers. The paper joins an emerging body of research that has questioned the logic of plausible deniability in covert action, including cyber conflict.

Keywords: patriotic hackers, attribution, cyber, conflict, strategy, model, decision theory, game theory, formal theory, cyber-security, proxy, principal-agent

Suggested Citation

Canfil, Justin Key, Outsourcing cyber power: Why proxy conflict in cyberspace may no longer pay (May 27, 2020). Available at SSRN: https://ssrn.com/abstract=3611582 or http://dx.doi.org/10.2139/ssrn.3611582

Justin Key Canfil (Contact Author)

Carnegie Mellon University ( email )

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
226
Abstract Views
1,632
Rank
245,368
PlumX Metrics