CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Offensive Cyberspace Operations: Implications for Sweden
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.ORCID iD: 0000-0002-7552-9465
2024 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This PhD thesis describes how Sweden can organise its offensive cyberspace capabilities for strategic objectives, including cyber deterrence and defence, in response to escalating threats from nations like Russia, China, and Iran. The research develops a multi-level and multi-domain (MLMD) theoretical framework, integrating deterrence theory, intelligence the- ory, and offensive cyberspace operations. Adopting an interpretivist research philosophy, the research employs a case study research strategy, reviewing scientific and military literature and conducting semi-structured interviews with key respondents in Swedish policy and defence. The findings suggest the need for a comprehensive national deterrence strategy encompassing offensive cyberspace capabilities, the operational organisation of cyberspace units supported by policy and intelligence, and a tactical emphasis on identifying and exploiting zero-day vulnerabilities. This research contributes to the field by offering models and frameworks for planning and executing offensive cyberspace operations, providing insights and increasing the knowledge base for professionals and researchers. Additionally, it advances the field by applying the MLMD framework for evaluating the research papers and using the general method for theory building in applied disciplines to assess the utility of the proposed model for offensive cyberspace operations.

Place, publisher, year, edition, pages
Stockholm: Department of Computer and Systems Sciences, Stockholm University , 2024. , p. 147
Series
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 24-008
Keywords [en]
Offensive Cyberspace Operations, Deterrence Theory, Intelligence Theory, Offensive Cyberspace Operations Theory, Sweden, Multi-Level and Multi-Domain Framework
National Category
Information Systems Political Science (excluding Public Administration Studies and Globalisation Studies) Social Sciences Interdisciplinary
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-231078ISBN: 978-91-8014-839-9 (print)ISBN: 978-91-8014-840-5 (electronic)OAI: oai:DiVA.org:su-231078DiVA, id: diva2:1871270
Public defence
2024-09-06, L70, auditorium 70, NOD-huset, Borgarfjordsgatan 12, Kista, 13:00 (English)
Opponent
Supervisors
Available from: 2024-08-14 Created: 2024-06-17 Last updated: 2024-07-08Bibliographically approved
List of papers
1. Cyber Deterrence - An Illustration of Implementation
Open this publication in new window or tab >>Cyber Deterrence - An Illustration of Implementation
2018 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Cyber deterrence is a strategy to deter attackers from conducting cyber-attacks in the first place. However, several issues exist when implementing cyber deterrence, which are identified in this paper. The findings show (1) non-existence of the deterrence strategy  (2) no doctrine or decision competence to retaliate to an adversary, (3) the armed forces have no authority to retaliate when Swedish sovereignty in Cyberspace is threatened, (4) no norms or regulations exist concerning retaliation, (5) no clear governance on using offensive cyber capabilities, and finally, (6) no credibility in its cyber deterrence posture regarding how much Sweden is willing to sacrifice to protect its electoral system, which is a Swedish national interest. Therefore, this research investigates how cyber deterrence can practically be implemented in Swedish cyber security policy. So far, researchers generally focused on the human aspect of cyber deterrence. By using the case study research strategy and utilizing the Swedish electoral system as a case, this paper examines possibilities to merge the human dimensions of cyber security with the technological dimensions. Data collection is performed through documents studies and semi-structured interviews with experts in the area to identify cyber deterrence components. Further, a mathematical approach is discussed in the paper to express the relationship between an adversary and a deterrent depicting each of the actor’s risk calculus. A result of the research work performed in this paper, the deterrence components for Swedish cyber deterrence are proposed and risk calculus is performed. Moreover, measures to increase Swedish cyber deterrence posture are proposed the practical implementation of cyber deterrence in Swedish cyber security policy in order to deter attacks on the Swedish electoral system is demonstrated.

Keywords
cyber deterrence, cyber strategy, cyber policy, risk calculus, mathematical illustration, Swedish electoral system
National Category
Information Systems Political Science (excluding Public Administration Studies and Globalisation Studies) Social Sciences Interdisciplinary
Identifiers
urn:nbn:se:su:diva-231097 (URN)
Conference
13th International Conference on Cyber Warfare and Security (ICCWS 2018)
Available from: 2024-06-17 Created: 2024-06-17 Last updated: 2024-06-17
2. The Current State of Research in Offensive Cyberspace Operations
Open this publication in new window or tab >>The Current State of Research in Offensive Cyberspace Operations
2019 (English)In: Proceedings of the 18th European Conference on Cyber Warfare and Security, Academic Conferences and Publishing International Limited, 2019, p. 660-667, 2019Conference paper, Published paper (Refereed)
Abstract [en]

Cyber-attacks have increased since the 1988-Morris worm and can target any connected device from any place in the world. In 2010, Stuxnet received a lot of attention as the first cyber-weapon. Its targets were the Iranian nuclear enrichment centrifuges. Nation states are developing cyberspace capabilities to conduct offensive cyberspace operations. Academic researchers have been calling for a more transparent discussion on offensive capabilities and have pointed out the positive impact researchers had during the development of nuclear capabilities. Shrouded in secrecy, the development of offensive capabilities used for operations makes it difficult to conduct research. Therefore, one way to mitigate this is to conduct a systematic review of the current state of research in offensive cyberspace operations. The systematic review method makes it possible to establish certain inclusion and exclusion criteria and systematically go through academic articles to identify the contents, thoughts and research focus of academic researchers. Six scientific databases were queried and 87 articles were read and clustered. The first insight is that, based on the results of the queried databases, research about offensive cyberspace operations is limited. The resulting clusters are a general cluster about cyberspace operations, followed by research in policy, decision-making, governance, capabilities, levels, models, training, deterrence and international affairs. These are then further grouped into: a) general cyberspace operations; b) deterrence; c) international affairs; d) modelling, simulation and training. The article concludes that research into offensive cyberspace operations is maturing as more information is becoming public. Secondly, current research lists some good basic ideas regarding effects which can be achieved through offensive cyberspace operations, how they should be conducted, and related tools, techniques and procedures. However, discrepancies in research efforts exist, with the majority of research coming primarily from the western world. In addition, secrecy and the resulting limited access to information, coupled with research being either too technically focused or too qualitatively focused, show that there still remains room for research in this field. Finally, some directions for future research are examined.

Keywords
research in offensive cyberspace operations, cyberspace operations, decision-making, systematic literature review
National Category
Information Systems Political Science (excluding Public Administration Studies and Globalisation Studies) Social Sciences Interdisciplinary
Identifiers
urn:nbn:se:su:diva-231096 (URN)
Conference
18th European Conference on Cyber Warfare and Security (ECCWS 2019), 4-5 July 2019, Coimbra, Portugal
Available from: 2024-06-17 Created: 2024-06-17 Last updated: 2024-06-17
3. Toward an Ambidextrous Framework for Offensive Cyberspace Operations: A Theory, Policy and Practice Perspective
Open this publication in new window or tab >>Toward an Ambidextrous Framework for Offensive Cyberspace Operations: A Theory, Policy and Practice Perspective
2020 (English)In: Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020, 2020, Vol. 2020-MarchConference paper, Published paper (Refereed)
Abstract [en]

 This article addresses the rise in state-sponsored cyber attacks over the past three decades and proposes a new ambidextrous framework for offensive cyberspace operations. Since 1982, nation states have embarked in a fierce race to develop both clandestine and covert offensive cyber capabilities. Their intended targets range from foreign militaries and terrorist organizations to civilian populations and the critical infrastructures that they rely upon. Advancements in cyber security have, however, contributed to the discovery and attribution of offensive cyber operations, such as state-sponsored ransomware attacks, where state-built cyber capabilities have been used to attack governments, industries, academia and citizens of adversary nations. The financial and psychological costs of these ransomware attacks are today a threat to any state’s national security. This article draws from academic research, the cyber military doctrines of four countries—a total of eight models from the Netherlands, Sweden, the U.S., and the U.K.—and the authors’ operational experience to propose a new ambidextrous framework for offensive cyberspace operations. This ambidextrous framework for offensive cyberspace operations and the associated Cyberspace Operations Canvas are needed today in order to increase the resilience of national critical infrastructures against attacks from state-developed tools. We use the WannaCry-case to illustrate how the implementation of the ambidextrous framework for offensive cyberspace operations would result in increased awareness and understanding of the prospective cyber threats, their intended target(s), the likelihood of cascading effects and the options available by nation states to minimize them.

Keywords
Ambidextrous Framework for Offensive Cyberspace Operations, critical infrastructure protection, Cyberspace Operations Canvas, cyber resilience, state-sponsored cyber-attacks, WannaCry
National Category
Information Systems Political Science (excluding Public Administration Studies and Globalisation Studies) Social Sciences Interdisciplinary
Identifiers
urn:nbn:se:su:diva-231093 (URN)
Conference
15th International Conference on Cyber Warfare and Security (ICCWS)
Available from: 2024-06-17 Created: 2024-06-17 Last updated: 2024-06-17
4. Offensive Cyberspace Operations and Zero-days: Anticipatory Ethics and Policy Implications for Vulnerability Disclosure
Open this publication in new window or tab >>Offensive Cyberspace Operations and Zero-days: Anticipatory Ethics and Policy Implications for Vulnerability Disclosure
2020 (English)In: Journal of Information Warfare, ISSN 1445-3312, Vol. 20, no 1, p. 96-109Article in journal (Refereed) Published
Abstract [en]

This article addresses the question under which circumstances zero-day vulnerabilities should be disclosed or used for offensive cyberspace operations. Vulnerabilities exist in hardware and software and can be seen as a consequence of programming errors or design flaws. The most highly sought are so-called zero-day-vulnerabilities. These vulnerabilities exist but are unknown and, when exploited, enable one way of entry into a system that is otherwise not thought possible. Therefore, from an anticipatory ethics perspective, it is important to understand in what cases zero-days should be disclosed or not.

National Category
Information Systems Political Science (excluding Public Administration Studies and Globalisation Studies) Social Sciences Interdisciplinary
Identifiers
urn:nbn:se:su:diva-231091 (URN)
Available from: 2024-06-17 Created: 2024-06-17 Last updated: 2024-07-01Bibliographically approved
5. Validating a Framework for Offensive Cyberspace Operations
Open this publication in new window or tab >>Validating a Framework for Offensive Cyberspace Operations
2022 (English)In: Journal of Information Warfare, ISSN 1445-3312, Vol. 21, no 3, p. 26-42Article in journal (Refereed) Published
Abstract [en]

The Ambidextrous Framework for Offensive Cyberspace Operations was validated using a simulated cyber conflict emulating a cyber operation against critical infrastructure of a fictious country. The purpose of the validation was to assess how well the Framework supports both planning and execution of cyber operations. Data was collected using self-reporting by a team in the cyber range training facility. The study found that the framework works well to support the planning, preparation, and order giving to execute offensive cyberspace operations. However, it was found to be less suited to support operator actions during on ongoing offensive operation due to its current lack of capability to utilize real-time data from battle-stations.

Keywords
Ambidextrous Framework, Cyber Range and Training Environment (CRATE), Model, Offensive Cyberspace Operations, Validating
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-224811 (URN)
Available from: 2023-12-27 Created: 2023-12-27 Last updated: 2024-06-17Bibliographically approved
6. A Whole-of-Society Approach to Organise for Offensive Cyberspace Operations: The Case of the Smart State Sweden
Open this publication in new window or tab >>A Whole-of-Society Approach to Organise for Offensive Cyberspace Operations: The Case of the Smart State Sweden
2023 (English)In: Proceedings of the 22nd European, Conference on Cyber Warfare and Security / [ed] Prof Antonios Andreatos, Prof Christos Douligeris, Academic Conferences International (ACI) , 2023, p. 592-601Conference paper, Published paper (Refereed)
Abstract [en]

Threat actors conduct offensive cyberspace operations for many purposes, such as espionage, to destroy information assets, and cybercrime. These operations are possible thanks to the innovation and development of information and communications technologies (ICT). Interconnected information systems have transformed societies positively. However, specific states exploit these systems' vulnerabilities to advance their strategic national interests. Therefore, it is important to know how a state can organise itself to defend against threat actors. The purpose of this research is to present how the smart state Sweden can through a whole-of-society approach organise for Offensive Cyberspace Operations. The intent is to conduct an active and independent foreign-, security- and defence policy, but also as a base for deterrence and defence. This article is based on a mixed methods approach. It uses the case study research strategy to discover new information. Fourteen men and women participated in individual semi-structured interviews. The respondents ranged in age from 40 to 65 with more than 20 years of experience in cyberspace operations, intelligence operations, military operations, special forces operations, and knowledge and understanding about information warfare and information operations. The analytic strategies include thematic analysis and quantitative methods to interpret the data. The results show many themes, but the article is especially focused on the themes of Operations, Capability, Policy & Governance, and Legal Frameworks. Finally, a conceptual map of a whole-of-society approach to organise for offensive cyberspace operations is presented inferred from the themes, codes, and content, and mapped to each responsible agency based on the interviews and codes. The answer to the research question is that Sweden should have a whole-of-society approach to organise for Offensive Cyberspace Operations to project power in and through cyberspace with the intent to conduct an active and independent foreign, security and defence policy and for deterrence, as described in Figure 2.

Place, publisher, year, edition, pages
Academic Conferences International (ACI), 2023
Series
Proceedings of the ... European conference on information warfare and security, ISSN 2048-8602, E-ISSN 2048-8610 ; 22
Keywords
deterrence, cyberspace capabilities, information systems, offensive cyberspace operations, smart state
National Category
Information Systems, Social aspects
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-224802 (URN)10.34190/eccws.22.1.1188 (DOI)978-1-914587-69-6 (ISBN)
Conference
European Conference on Cyber Warfare and Security
Available from: 2023-12-27 Created: 2023-12-27 Last updated: 2024-06-17

Open Access in DiVA

Offensive Cyberspace Operations: Implications for Sweden(12035 kB)202 downloads
File information
File name FULLTEXT01.pdfFile size 12035 kBChecksum SHA-512
69bf6000d3d27c96ed0323b0053e3624b73d1c353493a29aa758b02e9c254092b03bf2b10702b77c3c85988247fc32c80a1132b9553d1235e50c6231fecfd67b
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Huskaj, Gazmend
By organisation
Department of Computer and Systems Sciences
Information SystemsPolitical Science (excluding Public Administration Studies and Globalisation Studies)Social Sciences Interdisciplinary

Search outside of DiVA

GoogleGoogle Scholar
Total: 202 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1006 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf