Managing the Cybersecurity Dilemma


Much has been written about the digitalisation of diplomacy, and how it will render traditional diplomacy irrelevant. A favoured argument, taken up with relish by Finance Ministries, is that the new information communication technologies undermine the need for maintaining expensive physical networks of diplomats abroad. In as far as embassies remain, they focus on commercial and national promotion. Political networking and analysis are left to wither on the vine. And yet, as I argue in my new book, cyberspace is creating problems which may make traditional forms of diplomacy more important than ever. The cybersecurity dilemma offers an example.

The traditional security dilemma derives, like much of international relations theory, from Thucydides´ History of the Peloponnesian War. According to the dilemma, State A is concerned about the security threat from State B. It starts building up its military as a defensive move. State B interprets State A´s actions as an offensive move which could threaten its security. It responds by building up its own military. At the end of the cycle the military gap between states A and B is the same, but A is worse off because relations between states A and B have deteriorated, with state B seeing state A as a potential aggressor. The classic example of the cybersecurity dilemma is the Anglo-German naval arms race prior to World War I. Not only did Britain win the arms race, but suspicion of German intentions bound Britain even tighter to its French and Russian allies.

Ben Buchanan describes the security dilemma in cyberspace, what he calls the “Cybersecurity Dilemma”. State A is concerned about the cyber capacities of State B. It penetrates State B´s internet systems to try to assess those capabilities and what State B intends to do with them. State B interprets State A´s actions as a hostile cyber operation, preparing for future cyber conflict. It accordingly strengthens its capabilities and increases its penetration of State A´s systems. At the end of the cycle, State A is worse off than at the start. The “capabilities gap” remains. State B has increased both its capabilities and its penetration of State A´s systems, which it now regards as a potential aggressor.

The key to managing the security dilemma in both physical and cyberspace lies in the ability of one state to accurately and reliably interpret the intentions of other states. In physical space there are mitigating factors that can help. Weapons systems can be defensive or offensive. Traditionally, for example, fighter aircraft were defensive and bombers were offensive (a distinction that has rather dissolved of late). The positioning of weapons systems can also indicate whether they are intended offensively or defensively. But these mitigating factors do not exist in cyberspace. Weapon systems cannot be ”positioned” in such a way as to indicate offensive or defensive intentions. In a sense, cyber weapons do not exist until they are used.  Nor is it easy to distinguish between cyber operations to gather intelligence about capabilities and operations preparatory to future conflict. In cyberspace the ability of one state to identify the intentions of another state is even more important than in physical space.

Marcus Holmes has done some interesting work on the social neuroscience of identifying the intentions of others, combined with examining historical case studies ranging from Munich to the Reagan/Gorbachev summits. A preliminary conclusion is that under certain circumstances, humans are better at identifying the intentions of other humans than some philosophers would have us believe. Neuroscience experiments would suggest that a mirror system in the brain allows us to simulate the thinking processes of others, predicting their intentions. As Holmes acknowledges, there is much more work to do on this. But an interesting consequence of this work, which he explores in his diplomatic case studies, is that the ability to accurately identify intentions is significantly reinforced by regular face-to-face contact (another conclusion is that narcissists are poor at intention identification – not exactly promising for Trump´s meeting with Kim Jung-un).

The logic is simple, as I explained to a conference of diplomats last year. The ability to identify intentions is key to managing the cybersecurity dilemma. Regular face-to-face contact significantly enhances the ability to identify intentions. Who enjoy regular face-to-face contact with senior officials and politicians in foreign countries? Diplomats. Interpreting the intentions of foreign governments has always been a key role of diplomats. It is related to empathy: the ability to see issues through the eyes of the other, whether ally or rival. Politicians and journalists frequently mistake it for sympathy. Hence the accusations that diplomats “have gone native” or started representing the interests of foreign governments rather than their own. But no chess player will succeed without the ability to see the board through the eyes of his opponent. Diplomats not only have to divine the intentions of the other, but also how the other interprets our intentions.

In recent years we seem to have lost the diplomatic capacity for seeing problems through the eyes of the other. This at least is the conclusion I would draw from the Brexit experience, or the chaos of the EU´s relations with Russia and China. Buchanan´s discussion of the cybersecurity dilemma suggests we need to recover it if we want to manage the risk of escalation in cyber conflict. Holmes´ discussion of the social neuroscience suggests the importance of regular face-to-face contact at senior level. Ironically, digital technologies, and the challenges they throw up, may have increased rather than undermined the importance of diplomacy, and of a rather traditional kind.