Florian J. Egloff - Semi-State Actors in Cybersecurity

Oxford University Press is a department of the University of Oxford. It furthers the Universitys objective of excellence in research, scholarship, and education by publishing worldwide. Oxford is a registered trade mark of Oxford University Press in the UK and certain other countries.

Published in the United States of America by Oxford University Press

198 Madison Avenue, New York, NY 10016, United States of America.

Florian J. Egloff 2022

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the prior permission in writing of Oxford University Press, or as expressly permitted by law, by license, or under terms agreed with the appropriate reproduction rights organization. Inquiries concerning reproduction outside the scope of the above should be sent to the Rights Department, Oxford University Press, at the address above.

You must not circulate this work in any other form and you must impose this same condition on any acquirer.

Library of Congress Cataloging-in-Publication Data

Names: Egloff, Florian J. (Florian Johannes), author.

Title: Semi-state actors in cybersecurity / Florian J. Egloff.

Description: New York, NY : Oxford University Press, [2022] |

Includes bibliographical references and index.

Identifiers: LCCN 2021037341 (print) | LCCN 2021037342 (ebook) |

ISBN 9780197579282 (paperback) | ISBN 9780197579275 (hardback) |

ISBN 9780197579312 | ISBN 9780197579299 | ISBN 9780197579305 (epub)

Subjects: LCSH: Computer crimes. | Computer securityInternational cooperation. |

Non-state actors (International relations) | Cyberspace operations (Military science)

Classification: LCC HV6773 .E35 2022 (print) | LCC HV6773 (ebook) |

DDC 005.8dc23

LC record available at https://lccn.loc.gov/2021037341

LC ebook record available at https://lccn.loc.gov/2021037342

DOI: 10.1093/oso/9780197579275.001.0001

In the 2020s, as the rollout of the fifth-generation mobile networks is picking up steam, a large Chinese telecommunications technology company, Huawei, has become a national security concern for many states outside China. The risks emanating from technological dependency to a very large technology company with special, perhaps opaque, ties to its home countrys national security agencies feature prominently in national security conversations about cybersecurityand not just with regards to companies domiciled in China.

A second concern is the private offensive outfits operating in the interests of their client states and companies (with some claiming to sell only to governments). For example, in summer 2020, researchers from the Citizen Lab, a University of Torontobased research team, uncovered a massive India-based hack-for-hire operation they labelled Dark Basin, compromising government officials, multiple industries, as well as civil society from six different continents.

A third concern is cybercriminals, particularly when effective law enforcement in their domiciled state is either lacking the capacity to or is unwilling to rein in cybercriminals activities. It appears that some governments have found the existence of sophisticated cybercrime to be advantageous for capability building as well as for deniability for their own operations.

In this book, I will show that these seemingly disconnected concerns are connected: they all involve diverse types of relationships of states to actors with significant cyber capabilities. I examine these relationships in-depth and show that the actors all inhabit a common realm.

Through so doing, the book aids international relations scholars to better understand the global politics of cybersecurity and develops a historically informed perspective on how these actors are connected to the state. We will see that rather than the diffusion of power, an argument often made with regard to cyber capabilities (i.e. that smaller actors profit asymmetrically), relationships between the state and various actors shape each other.actors looked at in this book have historically been, and continue to be, crucial participants in the political contestations on what sovereignty and statehood mean.

The analytic perspective adopted will highlight the fluidity of the legitimacy of the state. I am interested in topics such as private hacking, state interactions with cybercriminals, and large technology companies and their various interactions with states. Are states able to deny access to markets and restrict activities of large technology companies and service providers? Are these corporations depending on peace in cyberspace provided and enforced by states? Is cybercrime just a crime or does it play a different function in international security?

To the cybersecurity scholarship, the book contributes a historical lens with which to analyse changing relationships and tensions between different types of actors and the state. Thereby, the cybersecurity literature already has significant works detailing some of these relationships. For example, some have looked at particular types of actors (states, terrorists, hacktivists, etc.) and characterized their cyber strategies and operations.

I will add a historical perspective of countervailing tensions and a co-presence in a joint security ecosystem of actors with varying proximity to the state. By countervailing, I mean, for example, it is not just the state that uses other actors but sometimes also the reverse. Furthermore, the different types of actors, such as the ones just detailed, exist in the same universe and jointly create an intelligible cyber(in-)security ecosystem that we all inhabit.

Thus, the focus of the book lies in examining complex relationships between different actors in cybersecurity and the state. I introduce nuance to the discussion on how actors are connected to the state and what sort of security challenges and opportunities those relationships entail. To do this, I use a historical analogy to pirates, privateers, and mercantile companies, which I will now briefly introduce.

Pirates, privateers, and mercantile companies were integral to maritime security between the 16th and 19th centuries. They traded, explored, plundered, and controlled sea lanes and territories across the worlds oceans. State navies often lagged behind. Working for a navy was associated with lower pay, more hierarchical organisations, and less flexibility to accommodate other foreign power structures. In contrast, working for another more unconventional actor enabled sailors to thrive in the seams between state powers. The seas thereby offered opportunity and peril. Opportunity because crews expected to profit directly from the journeys. Peril because life on the seas was roughthe business of long-distance trade and violence at sea fraught with the risk of death.

Today, people are again seeking their fulfilment, destiny, and luck with more unconventional actors. As cyberspace is weaved into the fabric of all aspects of society, the provision and undermining of security in digital spaces have become a new arena for digital pirates, privateers, and mercantile companies. This book details their actions at the seams between state powers. Through collaboration and competition with states, these actors thrive due to the ever-increasing extension of human interaction into this newer global domain. Power, money, and the thrill to explore still drive individuals. In different forms of organisations, large technology companies, patriotic hackers, and cybercriminals have all presented difficult political challenges, defying the largely statecentric political paradigms in international politics.