Papers by Miguel Alberto Gomez
The hidden threat of cyber-attacks – undermining public confidence in government
Journal of Information Technology & Politics
The contemporary literature on cybersecurity and related interstate interactions often cites the ... more The contemporary literature on cybersecurity and related interstate interactions often cites the need to overcome uncertainty due to an inherent deficit of information about cyber operations. While this notion continues to appear relevant in studies that advance our understanding of state behavior in cyberspace, noticeable gaps remain. These gaps particularly stem from the limited utility of cyber operations to shift the balance of strategic power between states or to signal intent and resolve effectively. In response, this article advances a cognitive-cultural framework wherein behavior reflects preferences derived from schema usage. Using cross-national wargames, the article illustrates the schematic use of strategic culture as a basis for deriving strategic objectives and the means with which these are achieved. Consequently, the article serves as the initial foray in expanding our understanding of interstate behavior in cyberspace.
Defence Studies, 2020
An understanding of strategic behavior in cyberspace is often premised on the uncertainty inheren... more An understanding of strategic behavior in cyberspace is often premised on the uncertainty inherent in the domain. However, little is said regarding the exact nature of this uncertainty and the underlying motivations that direct attempts at overcoming it. In response, this article advances a cognitive-cultural explanation of strategic behavior in cyberspace and argues that behavioral preferences arise from the schematic use of strategic culture as a remedy for uncertainty. However, the suitability of these preferences is moderated by the presence of accuracy goals. These accuracy goals must, in turn, dictate the extent to which these are deemed suitable. While two decades of cybersecurity research hints at the presence and significance of these mechanisms, little effort has gone into advancing this line of inquiry. Consequently, the article consolidates these findings into a robust analytical framework to explain strategic behavior in cyberspace.
A Psychological Turn. Our understanding of interstate behavior in cyberspace over the past decade... more A Psychological Turn. Our understanding of interstate behavior in cyberspace over the past decade rests firmly on systemic and technological attributes as determinants of strategic choices in this increasingly relevant domain. Scholars and policy specialists alike invoke established concepts such as the offense-defense balance, coercion, and signaling to account for state-associated cyber operations. Yet despite technological advancements, cyber operations continue to deliver limited strategic outcomes. This is paradoxical when accelerating investments in cyber capabilities are contrasted against lackluster performance thus far. Consequently, one may argue that attempts to frame strategic choices as a function of material and strategic realities hinders rather than enlightens attempts to comprehend state behavior in cyberspace. This, however, is not necessarily the case.
Shaping Cybersecurity Norms in ASEAN
The rise of offensive interstate cyber interactions continues to fan interest in the coercive pot... more The rise of offensive interstate cyber interactions continues to fan interest in the coercive potential of cyber operations. Advocates of this revolutionary view insist that it signifies a shift in the balance of interstate relations; yet empirical evidence from past cases challenges these beliefs as actions often result in continued resistance rather than compliance. Regardless of its performance, the coercive potential of cyber operations cannot be readily dismissed. Consequently, the paper advances that the outcome of coercive cyber operations is better explained using heuristic decision-making strategies rather than normative approaches such as expected utility.
why certain states have militarized while others have not despite predictions of such taking plac... more why certain states have militarized while others have not despite predictions of such taking place. Consequently, this study, encompassing the period from 2011 to 2014, proposes that depolarizing these respective arguments may close the existing theoretical gap. In doing so, the study employs a quantitative analytical approach that examines how cyberspace had been militarized across states as a function of both strategic considerations and resource requirements which are both driven by rational choice and societal perceptions regarding this domain.
Breaking the Myth of Cyber Doom: Securitization and Normalization of Novel Threats
International Studies Quarterly, 2021
Physical damage resulting from cyber operations continues to reinforce the “cyber doom” narrative... more Physical damage resulting from cyber operations continues to reinforce the “cyber doom” narrative across societies dependent on information and communication technology. This is paradoxical given the absence of severe, lasting consequences from cyber operations and the relative restraint exercised by cyber-capable actors. Moreover, the mass adoption of vulnerable digital systems raises questions whether or not individuals’ dread cyber insecurity is as severe as we are often asked to believe. Employing a survey experiment, we find that the assumptions of the “cyber doom” narrative are misleading. While sensitivity to cybersecurity threats is shaped by negative information, the onset of panic and dread is not a given. The impact of novel environmental circumstances on opinion formation is shaped by the individuals’ embeddedness in modern digital society. Consequently, long-term exposure to any invasive development mitigates the emotional response associated with it, normalizing novel ...
Cyber-enabled information warfare and influence operations
Information warfare in the age of cyber conflict, 2020
Journal of Cybersecurity, 2019
The use of cyber operations as a foreign policy instrument continues to stimulate academic intere... more The use of cyber operations as a foreign policy instrument continues to stimulate academic interest towards interstate behavior in this domain. With continued investment in offensive cyber capabilities, there is an urgency to provide both academics and policy-makers with a better grasp of this phenomenon. While the past decade saw the growth of frameworks that highlight systemic and/or technological factors, this article investigates the role of pre-existing beliefs in the attribution of malicious cyber operations. Through survey experiments, it highlights the phenomenon of seizing and freezing with respect to attributive judgements in response to degradative cyber operations. With respect to theory, the results contribute to the emerging study of the cognitive–affective aspects of cyberspace. As for policy, the results illustrate the potential for biased judgements in response to incidents and reinforces the need to develop mechanisms that minimize its impact on state behavior.
European Journal of International Security, 2019
To date, cyber security research is built on observational studies involving macro-level attribut... more To date, cyber security research is built on observational studies involving macro-level attributes as causal factors that account for state behaviour in cyberspace. While this tradition resulted in significant findings, it abstracts the importance of individual decision-makers. Specifically, these studies have yet to provide an account as to why states fail to integrate available information resulting in suboptimal judgements such as the misattribution of cyber operations. Using a series of vignette experiments, the study demonstrates that cognitive heuristics and motivated reasoning play a crucial role in the formation of judgements vis-à-vis cyberspace. While this phenomenon is frequently studied relative to the physical domain, it remains relatively unexplored in the context of cyberspace. Consequently, this study extends the existing literature by highlighting the importance of micro-level attributes in interstate cyber interactions.
Journal of Cyber Policy, 2018
The growing frequency of state-associated cyber attacks have led to calls for the establishment o... more The growing frequency of state-associated cyber attacks have led to calls for the establishment of rules of behaviour in this increasingly relevant domain. While there has been no shortage of such initiatives over the past decade, their respective outcomes have highlighted unique challenges faced by norm entrepreneurs in cyberspace. Questions of contrasting conceptualization of cyberspace and varying threat perceptions have stymied attempts to establish a globally acceptable set of norms that regulate state behaviour. As the Association of South East Asian Nations (ASEAN) continues to invest heavily in this domain, calls for the creation of cyber norms within the region have been made. Yet despite this positive development, this paper illustrates that the unique characteristics of ASEAN pose significant obstacles to the emergence and eventual internalization of cyber norms. In response, this paper argues that success in this endeavour requires initiatives that focus on confidence and capacity building measures to mitigate these constraints. Although the likelihood of common norms across ASEAN remains uncertain, the approach suggested may lead to the emergence of different, yet congruent norms within the bloc.
Global Security and Intelligence Studies, 2016
why certain states have militarized while others have not despite predictions of such taking plac... more why certain states have militarized while others have not despite predictions of such taking place. Consequently, this study, encompassing the period from 2011 to 2014, proposes that depolarizing these respective arguments may close the existing theoretical gap. In doing so, the study employs a quantitative analytical approach that examines how cyberspace had been militarized across states as a function of both strategic considerations and resource requirements which are both driven by rational choice and societal perceptions regarding this domain.
2013 World Cyberspace Cooperation Summit IV (WCC4), 2013
The rhetoric over the rate with which statesponsored or state-endorsed cyber attacks has grown dr... more The rhetoric over the rate with which statesponsored or state-endorsed cyber attacks has grown dramatically in the past years. Increasing dependence on information communication technologies by both state and non-state actors; compounded further by the low-cost of entry and the challenge of attribution within the cyber domain have all but assured that this phenomenon would continue in the foreseeable future. While there is no shortage of literature that discusses the benefits and ease with which these events occur within this domain, their dynamics have yet to be studied through the lens of cyber power. Through the analysis of state cyber power visa -vis historical cyber conflicts between states, the study identifies cyber strategies that states may use against each other. The findings provided by this study may go on to aid in establishing appropriate controls to not only mitigate the possible impact of future cyber conflicts but may also lead to the creation of effective deterrence mechanisms.
Politics and Governance, 2018
Advances in cyber capabilities continue to cause apprehension among the public. With states engag... more Advances in cyber capabilities continue to cause apprehension among the public. With states engaging in cyber operations in pursuit of its perceived strategic utility, it is unsurprising that images of a “Cyber Pearl Harbor” remain appealing. It is crucial to note, however, that the offensive action in cyberspace has only had limited success over the past decade. It is estimated that less than 5% of these have achieved their stated political or strategic objectives. Moreover, only five states are thought to have the capabilities to inflict or threaten substantial damage. Consequently, this raises the question of what accounts for the continued sense of dread in cyberspace. The article posits that this dread results from the inappropriate use of cognitive shortcuts or heuristics. The findings herein suggest that the lack of experience in dealing with cyber operations encourages uncertainty, which motivates decision-makers to base their judgements on pre-existing, and possibly incorre...
It is fair to say that our understanding of how public opinion reacts to an incident in cyberspac... more It is fair to say that our understanding of how public opinion reacts to an incident in cyberspace has progressed significantly in the past few years. Contrary to previous assumptions, in which uncertainty and fear lead to a public reaction somewhere between panic and paralysis in the aftermath of cybersecurity incidents, current research points to an increased public knowledge about the limited societal or physical impacts of disruptive incidents. A greater knowledge undermines the narratives of securitisation that exaggerate the impact of incidents in the daily life of ordinary people. A better understanding of public reactions would help cybersecurity authorities to improve their communication and deterrence procedures about severe incidents.
Our understanding of strategic preferences in cyberspace rests on the material and strategic fact... more Our understanding of strategic preferences in cyberspace rests on the material and strategic factors that shape state behavior. This, however, is derived from the actions of established cyber powers. Given the material resources required to effectively operate in this environment and repeated interactions that form the boundaries of accepted behavior, the literature does not adequately explain the emergence of strategic preferences among novice actors. The article posits that these are not exclusively the function of either the material or strategic factors. Instead, strategic culture features prominently in the selection of strategic preferences that shape state behavior in cyberspace.
This ARI provides an overview of factors crucial in our understanding of coercive cyber operation... more This ARI provides an overview of factors crucial in our understanding of coercive cyber operations as the exercise of power through cyberspace in order to coerce an adversary into a particular course of action. It its focused on the compellent actions of the state actors though they, and non-state actors, may carry out deterrent actions as well. The first section presents the fundamentals of coercion. The second frames coercion in the context of cyberspace and surfaces the characteristics of the domain that enables it. Finally, the third establishes the causes behind coercive failure and, inversely, success.
Victory in Cyberspace
IAFOR Journal of Politics, Economics & Law
Defence Studies, 2020
An understanding of strategic behavior in cyberspace is often premised on the uncertainty inheren... more An understanding of strategic behavior in cyberspace is often premised on the uncertainty inherent in the domain. However, little is said regarding the exact nature of this uncertainty and the underlying motivations that direct attempts at overcoming it. In response, this article advances a cognitive-cultural explanation of strategic behavior in cyberspace and argues that behavioral preferences arise from the schematic use of strategic culture as a remedy for uncertainty. However, the suitability of these preferences is moderated by the presence of accuracy goals. These accuracy goals must, in turn, dictate the extent to which these are deemed suitable. While two decades of cybersecurity research hints at the presence and significance of these mechanisms, little effort has gone into advancing this line of inquiry. Consequently, the article consolidates these findings into a robust analytical framework to explain strategic behavior in cyberspace.
Uploads
Papers by Miguel Alberto Gomez