Why Restraint in the Real World Encourages Digital Espionage

rovner december

President Joe Biden has committed to ending America’s forever wars and restoring diplomacy, longtime goals for advocates of a more restrained U.S. foreign policy. Yet he is reportedly pursuing an aggressive approach to cyberspace, despite concerns that this might lead to military escalation and diplomatic friction.

Although this looks like a contradiction, it is not. Restraint looks much different in cyberspace, where competition is primarily an intelligence contest. The implications are counterintuitive. Because a grand strategy of restraint trades knowledge for power, it leans heavily on intelligence. Intelligence agencies scan the horizon for looming threats, giving policymakers time to mobilize defenses. They help to prioritize scarce resources through better assessment. They provide non-military options for protecting U.S. interests abroad and maintain diplomatic channels to friends and rivals alike. Such diplomacy improves the quality of warning and enables joint operations against common threats. And in the event of a crisis, intelligence provides a release valve that reduces the risk of escalation and avoids the need for military action. All of this is less provocative abroad, and much less expensive.

Because cyber operations are a species of intelligence, a strategy of restraint benefits from audacity in the digital domain.


Cyberspace intelligence is particularly important for restraint. First, it exploits durable U.S. advantages in technology and personnel. The United States educates computer scientists and engineers in world-class universities, and Silicon Valley firms give them a place to cultivate their skills. The intelligence community benefits from this extraordinary talent pool, though public-private relations are sometimes difficult. Government spending on cyberspace activities remains robust and politically popular on both sides of the aisle, suggesting room for continuing innovation and technical refinement.



Second, cyberspace operations are less provocative than military intervention. Experimental studies find that victims of cyber attacks are less likely to demand retaliation, even when the damage is the same as in a physical strike. Early evidence from real-world incidents supports this insight. States, firms, and individuals have proven surprisingly tolerant of cyberspace operations, and eager to get back online. Perhaps for the same reason, cyberspace operations do not seem to have much coercive value in war, although the empirical record is thin. If anything, they may serve as release valves for leaders who seek to act against their rivals but fear that events will spin out of control. All of this suggests that states can operate in cyberspace with great energy but without increasing the risk of escalation.

Third, cyberspace intelligence is probably less provocative than other forms of espionage. It reduces the risks that come with recruiting foreign assets, and it removes the need to maintain security details to protect them. Spy scandals lead to diplomatic breakdowns and exacerbate political crises: States exploit captured spies for propaganda value, parading them in front of cameras and using them as bargaining chips. It’s a lot harder to do the same in response to the discovery of cyberspace espionage, despite repeated efforts to use such revelations to isolate and embarrass international rivals. There is no way to put on a show trial for malware.

Fourth, cyberspace activities largely avoid sunk costs. Any military presence puts lives on the line, and casualties create psychological and political pressure for doubling down on force. Leaders do not want to tell families of fallen soldiers that their daughters and sons have died in vain, so they take further risks. This pattern is frustrating to advocates of restraint, who urge leaders to avoid getting stuck in open-ended conflicts. The sunk costs problem, however, is basically irrelevant in cyberspace.

Finally, cyberspace intelligence-gathering is less dependent on foreign partners. A grand strategy of restraint warns about foreign entanglements that skew perceptions of the national interest and draw the United States into foreign conflicts. Intelligence diplomacy is useful, but it sometimes comes at a cost. States with particular geographic advantages can exact a price for cooperation with the United States. Iran and Pakistan, for instance, gained leverage in the Cold War because they provided ideal locations for monitoring posts against the Soviet Union. This had long-term consequences for U.S. diplomacy in the Middle East and South Asia.

Cyberspace espionage benefits from liaison arrangements, but it does not depend on them. The United States has been enthusiastic about what it calls “Hunt Forward” missions, in which partner states request collaborative efforts on local networks. But from a technical perspective, it is not clear that the United States needs local partners to operate effectively abroad. The geography of cyberspace matters, of course, because physical control of cables, servers, and access points allows technicians to enjoy a fuller view of local networks. It matters a lot less than geography in the physical world, however, where there is often no substitute for being there. Perhaps the most important attribute of cyberspace, at least from an intelligence perspective, is the ability to exfiltrate data at rest from very long distances. This is appealing from the perspective of restraint because it requires few personnel deployed abroad and reduces the need for institutionalized alliances.


Although cyberspace espionage plays a special role in restraint, this does not mean that policymakers should be cavalier about all cyberspace operations, or that they should assume that secret collection campaigns are always worthwhile. The value of such campaigns depends in part on political circumstance.

The logic of restraint depends on intelligence, yet prominent advocates of restraint have warned against being seduced by secrets. Their argument is that serious threats to U.S. security will be plain to see. Rising great powers have no way of hiding their economic and military growth — elaborate intelligence efforts are not necessary. Worse, obsessing over secrets can also lead to threat inflation by encouraging policymakers to imagine the nightmare implications of hidden capabilities. The “worship of secret intelligence,” warned Barry Posen, can lead analysts to exaggerate dangers, even when the balance of forces is favorable. All of this suggests that the United States should focus less on secret collection and more on improving analysis of information from open sources.

When does the need for knowledge outweigh the risks of obsession? Secret intelligence is not required to spot large shifts in the balance of power, and no-one should obsess over secrets during periods of obvious and overwhelming strength. Washington does not need to poke around on private networks to verify economic and military disparities that are clear to anyone with a newspaper subscription. Wide power differentials were on display in the 1990s, for example, when the United States stood alone among the great powers, so detailed estimates of foreign great-power capabilities were not immediately relevant. Intelligence gains value as the gap shrinks. As rising powers catch up with status quo states, previously small questions take on new meaning. Precise knowledge of foreign capabilities matters more when adversaries stand a decent chance of winning. In these cases, the danger is not future threat inflation but faulty assessment of the current balance.

Aggressive collection campaigns are especially important when adversaries may be tempted to resolve political disputes through coercion or force. A lot depends on the value of the political object at stake. When adversaries are deeply committed to some goal, they may be willing to accept greater military risks. Secret intelligence is vital in these cases for determining if foreign leaders’ private goals are consistent with their public bluster.

So how does this play out in cyberspace? Technical collection efforts, including cyberspace espionage, are particularly valuable in moments of high tension because they are less provocative than human spying. Yet there are limits to this argument. When a prolonged period of tension transforms into a deep crisis, for instance, the United States should be cautious about certain targets. Some kinds of cyber operations may serve to de-escalate tension by providing a release valve. If both states are wary of using force, they may tacitly welcome tit-for-tat cyber attacks as a face-saving way out. But intrusions into particularly sensitive targets, especially nuclear command and control networks, may create an exceptionally dangerous security dilemma. The targets may be unable to distinguish spying from clandestine attempts to disable their deterrent force.

The logic of cyberspace espionage in peacetime grand strategy does not necessarily apply in a crisis or war. Moments of intense drama may cause rival leaders to overreact to news of espionage, and this might inhibit efforts to find a peaceful resolution. Leaders in crisis are likely to want granular information about the other side, but the desire to know more can increase the danger of inadvertent escalation. Intelligence efforts to learn more about a rival’s true intentions are important, but intelligence penetrations that look like preparations for a disarming strike are treacherous. Those seeking to maximize the benefits of cyberspace espionage should also seek to minimize the risk. Careful planning about which targets to surveil, and which to avoid, will help.

Similarly, the role of cyber operations is different in a shooting war. Cyberspace operations appeal to military planners because they hold out the possibility of blinding enemy forces. Yet this may prove difficult in practice, because thinking enemies take steps to make their communications secure and redundant. As I have previously argued, the tactical use of cyber operations creates new dilemmas for war termination. For these reasons, an aggressive approach toward cyberspace in peacetime might not make sense in a violent conflict.

Making the Case

So long as Biden remains a champion of military restraint, intelligence is likely to play a leading role in his foreign policy. Administration officials have already made it clear that the United States will remain quite active in cyberspace. National Cyber Director Chris Inglis has reportedly embraced the Department of Defense’s “Defend Forward” approach, which calls for continuous intelligence gathering and efforts to discover cyber threats as close as possible to their point of origin. Defending forward on cyberspace infrastructure is operationally and politically audacious given the peculiar characteristics of the domain. As Erica Borghard puts it, “this infrastructure is owned by some entity, whether by the U.S. government, private companies or individuals, allied and partner governments, or the adversary. In other words, unlike in other domains, there are no ‘high seas’ or ‘international waters’ in cyberspace.”

Aggressive intelligence-gathering invites diplomatic risks because it suggests the need to operate on third-party networks without notice or consent. The irony is that cyberspace intelligence supports a grand strategy whose purpose is to restore diplomatic relations by reducing provocations. The Biden administration has worked hard to overcome international skepticism, making the case that its assertive posture is in everyone’s interest and that defending forward will help to promote an open, secure, and reliable internet. It put an exclamation point on these efforts last month when it signed onto the Paris Call, a set of principles for responsible behavior in cyberspace. But whether partners are convinced remains an open question.

In addition to other countries, aggressive cyberspace activity can cause tensions with the private sector. The current administration has prioritized improved relations with the private sector. Yet there is inherent tension between the demands of intelligence and the concerns about official encroachment on privately owned networks. Officials like to argue that this tension does not exist. From their perspective, proactive intelligence serves the collective good by helping to discover malicious activities in advance. Convincing firms of this idea will be considerably harder.

Though it may go against their initial impulses, advocates of a more restrained, less militaristic foreign policy should support the Biden administration in its efforts to convince skeptics at home and abroad. Secret intelligence has a checkered past, however, and critics may be skeptical of any approach that draws upon the dark arts. Nonetheless, an expansive intelligence posture complements a more modest grand strategy and might ultimately enable military retrenchment. Assertiveness in cyberspace goes hand-in-hand with restraint in the real world.



Joshua Rovner is an associate professor in the School of International Service at American University.

Image: U.S. Space Force (Photo by Senior Airman Andrew Garavito)