Saving face in the cyberspace: Responses to public cyber intrusions in the Gulf

ABSTRACT

How do states “save face” following a cyber intrusion directed at them? Recent scholarship demonstrates that the covert nature of cyber intrusions allows states to respond with restraint, avoiding escalation. But what happens when cyber intrusions become public and are highly visible? This article examines the rhetorical strategies employed by authoritarian Gulf states to mitigate the image-related costs associated with a public cyber intrusion. Drawing on the conceptual language of image-repair and crisis communication theories and employing discourse analysis of original data in Arabic, we identify three types of face-saving strategies: diminishing, self-complimenting, and accusing. Our findings indicate that intrusions involving leaking or faking information bring about unique “face-saving” strategies that do not only deal with the intrusion itself but also with the subsequent information crisis. Overall, the article identifies how states employ diverse rhetorical strategies—beyond attribution—to narrate cyber intrusions and keep cyber conflict contained.

KEYWORDS:

• Cybersecurity
• Middle East
• constructivism
• image
• discourse analysis

Acknowledgments

The authors thank Or Greif, Noya Peer, and Jason Silverman for valuable research assistance, and James Shires and Tarek Tutunji for commenting on previous drafts. Previous versions of this article were presented at the annual meeting of the International Studies Association—Northeast Region (2020) and the Joint Sessions of the European Consortium for Political Research (2022).

Disclosure statement

No potential conflict of interest was reported by the author(s).

Notes

1 Hack-and-leak operations are defined as “an intrusion into specific digital systems and networks (hack) and an attempt to influence certain audiences through the public release of information obtained through that intrusion (leak).” Hack-and-fake operations are similarly defined but they involve the public fabrication of information. See Shires, 2019.

2 For the bigger question of whether cyber capabilities are escalatory, see Borghard & Lonergan, 2019; Healey & Jervis, 2020.

3 A similar point is made with regard to countries’ failure to deter (especially when these countries see themselves as deterring actors). Their inability to prevent a challenger damages their sense of Self (Fettweis, 2013; Lupovici, 2016b).

4 In contrast to shame, which is associated with “perceived deficiencies of one's core self,” embarrassment is associated with “deficiencies in one's presented self.” Thus, shame is a more enduring sense of negative self-evaluation, while embarrassment is tied to more transient, situation-specific failures and pratfalls” (Tangney et al., 1996, p. 1258; cf. Subotic & Zarakol, 2013). Humiliation is understood as “as an act of extreme disrespect that intends to deprive an actor of its status as an autonomous agent that counts” (Wolf, 2017, p. 494). It is a result of the actions of another (rather than a failure of the Self) (Lupovici, 2016b, p. 66).

5 The targeted states can also leak information to encourage external actors to reveal the intrusion.

6 In addition to rhetorical strategies, states also develop legal and institutional responses, see Shires, 2021b.

7 The datasets we use did not contain any cyber incidents involving the UAE that met our inclusion criteria—such as a range of years, a public response that can be examined in more detail, etc.

8 We specifically examined the dates in which cyber intrusions were revealed as well as key terms in Arabic, such as cyber, hacking, and electronic attack.

9 The impact of these strategies is beyond the scope of this article.

10 However, states can also refuse to apologize to protect their identity, see Zarakol, 2010.

Additional information

Funding

This project is a part of the research group “Cyber Conflicts in the Middle East” supported by The Federmann Cyber Security Research Center, The Leonard Davis Institute for International Relations, and The Harry S. Truman Research Institute for the Advancement of Peace, all at the Hebrew University of Jerusalem.

Notes on contributors

Yehonatan Abramson

Yehonatan Abramson is a Senior Lecturer in the Department of International Relations at the Hebrew University of Jerusalem, Israel. His research interests include International Relations Theory, diaspora politics, and critical security studies. His work appeared in journals such as the European Journal of International Relations, International Studies Quarterly, Political Geography, the Journal of Ethnic and Migration Studies, and Social Studies of Science.

Gil Baram

Gil Baram is a post-doctoral research scholar at the Center for Long-Term Cybersecurity and the Berkeley Risk and Security Lab, University of California Berkeley. Her work interests include states decision-making during offensive cyber operations, intelligence and covert actions, and empirical cyber research. Her work appeared in journals such as the Journal of Global Security Studies, the Journal of Cyber Policy, and Israel Studies Review.