Abstract
States, companies and civil society actors broadly agree that ICT misuse needs to be prevented through effective international policies and regulatory efforts. However, corresponding norm-building processes have been repeatedly characterized by setbacks and controversies regarding interpretations. Whenever such a situation has arisen, state representatives quickly engaged in intense storytelling, accusing their counterparts of seeking to impose “the law of the jungle” or of following hidden policy agendas at the UN. This paper focusses on the stories state representatives use to explain the international community’s recurrent failures, such as arms races, crisis escalations or destructive criminal acts. Using narrative concepts and methods, the analysis explores the dynamics of this emerging transnational public diplomacy, focusing on Russia and the United States in particular. Beyond comparing main structural elements of each narrative, the goal is to elucidate legitimization strategies and dilemmas, resulting in several policy implications. For example, United States representatives and allies need to make specific and concise references to UN cyber norms during public attributions, lest they could play into the hands of a counter-narrative of Western domination and hypocrisy.
1. Introduction
This paper focusses on the stories through which state representatives address an international audience to explain the recurrent failures of the international community to secure cyberspace.Footnote1 Using narrative concepts and methods, it seeks to explore the dynamics of this emerging transnational public diplomacy, focusing on the accounts of the United States and Russia. Furthermore, the analysis will touch on inconsistencies and legitimization dilemmas that arise from internarrativity, i.e. the interlinkages between narrative discourses at different levels, for example international versus domestic. The paper therefore contributes to our understanding of legitimacy issues within international cybersecurity policy and raises awareness of major communication challenges within cyber diplomacy.
The analysis proceeds in four parts. First, it briefly introduces the emergence of a new public diplomacy of international cybersecurity. The second part explains the concept of narrative analysis. The following empirical section summarizes key propositions within international cybersecurity narratives of the United States and Russia respectively. In the fourth part, the paper conceptualizes and illustrates three types of internarrativity-related inconsistencies and legitimization risks. Finally, the conclusion foregrounds important policy implications of key findings.
2. The new public diplomacy of cybersecurity
In 2021, cyber diplomacy was in the spotlight as never before: Interested observers around the world could witness the first ever public UN Security Council meeting on cybersecurity, US President Biden’s warning of a “real shooting war with a great power” as the result of a major subsequent cyber breach (The White House Citation2021a) or Russian President Vladimir Putin defending his country’s cyber posture and diplomacy in an exclusive interview on NBC (NBC News Citation2021).
This paper aims to explore the new public diplomacy on cybersecurity by using the concepts and tools of narrative analysis, a burgeoning area within foreign policy analysis and, to some lesser degree, also within International Relations (see Oppermann and Spencer Citation2018; Krebs Citation2015a, Citation2015b; Roselle, Miskimmon, and O’Loughlin Citation2014). Narratives, in a nutshell, “ascribe meaning by addressing what is happening, how, where, when and why it is happening and who the protagonists are” (Hagström and Karl Citation2019, 390). The political significance of narratives is visible in multiple contexts. One is within public legitimization efforts, where dominant stories privilege a range of policies while delegitimising even the mere articulation of others (Krebs Citation2015b, 813). Narratives are also key elements within evaluations of past policy choices, as for example through the construction of foreign policy fiascos (Oppermann and Spencer Citation2018).
The following study on the role of narratives within international cyber diplomacy for the first time identifies and explores some of the most important narratives in the field. It starts from the assumption that cybersecurity narratives cannot be developed in a political vacuum. Thus, challenges arise from the need to align with or compete against other narratives, as well as from trying to balance the diverging expectations of international and domestic audiences. Analytically, these challenges are all related to instances of “internarrativity” (Hagström and Karl Citation2019, 393), i.e. the way in which narratives intersect and affect each other at different levels.
More specifically, three types of internarrativity can potentially create legitimization challenges from the perspective of political decision-makers: First, international and domestic narratives intersect on certain issues. Second, policy narratives need to be aligned with “master narratives” (Hagström and Karl Citation2019, 388) or “strategic narratives” (Roselle, Miskimmon, and O’Loughlin Citation2014), lest they might weaken a country’s grand strategy at the international level. Finally, narratives can provoke, or even unintentionally support, counter-narratives within situations of ongoing regulatory competition.
3. Concepts, methods and data sources
Research on narratives distinguishes between different components (Oppermann and Spencer Citation2018, 272–276; Krebs Citation2015b, 12–13). The first, setting, denotes the stage or environment of an unfolding story. It is based on a range of assumptions (Roselle, Miskimmon, and O’Loughlin Citation2014, 75), including the salience of threats, the stakes involved, and the availability of viable policy options. The second element is the designation and characterization of protagonists or agents (Oppermann and Spencer Citation2018, 275, Roselle, Miskimmon, and O’Loughlin Citation2014, 75). All things being equal, it is easier to assign blame for undesirable international policy outcomes if the actors involved appear arrogant, incompetent or dishonest while striving for personal profits or gains within domestic politics rather than for legitimate foreign policy goals (Oppermann and Spencer Citation2018, 275). Finally, emplotment establishes “a link between the actions or non-actions of agents and the policies or consequences that are described as (un-)desirable” (Oppermann and Spencer Citation2018, 276). Thus, narrative blaming essentially requires the finger to be pointed at a capable actor, who due to some non-legitimate reason (characterization) intentionally sets a harmful chain of events (emplotment) in motion, despite demonstrably less harmful alternatives (setting) being available.
The following empirical analysis is limited to English language public statements of decision-makers of the United States and Russia. This is not to dismiss the significant influence of other states, including many in the Global South, on international cybersecurity discourses and cyber norm-building in particular. However, the primary research aim is identifying and exploring legitimization strategies and dilemmas, not explaining the outcome of UN norm building processes. Therefore, the public salience of diplomatic statements, and not their impact on negotiations per se is the key selection criteria. Since rhetorical interactions between the US and Russia arguably receive more global attention than most other bilateral exchanges (with the exception of the US-China dyad perhaps), the selection of these two countries constitutes a most-likely case design for identifying dilemmas of legitimization.
Data collection begins in 2017, the year of the failure of the fifth UN Group of Governmental Experts. The websites of the respective embassies of the two countries at the United Nations were systematically scanned via the search function for contributions on the topic of cybersecurity. Also, a number of high-profile events such as the UN Security Council meeting on cybersecurity in June 2021 have been specifically included in the sourcebook. The rationale, again, was to focus on statements with maximum global public salience. Finally, the data collection included domestic statements by both senior US and Russian decision-makers to control for the effects of different audiences, and to explore legitimization dilemmas that arise from differences between domestic and international narratives. In the US case, the sample includes a diverse set of media outlets. In the case of Russia, the data collection has been primarily focused on the websites of the two leading newspapers of the country, Izvestia and Kommersant.
4. The failure to stabilize cyberspace – great power narratives
The next two sections complement each other: The first systematically explores the content of Russian and US cyber diplomacy narratives, while the second points out inconsistencies and legitimacy challenges arising from internarrativity.
4.1. Russia
According to the Russian narrative, the international community is at the brink of perpetual cyberwar, with the “the information arms race […] gaining momentum” (Ministry of Foreign Affairs of the Russian Federation 2017)Footnote2 and the world facing an “existential” choice “between global cyber peace and cyberwarfare” (PMRFUN Citation2020a). Moreover, all UN member states “are equally vulnerable […] and feel an urgent need to come out with a global response” (PMRFUN Citation2020a). There is thus a clear mandate to create a “specialized international legal instrument” (United Nations Office of Disarmament Affairs (UNODA) Citation2020c) since the existing rules and laws, Russia suggests, have proven insufficient in preventing cyberwarfare, constituting a “de facto ‘legal vacuum’” (United Nations Office of Disarmament Affairs (UNODA) Citation2020a).
Within the Russian narrative, a new global system furthermore needs to accommodate “the interests of all states regardless of their capacities” (PMRFUN Citation2020a). Universal participation in the drafting of new rules is key in this regard, which is why any delegation of this task to “a narrow and ‘elitist’ expert platform” (Statement of Russian Delegation to OEWG, see UNODA Citation2020a) must be avoided.
Taken together, the Russian narrative emphasizes that there is a path to effective and universal regulations. At the same time, it claims that any progress was shortly undermined by Russia’s adversaries. Thus, the United States and their partners are labeled as “an ‘elite’ minority” or “small group” that seeks to usurp a legitimate global agenda (PMRFUN Citation2020a; Vladimir Shin, Russian Ministry of Foreign Affairs (UNODA) Citation2021d). Even worse, their ultimate desire appears to eventually “discredit the role of the UN” itself and to de facto replace it with “more ‘comfortable’ regional platforms,” such as NATO (PMRFUN Citation2017).
Attributes of egoism and aggression are coupled with allegations of deceptive and dishonest behavior within the Russian narrative, since whatever policy suggestions Western countries make, it is “only to serve their own interests” (PMRFUN Citation2017). Thus, past agreements are twisted (PMRFUN Citation2021a) and “certain norms within international law” are tailored “to make it possible to use force in the digital field (The MFA RF Citation2017) or to justify “unilateral pressure and sanctions on other Member States” (PMRFUN Citation2020a). Essentially it is the attempt of some states to “impose their ‘own rules of the game’ in information space from the position of force” (PMRFUN Citation2021b).
Not all of this follows from a rational reflection on national interests, as illustrated by Vladimir Shin with regard to Western opposition to a new OEWG mandate:
The reason for such an attitude is the fact that it was a Russian initiative. I understand that there are some countries strongly opposing anything that contains the word “Russia.” But is it an objective approach or is it a perception that is politically and ideologically biased? (UNODA Citation2021d)
Finally, Western opposition to Russian initiatives is also occasionally explained as the result of domestic political troubles particularly within the United States. Thus, President Putin argued that accusations of government-backed hacking came from those who wish to "provoke new conflicts before our meeting with Biden" (quoted in BBC Citation2021). Later, in his NBC interview, he expressed his hope that with the Biden administration progress would finally be possible and that “the domestic political situation—in the U.S. will not prevent this from happening” (quoted in NBC News Citation2021).
Western countries are therefore portrayed in an unambiguously negative way, mostly as being selfish and deceitful, yet occasionally also as being ignorant or weak. In contrast, Russia itself appears as an honest consensus broker, following the conviction that “lives matter more than political dividends” (PMRFUN Citation2020a) and that “under no circumstances should the information space become another battlefield” (PMRFUN Citation2017). Therefore, Russia advocated for the necessity of conflict prevention and “the principles of the non-use of force, respect for state sovereignty” and “non-interference in internal affairs of other states” (The MFA RF Citation2017). As a norm entrepreneur, it was Russia who first “raised the issue […] in the United Nations,” with a draft resolution in 1998 (PMRFUN Citation2017a). In the early 2000s, it was again Russia who, according to the Russian narrative, initiated the GGE process and then, after the format was no longer inclusive enough, who launched the more open and democratic negotiation process within the OEWG in 2019 (PMRFUN Citation2021a).
Finally, the Russian narrative presents a plot where there is a clear chain of causality from the behavior and intentions of the United States and Western allies to the ineffectiveness of the global framework for stabilizing cyberspace. Thus, by promoting unilateral interpretations, the United States and like-minded partners seek to “revise the results of discussion held at specialized UNGA platforms” (PMRFUN Citation2021b) and thus risks to undermine already existing achievements and understandings, for example those enshrined in the UN GGE 2015 report, “a hard-won consensus and fragile consensus formula which should not be broken” (PMRFUN Citation2020a).
A similar story unfolded with the UN GGE and UN OEWG 2021 consensus reports that presented “a thoughtfully calibrated and well-balanced package of arrangements,” reflecting difficult negotiations in both groups (PMRFUN Citation2021a). Yet to the detriment of international stability, “Western colleagues try to pick separate, the most convenient provisions, and […] present their national views as a global consensus” (PMRFUN Citation2021b). Already during deliberations within the OEWG, Russia also complained about an excessive focus on implementing existing norms, while preventing the inclusion of new ones, for example through the idea of a Programme for Action (PoA), which was “’planted’ by a group of States led by France” (Delegation of Russia to the OEWG, see UNODA Citation2021).
Whether in 2017 or in 2021, it is thus Western proposals who, by distracting from the real issues and by focusing the discussion on controversial concepts, “push the international information space closer to unpredictable and undesirable scenarios” (PMRFUN Citation2020a). By working toward the creation of rules on the basis of “the right of the strongest” (PMRFUN Citation2017), they inevitably come into conflict with the “peace-oriented concept suggested by Russia” (PMRFUN Citation2017), which explains the repeated negotiation impasses on various occasions and the continued deficiency of international regulation.
At the same time, and outside the UN, the United States is accused of having refused to engage at the bilateral level. For example, Russia’s ambassador to the United States in 2021 listed altogether six unsuccessful Russian attempts to initiate a dialogue or comprehensive programme on information security with the United States, but all these initiatives, the ambassador claimed, were met with no reaction (quoted in Heilbrunn Citation2021). Also, within Russian domestic media, Russian decision-makers blame their Western counterparts for refusing to cooperate on practical matters (see, for example, Izvestia Citation2020a). The reasons for the West’s “unscrupulous efforts to smear Russia “(Russian Foreign Ministry spokeswoman Maria Zakharova in Izvestia Citation2020b) can be found in “internal political problems” (Chairman of the Federation Council of the Russian Federation Valentina Matvienko quoted in Izvestia Citation2017a).
With regard to the UN, Russia is portrayed as a norm-entrepreneur whereas Western actors are accused of side-lining the UN and pursuing a “right-of-the-strongest” approach (Andrei Krutskikh in Izestia Citation2017b). Overall, the differences between Russian international and domestic legitimization strategies, despite variations in tone, seem strikingly small.
4.2. United States
As within Russian narratives, US representatives emphasize that the effects of malicious actions in cyberspace can hardly be contained within national borders, requiring global actions in response (Ambassador Thomas-Greenfield, quoted in United States Mission to the United Nations Citation2021).Footnote3 Further progress, according to the US narrative, now requires state-level implementation and compliance:
The framework UN Member States have worked so hard to develop now provide the rules of the road. We have all committed to this framework. Now, it is time to put it into practice (Ambassador Thomas-Greenfield, quoted in USMUN Citation2021).
Stabilizing cyberspace therefore requires to “focus our efforts on the implementation of existing consensus norms, not the creation of entirely new normative concepts” (United States Delegation to OEWG, see UNODA Citation2020b). Furthermore, much of this implementation will be the done by individual states and coalitions, not by the UN, because “individual States may need to take measures to address threats in cyberspace when collective action is not feasible” (United States Delegation to OEWG, see UNODA Citation2020b). More recently, the “stage” for stabilizing cyberspace also tends to shift to the bilateral level, since it is there where Russia and the United States can or cannot “bring some order” (US President Biden quoted in CNN Citation2021).
In terms of the motives of US antagonists and the nature of their actions, there is clearly a difference between US storytelling within and outside the UN. Outside UN bodies, US officials make rather confrontational statements, on many occasions characterizing Chinese and Russian cyberattacks as “destructive and costly” (The White House Citation2018), “irresponsible” and “aggressive” (The White House Citation2021d), “indiscriminate” (US President Biden quoted in Nakashima Citation2021) and “pervasive and destructive” (The United States Department of Justice Citation2020). Perhaps the harshest critique, questioning the rationality of the Russian approach, came from Assistant Attorney General for National Security John C. Demers, saying that “no country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite” (quoted in The United States Department of Justice Citation2020). While all these characterizations are certainly unflattering, they have rarely been combined with accusations of deceitful or hypocritical behavior, at least until recently. A notable exception is US Foreign Minister Pompeo commenting on suspected Russian cyberattacks against Georgian websites in 2020, saying that these actions “contradicts Russia’s attempts to claim it is a responsible actor in cyberspace” (quoted in The Washington Post Citation2020).
At UN level, in contrast, US storytelling rarely gives the impression of antagonistic relationships. Even after the 2017 UN GGE failure to reach consensus, particularly on the applicability of international law, the US representative emphasized the “productive and serious nature of much of the negotiations” (United States Mission to the United Nations Citation2017). Four years later, after both the UN GGE and the UN OEWG issued consensus reports, the statement of the US ambassador to the United Nations did not entail any negative comments at all, despite the verbal all-round of her Russian counterpart in the same UN Security Council meeting. Instead, it stressed the “remarkable willingness to bridge differences and to reach consensus” of all involved negotiating parties (USMUN Citation2021).
Another notable difference of actor characterizations was observed during UN cybercrime negotiation processes. Here, Russia was said to be an inappropriate sponsor of a cybercrime-related resolution and openly accused of being hypocritical, “putting forward a resolution claiming to counter cybercrime just weeks after it was caught perpetrating a cyber-attack on an entity of the UN system, the Organization for the Prohibition of Chemical Weapons” (USMUN Citation2018). The Russian initiative therefore was a “blatant effort to put the fox in charge of the henhouse” (USMUN Citation2018).
Finally, setting, actors, and outcomes are woven together through emplotment, particularly by blaming China and Russia for a deteriorating security situation and for impeding collective action at the UN level. For example, with regard to the Russian initiative for negotiating a universal treaty against cybercrime, the US claimed that this would “only serve to stifle global efforts to combat cybercrime” (The USMUN Citation2019). During negotiations within the UN OEWG, it was Russian and Chinese actions both inside and outside the UN that stood in the way of effectively stabilizing cyberspace. In the words of the US representative in this forum:
Although our preference would be for all States to act together to address threats in cyberspace, we have to acknowledge reality: some states are unwilling to do so, and, in some cases, states are actually conducting or sponsoring malicious activity in cyberspace”. (United States Delegation to the OEWG, see UNODA Citation2020b)
Furthermore, Russian and Chinese proposals for additional norm-building deliberations and specialized legal instruments were rejected on the ground that they constitute “premature” and “impractical” departures from the real task of operationalizing existing international law (United States Delegation to the OEWG, see UNODA Citation2020b).
5. Discussion
In the remainder of this paper argues that three types of internarrativity result in inconsistencies and legitimization challenges both in the case of the US and Russia. The first one relates to the interplay between international and domestic narratives. As research on the role of strategic concealment has shown, conflict parties have often a common interest in not acknowledging escalatory dynamics, for example the use of proxy armies, in order to keep a minimum of policy flexibility and to escape the influence of domestic foreign policy hawks (Carson Citation2018). Similar fears of reputational risks and increasing domestic pressure to retaliate may prevent states from publicly disclosing information about cyber norm-violations and extraordinary destructive cyberattacks (Schulzke Citation2018, 9). At the same time, these concerns need to be balanced against responding to alleged attribution by others and escape being held accountable for the recurrent failure of the international community to secure cyberspace.
This dilemma is aggravated by the long-term effect of promises and implicit performance standards within domestic narratives, for example during election campaigns. In case of the incoming Biden administration, the President elect campaigned on a clear promise to distance his policies from the Russia collusion of the preceding Trump administration. This domestic narrative merged with the idea of a much tougher stance on Russian cyberattacks the moment that President Trump downplayed and miscategorized the SolarWinds Hack at the end of 2020. As President-elect Biden told reporters in December 2020:
We will make dealing with this breach a top priority from the moment we take office. (quoted in Business Insider Citation2020)
Part if this prioritization entailed a strong commitment to communicate clear red lines to the Russian government right from the start of the administration. This became even more pertinent following a wave of devastating ransomware attacks of Russian origin and increasing Russian disinformation campaigns. Thus, after meeting President Putin in Geneva, President Biden explained:
I made it clear that we will not tolerate attempts to violate our democratic sovereignty or destabilize our democratic elections, and we would respond. (quoted in CNN)
A few weeks later, after a bilateral phone call with Vladimir Putin, the White House press secretary reaffirmed this retaliatory threat, saying
The President made clear the United States will take any necessary action to defend its people and critical infrastructure. (Cimpanu Citation2021)
Yet only a few weeks later, there was growing resentment within the US Congress, as well as among media commentators and security experts, about the way in which the Biden administration refused to take retaliatory measures in the face of new cyber incidents (Dilanian Citation2021; Harding, MacCabe, and Lewis Citation2021). To diffuse criticism of having discredited its own cyber deterrence efforts, White House officials tried to realign their international and domestic narratives, suggesting for example that retaliation might happen secretly (CNBC Citation2021). White House officials were also quick to notice that “we didn’t set the measure at some verbal commitment from Vladimir Putin that Russian criminals would stop hacking […], we set the measure at whether over the next 6 to 12 months, attacks against our critical infrastructure actually decline coming out of Russia” (National Security Adviser Jake Sullivan quoted in Dilanian Citation2021).
A second type of internarrativity that may result in legitimacy challenges concerns the way in which policy narratives validate or disconfirm so-called master or “strategic narratives” (Miskimmon and O’Loughlin Citation2017, 112). In the Russian case, the relationship between international cybersecurity and strategic narrative is mostly one of mutual reinforcement. Thus, allegations of hypocrisy, double standards and disdain for international law as key characteristic of Western diplomacy can be found in both policy and strategic narratives (Gorenburg Citation2019; Joja Citation2019). Also, there is a close link between the concept of Russophobia within Russian foreign policy narratives (Oates and Steiner Citation2018, 3–4) and the idea of an Anti-Russian bias within US cybersecurity discourses. In contrast, Russia’s insistence on the need of inclusive participation and the protection of weaker nations does contradict a key demand within Russia’s strategic narrative, i.e. to be recognized as member of the concert of great powers, “an elite group of states reinforcing a hierarchy” within international relations (Miskimmon and O’Loughlin Citation2017, 115). This approach to world order, where great powers strike deals with each other behind closed doors and often at the expense of weaker nations (Barbashin and Graef Citation2019, 34), fits much better with President Putins plea for bilateral agreements, as for example within the NBC interview. Yet by supporting the OEWG as an inclusive and transparent process, a “cyber agora,” the Russian narrative may complicate the enactment of Russia as a great power (Kurowska Citation2020, 95).
Russian acknowledgments of vulnerability or even inferiority—for example with regard to the dominant economic position of Silicon Valley—is fueling a similar contradiction. It certainly facilitates international coalition-building in some contexts, for example within BRICS. It may also provide an additional rational for the creation of a separate Russian internet segment. Yet at the same time, it is hard to reconcile with the idea of Russia as a world power, still a key element of the domestic legitimization of Russian authoritarianism. What is more, Russia’s claim to not take part in the militarization of cyberspace in any way is poorly compatible with the imperatives of deterrence policy, within and beyond the cyber domain. There is therefore a need to balance such diplomatic statements with signs of resolve, abundant capacities, and dormant cyber strike capabilities. For example, Andrei Krutskikh described the current situation as follows:
The situation when two cowboys stand, aiming at each other with “cyber colts,” is abnormal. We’re willing to drop our colt if they omit it. (Kommersant Citation2018, own translation)
No matter how skillful Russian decision-makers navigate the tension between deterrence needs, authoritarian power politics, and cyber diplomacy, it will always offer opportunities for others to emphasize and amplify these inconsistencies and contradictions.
This already blends into a third dimension of internarrativity that centers on the relationship between competing international narratives. The argument starts from the Russian narrative which clearly aims for recognition as norm-entrepreneur by emphasizing their leadership in drafting constructive policy proposals and in initiating innovative negotiation formats. It also seeks to shift blame for the failure of stabilizing cyberspace to other states by highlighting obstructionist behavior, essentially alter-casting these states as norm-antipreneurs (Bloomfield and Scott Citation2017). From the perspective of the US, who prefer gradual implementation of the existing normative framework over radical change, entering into such blaming games at the UN might well be a double-edged sword. The more it draws attention to serious and grave violations of norms, the more it might underline the inadequacy of the existing governance architecture and thus play into the hands of the Russian narrative of a necessary radical reform.
This dilemma might be one reason why US officials at the UN refrain from explicit accusations. It might also explain, at least to some degree, why they hardly ever mention the UN norms of responsible state behavior during public attribution statements. President Biden’s warning following the US-Russian bilateral summit, that “if, in fact, they violate these basic norms, we will respond with cyber” (The White House Citation2021b), might already count as the least vague reference to the UN global cyber norms, and even in this case, it is hard to say what norms exactly he was referring to. Russian officials themselves occasionally suggested that within the current regulatory structure, malicious behavior is to be expected and unavoidable. A case in point is a rhetorical question of the Russian representative within the OEWG, asking “if international law applies in cyberspace, why are foreign hackers electing the President of the United States?” (quoted in Broeders and Cristiano Citation2020).
Coming back to the influence of master narratives, it might be precisely the lack of references to these norms within US accusations that created useful material for Russian counter-narratives:
The West deliberately shies away from spelling out the rules it purports to follow […] The beauty of these Western “rules” lies precisely in the fact that they lack any specific content. When someone acts against the will of the West, it immediately responds with a groundless claim that “the rules have been broken”. (Lavrov quoted in The MFA RF Citation2021)
Thus, US repeated characterizations of the SolarWinds Hack as “indiscriminate,” “destabilizing” and “potentially disruptive” (senior White House official quoted in Nakashima Citation2021), “malicious” and running counter to the widely shared goal of “a secure, and reliable Internet” (The White House Citation2021c), without ever clarifying how it affected existing international law and norms, might unintentionally have reinforced Russia’s strategic narrative.
6. Concluding remarks and implications
States, companies and civil society actors broadly agree on the need to prevent ICT misuse through effective international regulation. However, corresponding norm-building processes have been repeatedly characterized by set-backs and have not yet led to a decline in the number and severity of cyber incidents. This paper used narrative analysis to explore how states seek to escape and divert blame for this outcome, engaging in an intense public diplomacy competition. Moreover, it emphasized different types of internarrativity as a source of policy dilemmas and legitimization risks.
Several policy implications follow from this analysis. It is first essential to take the narrative dimension of cyber public diplomacy more seriously. A good example is the Budapest Convention on Cybercrime of the Council of Europe, whose opponents seek to delegitimize by portraying it as an instrument of Western hegemony since non-Western states had no say in its original formulation. To counter such narratives, advocates of the Budapest convention need to go beyond demonstrating functional benefits of acceding to the Convention. Rather they should emphasize that the Convention historically was never meant to become a fixed set of rules and protocols, rather it provided a process of mutual learning that is open to accommodate new interests and priorities at later points.
A second policy implication refers to the domestic level: Political candidates should resist the temptation of making bold promises and raising unrealistic expectations about their ability to deter cyberattacks. Otherwise, they will find it difficult or even impossible to later reconcile their domestic and international narratives. In a worst case scenario, domestic political pressure will force them to engage in cyber diplomatic brinkmanship. Another implication is that Western policymakers have not yet fully exploited the weaknesses of competing cybersecurity narratives, particularly with regard to their inherent tensions. The way in which Russian status-seeking undermines their rhetoric of inclusivity and equality is a case in point. Similar contradictions arise from implicit Russian deterrence threats. Referencing more Russian sources would be key to amplify such contradictions, and thus to be able to forge alliances with swing states and other undecided stakeholders more easily. It bears mentioning that in general, Russian decision-makers and journalists display a greater readiness to pick up on Western policy statements, academic papers and media reports to amplify and exploit internarrativity for their advantage, both in an international and domestic context (see for example Izvestia Citation2020a).
Finally, Western decision-makers need to consider the unintended consequences of their own public diplomacy efforts more carefully, again very much dependent on internarrativity. In general, moving aways from vague attribution statements to being specific about norm violations, as the United States did in their recent comment on cyberattacks in Albania (The White House Citation2022), is a good way to counter Russian allegations of Western hypocrisy and arbitrariness. That being said, the overall political context (including the salience of relevant strategic narratives) always matters. For example, it is one thing to accuse Russia of violating cyber norms in the context of strained but still peaceful international politics. But doing so specifically with regard to the Russian invasion of Ukraine may blowback by offering the Russian leadership a way to add some ambivalence to an otherwise very clear overall picture. In all domains except cyber,Footnote4 Ukraine is the underdog, fighting for its very existence against a reckless aggressor who violates even the most basic norms of international humanitarian law. Why then emphasizing the (so far) rather limited cyber dimension of the war, where both Ukraine and Russia, through actions and rhetoric, have indicated their willingness to use malware to target civilian infrastructures? These are the kinds of questions which surface once internarrativity is taken into account during public diplomacy efforts.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Additional information
Funding
Notes
1 I wish to thank the anonymous reviewers and journal editors at Policy Design and Practice for very helpful comments and suggestions. Earlier drafts of this paper have been presented at the 2021 Annual Conference of the The Hague Programme on International Cyber Security and at the 2021 EISA Annual Conference where I received very valuable feedback from co-pannelists and discussants. Also, I am grateful to Jantje Silomon and Alexander Graef for commenting on the paper and for improving my research design and data collection.
2 For the sake of readability, the terms are hereafter abbreviated to MFA RF.
3 For the sake of readability, the terms are hereafter abbreviated to USMUN.
4 On the overal role of cyber operations in the war in Ukraine see Kaminska, Shires, and Smeets (Citation2022). On Ukranian efforts to crowdsource offensive cyber operations see Soesanto (Citation2022).
References
- Barbashin, A., and A. Graef. 2019. “Thinking Foreign Policy in Russia: Think Tanks and Grand Narratives.” Atlantic Council, 12th November 2019. Accessed 5 September 2021. https://www.atlanticcouncil.org/in-depth-research-reports/report/thinking-foreign-policy-in-russia-think-tanks-and-grand-narratives/.
- BBC. 2021. “Putin Sees ‘Double Standard’ in US Capitol Riot Prosecutions.” 5th June 2021. Accessed 26 August 2021. https://www.bbc.com/news/world-us-canada-57366668.
- Bloomfield, A., and S. Scott. (eds). 2017. Norm Antipreneurs and the Politics of Resistance to Global Normative Change, Abingdon: Routledge.
- Broeders, D., and F. Cristiano. 2020. “Cyber Norms and the United Nations: Between Strategic Ambiguity and Rules of the Road, Italian Institute for International Political Studies.” 2nd April 2020. Accessed 31 August 2021. https://www.ispionline.it/en/pubblicazione/cyber-norms-and-united-nations-between-strategic-ambiguity-and-rules-road-25417.
- Business Insider. 2020. “Biden Says He Will ‘Not Stand Idly By’ on The Massive US Cyberattack that Trump Hasn’t Bothered to Address Yet.” 17 December 2020. Accessed 27 September 2021.
- Carson, A. 2018. Secret Wars: Covert Conflict in International Politics. Princeton: Princeton University Press.
- Cimpanu, C. 2021. “Biden Raises Ransomware Topic during Putin Phone Call.” The Record, 9th July 2021. Accessed 27 September 2021. https://therecord.media/biden-raises-ransomware-topic-during-putin-phone-call/.
- CNBC. 2021. “Biden Presses Putin to Disrupt Cybercriminals in Russia as U.S. Grapples with Latest Ransomware Attacks.” 9th July 2021. Accessed 30 August 2021. https://www.cnbc.com/2021/07/09/ransomware-biden-presses-putin-to-disrupt-cybercriminals-in-russia.html.
- CNN. 2021. “President Biden on HISTORIC PUTIN SUMMIT: ‘I did what I came to do’.” 17th June 2021. Accessed 27 September 2021. https://edition.cnn.com/2021/06/16/politics/president-biden-president-putin-meeting/index.html.
- Dilanian, Ken. 2021. “Biden under Pressure to Respond to Russian Hackers’ Claims of Responsibility for Ransomware Attack.” MSNBC News. July 6th 2021. Accessed 30 August 2021. https://www.nbcnews.com/politics/national-security/biden-under-pressure-respond-russian-hackers-claims-responsibility-ransomware-attack-n1273123.
- Gorenburg, D. 2019. “Russian Foreign Policy Narratives.” Security Insights (42). Accessed 5 September 2021. https://www.marshallcenter.org/en/publications/security-insights/russian-foreign-policy-narratives-0.
- Hagström, L., and G. Karl. 2019. “Narrative Power: How Storytelling Shapes East Asian International Politics.” Cambridge Review of International Affairs 32 (4): 387–406. doi:10.1080/09557571.2019.1623498.
- Harding, E., D. C. MacCabe, and J. Lewis. 2021. “Kaseya Ransomware Attack Demands Action to Match Rhetoric, Center for Strategic and International Studies.” Accessed 30 August 2021. https://www.csis.org/analysis/kaseya-ransomware-attack-demands-action-match-rhetoric.
- Heilbrunn, J. 2021. “Interview with Russian Ambassador Anatoly Antonov: We Have to Fight Lies and Fake News Virtually on a Daily Basis.” The National Interest. 1st August 2021. Accessed 26th August 2021. https://nationalinterest.org/feature/interview-russian-ambassador-anatoly-antonov-%E2%80%9Cwe-have-fight-lies-and-fake-news-virtually.
- Izestia. 2017b. “The Hysteria in the USA is Based on Internal Political Problems.” 12th October 2017. Accessed 12 October 2022. https://iz.ru/657115/siuzanna-farizova/matvienko.
- Izvestia. 2017a. “Russia-US Conflict in Cyberspace Could Have Fatal Consequences.” 11 July 2017. Accessed 12 September 2022. https://iz.ru/617421/aleksei-zabrodin/konflikt-mezhdu-rossiei-i-ssha-v-kiberprostranstve-imel-fatalnye-posledstviia.
- Izvestia. 2020a. “Spyware Virus: Russia Accused of Stealing Data on COVID Vaccine.” 18th March 2020. Accessed 12 September 2022. https://iz.ru/1036774/kirill-senin/virus-shpionomanii-rossiiu-obvinili-v-krazhe-dannykh-o-vaktcine-ot-covid.
- Izvestia. 2020b. “Zakharova called Czech Media Reports About ‘Russian Cyberattacks’ Groundless.” 23rd April 2020. Accessed 12 September 2022. https://iz.ru/1003718/2020-04-23/zakharova-nazvala-bespochvennymi-soobshcheniia-cheshskikh-smi-o-rossiiskikh-kiberatakakh.
- Joja, I. 2019. “Exploring Putin’s Strategic Narrative.” Global Focus, 14th May 2021. Accessed 5 September 2021. https://www.global-focus.eu/2019/05/exploring-putins-strategic-narrative/.
- Kaminska, M., J. Shires, and M. Smeets. 2022. “Cyber Operations During the 2022.” Russian invasion of Ukraine: Lessons Learned so far.” Tallinn Workshop Report. Accessed 12 September 2022. https://eccri.eu/wp-content/uploads/2022/07/ECCRI_WorkshopReport_Version-Online.pdf
- Kommersant. 2018. “We don’t have to Fight for Reputation. Our Uniform is Already Clean.” Special Representative of the President of the Russian Federation Andrei Krutskikh on cooperation with the United States in cyberspace, 22nd April 2018. Accessed 12th September 2022. https://www.kommersant.ru/doc/3611689?query=%D0%93%D0%9F%D0%AD%20%D0%9E%D0%9E%D0%9D.
- Krebs, R. 2015a. Narrative and the Making of US National Security. Cambridge: Cambridge University Press.
- Krebs, R. 2015b. “How Dominant Narratives Rise and Fall: Military Conflict, Politics, and the Cold War Consensus.” International Organization 69 (4): 809–845. doi:10.1017/S0020818315000181.
- Kurowska, X. 2020. “What Does Russia Want in Cyber Diplomacy? A Primer.” In Governing Cyberspace: Behavior, Power and Diplomacy, edited by D. Broeders and B. van den Berg, 85–105. Lanham: Rowman & Littlefield.
- Miskimmon, Alister, and Ben O‘Loughlin. 2017. “Russia’s Narratives of Global Order: Great Power Legacies in a Polycentric World.” Politics and Governance 5 (3): 111–120. doi:10.17645/pag.v5i3.1017.
- Nakashima, E. 2021. “Biden Administration Preparing to Sanction Russia for SolarWinds Hacks and the Poisoning of an Opposition Leader.” 23rd February 2021. Accessed 30 August 2021. https://www.washingtonpost.com/national-security/biden-russia-sanctions-solarwinds-hacks/2021/02/23/b77039d6-71fa-11eb-85fa-e0ccb3660358_story.html.
- NBC News. 2021. “Full Transcript of Exclusive Putin Interview with NBC News’ Keir Simmons.” 14th July 2021. Accessed 23 August 2021. https://www.nbcnews.com/news/world/transcript-nbc-news-exclusive-interview-russia-s-vladimir-putin-n1270649.
- Oates, S., and S. Steiner. 2018. “Projecting Power: Understanding Russian Strategic Narrative.” Russian Analytical Digest (229): 2–5. Accessed 5 September 2021. https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/RAD229.pdf.
- Oppermann, K., and A. Spencer. 2018. “Narrating Success and Failure: Congressional Debates on the ‘Iran Nuclear Deal.” European Journal of International Relations 24 (2): 268–292. doi:10.1177/1354066117743561.
- PMRFUN. 2017. “Statement by the Representative of the Russian Federation to the First Committee of the 72nd Session of the UN General Assembly Vladimir Yermakov in the First Committee on ‘Other Disarmament Measures and International Security’.” Cluster, 23rd October 2017. Accessed 26 August 2021. https://russiaun.ru/en/news/1com_intsec2310.
- PMRFUN. 2020a. “Statement by the Permanent Mission of Russia to the UN on its Non-Participation in the UN Security Council Arria-Formula Meeting on Cyber Stability, Conflict Prevention and Capacity Building.” Organized by Estonia on 22 May, 22th May 2020. Accessed 26 August 2021. https://russiaun.ru/en/news/arria_220520.
- PMRFUN. 2021a. “Statement by Permanent Representative Vassily Nebenzia at an open VTC of UNSC members ‘Maintenance of international peace and security: Cybersecurity’.” 29th June 2021. Accessed 23rd August 2021. https://russiaun.ru/en/news/inf29062021.
- PMRFUN. 2021b. “Statement by Dr. Vladimir Shin, Deputy Director of the Department of International Information Security of the MFA RF at the Organizational Session of the UN Open-Ended Worling Group on Security of and in the Use of Information and Communications Technologies 2021–2025.” Accessed 31st August 2021. https://documents.unoda.org/wp-content/uploads/2021/06/Russia_statement_OEWG_Orgsession_010621-ENG.pdf.
- Roselle, L., A. Miskimmon, and B. O’Loughlin. 2014. “Strategic Narrative: A New Means to Understand Soft Power.” Media, War & Conflict 7 (1): 70–84. doi:10.1177/1750635213516696.
- Schulzke, M. 2018. “The Politics of Attributing Blame for Cyberattacks and the Costs of Uncertainty.” Perspectives on Politics 16 (4): 954–968. doi:10.1017/S153759271800110X.
- Soesanto, S. 2022. “The IT Army of Ukraine: Structure, Tasking, and Ecosystem.” ETH Zürich. Accessed 16th September 2022. https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/Cyber-Reports-2022-06-IT-Army-of-Ukraine.pdf.
- The MFA RF. 2017. “Response of the Special Representative of the President of the Russian Federation for International Cooperation on Information Security Andrey Krutskikh to TASS' Question Concerning the State of International Dialogue in this Sphere.” 29th June 2017. Accessed: 26 August 2021. https://www.mid.ru/en/foreign_policy/news/-/asset_publisher/cKNonkJE02Bw/content/id/2804288.
- The MFA RF. 2021. “Article by Sergey Lavrov, Russian Minister of Foreign Affairs, ‘The Law, the Rights and the Rules’.” Moscow, June 28, 2021. Accessed 30 August 2021. https://www.mid.ru/en/foreign_policy/news/-/asset_publisher/cKNonkJE02Bw/content/id/4801890.
- The United States Department of Justice. 2020. “Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace.” 19th October 2020. Accessed 30th August 2021. https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and.
- The Washington Post. 2020. “U.S. Joins other Nations in Accusing Russia of Cyber Attack in Republic of Georgia.” 20th February 2020. Accessed 30 August 2021. https://www.washingtonpost.com/national-security/2020/02/20/us-joins-others-accusing-russia-cyber-attack-republic-georgia/.
- The White House. 2018. “Statement from the Press Secretary.” 15th February 2018. Accessed 2 February 2023. https://trumpwhitehouse.archives.gov/briefings-statements/statement-press-secretary-25/
- The White House. 2021a. “Remarks by President Biden at the Office of the Director of National Intelligence.” 27th July 2021. Accessed 23 August 2021. https://www.whitehouse.gov/briefing-room/speeches-remarks/2021/07/27/remarks-by-president-biden-at-the-office-of-the-director-of-national-intelligence/.
- The White House. 2021b. “Remarks by President Biden in Press Conference.” 16th June 2021. Accessed 23 August 2021. https://www.whitehouse.gov/briefing-room/speeches-remarks/2021/06/16/remarks-by-president-biden-in-press-conference-4/.
- The White House. 2021c. “FACT SHEET: Imposing Costs for Harmful Foreign Activities by the Russian Government.” 15th April 2021. Accessed 30th August 2021. https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/.
- The White House. 2021d. “Background Press Call by Senior Administration Officials on Malicious Cyber Activity Attributable to the People’s Republic of China.” 19th July 2021. Accessed 30 August 2021. https://www.whitehouse.gov/briefing-room/press-briefings/2021/07/19/background-press-call-by-senior-administration-officials-on-malicious-cyber-activity-attributable-to-the-peoples-republic-of-china/.
- The White House. 2022. “Statement by NSC Spokesperson Adrienne Watson on Iran’s Cyberattack on Albania.” 7th September 2022. Accessed 12 September 2022. https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/07/statement-by-nsc-spokesperson-adrienne-watson-on-irans-cyberattack-against-albania/.
- United States Mission to the United Nations. 2017. “Explanation of Position at the Conclusion of the 2016–2017 UN Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunication Technologies.” 23rd June 2017. Accessed 23rd August 2021. https://usun.usmission.gov/explanation-of-position-at-the-conclusion-of-the-2016-2017-ungroup-of-governmental-experts-gge-on-developments-in-the-field-of-information-and-tele/.
- United States Mission to the United Nation. 2021. “Remarks by Ambassador Linda Thomas-Greenfield at a UN Security Council Open Debate on Cybersecurity.” 29th June 2021. Accessed 2nd February 2023. https://usun.usmission.gov/remarks-by-ambassador-linda-thomas-greenfield-at-a-un-security-council-open-debate-on-cybersecurity/
- UNODA. 2020a. “Statement by the Representative of the Russian Federation at the Online Discussion of the Second ‘Pre-Draft’ of the Final Report of the UN Open-Ended Working Group on Developments in the Field of Information and Telecommunications in The Context of International Security.” Moscow, June 15, 2020. Accessed 31 August 2021. https://front.un-arm.org/wp-content/uploads/2020/09/oewg-informal-virtual-meetings-statement-by-the-russian-federation-15-june-2020.pdf.
- UNODA. 2020b. “United States Comments on the Chair’s Pre-draft of the Report of the UN Open Ended Working Group (OEWG).” Accessed 31 August 2021. https://front.un-arm.org/wp-content/uploads/2020/04/oewg-pre-draft-usg-comments-4-6-2020.pdf.
- UNODA. 2020c. “Commentary of the Russian Federation on the Initial ‘Pre-Draft’ of the Final Report of the United Nations Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security.” Accessed 31 August 2021. https://front.un-arm.org/wp-content/uploads/2020/04/russian-commentary-on-oweg-zero-draft-report-eng.pdf.
- UNODA. 2021d. “Statement by Dr. Vladimir Shin, Deputy Director, Department of International Information Security, MFA RF, at the online-consultations of the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security.” 19th February 2021. Accessed 31st August 2021. https://front.un-arm.org/wp-content/uploads/2021/02/Russian-Federation-statement-at-informal-OEWG-session-19.02.2021.pdf.
- UNODA. 2021. “Commentary of the Russian Federation on the Zero Draft Report of the Open-Ended Working Group on Developments in the Field of Information and Communications in the Context of International Security.” Accessed 31 August 2021. https://front.un-arm.org/wp-content/uploads/2021/02/Russian-commentary-on-the-OEWG-zero-draft-report-ENG.pdf.
- USMUN. 2018. “Explanation of Vote on a Third Committee Resolution on Countering the Use of Information and Communication Technologies for Criminal Purposes.” 13th November 2018. Accessed 30th August 2021. https://usun.usmission.gov/explanation-of-vote-on-a-third-committee-resolution-on-countering-the-use-of-information-and-communication-technologies-for-criminal-purposes/.
- USMUN. 2019. “Statement on Agenda Item 107 Countering the use of Information and Communications Technologies for Criminal Purposes.” 18th November 2019. Accessed 30 August 2021. https://usun.usmission.gov/statement-on-agenda-item-107-countering-the-use-of-information-and-communications-technologies-for-criminal-purposes/.
- USMUN. 2021. “Remarks by Ambassador Linda Thomas-Greenfield at a UN Security Council Open Debate on Cybersecurity.” 29th June 2021. Accessed 23rd August 2021. https://usun.usmission.gov/remarks-by-ambassador-linda-thomas-greenfield-at-a-un-security-council-open-debate-on-cybersecurity/.