US Leadership in Cyberspace: Transnational Cyber Security

and Global Governance

This chapter examines US cyber security policy in light of

transnational cyber security, deterrence theory, and hegemonic
stability theory. Recent work on US cyber security policy has
argued for or against deterrence theory as a basis for US cyber
security policy. Deterrence theory, as a state level theory of
national security, focuses attention on strategic choice enabling
policymakers to manage state level responses to perceived
threats. The problem is that the Internet is a transnational
medium and, increasingly, an important global medium for
economic exchange, being treated as a duty free zone under
WTO agreements. Thinking about cyber security at the level of
the state elides threats to the Internet as a global commercial
medium. Framing cyber security as a transnational security
issue may assist in developing a comprehensive US cyber
security policy that incorporates deterrence and US leadership.
The role of the US in the global economic order is to provide
leadership ensuring stability necessary or economic and
information exchange to occur. From the standpoint of
transnational security, the US should fulfill its role as leader of
collective hegemony, by leading cyber space stakeholders to
develop norms and rules for global cyber security governance
regimes and institutions that will teach states the norms and
rules necessary for a stable and secure cyber domain through
which global information and economic exchange will continue
to flourish.
Introduction
Deployment of the Stuxnet computer virus, the “first
digital warhead,” is a watershed event for transnational
security (Nakashima 2012, no. pp.). A new domain of
state on state and state on non-state actor conflict has
bloomed. Stuxnet, allegedly, the product of Israeli and
US cooperation, was tested at Israel’s military facility at
Dimona in the Negev Desert before being uploaded
from a thumb drive into computer networks at Iranian
nuclear fuel production facilities (Broad, Markoff, and
Sanger 2011). The Stuxnet virus was designed to seize
control of the supervisory control and data acquisition
(SCADA) software managing the operational
performance of the centrifuges then, command
centrifuges to spin faster than design limits causing,
in some instances, kinetic events where centrifuges
broke apart (Ibid.). Before Iranian xperts discovered
Stuxnet, the malicious software reportedly disabled 984
nuclear centrifuges operated by the Iranian government
for the purpose of enriching uranium (Ibid.). Assuming
the reports are accurate as to the source of Stuxnet,
rather than dropping bombs from airplanes or launching
cruise missiles to kinetically destroy Iranian nuclear
enrichment assets, policymakers in the US and Israel
chose, instead, to launch a pre-emptive strike through
cyberspace. Stuxnet combined with ongoing the efforts
of other state and non-state cyber operators to gain
access to information stored on government and
corporate computer networks around the globe, or to
gain control over those networks when desired,
underscores the collective vulnerability (and
opportunity) of states in an era of rapid globalization
driven, in part, by advances in information and
telecommunications technologies (Nakashima
2012). Globalization combined with information
technologies deepens interdependency placing limits on
what single state actors can accomplish in cyber space
to ensure security (Nye 2011a).

Nye (2011b) argues that cooperation among states will

be needed to comprehensively address new cyber
threats that emerge, but cautions that such cooperation
will evolve slowly over time. The problem is that the risk
of a catastrophic cyber event is such that waiting for
cyber security cooperation to evolve over time may
prove too late. How might cyber security cooperation
among states emerge more rapidly? Relying on
hegemonic stability theory, the case is made, in what
follows, that US leadership in the cyber domain is
crucial to achieving transnational cyber security
through coordinated efforts at cyber threat reduction
through constructing shared cyber security norms. In
what follows, current US cyber security policy is
reviewed and the limits to a deterrence theory based
US cyber security policy are explained. Cyber
security is, next, reconceptualized as a
transnational security issue requiring leadership-
enabled cooperation among state actors in
response. Viewing cyber security as a transnational
security issue, underscores the linkages among
cyber security, transnational commerce, and
Internet governance. In effect, transnational cyber
security is a problem for global governance where
states cooperate to eliminate and reduce cyber threats
to achieve decreased and more manageable risks
thereby providing certainty to users that the Internet is
a stable, reliable, and secure medium for global
information and economic exchange.

Cyber Vulnerability, US Cyber Security Policy, and the

Limits of Cyber Deterrence Cyber space is an artificially
created domain of information and economic exchange.
As is the case for international relations, cyber space is
a domain characterized by the condition of
anarchy, the absence of a central authority. However,
cyber space, as an anarchical domain, and similar to
international relations, is not devoid of rules, “At the
most basic level, [cyber space] is governed by rules
of physics as well as code, which give it
predictability and finite characteristics” (Deibert and
Rohozinski 2010, 256). Governance is built into the
computer network system from which cyber
space emerges. Cyber space is formed through
the internetworking of computers and software that
governs communication among networked computers
to achieve pooling of scare computing resources
(Abbate 2000). The upshot of globalized networked
computing is that lower costs associated with
information retrieval, consumer and producer
accessibility to global markets, and transnational
communication is gained. These gains are achieved on
a system designed with efficiency, instead of security,
being the primary concern clearing the way for cyber
actors to exploit vulnerabilities in network and software
design for the purpose controlling information in order
to gain advantage. As the development of cyber
space into a critical domain of information and
economic exchange has occurred during the first
decades of the globalized post-Cold War era, the
capability to control information stored on the
Internet through pricing, altering, or securitizing
information has become a point of contention among
cyber actors of all stripes including state and non-state
actors. Cyber attacks can be defined as attempts to
gain control over information stored on computer
networks that comprise the Internet. The deployment of
the Stuxnet computer virus against Iranian nuclear
program assets illustrates a cyberattack through
exploiting design flaws in computer network, hardware,
and software design to achieve actor objectives. By
altering information stored on Iranian computer
networks, the safe and efficient operability of Iranian
nuclear centrifuges became problematic resulting in the
breaking apart of some centrifuges.
Similarly, non-state actors operating in cyber space
share objectives with states to control information
through pricing, altering, or securitizing information
possessing technical skill on par with that available to
states. The hactivist group known as “Anonymous” is
renown as much for its technical expertise as for its
brazen cyberattacks. States are far from the most
powerful actors in this new domain of conflict given that
technical skill is widely distributed among state and
non-state actors and the fact that cyber operators can
remain anonymous (Singh 2010).
Rather, there is relative parity in capability among
cyber actors to control information through cyberattack
(Morgan 2012). Criminals engage in widespread
computer fraud costing consumers and businesses
billions of dollars a year (Osborne 2012; Schwartz
2012). While cyber spies ply their trade to steal
information including the intellectual property of
commercial enterprises or government secured
information to gain competitive advantage (Rogin
2012; Stoll 1990).
Terrorists probe for computer network weaknesses
that can be exploited for political ends (Verton
2003; Weimann 2006). The problem facing cyber
strategists is protecting information stored on computer
networks accessible through the Internet. This
problem is comprised of technical and policy elements.
This chapter focuses on policy, specifically, US cyber
security policy.
Within the United States, a veritable cottage
industry has emerged in which US vulnerability to
cyber attacks including cyber war, cyber terror, cyber
espionage, cyber crime, or just plain cyber Armageddon
is proclaimed and pleas are made for robust
government action to fortify US cyber defenses (Adams
1998; Armistead 2010; Clarke and Knake 2010;
Demchak and Dombroski 2011; Gerstein 2005; Katin-
Borland 2012; Rattray 2001). Building off this cottage
industry, work on the topic of US cyber security policy
has focused on identifying a theory of international
relations that may serve as a policy guide, leading
some to advocate for deterrence theory (Crosston
2011; Kugler 2009; Sterner 2011; Taipale 2009). Others
(Cimbala 2011; Libicki 2011, 2009, 2007) have argued
that deterrence theory is inapplicable to cyber security,
but Nye
(2011b) is more sanguine noting that deterrence theory
may prove effective where state on state cyber conflict
is concerned. Nye hedges, however, that the fungibility
of deterrence to non-state actor perpetrated cyber
attacks or other transnational issue areas that cyber
touches is limited.
Why is deterrence theory not an adequate policy guide
beyond the issue area of state on state cyber attacks?
There are two hurdles that may vitiate deterrence
theory from serving as a suitable US cyber security
policy guide beyond state on state cyber attacks.
Examining both hurdles is preceded by a brief overview
of deterrence theory. This will be followed by an
examination of the problem of credibility and the
problem of arbitrary threshold. My aim is examine the
merits of each problem in an effort to delineate the
precise limits of deterrence as a US cyber security
policy guide. Within the academic discipline of
international relations, Waltz (1959), proposed that
theories of international relations could be categorized
as first image, second image, or third image theory
according to the primary unit of analysis
(individual, state, or system respectively) advanced
by the theory. The primary unit of analysis is the object
from which deductions are formulated about how the
object will interact with other objects given a set of
constraints or conditions. This schema of theory
categorization is often referred to as levels of analysis,
as in, the level of politics at which an object or unit of
analysis is situated and for which international relations
theory is intentionally designed to describe, explain and
prescribe policy.
Deterrence theory posits that the principal actors in
international relations are states, making states the
primary unit of analysis for deterrence theory (Huth and
Russett 1984; Jervis 1998;
1
Morgan 1983; Schelling 1980). Under Waltz’s
international relations classification scheme,
deterrence theory would be categorized as a second
image or state level theory designed to prescribe
policy for state actors. Achen and Snidal (1989) note
that deterrence theory, after identifying its primary
unit of analysis, moves to posit certain conditions
concerning its unit of analysis. Deterrence theory
advances that states are rational, that states are
unitary actors “(changes in personnel, in decision-
making patterns, or in bureaucratic politics are not
the explanatory focus),” and, as such, engage in cost
benefit analysis to determine the best course of action
given constraints and preference optimization
strategies (Achen and Snidal 1989, 151).
Deterrence theory treats states as functionally
equivalent, with known capabilities, and
willingness to use those capabilities, for the purpose of
predicting that, under certain conditions, deterrence is
a viable state strategy. States are actors in cyber space
and this fact mitigates the issue of deterrence theory
applicability as a guide to US cyber security policy. The
appeal of deterrence theory to US cyber security policy
is in its “logical cohesion and consistency” (Achen
and Snidal 1989; 153). The logic of deterrence theory is
that a potential foe is dissuaded from launching an
assault when the “threatened punishment exceeds the
gains from attacking” (Achen and Snidal 1989, 151).
Treating actors in cyber space as rational actors that
have an objective in mind, that order preferences to
determine optimal strategies for achieving that
objective, is a framework that assists policymakers in
simplifying and making sense of cyber threats – a
necessary step in determining policy response. Perhaps
the weakness of deterrence theory is to be found in its
strength. In order to successfully deter certain
conditions must be present including an
assessment by potential initiators of an attack of the
credibility of a threat to inflict punishment in response,
accurate identification of the object to which
punishment is directed, the capability to carry out the
punishment, and the capability to limit the effects of
punishment to the intended object. Unique features of
cyber space, presently, work against these deterrence
conditions and these features cut to the heart of
deterrence theory as a suitable US cyber security policy
guide.
This claim will become clearer through examining the
two hurdles of credibility and arbitrary threshold.
Within deterrence theory, credibility stipulates that
perpetrators of attacks must believe that the
punishment will be carried out precisely as the defender
has indicated. I do not believe that actors in cyber
space dismiss the resolve of US policymakers to
respond to a cyber attack utilizing any and all means at
their disposal and proportional to the damage inflicted
by the cyberattack. Credibility, however, is more than
asserting resolve; credibility includes an assessment by
a potential attacker that a defender has the capability
to carry out the punishment. Capability to carry out a
punishment is comprised of the following three
elements: identification of perpetrator/s, selection of
the appropriate response, and execution of the
response. The US has the luxury of superlative technical
skill among its cyber operators in government service
and the experience to execute cyber operations – ask
Iran. What the US lacks, as all other cyber operators,
is the technology to identify whom or what perpetrated
a cyberattack. It’s not as if cyber operators are wearing
uniforms with country identifying insignia that make
identification easy. Cyber operators are able to remain
concealed behind computer screens and keyboards, the
only identifying feature of a cyber operator may be the
consistencies in software programming that are the
telltales of a particular programmer or group of
programmers. This is known as the
problem of attribution. Lacking attribution of an attack
limits the effectiveness of deterrence by neutering
retaliation. Threat credibility in cyber space is undercut
by the problem of attribution.
Being able to attribute a cyberattack determines the
type of response, including which state capability or
capabilities are to be utilized, and, accordingly, how the
response is executed given selected state capabilities.
Was a cyber attack perpetrated by a teenage hacker
getting kicks showing off for friends, by a terrorist group
bent on sowing fear, or by another state in a tit for tat
scenario, to commit espionage, or preparing for war
by degrading US technological
superiority on which US military depends for gaining
advantage during kinetic hostilities? How a policymaker
or group of Policymakers answers these questions
determines the course of policy designed to respond
to a cyberattack. The inability to answer these
questions limits what policymakers can conjure up as
punishment in response to a cyberattack. The
problem of attribution negates the first element of
extending credible threats, which effectively neuters
the second and third elements of extending credible
threats. If credibility of threats is rendered ineffective
through the anonymity afforded cyber operators, an
effective deterrence is limited.
Unfortunately, US policymakers have further limited the
effectiveness of deterrence on this front by imposing an
arbitrary threshold that, when met, triggers a US
imposed punishment up to and including military force.
US policymakers have determined that the same laws
that apply to war in the domains of air, land, sea, and
space, apply to the cyber domain and have reserved
the right to utilize military force in response to a cyber
attack. In November 2011, the US Department of
Defense released the Department of Defense
Cyberspace Policy Report in which it is determined that,
“Without question, some activities conducted in
cyberspace could constitute a use of force, and may as
well invoke a state’s inherent right to lawful self-
defense.” An unattributed US military official clarified
“use of force” in a news story on the aforementioned
US Department of Defense report,
“If you shut down our power grid, maybe we will put a
missile down one of your smokestacks” (Gorman and
Barnes 2011, 1). Consequently, US policymakers have
committed to a threshold that if other states, operating
in cyber space, cross, US response may include a
military attack utilizing missiles, bombs, or land
invasion. The effect of a cyber attack must be such that
loss of human life or significant damage to critical
infrastructures (power systems, water systems,
transportation systems) warrants retaliatory strike. This
threshold has the effect of circumscribing the credibility
of the US threat to retaliate to a cyber attack. Other
states now know how far they can pursue cyber
operations without risking US retaliation. For example,
on 21 September 2012,
US Senator Joe Lieberman, Chair of the US Senate
Homeland Security Committee, identified Iran as the
perpetrator of cyber attacks on US banking institutions
and state owned oil companies
throughout the Middle East, including Saudi Aramco
(Nakashima 2012). As of the writing of this chapter, the
Iranian cyber attacks continue. While the loss of data
was of significant cost to these
commercial enterprises, the cyber attacks warranted
little more than condemnation from US policymakers
as the Iranian cyber attack did not cross the threshold,
in the estimation of US policymakers, set by US
policymakers that would trigger a direct response and
forceful response from the US. This problem of arbitrary
threshold undercuts US cyber deterrence. Stunningly,
US policymakers have recently admitted that their own
threshold is unclear; US policymakers are
unclear as to what criteria are used to assess a cyber
attack in an effort to determine a response (Gorman
and Barnes 2012). This admission ties back to the
problem of credibility begging the question of how
credible US threats to retaliate? Lacking threat
credibility due to an arbitrary and unclear threshold
that triggers a response vitiates deterrence theory as a
US cyber security policy guide.
To be fair, deterrence theory is a response to a set of
historical, social, and strategic circumstances unique
to the Cold War where two nuclear-armed states
vied for relative advantage under the risk that
nuclear war could break out at any time. Each state
relied on the credibility of threat backed by stockpiles of
accurately directed nuclear-armed intercontinental
ballistic missiles ready to be used in a massive nuclear
retaliatory-strike. Updating the theory to the cyber
domain includes overcoming the problem of attribution
and refusing to set arbitrary thresholds that provide
other cyber actors operational space in which to
maneuver with cover.
Offense, indeed, is favored in cyber space (Nye 2011b).
There is one other issue confronting deterrence theory
as a suitable US cyber security policy guide. Deterrence
theory elides the purpose of cyber space as a
transnational domain comprised of a multitude of actors
that use the domain for information and economic
exchange. Viewing cyber space in this light clears
ground to propose an international relations theory that
is designed to explain, describe, and prescribe policy at
the system level of analysis. Moreover, pooling
capabilities may lead to cooperation that produces
technological breakthroughs that overcome the
hurdle of credibility while negotiation settles on
norms for what counts as a threshold and identifies
appropriate responses depending on the severity of
damage incurred during a cyber attack. In the next
section I defend the claim that cyber space is a
transnational domain in which information and
economic exchange reflects the primary purpose of the
technology. I then propose that US power, exercised
through leading other states to form multilateral
coalitions may initiate transnational cooperation
for state supported programs to develop technology
that overcomes the problem of attribution and results in
transnational agreement concerning cyber attack
thresholds and norms governing
the use of cyber weapons or conventional weapons for
retaliation. In conclusion, I will argue that
cyber security is a transnational governance issue.

Transnational Cyber Security

Viewing cyber space as a transnational domain entails

understanding the social purpose of the Internet in
the post-Cold War era. The Internet was initially
developed as a distributed communications system
designed to continue operating in the event of nuclear
attack on the United States. The initial social purpose of
the Internet was to serve as a communications and
control system through which US policymakers could
direct nuclear war operations. Elsewhere I
have shown (Kiggins 2011) that as the Cold War came
to a close and the US government began to decrease
finding for its Cold War military-industrial complex, the
Internet became something
of a budgetary hot potato as it was tossed from the US
Defense Department to the National Science
Foundation and from there, ultimately finding a home in
a private-public partnership
overseen by the US Commerce department. From
defense to commerce is a striking journey and speaks
to the view of the Internet held by US policymakers in
the post-Cold War era. The view
of the Internet held by US policymakers can be
explained by the Open Door interpretation of US
diplomatic history.
The Open Door holds that US policymakers subscribe to
a worldview where the security of the United States
rests on sustained economic and political expansion
abroad (Beard 1934;
Williams 1959; also see Bacevich 2002; Layne 2006,
1998). Adas (2006) has shown that US policymakers
from the founding of the United States through the
present consistently leverage technology in pursuit of
that expansion. Beginning in late 1994 and continuing
to the present, US policymakers initiated and sustain
a policy to repurpose the Internet as a platform
for the expansion of American products and political
ideals (Kiggins 2011). From the view of US
policymakers, the social purpose of the Internet in the
post-Cold War era is to serve as a platform for
expanding free-market commerce and free speech, for
globally expanding information and economic exchange
(Kiggins 2011). To ensure the Internet is used in
accordance with this social purpose, US policymakers
have constructed a discourse around the Internet
founded on the principle of openness (Antonova 2008;
McCarthy 2011). US policymakers discursively promote
and protect the Internet as an open domain in order to
create global institutional conditions that are favorable
for global expansion of information and economic
exchange consistent with the worldview of US
policymakers. Castells (1999) has shown how the
Internet assists globalization by linking states in a
deepening web of economic interdependence that
characterizes this era of global capitalism shaped by
the United States and other allied advanced
industrialized democracies. Evidence of the growing
economic import of the Internet supports the claim that
the Internet is an increasingly vital global platform for
exchange.
By 2015, total international trade over the Internet,
more commonly referred to as global electronic
commerce, is projected to be $1.4 trillion and is
expected to continue to grow at a 13.5% compounded
annual growth rate for the foreseeable future (Enright
2011). Mann and Kierkegaard (2006, 25) estimate that
global electronic commerce adds roughly .25 basis
points of growth to annual GDP for industrialized
nations. In the case of the United States, that
translates to over $400 billion added to US GDP per
year. While 53% of all global electronic commerce
transactions occur in the United States, Japan, and the
United Kingdom, developing countries such as Brazil,
China, Russia, and Mexico are projected to
experience electronic commerce growth at an annual
rate of 26% for the foreseeable future (Enright 2011). A
shift is underway where global electronic commerce
moves from the developed world to the developing
world driven, in part, by successful economic
development strategies that are creating consumer
classes in those countries and, in part, by the expansion
of mobile telecommunications networks throughout the
developing world. More consumers, on a global scale,
plug into cyber space through their new mobile devices
such smart phones and tablet computers reflecting a
shift from desktop computing to cloud computing. This
shift will deepen interdependence, shrinking the
distance between private Internet based computing and
public Internet based computing (Castells 1999, 1996).
With this shift in computing, global consumption
patterns may change, and, with that change in
consumption patterns may come change in global
trade, economic production, employment, and political
institutions (Ibid.). The Arab spring could be construed
as reflecting these tectonic shifts in the global political
economy that are amplified and accelerated by cyber
based and enabled communications technologies.
Combined, the Stuxnet virus, the cyber attack on
Google and thirty-three other US enterprises, and the
growing import of the Internet to global trade and
information flows argue against a state-centric
framework of cyber security that elides the role that the
Internet plays in deepening linkages among state and
non-state actors (Keohane and Nye 2001).
For my purposes, cyber security means the absence of
conflict among actors such that a condition of
certainty and stability ensues within the cyber
domain that enables global information and
economic exchange. Framing cyber security in this
manner more accurately reflects that cyber security is
transnational issues for all cyber users are vulnerable to
cyber attack. Owing to the interdependent nature of
cyber security, better to think of cyber security as a
transnational security issue where states forge
cooperation to achieve a secure cyber space. How to
achieve policy coordination among state actors on
cyber security may be answered by hegemonic
stability theory. Hegemonic stability theory may
compliment deterrence theory by prescribing US cyber
security policy at the system level.
Hegemonic Stability Theory

Institutions within cyber space presently remain

underdeveloped. Consequently, states are confronted
with a security dilemma where cyber arms races
and low-level cyber conflict threatens state
information technology networks and the stability of
cyber as an open medium for information and economic
exchange. At the time of writing, Iran is now in its fifth
week of a concerted cyber campaign against economic
and financial assets of the United States, Saudi
Arabia, Israel, and other states in response to the use of
cyber weapons by the US and Israel with tacit support
from Saudi Arab against Iranian nuclear weapons
program assets. Elements of Russia successfully
prosecuted cyberattacks against Estonia in 2007
and Georgia in 2008 driving home the point to
policymakers world-wide that cyber is a new domain of
conflict. As more states demonstrate their cyber
weapons capability, other states recognize their cyber
vulnerability and respond by acquiring cyber weapons
and cyber defense capability in a never enduing cycle
of response and counter-response. Escaping the affects
of this security dilemma is possible through the
formation of international institutions (Keohane 1984;
Keohane and Nye 2001). Hegemonic stability theory
offers describes the role that hegemons may fill in
the processes by which international institutions are
formed.
Hegemonic stability theory is best viewed as school of
thought to which international relations scholars from a
range of ontological and epistemological backgrounds
contribute. The logic of hegemonic stability theory is
that, “there can be no liberal international economy
unless there is a leader that uses its resources and
influence to establish and maintain an international
economy based on free trade, monetary stability, and
freedom of capital movement” (Gilpin
2001, 99; also see Ikenberry 2011; Keohane 1982a,
1982b, 1980; Kindleberger 1973; Krasner 1976). For my
purposes, hegemony refers to absolute and relative
power preponderance such that there is one state that
sets the terms for conflict and cooperation among all
other states. On the view of David Lake, hegemonic
stability theory is “a research program composed of
two, analytically distinct theories. Leadership theory
builds upon the theory of public goods and focuses
on the production of international stability” while
“Hegemony theory seeks to explain patterns of
international economic openness” by focusing on how
dominant states impose the norms and rules of the
international economic order (Lake 1993, 460).
Describing hegemonic stability theory in this manner
has the advantage of conceptual clarity but overlooks
instances when patterns of international economic
openness are expanded in the global political economy
through a combination of hegemony and leadership.
Significantly, Keohane (1984) cautions that hegemony
is not a necessary condition for cooperation among
states, however, Keohane (1980) previously noted that
cooperation could occur under conditions of hegemony.
Indeed, it may be to the advantage of hegemons to
foster and participate in cooperation among actors for
the purpose of creating conditions where other actors
bandwagon with the hegemon’s desired policy
preferences, thereby lending an air of legitimacy to
hegemony. The influence of hegemony may be
sustained through cooperation, which speaks to an
inconvenient and persistent puzzle for international
relations: the resiliency of US preponderant power,
notwithstanding predictions that the US is in relative
decline (Stone,
Slantchev, and London 2008). Others have noted that
US power is crucial to sustaining the extant liberal
international economic order (Clark 2009; Duedeny and
Ikenberry 1999; Ikenberry 2011;
Lake 2011; Norrloff 2010). Ruggie (1983) demonstrates
how liberalism became embedded in the international
economic order by virtue of US power shortly after the
close of World War II.
According to Gilpin (2001), there is extensive
empirical support developed by economists showing
that the global economic order functions most
efficiently when a dominant power enforces norms
and rules that govern economic exchange. What
strategy should hegemons purse to enforce global
norms and rules? Destradi (2010) provides a useful
analysis that sharpens the conceptual distinctions
between the strategies of empire, hegemony, and
leadership. Accounting for available power resources to
US policymakers, the social purpose for the Internet,
and, hence, the cyber domain as envisaged by US
policymakers in a transnational and hierarchically
ordered international system, Destradi’s framework
offers a path that illuminate a US cyber security
strategy at the systemic level that compliments
deterrence theory at the level of the state. A brief
overview of Destradi’s framework seems prudent at this
point.
Destradi (2010) is primarily concerned with examining
strategies that rising powers such as China, India, or
Brazil, may pursue at the regional level of international
politics. I apply Destradi’s ideal-type to the systemic
level to show three possible strategies that US
policymakers could pursue in cyber space, a new
domain or region of conflict and cooperation among
states.
States pursuing a strategy of empire are wholly
concerned with national interest and security in an
anarchical condition employing hard power through the
application of military force and threat to achieve
desired outcomes (Ibid.) Imperial powers seek to
dominate and impose outcomes on other states. In
contrast to empire, and the contrast is, admittedly,
“subtle,” states pursuing a strategy of hegemony
employ tactics that range “from the exertion of
pressure to the provision of material incentives, up to
the discursive propagation of the hegemon’s norms and
values” (Destradi 2010, 912-913). The difference
between hegemony and leadership is that outcomes
always reflect the hegemons goals (Idid.). In pursuing a
strategy of leadership, dominant states use soft
power to lead other states to engage in a process
whereby states negotiate and renegotiate their
common policy goals. Soft power has been defined as
“getting others to want the outcomes you want” (Nye
2004, 5; Destradi 2010). Soft power is effective when
states share values and “the attraction to shared
values and the justness and duty of contributing to
the achievement of those values” shapes the
preferences of states to support the leading role that
the hegemon fills in the processes of negotiation and
renegotiation of common policy goals (Nye 2004, 7;
Destradi 2010). Keohane (1982a), Ikenberry (2011),
and Ruggie (1983) has independently shown that US
policymakers chose to pursue a strategy of leadership
in the post-World War II era rather than a strategy of
hegemony or empire by cooperating with other states
to forge shared values for a liberal international
economic order that included limits on US power
imposed through international institutions and regimes.
In his seminal work on power in international relations,
Nye argues that, “it is a mistake to think of power – the
ability to affect others to obtain preferred outcomes –
simply as ‘power over’ rather than ‘power with’
others” (2011b, 90). The United States leads a
collective hegemony comprised of advanced
industrialized democracies that coordinate and enforce
the norms and rules institutionalized within the,
present, liberal international economic order for the
purpose of governing the global political economy.
Stone, Slantchev, and London (2008) lend support to
this view, finding that leading states will form coalitions
for the purpose of forging new institutions rather than
resort to using hegemonic power to impose new
institutions. That is, leading states will persuade others
to pool power in an effort to address issues affecting
the stability of the extent liberal international economic
order. The liberal international [economic] order is a
global public good—something everyone can
consume without diminishing its availability to
others” and that as the largest consumer of
international economic order, the US must take the lead
to ensure its continued provision “because of the
difficulties of organizing collective action when large
numbers are involved” (Nye 2002, 239-240). As
the largest consumer of the international economic
order, the US has a vested interest in its stability and
continued provision and given that the cyber domain is
and will increasingly be a critical part of the
international economic order, the US has a vested
interest in ensuring that the cyber domain is secure.
Not strictly in the sense of protecting sensitive political,
economic, or national security information from theft or
preventing the loss of control of critical SCADA software
that operate the nation’s power grid, water supply, or
transportation systems – all are critical aspects of a
comprehensive cyber security policy; but, more broadly,
in the sense of keeping the cyber lanes
of communication and commerce open.
In ndeed, as the liberal international economic order
becomes more reliant on global electronic commerce
and information exchange, think cloud computing
married with smart phone and tablet based
computing, communication, and media convergence all
combining to plug ever increasing numbers of
consumers into the global political economy, keeping
the cyber lanes of communication and commerce open
will be as critical to the future stability of the liberal
international economic order as has been keeping
international sea-lanes of communication and
commerce open. Cyber space, as a medium for global
information and economic exchange, is a global public
good requiring leadership to avoid the Balkanization of
the domain. US leadership in cyber space is not without
precedent having been decisive establishing cyber
space as an open medium for international trade by
persuading other state actors to pool power to ensure
that the Internet is protected under by World Trade
Organization (WTO) as a duty-free trade zone
(Kiggins 2011). US cyber security policy must evolve
into a more comprehensive posture that combines
deterrence with global governance. I now turn to
transnational cyber security as a global governance
issue.

Cyber Security as a Global Governance Issue

Global governance, in the post-Cold War era, grew into
a site of scholarship, analysis, and policymaking as a
response to the perceived exigencies attendant to
globalization of information and economic exchange.
Global governance is an essentially contested term
with multiple meanings and definitions (Dingwerth and
Pattberg 2006; Finkelstein 1995; Gilpin 2002; Held and
McGrew 2002; Rosenau 1995). One widely used
definition views, “global governance is conceived to
include systems of rule at all levels of human activity –
from the family to the international organization – in
which the pursuit of goals through the exercise of
controls has transnational repercussions” (Rosenau
1995, 13). The problem with this definition twofold: 1)
the definition is broad, global governance could “be
virtually anything” (Finkelstein 1995, 368);

2) Rosenau’s definition ignores how power may

influence which norms ultimately structure global
governance institutions (Gilpin 2001). Held and McGrew
(2002) argue that the debate over what is the definition
of global governance reflects the ongoing debate about
the role and efficacy of the state in an era
characterized by globalization of information and
economic exchange. Cyber space is terrain on which
the contestation over norms that govern the role of the
state in global political economy comes to a head
through merging transnational politics of information
exchange, economic exchange, and security.
Cooperation continues among states in governance of
transnational information exchange, economic
exchange, and security.
Information exchange occurring through cyber space
traverses geographic space administered by states.
States exist by virtue of mutual agreement among
peers on the meaning of sovereignty.
States are sovereign in that exclusive right to use force
to coerce is reserved to the apparatuses of states within
a specified and mutually recognized geographic space
or territory. Within each state, disparate regulatory
traditions have developed over time that govern
information exchange, economic exchange, and use
of force to achieve security (Hart 1988; Zacher
2002). As information and economic exchange have
globalized through digitalization, first with the printed
word, then the telegraph, followed by computer
network and satellite assisted voice and data
transmissions, states have been compelled to
cooperate to ensure that differences in the treatment of
information and economic exchange by disparate
regulatory traditions does not impede the global flow of
information, goods, and services (Zacher 1996). For
example, states cooperated in the governance of
information exchange by forming the International
Telecommunications Union as a global governance
institution charged with universalizing technical
standards and regulations to facilitate reliable,
quick, and efficient information exchange (Mueller
and Thompson 2004; Rauen, Hiratuka, Fracalanza
2011).
Similarly, in the realm of economic exchange, states
cooperate in order to achieve market efficiencies and
absolute gains from trade (as opposed to relative gains,
where my loss is your gain). During the post-World War
Two era, regional and global multilateral coalitions
have formed to promote a more open global trade
system consistent with the principle of international
economic openness supported and sustained by
hegemony. For example, the General Agreement on
tariffs and Trade (GATT) was formed in 1948 to promote
fair treatment of goods and services exchanged among
member states. In 1994, GATT was folded into the
World Trade Organization (WTO), the current global
governance institution that mediates trade disputes
among member states and provides a forum in which
cooperation among states produces the norms and
rules that govern global economic exchange. At the
regional level, the European Union, a customs union
where tariffs have been eliminated on goods and
services exchanged among member states, exemplifies
what can be accomplished among states motivated to
cooperate in the realm of economic exchange. Cyber
space has been repurposed in the post-Cold War era as
a domain for economic exchange being treated as a
duty-free trade zone under WTO agreements (Kiggins
2011). From the view of US policymakers, and open
global trade system is essential to global peace and
prosperity and US policymakers have promoted global
trade cooperation among states in order to achieve this
aim (Bacevich 2002; Beard 1934; Ikenberry 2011;
Layne 2006; Williams 1972).
States routinely cooperate within the issue area of
transnational security having formed the United Nations
to promote collective security globally and, at the
regional level, formed alliances such as the North
Atlantic Treaty Organization (NATO) to promote regional
security. In my view, what sets apart the transnational
issue areas of information exchange and economic
exchange from that of cyber security is a lack of inertia
among states to cooperate, to coordinate global
governance, on the issue of cyber security. It is here
that US power, exercised by leading other states to
form a multilateral coalition for the purpose of
promoting transnational cyber security norms could
prove decisive at forming global governance structures
within the issue area of transnational cyber security. US
policymakers should aggressively pursue opportunities
to persuade other states to accept and partner with the
US in promoting cyber security norms that enhance
threat credibility and clarify retaliation threshold. Within
the transnational issue areas of information exchange
and economic exchange, US power has proved
decisive at ensuring governance institutions within
each issue area reflect the norm of openness – long
promoted, defended, and expanded through US led
hegemony in the post-WWII era. The role of leadership
22 in global governance is to promote and protect the
constitutive rules (openness) that shape the regulative
rules (cyber attack threshold, use of force, form of
punishment) of global regimes.
Leading other actors in the formation and operation of a
multilateral cyber security coalition includes the
addressing the following tasks. First, international
cooperation could be leveraged to develop a cyber
weapons non-proliferation regime. This would have the
effect of limiting the number of cyber threats to which a
state must develop counter measures. Second,
increased cooperation on cyber security could pool
resources and capabilities in an effort to overcome the
problem of attribution. This would have the effect of
distributing costs associated with overcoming technical
hurdles among participants. Third, cooperation is
needed among states to develop consensus on a norm
or set of norms that govern the sharing of information,
arrest, extradition, and prosecution of criminal acts in
cyber space. Crimes committed in cyber space often
cross international borders, criminals may be located in
one country while committing fraud or theft in another
country through cyber space. Combined, three and four
would have the effect of mitigating the problem of
attribution and strengthening threat credibility issued
by state actors. Fifth, US policymakers need to
determine specific criteria for retaliation to cyber
attacks so that US power in cyber space can be
demonstrated as a credible deterrent. Threatening to
send a missile down a smoke stack is a far cry from
actually doing so.
In the end, perhaps the collective vulnerability of states
in cyber space will contribute to the balkanization of the
domain into disparate networks in which norms for
identifying users and granting of network privileges is
conducted by a coordinated network administrator
behind a virtual, heavily fortified, and defended wall.
Indeed, an outcome to the formation of a US led cyber
security multilateral coalition may be just that,
increased state control. This risk aside, in the absence
of leadership that protects and promotes the Internet as
an open domain, ensures cyber security cooperation
reflects this normative and social purpose for the
Internet, and leverages international institutions to
teach states which norms to follow in global governance
of cyber space (see Finnemore 1996), the Internet as it
is known and experienced today, may cease to
function as an open medium for global
information and economic exchange; likely
succumbing to the necessity of achieving cyber security
through exerting absolute state control over the
domain. Ironically, US hegemonic power, exercised
through leadership, may be the best hope for
preserving an open Internet, for keeping the cyber
lanes of communication and commerce open.

Conclusion

This chapter has argued that US cyber security may

best be achieved through the formulation of a more
comprehensive cyber security policy that combines
deterrence theory with US leadership.
A more comprehensive cyber security policy takes into
account the transnational nature and social purpose of
the Internet in the post-Cold War era in addition to the
requirement to inflict punishment on cyber attackers as
a deterrent to future cyberattacks. The social purpose
of the Internet in the post-Cold War era is to serve as an
open medium for global information and economic
exchange and the growth in information flows and
electronic commerce bear this out.
The advantage of deterrence theory is to be found
in its logical coherence, which affords policymakers
a simple and easily explained framework for cyber
security. A deterrence theory based cyber security
policy is challenging given that threat credibility is
undermined by the lack of technical capability to
attribute cyber attacks and the lack of a clear threshold
that stipulates the form of retaliation. In addition,
deterrence theory elides the very transnational nature
of cyber space where the domain is confronted by
disparate regulatory traditions and approaches to
security across states. Hegemonic stability theory offers
a systemic level policy approach that compliments
deterrence theory by taking into account the
transnational nature of cyber space and proposing that,
through leadership, a multilateral cyber security
coalition could be formed in an effort to produce
consensus concerning global cyber security norms that
would govern cyber weapon proliferation, cyber
crime investigation and punishment, and shared
costs for overcoming the problem of attribution
making deterrence more effective through
strengthening threat credibility. The risk associated
with forming a US led multilateral cyber security
coalition is balkanization of the internet into chunks of
cyber space more easily controlled by states in order to
achieve security balanced against keeping the
cyber lanes of communication and commerce open
within the multilateral coalition. Ironically, it may be US
hegemony that offers the best hope for keeping cyber
space open, stable, and secure.

References
- Abbate, Janet. 2000. Inventing the Internet.
Cambridge, MA: MIT press.
- Achen, C. H., & Snidal, D. 1989. “Rational
deterrence theory and comparative case studies.”
World Politics, 41(2), 143-169.
- Adams, James. 1998. The Next World War:
Computers are the Weapons & and Front Line is
Everywhere. New York: Simon and Schuster.
- Adas, Michael. 2006. Dominance by design:
technological imperatives and America's civilizing
mission. Cambridge, Mass.: Belknap Press of
Harvard University Press.
- Antonova, Slavka. 2008. "Powerscape of Internet
Governance: How was global multistakeholderism
invented in ICANN?".
- Armistead, Leigh. 2010. Information operations
matters : best practices. 1st ed. Washington, D.C.:
Potomac Books.
- Bacevich, A. J. 2002. American empire : the
realities and consequences of U.S. diplomacy.
Cambridge, Mass.: Harvard University Press.
- Beard, Charles A. 1934. The Idea of National
Interest. New York: The MacMillan Co.
- Broad, William J., John Markoff, David E. Sanger.
2011. "Israeli Test on Worm Called Crucial in Iran
Nuclear Delay." The New York Times, 15 Janurary
2012.
- Castells, Manuel. 1996. The rise of the network
society. Cambridge, Mass.: Blackwell Publishers.
- Castells, M., & United Nations Research Institute for
Social Development. (1999). Information
technology, globalization and social development.
Geneva: United Nations Research Institute for
Social Development.
- Cimbala, Stephen J. 2011. “Nuclear Crisis
Management and ‘Cyberwar’ Phishing for Trouble?”
Strategic Studies Quarterly (Spring 2011): 117-31.
- Clark, Ian. 2009. “Bringing hegemony back in: the
United States and international order.”
International Affairs 85(1): 23-36.
- Clarke, R. A., and Knake, R. 2010. Cyber War: The
next threat to national security and what to do
about it. Ecco.
- Conybeare, J. A. C. 1983. “Tarriff Protection in
Developed and Developing Countries: A Cross-
Sectional and Longitudinal Analysis.” International
Organization 37:441-63.
- Crosston, Matthew D. 2011. “World Gone Cyber
MAD: How ‘Mutually Assured Debilitation’ Is the
Best Hope for Cyber Deterrence.” Strategic Studies
Quarterly (Spring 2011): 100-16.
- Deibert, Ronald and Rohozinski, Rafal. 2010.
“Under cover of the Net: The Hidden Governance
Mechanisms of Cyberspace.” In Anne L. Clunan and
Harold A. Trinkunas (eds.). Ungoverned Spaces:
Alternatives to State Authority in an Era of
Softened Sovereignty . Palo Alto, CA: Stanford
University Press, pgs. 255-272.
- Demchak, Chris C. and Peter Dombrowski. 2011.
“Rise of a Cybered Westphalian Age.” Strategic
Studies Quarterly (Spring 2011): 32-61.
- Destradi, Sandra. 2010. “Regional Powers and their
Strategies: Empire, Hegemony, and Leadership.”
Review of International Studies 36:903-30.
- Deudney, Daniel and G. John Ikenberry. 1999. “The
Nature and Sources of Liberal International Order.”
Review of International Studies 25 (2):179-96.
- Dingwerth, Klaus and Philipp Pattberg. 2006.
“Global Governance as a Perspective on World
Politics.” Global Governance 12: 185-203.
- Enright, Allison. 2011. “Global e-commerce to
reach $1.4 trillion in 2015.” International
Marketing.
http://www.internetretailer.com/2011/06/07/global-
 e-commerce-reach-14-trillion-2015. Last accessed
30 October 2012.
- Fearon, J. 2002. “Selection effects and deterrence.”
International Interactions, 28(1), 5-29.
- Finkelstein, Lawrence S. 1995. “What is Global
Governance?” Global Governance 1: 367-72.
- Finnemore, Martha. 1996. National interests in
international society. Ithaca, N.Y.: Cornell
University Press.
- Gerstein, Daniel M. 2005. Securing America's
future: national strategy in the information age. 1
vols. Westport, Conn.: Praeger Security
International.
- Gilpin, Robert. 2001. Global political economy:
understanding the global economic order.
Princeton, N.J.: Princeton University Press.
- Gilpin, Robert. 2002. “A Realist Perspective on
International Governance.” In Governing
Globalization: Power, Authority, and Global
- Governance, ed. D. a. A. M. Held. Cambridge:
Polity.
- Gorman, Siobhan and Julian E. Barnes. 2011.
“Cyber Combat: Act of War.” Wall Street Journal
online.
http://online.wsj.com/article/SB1000142405270230
4563104576355623135782718.html. Last
accessed 29 October 2012.
- Hart, J. A. 1988. “The politics of global competition
in the telecommunications industry.” The
Information Society, 5(3), 169-201.
Harvey, F. P. 1998. “Rigor mortis or rigor, more tests:
Necessity, sufficiency, and deterrence logic.”
International Studies Quarterly,
42(4), 675-707.
Held, David, and Anthony G. McGrew. 2002. Governing
Globalization: Power, Authority and Global Governance.
Cambridge, UK:
Polity in association with Blackwell.
Huth, P and Russett, B. 1984. What Makes Deterrence
Work? Cases from 1900 to 1980. World Politics 36 (July):
496-526.
Huth, P. and Russett, B. 1993. “General deterrence
between enduring rivals: Testing three competing
models.” American Political
Science Review, 61-73.
Huth, P. K. 1999. “Deterrence and international conflict:
Empirical findings and theoretical debates.” Annual
Review of Political Science,
2(1), 25-48.
Ikenberry, G. John. 2011. Liberal Leviathan: the Origins,
Crisis, and Transformation of the American World
Order. Princeton, NJ:
Princeton University Press.
Jervis, Robert. 1998. “The Utility of Nuclear
Deterrence.” International Security, 13(2), 80-90.
———. 1989. “Rational Deterrence Theory: Theory and
evidence.” World Politics 61 (January): 183-207.
Kagan, Robert. 2012. The World America Made. New
York: Alfred A. Knopf.
Katin-Borland, N. 2012. “Cyberwar: A Real and Growing
Threat.” In Sean S. Costigan and Jake Perry, eds.
Cyberspaces and Global
26
Affairs. London: Ashgate, pgs. 3-22.
Keohane, Robert O. 1980. "The Theory of Hegemonic
Stability and Changes in International Economic
Regimes, 1967-77." In Change
in the international system, ed. O. R. Holsti, R. M.
Siverson and A. L. George. Boulder, Colo.: Westview
Press.
———. 1982a. "Hegemonic Leadership and U.S. Foreign
Economic Policy." In America in a Changing World
Political Economy, ed. W.
P. A. a. D. P. Rapkin. New York: Longman.
———. 1982b. "The Theory of Hegemonic Stability and
Changes in International Economic Regimes, 1967-
1977." In Change in the
International System, ed. R. M. S. Ole R. Holsti, and
Alexander L. George. Boulder, CO: Westview Press.
———. 1984. After hegemony : cooperation and
discord in the world political economy. Princeton, N.J. ;
Chichester: Princeton
University Press.
Keohane, Robert O. and Joseph S. Nye. 2001. Power and
interdependence. 3rd ed. New York ; London: Longman.
Kiggins, Ryan David. 2011. “Wired World: US Policy and
the Open Door Internet.” Ph.D. diss. University of
Florida.
Kindleberger, Charles Poor. 1973. The world in
depression, 1929-1939. Rev. and enl. ed. Boston: Little
Brown.
Krasner, Stephen D. 1976. "State Power and the
Structure of International Trade." World Politics 28:317-
47.
Kugler, Richard L. 2009. "Deterrence of Cyber Attacks."
In Cyberpower and National Security, ed. F. D. Kramer,
Stuart H. Starr, and
Larry K. Wentz. Washington D.C.: NDU Press.
Lake, David A. 1983. "International Economic Structures
and American Foreign Policy, 1887-1934." World Politics
35:687-713.
———. 1993. "Leadership, Hegemony, and the
International Economy: naked Emperor or Tattered
Monarch with Potential?"
International Studies Quarterly 37 (4):459-89.
Layne, Christopher. 1998. "Rethinking American Grand
Strategy; Hegemony or Balance of Power in the Twenty-
First Century?" World
Policy Journal (Summer 1998):8-28.
———. 2006. The peace of illusions: American grand
strategy from 1940 to the present. Ithaca: Cornell
University Press.
Lebow, Richard Ned. “The golden age of deterrence
theory.” The Routledge handbook of security studies
(2009): 393.
Lebow R. N. and Stein, J. G. 1989. “Rational Deterrence
Theory: I Think, Therefore I Deter.” World Politics 61
(January): 208-24.
Libicki, Martin C. 2009. Cyberdeterrence and Cyberwar.
Santa Monica, CA: RAND Corporation.
———. 2007. Conquest in cyberspace: national security
and information warfare. New York, NY: Cambridge
University Press.
———. 2011. “Cyberwar as a Confidence Game.”
Strategic Studies Quarterly (Spring 2011): 132-46.
Mann, Catherine L. and Jacob F. Kirkegaard. 2006.
“Accelerating the globalization of America: the role for
information technology.”
Washington, DC: Institute For International Economics.
McCarthy, Daniel R. 2011. “Open Networks and the
Open Door: American Foreign Policy and the Narration
of the Internet.” Foreign
Policy Analysis 7 (1): 88-111.
Milner, Helen V. 1998. “International Political Economy:
Beyond Hegemonic Stability.” Foreign Policy 110
(Spring): 112-23.
Morgan, P. M. 2012. “The State of Deterrence in
International Politics Today.” Contemporary Security
Policy, 33(1), 85-107.
Morgan, P. M. 1983. Deterrence: A conceptual analysis,
rev. ed. Beverly Hills, CA: Sage Publications.
Mueller, Milton, and Dale Thompson. 2004. “ICANN and
Intelsat: GlobalCommunication Technologies and their
Incorporation into
International Regimes.” In The Emergent
GlobalInformation Policy Regime, ed. S. Braman:
Palgrave/Macmillan.
Nakashima, Ellen. 2012. “U.S. Accelerating
Cyberweapon Research.” The Washington Post, 19
march 2012.
Norrloff, Carla. 2010. America's Global Advantage: US
Hegemony and International Cooperation. New York:
Cambridge University
Press.
Nye, Joseph S. Jr. 2002. “The American National Interest
and Global Public Goods.” International Affairs 78 (2):
233-44.
———. 2004. Soft power: the means to success in world
politics. 1st ed. New York: PublicAffairs.
———. 2011a. The Future of Power. New York: Public
Affairs.
———. 2011b. “Nuclear Lessons for Cyber Security.”
Strategic Studies Quarterly (Winter): 18-28.
Osborne, Charlie. 2012. “Cybercrime costs U.S.
Consumers $20.7 billion.” CNet News. Available at
http://news.cnet.com/8301-1009_3-57506216-83/
cybercrime-costs-u.s-consumers-$20.7-billion/.Last
accessed 26 Oct 2012.
Rattray, Gregory J. 2001. Strategic Warfare in
Cyberspace. Cambridge, MA: The MIT Press.
Rauen, Cristiane V., Célio Hiratuka, Paulo S. Fracalanza,
(2011) “Universalization of telecommunications
services: Public policies in the
OECD and in Brazil.” International Journal of
Development Issues, 10(2), pp.108 – 122.
Rogin, Josh. 2012. “NSA Chief: Cybercrime
Constitutes the Greatest Transfer of Wealth in
History.” Foreign Policy.
http://thecable.foreignpolicy.com/posts/2012/07/09/
nsa_chief_cybercrime_constitutes_the_greatest_transfer
_of_wealth_in_history.
Last accessed 8 October 2012.
Rosenau, James N. 1995. “Governance in the Twenty-
First Century.” Global Governance, 1: 13-43.
Ruggie, John Gerard. 1983. “International regimes,
transactions, and change: embedded liberalism in the
postwar economic order.” In
International Regimes, ed. S. D. Krasner. Ithaca, NY:
Cornell University Press.
Schelling, T. C. (1980). The strategy of conflict. Harvard
university press.
Singh, J. P. 2010. “Negotiating Internet Governance:
Security Implications of Multilateral Approaches.” In
Anne L. Clunan and Harold
A. Trinkunas (eds.). Ungoverned Spaces: Alternatives to
State Authority in an Era of Softened Sovereignty. Palo
Alto, CA: Stanford
University Press, pgs. 232-254.
Snidal, Duncan. 1985. “The Limits of Hegemonic
Stability Theory.” International Organization 39 (4):579-
614.
Sterner, Eric. 2011. “Retaliatory Deterrence in
Cyberspace.” Strategic Studies Quarterly (Spring 2011):
62-80.
Stone, Randall W., Branislav L. Slantchev, and Tamar R.
London. 2008. “Choosing How to Cooperate: A
Repeated Public-Goods Model
of International Relations.” International Studies
Quarterly 52:335-62.
Schwartz, Matthew J. 2012. “Cybercrime Attacks, Costs
Escalating.” Information Week. Available at
http://www.informationweek.com/security/attacks/
cybercrime-attacks-costs-escalating/240008658. Last
accessed 8 Oct 2012
Stoll, Cliff. 1990. The Cuckoo's Egg. New York: Pocket
Books
27
Taipale, K. A., Cyber-Deterrence (2009). Available at
SSRN: http://ssrn.com/abstract=1336045. Last
accessed, 23 July 2013.
Verton, Dan. 2003. Black ice: the invisible threat of
cyber-terrorism. New York: McGraw-Hill/Osborne.
Waltz, Kenneth. 1959. Man, the State and War: A
Theoretical Analysis. New York: Columbia University
Press.
Weimann, Gabriel. 2006. Terror on the Internet: The
New Arena, the New Challenges. Washington, DC:
United States Institute of Peace Press.
Williams, William Appleman. [1959] 1972. The tragedy
of American diplomacy. 2d rev. and enl. ed. New York:
Dell Pub. Co.
Zacher, Mark W. 2002. “Capitalism, Technology, and
Liberalization: The International Telecommunications
Regime, 1865-1998.” In
Rosenau, J. N., & Singh, J. P., editors. Information
technologies and global politics: The changing scope of
power and governance.
New York: SUNY Press.
Zacher, M. W., & Sutton, B. A. 1996. “Mutual interests,
normative continuities, and regime theory:
cooperation in international
transportation and communications industries.”
European Journal of International Relations, 2(1), 5-46.