Cyber-defense Strategies for Contending with Non-state Actors: A Review and Assessment of Existing Proposals


With the development of cyberspace and the Internet beginning in the 1980s and 1990s, new potential avenues for warfare and other hostile actions have proliferated along nontraditional lines.[1] Cyber attacks constitute “disaggregated warfare,” in that actions are executed primarily by non-state actors (NSAs) with very tenuous definitions of territoriality, a relatively novel concept not fully accounted for in realms such as international law or individual states’ military doctrine and policy.[2]

This paper will discuss the capabilities of NSAs and provide a short review of current options for policy to contend with the new threat from NSAs, ennumerating their benefits and shortcomings.

The power of NSAs only expands as technological development proceeds; thus, the international community, and especially current nation-state cyberpowers will need to adjust their own security doctrines as well as enact considerable change to international bodies of law that regulate the use of NSAs in crime and interstate conflict. States must pursue multilateral methods of preparing for the threat posed by NSAs in the cyber realm, rather than merely focusing on their own individual security. Only with a combination of norm creation, changes to international law, other various security-centric approaches, as well as common policies of deterrence can the Westphalian system endure.

To preempt any ambiguities in terminology throughout the rest of this work, this paper will first define the cyber-related terms it uses, drawing from but slightly adjusting the established framework of Johan Sigholm in his journal article “Non-State Actors in Cyberspace Operations.”[3] “Cyberspace” is defined as a global and virtual environment that either directly or indirectly links networks, systems, or other infrastructures that have begun and continue to increasingly be critical to modern society.[4] “Cyberactions” encompasses a host of activities taking place on cyberspace, but in Sigholm’s framework, the term largely refers to illegal actions that are carried out by NSAs rather than nation-state actors and disrupt or harm in order to accomplish political, economic, or personal goals.[5] In contrast, “Cyberspace operations” are military operations carried out by primarily state actors to accomplish strategic goals.[6] “Cyberattacks” are an umbrella term for any NSAs’ or nation-state actors’ activities in cyberspace that are considered to be hostile, causing harm, damage, or even loss of life in order to accomplish strategic political, economic, or personal objectives.[7] Though the term “Cyberwar” is often more loosely or over-generally applied as a term, it specifically refers to instances during which cyberattacks or other cyberactions or cyberspace operations surpass a threshold that is recognizable as warfare by the international community and as defined by international law.

NSAs should not be overgeneralized, as NSAs differ greatly in size, ability, ideology, and motivation.[8] NSAs that might be able to and might desire to inflict harm upon a state could be anyone from an individual hacker or white-hat activist to terrorist or criminal collective, or even trained groups attempting commercial or governmental espionage.

On the whole, cyberspace is a realm of blurred lines: between warfare and criminal activity, between individual actor and large group activities, and between policing and military responsibilities.[9]

Rationale for Focus on Non-state Actors

According to Nicolo Bussolati’s 2015 article, no nation-state thus far has overtly deployed cyber capabilities on the offensive during wartime, though covert operations have taken place (e.g. Stuxnet) during peacetime.[10] All other hostile actions have fallen under the purview of NSAs, according to U.S. defense consultant James Farwell, and, indeed, the hallmark of the shift in cyberspace has been in favor of NSAs, in that they have become substantially involved in the landscape of cyberattacks and even cyberwarfare.[11]

Brian Nichiporuk and Carl H. Builder studied the societal implications of NSA activity in cyberspace. They found that because of the rise of international terrorist organizations, NSAs are now enacting influence on national governments’ policy choices both within cyberspace and even more so outside of it.[12] Specifically within cyberspace, however, Bussolati traced the advantages given to NSAs, including the virtual world’s lowered barriers of time and space, the ready availability of knowledge, accessibility and geographic dispersal, and the absence of hierarchy, significantly levels the playing field.[13] Furthermore, Gregory Rattray and Jason Healey studied the effects of the lowered barriers to entry for NSA-nation-state relations: whereas beforehand there existed an asymmetry between the kinetic warfare capabilities of NSAs and nation-state actors for obvious reasons (such as monetary resources, land resources, amount of kinetic actors, etc.) cyberwarfare’s lowered barriers to entry severely reduces the gap between NSA and nation-state capabilities within cyberspace. The individual alone now increasingly represents a significant carrier of technical knowledge.[14]

Although the actions undertaken by NSAs so far seem “relatively tame when compared to the destruction capable of traditional instrumentalities of kinetic warfare,”[15] according to Jonathan Ophardt, but a number of experts also concur that the potential for destruction to critical infrastructure only grows as technology advances and nation-states grow more dependent on network systems for day-to-day key functions. As this prospect of destruction expands, efforts to seek strategies to deal with state or terrorist nonstate actors engaging in cyberactions remain, to an unfortunate extent, underdeveloped, and thus NSAs, due to their novelty and their subversion of the understood tenets of a Westphalian system, receive the focus of this paper.

A Review of the Capabilities of Non-state Actors

 NSAs have defined the gamut of cyberattacks for some time, though they have not always been capable of achieving such great levels of harm as they are today. Bussolati found that digital NSAs since the 1980s have mostly engaged in fairly low-level and demonstrative actions, primarily vandalism or denial of service.[16] However, the 21st century has seen an uptick in the destructive potential and aftereffects of similar denials of service as well as more and more serious damage done to infrastructure.

NSAs in the cyber realm have augmented capabilities due to a number of reasons, including but not limited to lowered barriers of entry (i.e. easier access to more destructive power, either on their own or through being aided or abetted by a state actor), their organizational structure, their anonymity, and the vulnerabilities of the world around them.

Many experts and organizations have declared the empowered nature of NSAs in cyberspace unprecedented; Bruce Hoffman’s paper on responses to cyberterrorism noted that, in the modern era, the methods of terrorism remain available to anyone with a grievance, especially those interested in how to inflict damage via cyber capabilities.[17] Hackers can make use of mundane home electronics to mount huge attacks, such as the hacking in October 2016 in the U.S. that disrupted traffic to Amazon, Netflix, and Twitter for hours.[18] Later, investigators found that the attack as a whole had been conducted by a “disgruntled gamer,” who used materials like cameras, lights, and appliances to overwhelm a “key hub” of the Internet.[19] Within cyberspace, Rattray and Healey found that entities usually find it easier to attack rather than defend because of the relatively lower cost of sophisticated attack tools and the weaknesses present in operating systems and networks that create many vulnerable targets for NSAs.[20]

Bussolati noted that states may also hold considerable interests in having NSAs do their bidding as irregular forces during cyberwarfare or benefiting from the skills or expertise of other hackers.[21] Thus, a state’s resources or other forms of support could further amplify the already-considerable power potential of NSAs in cyberspace.

Arquilla and Ronfeldt emphasized that, in contrast to traditional authoritative structures, the organization of NSAs tends to be flat and dispersed rather than hierarchical with a central commander;[22] this distinguishes NSAs from states in a key way that makes them harder for hierarchies to deal with, as they defy “decapitation” strategies of targeting leadership.[23] Generally, hierarchies can only confront parts of a network system within a shadowy environment like cyberspace; such a task often resembles the Herculean task of slaying the Hydra.

Complicating matters greatly, cyberspace has afforded both state actors and NSAs with a greater degree of anonymity, as Sigholm points out.[24] The actors behind cyberattacks tend to obscure their own identity to avoid repercussions; the degree of connectivity, speed of access, and transmission capabilities challenge the tradtional tenets of national sovereignty, making it even more difficult to attribute cyberattacks to any actors.[25]

The interdependence of computer networks that regulate or control key public infrastructures throughout the world provide fruitful and incredibly susceptible targets for the activities malicious NSAs. Vital infrastructures that are vulnerable to the malicious influences of either non-state or nation-state actors, according to Richard Hundley and Robert Anderson’s assessment of safety measures in cyberspace, include air traffic control, financial markets, energy grids, telecommunications, and more as time goes on.[26] In countries as technology-dependent as the United States, Jonathan Ophardt specifically pointed out other potential malicious acts, which include tampering with water purification systems, rerouting trains and causing mass collisions, the opening of dams, and the meltdown of nuclear reactors.[27]

All of these strengths — including both target vulnerabilities and the aforementioned advantages gained by NSAs through the nature of cyberspace — could cause a staggering loss of property and life, increasingly on par with the traditional results of kinetic warfare.

A Review of Potential Policy Responses to the New Capabilities of Non-state Actors

This portion of the paper will explore the varieties of policy responses both unilateral and multilateral recently suggested by many various sources throughout the international community.


A number of sources entertain the idea of adopting the same geopolitical doctrine or framework that has occupied more classical areas of international relations and conflict: deterrence. Richard L. Kugler studied the potential applications of a deterrence strategy for cyberwarfare policies specifically within the U.S. in his article “Deterrence of Cyberattacks.” The goal of such a strategy, according to Kugler, would be to influence an adversary’s decision-making processes to such a decisive extent that they would not launch cyberattacks against the U.S.; this strategy would depend on the U.S.’s ability to project its willpower, capability, and reputation for resolve with such intensity to convince other adversaries to keep from attacking the U.S.[28] Kugler’s concepts of deterrence would also be predicated upon “global situational awareness” for whatever country is taking on this strategy, in that the actor would need to assess the motives, value structures, goals, perceptions and calculations that other adversaries might use for a cyberattack.[29] Retaliation as part of the deterrence stratagem could potentially have an impact on NSAs, as they usually are also pursuing political agendas in order to advance their own interests, and through said agendas, they will be susceptible to counterpressuring.[30]

As a strategy on its own, deterrence encounters several obstacles in its application to the realm of cyberspace. First, as Bruce D. Berkowitz found in his work on information warfare, NSAs are inherently less susceptible to the classic geopolitical strategy, because the ability for the victim to enact reprisal is tenuous at best given NSAs’ anonymity online as well as their lack of a territorial base.[31]

Martin C. Libicki constructed a model of a deterrence strategy carried out by a state such as the U.S. and found that a state’s reputation could be seriously harmed without much recourse for retribution within cyberwarfare.[32] According to Libicki, the case for a policy of explicit deterrence would only be a strong one if the policy actually would hinder other states’ or NSAs’ behavior rather than simply force them to be more discreet.[33] Libicki’s model measured the outcome-values of states with different values for pain tolerance from being attacked (“ouch”), loss of face from the attacker getting away with said attack (“wimpy”), the fear of escalating to a prolonged conflict in cyberspace or outside (“risky”), or the humiliation from being wrong about who initiated the attack (“oops”). Overall, he found that deterrence would work best if the state could afford the occasional mistake, has a tolerance for risk if the target responds, and does not suffer audience costs if it does not retaliate.[34]

However, the biggest obstacle for deterrence strategies in cyber-contexts that Libicki found in this study is that an explicit policy does not allow for the separation of “easy cases” from the “hard cases” — both the attacker and the third-party audience members present in the international community cannot easily tell when a state is unwilling to retaliate or simply unable to know against whom to strike back — and a cyberattack that doesn’t elicit response would only work against the state with the explicit deterrence policy.[35]

Kugler also looked at other unilateral possibilities of policy responses that would supplement a strategy of deterrence, including but not limited to offensive forces that “roam the net” in order to protect commerce or infrastructure.[36] The literature surrounding this option is tenuous at best and does not reflect well on its ability to be implemented.

Overall, though deterrence is not a completely hopeless strategy, the changes that cyberspace brings to the previously accepted tenets of the geopolitical state system complicates its implementation. Deterrence remains inefficient and ineffective when considered on its own as a strategy to take on any cyberattacks, especially those from NSAs.

Approaches within International Law

A number of authors have examined international laws or codes that have been rendered obsolete or ineffective when applied to cyberactions. Propositions have circulated that involve broadened constructions to the law of self-defense, lowering the criterion of aggression to simply aiding and abetting a hostile NSA, and establishing confidence building measures between nation-states.

Jonathan Ophardt argues, for instance, that the disaggregation of the cyber landcape highlights the importance of moving beyond the state-centric concepts of territory and a dependence on outdated modes of aggressive actions.[37] Thus, the international community ought to change the definition of aggression in law to account for the emerging threat of NSAs by including the aggressive acts of NSAs and broadly interpret these acts by the International Criminal Court to include new conceptions of territoriality and the new weaponry available in cyberspace.[38]

Moving past a state-centric model of accountability would then allow for individual accountability for the malicious acts of nation-state or NSAs, and Ophardt sees the ICC would be a fitting means with which to realize this goal.[39] State leaders who authorize cyberattacks need to be held accountable, especially when their actions have significant international ramifications. Ophardt’s article advocates for the removal of the “common-law conspiracy requirement for agreement to achieve a collective purpose,” in order to hold liable the contributors to cyberattacks for their actions.[40] Any leaders of organizations, whether representing a nation-state or a NSA, who do commit criminal acts that do aid cyberattacks would be considered as part of the “joint criminal enterprise.”

These changes would make the framework for justice more inclusive of non-traditional attacks by non-traditional actors, such as NSAs, and they would require what Ophardt refers to as a “normative shift,” in order to focus more on the consequences of collective acts “rather than the instrumentalities used in their execution.”[41]

This normative shift, according to Ophardt, is key for the adaptation of international law to mold with the new realities of cyberwarfare and cyberactions. Current prohibitions of force appear to lack the adequate breadth to encompass the diversity of forms of cyberattacks.[42]

Another alternative to consider would be a redefinition of the term “armed,” in order to include non-traditional armaments; however, without careful attention paid to the consequences of this broadening, the definition of “armed” could widen significantly, to an infeasible or dangerous point.[43] While broadening the definition of “armed” would then contribute to some legal basis for the constraint of cyberattacks within modern warfare, that change alone would be inadequate in dealing with the heightened individual abilities within cyberspace, which fall outside of the purview of “armed” versus “unarmed” (i.e. being “armed” in cyberspace could simply constitute the know-how for enacting a significant cyberattack, and how-to knowledge is nigh impossible to regulate)  and still contribute to the powers of NSAs.

All in all, there would need to be increased individualized accountability within the international system and updates to the jus ad bellum for the new frontiers of battle in cyberspace. The ICC should be given the ability to prosecute any individual responsible for the malicious activities of groups, thought this proposal remains idealistic at best.

However, Dan Saxon also wrote at length about the possibility for holding individual NSAs culpable for violations of humanitarian law even if conducted with cyberweapons, concluding that it would be possible, provided that the technical and legal abilities of prosecutors and forensic techniques rise to meet the challenge of murky liabilities and responsibility in cyberspace.[44]

Skeptics to this approach as a whole point out the inefficacy and the non-binding nature of the ICC in the face of contrarian global powers, such as the U.S., as well as the improbability of states signing onto such an agreement, as doing so would open themselves up to potential liability. Thus, these changes to international law would not make much difference in responding to the threat from NSAs unless combined with changes to the nation-state cyberpowers’ own doctrines and approaches, as well as a commitment from them to assist bodies like the ICC in pursuit of accountability and justice, such as through norms.

International Norms

Right now, norms concerning cyberwarfare largely remain “dark territory,” in that the upper bounds to capabilities within cyberspace have been largely unexplored. Norms could provide useful standards with which to hold the actions of other states to in diplomatic settings or negotiations. The proposals around the creation of international norms exist on a spectrum ranging from formal, codified norms to informal, closed-door decisions made by current cyberpowers.

Robert Gates, for instance, proposed that there be a closed-door meeting between the major cyberpowers in order to work out “rules of the road” in order to diffuse the vulnerabilities within infrastructure and establish agreements not to attack critical civilian infrastructure.[45] These agreements would operate except perhaps in wartime, and even then they might still hold.

Martin Libicki at the RAND Corporation proposed norms that would call on states specifically to sever ties with NSAs such as freelance hackers or organized-crime collectives in order to make cyberspace inherently more trustworthy, while also limiting the numbers and power of rogue actors that would try to fish for support among states for access to greater resources.[46] These norms would also call for increased caution among states in assigning responsibility for cyberattacks to others and keeping harmful escalation from taking place.[47]

According to Libicki, affirmative obligations among states could build trust between them.[48] In order for these norms to work, states would need to agree to cooperate in finding NSAs and eliminating any support they might have within that state’s territory. States would obligate themselves not to jump to conclusions when they are the victims of a cyber-attack.[49]

Overall, instating norms within the international community pertaining to relationships with and actions of NSAs could limit the disruptive potential of state-NSA collaborative cyberattacks and allow for the accurate targeting of hostile NSAs across territorial boundaries.

The argument for norms — whether or not they are enforceable — according to Libicki, is that “hypocrisy is the price that vice pays to virtue,” that is, if states collectively declare that certain actions in cyberspace are illegitimate, then a standard exists to which other states can hold them.[50]

Norms could perhaps have a demonstration effect: if a group of respected states adheres to norms, other states could be convinced that associating with said states requires that they to either follow or pay lip service to said norms.[51] Libicki points out that something similar to this effect has occurred within Latin American states that have acquiesced to the EU’s desire for them to have norms on the protection of personal information, referencing that the larger number of states subscribing to a norm, the more pressure on “laggard” states to also conform.[52]

The NATO Cooperative Cyber Defence Center of Excellence published a comprehensive evaluation of the potentials and drawbacks for instituting international norms concerning the use of cyberspace. Although they essentially agreed with Libicki’s proposals and findings, some weaknesses that they noted in the idea of norms were that the defining features of norms — that is, the “nature of norms themselves” — make them hard to understand and attempt to purposefully design in the realm of cyberspace.[53] Cyberspace itself is constantly changing and developing, and so any underlying values remain in question or not unversally identifiable, something that norms would require.[54]

Norms on their own would not be sufficient in dealing with the new threat from cyberspace, especially NSAs, because of their inherently unenforceable value. When combined with other strategies, however, they could be a promising cog in a well-oiled machine suited to protecting states and individuals from the destructive consequences of cyberwarfare.

Other Security Considerations

Other unilateral or multilateral security-centric proposals made in the process of seeking policy responses to the threat from NSAs in cyberspace include heightened collaboration between the defense sector and the commercial sector.

As Rattray and Healey suggested, this might entail engaging the private sector operators like ISPs in order to establish norms for their users’ appropriate behavior, while encouraging them to fight malicious activities on their own.[55] Likewise, Jeffrey Carr proposed that Congress would need to send a clear message to U.S. internet hosting and service provider companies in order to temper the use of their services for malicious aims and regulate them more than they currently are regulated.[56] Berkowitz notes, however, that it unfortunately remains incredibly difficult to integrate planning for cyberwarfare into the larger sphere of governmental planning without first building public support.[57]

For another potential approach, in order to account for hierarchies’ inabilities to deal effectively with networks, for the most part, there could be a similar mimicry for the task forces assigned to combat malicious NSAs in terms of the structure of those forces: they could become networks. Carr proposed the concept of a Security Trust Network (STN), an organization that is “independent and not beholden to any agency of government or private business” and that can choose when and how to support a government, should it do so.[58] STNs are exemplified by the work that Carr did with Project Grey Goose, an organization that applied the open-source software model to intelligence and cybersecurity, researching data that they then turned over to the authorities.[59] According to Carr, his Project had some success in reducing the Kremlin’s ties to certain NSA groups as well as even preventing some cyberattacks.[60]  However, Sean Lawson and Robert Gehl noted in their assessment of Carr’s group, that STNs remain flawed because of their inherent dependence on a state, as they have little to no firepower on their own of pursuing justice or enforcing a deterrence policy through retaliation against the actor that they determine to be behind a NSA.[61] Although STNs are an asset towards eliminating the murkiness surrounding attribution of aggressive acts in cyberspace, beyond that, their use stays limited.

Sigholm also broached the idea of a “cyber-balkanization” process, as in the splintering of the Internet into subnets created for specific functions like critical infrastructure management or internal government communications.[62] This proposal is not welcomed whatsoever by the significant community in favor of net neutrality, and it remains unclear if those positions are reconcilable with the policy proposals above.[63] The U.S. would likely not be able to enact such reforms unless an exercise of executive power were to take place. Furthermore, offensive capabilities nearly always surpass defensive capabilities in cyberspace, rendering this choice a poor one if it is undertaken on its own.[64]


A number of proposals have attempted to broach the concept of the new threat posed by NSAs in cyberspace, but many of them are rooted in older definitions of aggression and territoriality and do not fully account for or reckon with the nature of new NSAs taking the stage. In recent years, new suggestions have surfaced that try to deal with these new vulnerabilities, including individual countries’ creating or maintaining new policies of deterrence, potential changes to international law, the use of the ICC in enforcing accountability for NSAs as well as state actors in cyberwarfare, the institution of international norms for cyber conduct, and other security-centric propositions.

Above all, this paper emphasizes that none of the above approaches can respond to the threat posed by NSAs in a decisive and comprehensive manner. Such a final resolution to this new threat would be nearly impossible to fathom, especially as technological development consistently outpaces the inherently slow process of policy changes. Though an estimation of each of the potential policies shows importantly that none of these tactics work on their own; that the international community needs to be forward-thinking and cooperative-minded in order to take on the cyber threat in an effective way; and that, nevertheless, some combination of the aforementioned approaches could make for an effective start in dealing with the elevated threat from NSAs in cyberspace.

Some possibilities for future study or questions that need to be answered concerning the concepts assessed in this work include those creating models to demonstrate the effects of less certain soft-power concepts such as norms in cyberspace. Additionally, although we now have basic conceptualizations of what applying laws of armed conflict to cyberwarfare, what might that look like in practice?

The ever-changing and more importantly ever-expanding nature of cyberspace makes it an incredibly promising area for future inquiry, as well as an area where conclusive responses remain hard to come by.


Arquilla, John, and David F. Ronfeldt. In Athena’s Camp: Preparing for Conflict in the Information Age. Santa Monica, CA: Rand, 1997.

Associated Press. “Disgruntled Gamer ‘Likely’ behind October US Hacking: Expert.”, November 16, 2016, Security. Accessed February 21, 2017.

Blank, Laurie R. “International Law and Cyber Threats from Non-State Actors.” International Law Studies 89 (2013): 406-37.

Burton, Joe. “Cyber Warfare Through Enemy Lines.” The Listener, November 21, 2015, 15-20. Accessed February 21, 2017.

Bussolati, Nicolo. “The Rise of Non-State Actors in Cyberwarfare.” In Cyber War: Law and Ethics for Virtual Conflicts, edited by Jens  David Ohlin, Kevin Govern, and Claire Oakes Finkelstein, 102-26. Oxford: Oxford University Press, 2015.

Carr, Jeffrey. Inside Cyber Warfare. 2nd ed. Beijing: O’Reilly, 2012.

Clarke, Richard A., and Robert K. Knake. Cyber War: The Next Threat to National Security and What to Do about It. New York: Ecco, 2012.

Hilvert, John. “Cyber Warfare Lays Ground for Non-State Actors.” iTNews (Australia), September 14, 2011. Accessed February 21, 2017.

Kaplan, Fred M. Dark Territory: The Secret History of Cyber War. New York: Simon & Schuster, 2016.

Kramer, Franklin D., Stuart H. Starr, and Larry Wentz. Cyberpower and National Security. Dulles: Potomac Books, 2009.

Lawson, Sean, and Robert W. Gehl. “Convergence Security: Cyber-Surveillance and the Biopolitical Production of Security.” Paper presented at Cyber-surveillance in Everyday Life: An International Workshop, University of Toronto, May 13, 2011. Accessed May 5, 2017.

Libicki, Martin C. Crisis and Escalation in Cyberspace. Santa Monica, CA: RAND, Project Air Force, 2012.

———. Cyberdeterrence and Cyberwar. Santa Monica, CA: RAND, 2009.

Ophardt, Jonathan A. “Cyber Warfare and the Crime of Aggression: The Need for Individual Accountability on Tomorrow’s Battlefield.” Duke Law and Technology Review 9 (2010). Accessed May 5, 2017.

Osula, Anna-Maria, and Henry Rõigas, eds. International Cyber Norms: Legal, Policy and Industry Perspectives. Tallinn, Estonia: NATO Cooperative Cyber Defence Centre of Excellence, 2016. Accessed May 5, 2017.

Rattray, Gregory J., and Jason Healey. Non-State Actors and Cyber Conflict. Washington, D.C.: Center for a New American Security, 2011.

Saxon, Dan. “Violations of International Humanitarian Law by Non-State Actors during Cyberwarfare: Challenges for Investigations and Prosecutions.” Journal of Conflict and Security Law 21, no. 3 (2016): 555-74. Accessed May 5, 2017. doi:10.1093/jcsl/krw018.

Sigholm, Johan. “Non-State Actors in Cyberspace Operations.” Journal of Military Studies 4, no. 1 (April 14, 2013). Accessed February 21, 2017.

Singer, Peter W., and Allan Friedman. Cybersecurity and Cyberwar: What Everyone Needs to Know. New York ; Oxford: Oxford University Press, 2014. PDF.

Valeriano, Brandon, and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in the International System. New York: Oxford University Press, 2015.

Wilhelmsen, Vivi Cathrine Ringnes. “Soft War in Cyber Space: How Syrian Non-state Actors Use Hacking to Influence the Conflict’s Battle of Narratives.” Master’s thesis, University of Oslo, 2014.


[1] John Arquilla and David F. Ronfeldt, In Athena’s Camp: Preparing for Conflict in the Information Age (Santa Monica, CA: Rand, 1997), 27.

[2] Jonathan A. Ophardt, “Cyber Warfare and the Crime of Aggression: The Need for Individual Accountability on Tomorrow’s Battlefield,” Duke Law and Technology Review 9 (2010): 2, accessed May 5, 2017,

[3] Johan Sigholm, “Non-State Actors in Cyberspace Operations,” Journal of Military Studies 4, no. 1 (April 14, 2013): accessed February 21, 2017,

[4] Ibid., 6.

[5] Ibid.

[6] Ibid.

[7] Ibid.

[8] Nicolo Bussolati, “The Rise of Non-State Actors in Cyberwarfare,” in Cyber War: Law and Ethics for Virtual Conflicts, ed. Jens David Ohlin, Kevin Govern, and Claire Oakes Finkelstein (Oxford: Oxford University Press, 2015), 5.

[9] Arquilla and Ronfeldt, In Athena’s, 287.

[10] Bussolati, “The Rise,” 1.

[11] John Hilvert, “Cyber Warfare Lays Ground for Non-State Actors,” iTNews (Australia), September 14, 2011, accessed February 21, 2017,

[12] Arquilla and Ronfeldt, In Athena’s, 357.

[13] Bussolati, “The Rise,” 2.

[14] Gregory J. Rattray and Jason Healey, Non-State Actors and Cyber Conflict (Washington, D.C.: Center for a New American Security, 2011), 68.

[15] Ophardt, “Cyber Warfare,” 5.

[16] Bussolati, “The Rise,” 8.

[17] Arquilla and Ronfeldt, In Athena’s, 408.

[18] Associated Press, “Disgruntled Gamer ‘Likely’ behind October US Hacking: Expert,”, November 16, 2016, Security, accessed February 21, 2017,

[19] Ibid.

[20] Rattray and Healey, Non-State Actors, 68.

[21] Bussolati, “The Rise,” 16.

[22] Arquilla and Ronfeldt, In Athena’s, 328.

[23] Ibid., 329.

[24] Sigholm, “Non-State Actors,” 24.

[25] Rattrayand Healey, Non-State Actors, 68.

[26] Arquilla and Ronfeldt, In Athena’s, 280.

[27] Ophardt, “Cyber Warfare,” 5.

[28] Franklin D. Kramer, Stuart H. Starr, and Larry Wentz, Cyberpower and National Security (Dulles: Potomac Books, 2009), 327.

[29] Ibid., 333.

[30] Ibid., 338.

[31] Arquilla and Ronfeldt, In Athena’s, 227.

[32] Martin C. Libicki, Cyberdeterrence and Cyberwar (Santa Monica, CA: RAND, 2009), 184.

[33] Ibid., 197.

[34] Ibid.

[35] Ibid., 183.

[36] Kramer, Starr, and Wentz, Cyberpower and National, 265.

[37] Ibid., 9.

[38] Ophardt, “Cyber Warfare,” 2.

[39] Ibid., 13.

[40] Ibid., 20.

[41] Ibid., 22.

[42] Ibid, 25.

[43] Ibid.

[44] Dan Saxon, “Violations of International Humanitarian Law by Non-State Actors during Cyberwarfare: Challenges for Investigations and Prosecutions,” Journal of Conflict and Security Law 21, no. 3 (2016): accessed May 5, 2017, doi:10.1093/jcsl/krw018.

[45] Fred M. Kaplan, Dark Territory: The Secret History of Cyber War (New York: Simon & Schuster, 2016), 237.

[46] Martin C. Libicki, Crisis and Escalation in Cyberspace (Santa Monica, CA: RAND, Project Air Force, 2012), 19.

[47] Ibid., 28.

[48] Ibid., 20.

[49] Ibid., 28.

[50] Ibid., 25.

[51] Ibid.

[52] Ibid.

[53] Anna-Maria Osula and Henry Rõigas, eds., International Cyber Norms: Legal, Policy and Industry Perspectives (Tallinn, Estonia: NATO Cooperative Cyber Defence Centre of Excellence, 2016), 87, accessed May 5, 2017,

[54] Ibid., 88.

[55] Rattray and Healey, Non-State Actors, 83.

[56] Jeffrey Carr, Inside Cyber Warfare, 2nd ed. (Beijing: O’Reilly, 2012), 193.

[57] Arquilla and Ronfeldt, In Athena’s, 231.

[58] Carr, Inside Cyber, 201.

[59] Ibid.

[60] Ibid.

[61] Sean Lawson and Robert W. Gehl, “Convergence Security: Cyber-Surveillance and the Biopolitical Production of Security” (Presented at Cyber-Surveillance in Everyday Life: An International Workshop, 2011), accessed May 5.

[62] Sigholm, “Non-State Actors,” 31.

[63] Sigholm, “Non-State Actors,” 31.

[64] Ibid.