The Cybersecurity Dilemma
: Network Intrusions, Trust, and Fear in the International System

Student thesis: Doctoral ThesisDoctor of Philosophy


Why do nations break into one another’s most important computer networks? From the headlines, there is an obvious answer: to steal valuable information or to attack. In short, nations who break in are playing offense.

But this isn’t the full story. This thesis examines the question more deeply. It shows that, for states, intruding into other countries’ networks has enormous defensive value as well. Drawing on real-world cases, it demonstrates that breaches aren’t always as much about harming the other side as they are about trying to guard against potential incoming attacks. Two states, neither of which seeks to harm the other but neither of which trusts the other, will often find it prudent to intrude into each other’s networks. In the mindset of each country’s policymakers, these intrusions can sometimes be the final piece of the defensive puzzle. When both states act this way, however, it can lead to mutually-unwanted conflict, as one side will wrongly interpret the other’s defensive- minded intrusion to instead be an act of aggression. This general problem, in which a nation’s process of securing itself risks threatening others and unintentionally escalating tension, is a bedrock concept in international relations. Known as ‘The Security Dilemma’, it is an idea that long pre-dates cyber operations.

In light of this research question, this thesis argues that not only does the security dilemma apply to cyber operations, but that the particular characteristics of the digital domain mean that the effects are deeply pronounced. The thesis first shows that nations have great incentive to break into the networks of others, for both offensive and defensive reasons, and that it is enormously difficult to determine the true intentions of an intruder. Next, the thesis shows the ways in which the traditional solutions to the security dilemma, which have reached near-canon status in some schools of international relations, fail to translate to cybersecurity. Strongly-held asssumptions falter when applied to computer code. In so doing, this thesis provides a long-overdue update to the security dilemma literature. Lastly, the thesis presents the real-world evidence and trends indicating that the problem is only going to get more serious, before the text closes with suggestions on partial solutions.
Date of Award1 Aug 2016
Original languageEnglish
Awarding Institution
  • King's College London
SupervisorThomas Rid (Supervisor)

Cite this