Research paper on the topic Cyber warfare and its implications

Title Page (Not part of the minimum 10 page requirement)

● Abstract (quick overview in your own words of the entire content of your paper,

Don't use plagiarized sources. Get Your Custom Essay on

Just from $13/Page

Order Essay

limited to 200-350 words)

● Introduction (1-2 pages, relevance of cyber warfare for the U.S, example, possible

scenarios_

● Literature Review (2-4 pages, describes the research papers that you find in

reference to the topic of cyber warfare, emerging technologies that can be used,

the impact of cyber warfare)

● Discussion (2-3 pages) – (Your perspective on the topic of cyber warfare,

implications for the U.S, critical perspectives and/or recommendations)

● Conclusion (1-2 paragraphs, This provides a final summary of your research

paper)

● Bibliography in APA format

The

ITS 834 Emerging Threats and Countermeasures

Total points – 100

Midterm Research Paper- The paper is due on end of day Sunday March 29, 2020

Write a research paper on the topic

Cyber warfare and its implications for the United States

Your research paper should be minimally 10 pages (double spaced, Font – Georgia with

font size 12). The research paper needs to refer to the following source

❑ Kostyuk, N., and Zhukov., M., Y. (2019). Invisible Digital Front: Can Cyber

Attacks Shape Battlefield Events? Journal of Conflict Resolution, 63(2)., 317-347.

(pfd version of paper is uploaded to module 4 in d2l).

❑ In addition you need to have at least 5 peer reviewed journal/book references

The research needs to minimally discuss the following

❑ The relevance of cyber warfare for the United States

❑ What are some examples of possible cyber warfare scenarios where critical

infrastructure could be affected

❑ Emerging technologies that can be used for cyber warfare

❑ What does Kostyuk and Zhukov (2019) address mainly in their paper? Do you

agree with Kostyuk and Zhukov (2019) that cyber-attacks are ineffective as a tool

of coercion in war? Ensure to explain why or why not.

❑ Future implications of cyber warfare for the United States

The bibliography should be included as a separate page and is not part of the 10 page

requirement. Student assignments will be run through Safe Assignment. Please ensure

to check the safe assignment result prior to submitting.

You will have the chance to submit your assignment up to two times. So

please submit earlier than the due date so you can check your safe assign

score. You need to check your safe assign report to ensure there is no

instance of academic integrity violations.

Please refer to this link for information on the academic integrity policy at

the university https://cumberland.smartcatalogiq.com/en/2017-2018/2017-2018-Undergraduate-
Catalog/Academic-Affairs/Academic-Integrity-Policy

https://cumberland.smartcatalogiq.com/en/2017-2018/2017-2018-Undergraduate-Catalog/Academic-Affairs/Academic-Integrity-Policy

Please ensure to review the policy. If there are instances of academic

integrity policy violations in your paper, you will not receive a grade for the

assignment and will be referred to the department.

Please note the following consequences for instances of academic integrity

violations

1. First Offense – 0 for the assignment

2. Second Offense – 0 for the course

3. Third Offense – Dismissal from the University

The university of Cumberland library can be assessed at

https://www.ucumberlands.edu/library

The research paper should include the following components.

● Title Page (Not part of the minimum 10 page requirement)

● Abstract (quick overview in your own words of the entire content of your paper,

limited to 200-350 words)

● Introduction (1-2 pages, relevance of cyber warfare for the U.S, example, possible

scenarios_

● Literature Review (2-4 pages, describes the research papers that you find in

reference to the topic of cyber warfare, emerging technologies that can be used,

the impact of cyber warfare)

● Discussion (2-3 pages) – (Your perspective on the topic of cyber warfare,

implications for the U.S, critical perspectives and/or recommendations)

● Conclusion (1-2 paragraphs, This provides a final summary of your research

paper)

● Bibliography in APA format

The following rubric will be used to grade your assessment

Evaluation Parameters Percentag
e Weight

Did the student respond to the research topic

Did the student conduct sufficient literature review of the topic 20

Did the student provide relevant examples to support viewpoints 20

https://www.ucumberlands.edu/library

Did the student meet the content requirements of the assignment and

discuss the key points identified in the question

Did the student provide a critical perspective on the topic

Did the student create a professional, well-developed report with proper

grammar, spelling, punctuation and APA formatting

Total 100%

Please refer to the following for APA guidelines

https://owl.purdue.edu/owl/research_and_citation/apa_style/apa_formatting_and_st

yle_guide/general_format.html

https://owl.purdue.edu/owl/research_and_citation/apa_style/apa_formatting_and_style_guide/general_format.html

Articl

Invisible Digital Front:
Can Cyber Attacks Shape
Battlefield Events?

Nadiya Kostyuk

, and Yuri M. Zhukov

Abstract
Recent years have seen growing concern over the use of cyber attacks in wartime,
but little evidence that these new tools of coercion can change battlefield events.
We present the first quantitative analysis of the relationship between cyber activities
and physical violence during war. Using new event data from the armed conflict i

Ukraine—and additional data from Syria’s civil war—we analyze the dynamics of
cyber attacks and find that such activities have had little or no impact on fighting. In
Ukraine—one of the first armed conflicts where both sides deployed such tools
extensively—cyber activities failed to compel discernible changes in battlefield
behavior. Indeed, hackers on both sides have had difficulty responding to battlefield
events, much less shaping them. An analysis of conflict dynamics in Syria produces
similar results: the timing of cyber actions is independent of fighting on the ground.
Our finding—that cyber attacks are not (yet) effective as tools of coercion in war

—

has potentially significant implications for other armed conflicts with a digital front.

Keywords
compellence, coercion, physical violence, conflict, cyber attacks

On December 23, 2015, hackers attacked Ukraine’s power grid, disabling control

systems used to coordinate remote electrical substations, and leaving people in the

capital and western part of the country without power for several hours. The Security

1Department of Political Science, University of Michigan, Ann Arbor, MI, USA

Corresponding Author:

Nadiya Kostyuk, Department of Political Science, University of Michigan, 505 S State Street, Ann Arbor,

MI 48109, USA.

Email: nadiya@umich.edu

Journal of Conflict Resolution
2019, Vol. 63(2) 317-347

ª The Author(s) 2017
Article reuse guidelines:

sagepub.com/journals-permissions
DOI: 10.1177/0022002717737138

journals.sagepub.com/home/jcr

https://sagepub.com/journals-permissions

https://doi.org/10.1177/0022002717737138

http://journals.sagepub.com/home/jcr

http://crossmark.crossref.org/dialog/?doi=10.1177%2F0022002717737138&domain=pdf&date_stamp=2017-11-10

Service of Ukraine (SBU) blamed the Russian government for the cyber attack, an

accusation that later found support in malware analysis by a private computer

security firm. The Ukrainian hack was the first publicly acknowledged case of a

cyber attack successfully causing a power outage. It is also just one of thousands of

cyber activities, mostly diffuse and low level, that have occurred alongside physical

fighting in Ukraine. Attacks launched through the digital realm are playing an

increasingly visible role in civil and interstate conflict—in Ukraine, Syria, Israel,

Estonia, Georgia, and beyond. Yet it remains unknown whether such activities have

a real coercive impact on the battlefield.
1

Recent years have seen growing concern over the coercive potential of cyber

capabilities in war, but little evidence that these new tools are yet making a differ-

ence. Theoretically, most research has focused on the consequences of cyber attacks

for peacetime deterrence rather than wartime compellence (Libicki 2009; Sharma

2010; Andres 2012).
2

Yet the logic of coercion entails distinct challenges in peace

and war, with potentially different implications for the cyber domain. Empirically,

the literature has relied more on qualitative case studies than quantitative data. The

few data sets that do exist (Valeriano and Maness 2014) privilege massive cyber

catastrophes over less sophisticated low-intensity attacks, like distributed denial of

service (DDoS). The latter category, however, is far more common.

This article asks whether cyber attacks can compel short-term changes in battle-

field behavior, using new event data on cyber and kinetic operations from armed

conflicts in Ukraine and Syria. We use the Ukrainian conflict as our primary test case

due to the extensive and sophisticated use of cyber attacks by both sides (Geers

2015), and—uniquely—overt claims of responsibility, public damage assessments,

and other releases of information that reduce uncertainty over timing and attribution.

Since 2014, Ukraine has turned into “a training playground for research and devel-

opment of novel attack techniques” (Zetter 2017). If cyber attacks can yet make a

difference on the battlefield, Ukraine is one a few cases where we are most likely to

observe such an effect. Our data include 1,841 unique cyber attacks and 26,289

kinetic operations by government and prorebel forces between 2014 and 2016. We

supplement this quantitative analysis with fourteen primary source interviews with

participants in the cyber campaign as well as Ukrainian, Russian, and Western cyber

security experts with direct knowledge of these

operations.

To evaluate the generalizability of the Ukrainian experience to other conflicts, we

replicate our results with data from Syria’s civil war. Like Ukraine, Syria has seen

the extensive use of low-level cyber attacks by factions fighting for and against the

incumbent regime. Because this war has gone on significantly longer than the

conflict in Ukraine—giving hackers more time to organize and develop their cap-

abilities—Syria offers a glimpse at cyber activities in a more protracted, higher

intensity context. If we uncover similar patterns in two conflicts of such different

scale and complexity, we can have greater confidence that our results are not arti-

facts of a single idiosyncratic case. Our data include 682 cyber attacks and 9,282 acts

of violence by pro- and anti-Assad forces between 2011 and 2016.

318 Journal of Conflict Resolution 63(2)

Evidence from both conflicts suggests that cyber attacks have not created forms

of harm and coercion that visibly affect their targets’ actions. Short of mounting

synchronized, coordinated cyber campaigns, each group of hackers has seemed to

operate in its own “bubble,” disengaged from unfolding events in both cyberspace

and the physical world. The lack of discernible reciprocity between cyber and kinetic

operations—and between the cyber actors themselves—questions whether cyber

attacks can (yet) be successfully deployed in support of military operations.

This disconnect may be temporary, as joint planning and execution concepts

continue to evolve. Many countries, for instance, still struggle in coordinating air-

power for ground combat support, a century after World War I. Our study highlights

some of the difficulties that countries will need to overcome in integrating and

synchronizing these new capabilities.

Our contribution is fourfold. We offer the first disaggregated analysis of cyber

activities in war and take stock of the empirical relationship between the cyber and

kinetic dimensions of modern battle. To do so, we collect the first microlevel data on

wartime cyber attacks, using both open media sources and anonymous attack traffic

data. Theoretically, our analysis addresses an important question on the coercive

impact of low-level cyber attacks, advancing a literature that has been heavy on

deductive argumentation, but light on evidence. Finally, from a policy standpoint,

our findings should temper the popular tendency to overhype the transformative

potential of cyber attacks. At present, interaction between cyber and kinetic opera-

tions is similar to that between airpower and ground operations in World War I—

when armies began to use aircraft for reconnaissance but had not realized their full

potential to shape battlefield outcomes.

Varieties of Cyber Activity

The term “cyber activities” captures a diverse assortment of tactics and procedures,

directed against different types of targets, in pursuit of disparate objectives. Not all

of these activities seek to achieve battlefield effects in the same way. Before pro-

ceeding further, we differentiate between two broad goals these actions tend to

pursue: propaganda and disruption.
3

Cyber activities in the propaganda category seek to influence public opinion

and indirectly undermine an opponent’s financing or recruitment. Operations in

this group include leaks of compromising private information, online publication

of partisan content (e.g., “trolling” on comments pages), and the establishment of

dedicated websites and forums to promote an armed group’s message. Unless it

openly incites or discourages violence, propaganda affects kinetic operations only

indirectly by undermining an opponent’s support base or obfuscating perceptions

of events.

In the Ukrainian conflict, the importance of both groups attach to online propa-

ganda is evident from the time and resources pro-Kyiv fighters spend updating

Wikipedia, and pro-Russia groups devote to creating and running dedicated

Kostyuk and Zhukov 319

YouTube channels and social media accounts. Russian military doctrine places a

heavy emphasis on the strategic use of information in warfare, as does US cyber-

space joint planning doctrine.

The second category of cyber attacks—disruption—seeks to directly sabotage

opponents’ ability to operate in the physical or electronic realm. These mostly low-

intensity activities include denial of service attacks, which make targeted resources

unavailable through a flood of requests from a single source, and DDoS attacks,

where requests originate from multiple compromised systems. Related efforts

include inundating communications systems with floods of text messages or phone

calls and using fire walls and proxies to block access to websites. At the extreme end

of the scale is the use of malicious code to inflict physical damage or otherwise

compromise infrastructure and military objects. Examples include interception of

drones, communications and surveillance systems, control of Wi-Fi access points,

and collection of protected information via phishing.

The most sophisticated known attack of this type is the Stuxnet worm,

which—before its discovery in 2010—targeted industrial control systems critical

to uranium enrichment in Iran. In Ukraine, notable disruptive activities have

included attacks on the Central Election Committee’s website during the 2014

presidential elections and attacks on the country’s power grid in 2015 and 2016.

Other examples include the use of malware to collect operational intelligence,

like X-Agent, which retrieved locational data from mobile devices used by Ukrai-

nian artillery troops, and the hacking of closed-circuit television (CCTV) cameras

behind enemy lines.

Propaganda and disruption are not mutually exclusive, and many cyber activities

serve both purposes—shaping public opinion through disruption or disrupting an

opponent’s operations by shaping public opinion. For example, altering the visual

appearance of websites can have the dual effect of embarrassing the target and

limiting its ability to communicate. Leaks of private information also have dual

implications for targets’ public image and physical security.

Recent examples of hybrid activities include the defacement of US Central

Command’s Twitter and Facebook pages by the Islamic State’s (IS) Cyber Caliphate

and operations by US Cyber Command against IS beginning in April 2016. In

Ukraine, the pro-rebel group CyberBerkut (CB) has leaked private communications

from senior United States, European Union, and Ukrainian officials and disclosed

identities of pro-Kyiv field commanders—simultaneously creating a media scandal

and forcing targets to commit more resources to personal security. Similarly, the

pro-Kyiv website Myrotvorets’ published names and addresses of suspected “rebel

sympathizers”—information that allegedly facilitated several assassinations

(Il’chenko 2016).

In the following, we limit the scope of our inquiry to cyber actions that are either

purely disruptive (e.g., DDoS-style attacks) or are hybrids of the two approaches

(e.g., web defacements). We do so for two reasons. First, most purely propagandistic

operations, like comment-board trolling, do not aspire to influence the course of

320 Journal of Conflict Resolution 63(2)

military operations in the short term. Second, it is hard to separate the disruptive and

propaganda effects of hybrid cyber activities because they depend on each other.

Cyber Coercion in Wartime

Over the last two decades, cyber attacks have become an increasingly common tool

of coercion, used by state and nonstate actors, independently and jointly with phys-

ical, kinetic operations. Like other instruments of coercion, cyber actions inflict

costs on a target to compel a change in its behavior—either by punishing past

misdeeds or by putting pressure on decision makers in real time.

The role of cyber compellence in wartime is not unlike that of airpower or

terrorism (Pape 2003, 2014). Cyber attacks cannot take or hold territory on their

own, but they can support operations on the ground by disrupting opponents’ com-

mand and control, collecting operational intelligence, and creating opportunities for

conventional forces to exploit. If combatants use the Internet for coordination,

recruitment, or training, low-level cyber disruption may prevent them from running

these vital functions smoothly.
4

Alternatively, cyber attacks can indirectly pressure

an opponent by targeting civilian economy and infrastructure, similarly to strategic

bombing. Yet unlike airpower, an operational cyber capability is relatively inexpen-

sive to develop. It does not require new massive infrastructure, and many activities

can be delegated to third parties (Ottis 2010). Unlike terrorism, the individual

attacker is rarely at risk of direct physical harm.

Despite the apparent promise of these “weapons of the future” (Schmitt 1999;

Rios 2009; Clarke and Knake 2010; McGraw 2013; Eun and Aßmann 2014), some

scholars are skeptical that low-level cyber attacks can be an effective tool of coer-

cion (Liff 2012; Rid 2012; Gartzke 2013; Junio 2013). There is little doubt that large

numbers of low-level attacks can cumulatively produce large-scale damage, bring-

ing “death by a thousand cuts” (Lemay, Fernandeza, and Knight 2010). Yet suc-

cessful coercion also requires punishment to be both anticipated and avoidable

(Schelling 1966), and these criteria can be difficult to meet in cyberspace.

Cyber attacks can be challenging for targets to anticipate because attackers face

strong incentives to mount surprise “zero-day” exploits, before targets recognize and

patch their vulnerabilities (Axelrod and Iliev 2014).
5

Since the destructiveness of

malicious code depreciates quickly after first use, cyber attacks are often most

damaging when they are least anticipated.

Targets also have many reasons to doubt that cyber attacks are avoidable by

accommodation. For the attacker, cyber actions present a trade-off between plausi-

ble deniability—which helps prevent retaliation—and the credibility of coercive

promises and threats.
6

Any uncertainty over the source of an attack will also create

uncertainty over the nature of compliance—what sort of actions will prevent future

attacks and by whom.

Beyond attribution uncertainty, cyber attacks may not generate sufficient costs to

elicit compliance from. Because administrators can quickly fix or contain many

Kostyuk and Zhukov 321

exploited vulnerabilities, even successful attacks cause only temporary disruption

(Axelrod and Iliev 2014). Unless the attacker continues to develop new methods and

identify new vulnerabilities, a protracted campaign may quickly lose its coercive

impact. As a result, targets may see compliance as insufficient and unnecessary to

stop the damage (Hare 2012; Lynn 2010; Nye 2010).

Force synchronization challenges may also render the timing of cyber attacks

suboptimal for compellence. Hackers—especially those not integrated with military

forces—may not observe battlefield events on a tactically relevant time line. Even if

they did, the lead time required to plan and implement a successful attack—studying

the target system, collecting intelligence on its vulnerabilities, and writing code that

exploits them—can make these efforts difficult to synchronize with conventional

operations.

These challenges are not insurmountable. Lead time is a greater barrier for high-

level attacks (e.g., targeting major infrastructure) than for more routine, DDoS-style

attacks. Force synchronization difficulties are also not unique to the cyber domain

and are well established in research on terrorism and airpower (Atran 2003; Pape

2003, 2014). The ability of contemporary hackers to overcome these difficulties,

however, remains unknown.

Previous Research

The question of whether low-level cyber attacks compel has deep implications for

the theory and practice of national security. Yet the public and academic debate on

this topic has unfolded largely in the absence of rigorous empirical evidence in either

direction. Existing political science and policy literature on cybersecurity could be

grouped into three broad areas: the “big picture” of cyber warfare (Cha 2000;

Griniaiev 2004; Libicki 2007, 2011; Czosseck and Geers 2009; Clarke and Knake

2010; Axelrod and Iliev 2014), the overlap between cyber and kinetic capabilities

(Healey 2013; Kello 2013; Libicki 2015; Andress and Winterfeld 2013; Axelrod

2014), and the effect of information and communication technology on conflict

(Martin-Shields 2013; Pierskalla and Hollenbach 2013; Crabtree, Darmofal, and

Kern 2014; Gohdes 2014; Bailard 2015).

Most research in the first category has focused on the implications of cyber

activities for peacetime deterrence or the offense–defense balance rather than war-

time compellence. While the second group focuses more directly on cyber attacks

during conflict, its empirical approach has been mostly qualitative, relying on evi-

dence from descriptive case studies, macrohistorical surveys, and stylized facts.

Some large-n analyses do exist (Valeriano and Maness 2014), but their scope has

remained on large-scale cyber attacks rather than the far more numerous low-

intensity operations we consider here. While the third group does employ the

statistical analysis of disaggregated data, its theoretical scope is distinct from main-

stream literature on cyber attacks—evaluating, for instance, how technology affects

collective action (Weidmann 2015) rather than

military compellence.

322 Journal of Conflict Resolution 63(2)

Our study bridges the gap between these areas of inquiry. Our goal is to assess the

coercive potential of low-level cyber actions during an armed conflict. We pursue

this goal by studying the magnitude and direction of the relationship between cyber

attacks and physical violence, using microlevel data from ongoing conflicts in

Ukraine and Syria.

Empirical Expectations

Cyber attacks by actor A can affect physical violence by B in one of the three ways:

negatively, positively, or not at all. If cyber compellence is successful, we should

expect a short-term decrease in violence after a spike in cyber attacks. A positive

response would suggest failure, where cyber attacks actually escalate violence by the

opponent. If no relationship exists, cyber actions are either ineffective or irrelevant

to fighting in

the physical world.

In addition to compellence across domains, cyber attacks by actor A may impact

cyber attacks by actor B. As before, only a negative relationship would imply

coercive success, while a null or positive response would suggest that these actions

are either ineffective or counterproductive.

Data Analysis

To evaluate whether and how cyber actions affect physical violence in war, we

analyze new micro-level data from Ukraine and Syria. We begin with an in-depth

study of the Ukrainian case, as one of few conflicts where both sides have used cyber

attacks as a means of coercion. Due to the sophistication of hackers on both sides, the

public nature of many attacks, and an abundance of data, the Ukrainian conflict

allows us to observe the short-term coercive impact of cyber attacks.
7

We then use

analogous event data on Syria to evaluate the generalizability of our results. While a

more systematic analysis of cross-national patterns lies beyond the scope of our

article, micro-level evidence from these two conflicts might be suggestive of general

patterns of modern warfare—particularly where combatants with asymmetric cap-

abilities use cyberspace along with traditional tools of war.

In assembling our data, we follow two general guidelines. To address systematic

differences in event reporting cross countries and media outlets (Baum and Zhukov

2015; Davenport and Stam 2006; Woolley 2000), we draw data from multiple open

sources—including press reports and anonymous attack traffic data. To reduce

potential false positives, we include only those events that have been reported by

more than one source.
8

Ukraine Cyber Attacks Data

Our cyber event data on Ukraine include 1,841 unique, mostly low-level, cyber

attacks from August 27, 2013, to February 29, 2016, drawn from two sets of

sources.

Kostyuk and Zhukov 323

First are media reports of cyber attacks from rebel, Russian, Ukrainian, and Western

news outlets, press releases and blogs along with social media platforms used by the

involved nonstate actors.
9

Second is the private cyber security firm Arbor Networks’

Digital Attack Map (DAM; see http://www.digitalattackmap.com/about/). Unlike

media sources—which include only cyber attacks publicly reported by news orga-

nizations or claimed by governments and hacker groups directly—DAM draws on

anonymous attack traffic data and network outage reports to enumerate the top 2

percent of reported attacks that generate unusually high Internet traffic for each

country. Including these “higher-visibility” attacks should make it easier to find a

coercive effect.

We supplemented these data with fourteen primary source interviews with parti-

cipants in the cyber campaign, as well as Russian, Ukrainian, and Western cyber

security experts with direct knowledge of these operations, from the private and

public sectors, academia, and journalism.
10

We conducted all interviews in person or

via e-mail or Skype in the summer and fall 2015 and provide full transcripts in the

Online Appendix (Kostyuk and Zhukov

2017).

We grouped cyber attacks in our data set according to the partisanship of alleged

perpetrators (pro-Ukrainian vs. prorebel) and the type of operation they conducted

(propaganda vs. disruption). Table 1 list all actors conducting cyber activitiess in the

Ukrainian conflict, their targets, and the reported frequency of their activities.

Ukrainian cyber actions include specific attacks by pro-Kyiv hackers like

Anonymous Ukraine and Ukrainian Cyber Forces (UCFs). The latter is the most

active group on the pro-Ukrainian side. In an interview, UCF leader Eugene

Dokukin claimed to have established the nonstate group in March 2014, in

response to Russian cyber attacks. Due to the “secret nature” of the organization,

Dokukin was reluctant to discuss its size but noted that the number of volunteers

fluctuates depending on the state of kinetic operations in eastern Ukraine (Kostyuk

and Zhukov 2017, # 1). Pro-Kyiv hackers’ most common targets are the commu-

nications and finances of rebel units as well as media firms and private companies

in rebel-held areas.

Prorebel cyber actions include specific attacks by proseparatist or pro-Russian

cyber actors, like CB, Cyber Riot Novorossiya, Green Dragon, and the Russian

government. The first of these takes its name from Ukraine’s disbanded Berkut riot

police and claims to fight “neofascism” in Ukraine. Ukrainian and Russian cyber

experts we interviewed offered contradictory assessments on CB’s organizational

structure. One Russian expert said that CB consists of former SBU employees who

lost their jobs after the Euromaidan revolution (Kostyuk and Zhukov 2017, # 12).

Contrarily, Ukrainian interviewees viewed CB either as a virtual group controlled by

the Federal Security Service (FSB) or as a unit within the FSB (Kostyuk and Zhukov

2017, #7 & #8). These groups’ most popular targets include Ukrainian government

officials, media, and private citizens.

We further disaggregated these events into the two categories previously

defined—propaganda or disruption—as well as a third, hybrid, category of incidents

324 Journal of Conflict Resolution 63(2)

http://www.digitalattackmap.com/about/

T
a
b

le
1
.

A
ct

o
rs

an
d

T
ar

ge
ts

(

k
ra

in
e

an
d

S
yr

U
k
ra

in
e

P
ro

-K
yi

v
A

o
r/

ta
rg

e
t

F
re

q
u

e
n

)

P
ro

re
b
e
l

A
ct
o
r/
ta
rg
e
t
F
re

q
u
e
n
cy

(%
)

A
n
o
n
ym

o
u
s

U
k
ra
in
e

A
6

1
)

C
yb

e
rB

e
rk

u
t

A
1

3
4

(7
)

U
k
ra

in
ia

n
C

e
r

F
o
rc

e
s

A
1
,3

9
2

(7
6
)

C
yb
e
r

R
io

t
N

o
vo

ro
ss

iy
a

4
1

(2
)

U
k
ra
in
ia

n
go

e
rn

m
e
n
ta

u
n
it
s

an
d

o
ff
ic

ia
ls

A
/T

3
(<

1
)/

3
2
6

(

1
8

)

G
re

e
n

D
ra

go
n

A
1

(< 1 )

U
k
ra
in
ia

n
ar

m
y

u
n
it
s

T
1

(< 1 )

Q
u

e
d

h
A

1
(<

1
)

W
e
st

e
rn

go
ve

n
m

e
n
ts

an
d

o
rg

an
iz

at
io

n
s

T
1
5

(1
)

C
ri

m
e
an

go
ve
rn
m

e
n
t

o
ff
ic
ia
ls

T
6

(< 1 ) W e st e rn

n
o
n
-s

ta
te

ac
to

rs
T

7
(<

1
)

R
u
ss

ia
n

ar
m

y
u
n
it
s

A
/T
1
(< 1 )/

1
4

(1
)

N
o
n
-s

ta
te

su
p
p
o
rt

e
rs

T
9
1

(5
)

N
o
n
-s
ta
te
su
p
p
o
rt
e
rs

T
4
4
4

(2
4
)

R
e
b
e
l
gr

o
u
p
s

A
/T

2
(<

1
)/

9
2
6

(5
0
)

R
u
ss
ia
n

st
at

e
u
n
it
s

an
d
go
ve
rn
m
e
n
t
o
ff
ic
ia
ls
A
/T
2
(< 1 )/ 1 4 (1 ) R u ss ia n st at

–
sp

o
n
so

re
d

gr
o
u
p
s

A
2
3
7

(

1
3

)

T
o
ta

1
,8

4
1

(

1
0

0
)

1
,8
4
1

(1
0
0
)

S
yr
ia

A
n
ti
-A

ss
ad

A
ct
o
r/
ta
rg
e
t
F
re
q
u
e
n
cy
(%
)
P
ro

-A
ss

ad
F
re

q
u
e
n
cy
(%
)
A
ct
o
r/
ta
rg
e
t
A
n
o
n
ym

o
u
s/

an
o
n
ym

o
u
s-

sp
o
n
so

re
d
u
n
it
s

A
9
3

(1
4
)

IS
IL

/I
S
IL

–
sp
o
n
so
re
d
u
n
it
s

5
4

(8
)

A
n
ti
-A
ss
ad
n
o
n
-s
ta
te
ac
to

rs
A

/T
2
9
7

(4
4
)/

1
8

(3
)

R
u
ss
ia
n
go
ve
rn
m
e
n
t
u
n
it
s

A
3

(< 1 )

Ja
b
h
at

al
-N

u
sr

a–
sp

o
n
so
re
d
u
n
it
s
A
1
(< 1 ) S yr ia n go ve rn m e n t u n it s an d o ff ic ia ls A /T 2 (< 1 )/

2
7
2

(

4
0

)

K
u
rd

is
h

n
o
n
-s
ta
te

o
p
p
o
si

ti
o
n

A
1
1

(< 2 )

S
yr
ia
n
st
at

e
–
sp

o
n
so
re
d
u
n
it
s
A
/T

1
0
2

(1
5
)/

2
(< 1 ) F re

e
S
yr

ia
n

A
rm

y
T

1
(< 1 ) P ro -A ss

ad
n
o
n
-s

ta
te
ac
to
rs
T

1
7

(2
6
)

P
ro

-I
S
IL

so
ci

al
m

e
d
ia

an
d

e
b
si

te
s

T
1
4
0

(2
1
)

T
o
ta

6
8
2

(1
0
0
)
6
8
2
(1
0
0
)

N
o
te

:
IS

IL
¼

T
h
e

Is
la

m
ic

S
ta

o
f

aq
an

d
th

e
L
e
va

n
t.

325

that potentially serve both purposes. The most common cyber actions in Ukraine

have been DDoS-style attacks, followed by hacks of CCTV cameras and other

communications. Website blockages have also proven popular, as have spear-

phishing e-mails targeting specific individuals. Table 2 provides a full breakdown.

To reduce false positives due to unconfirmed reports or dubious claims of respon-

sibility, we only include attacks reported by more than one source. To account for

uncertainty of attribution, we marked as “disputed” all cases where no one claimed

responsibility and labeled as “nondisputed” those operations for which actors

directly claimed responsibility in press releases, on social media, or in interviews.
11

To focus on daily dynamics, we excluded activities whose intensity did not vary over

time.
12

Figure 1a depicts the temporal dynamics of pro-Ukrainian (Cyber U) and

pro-Russian rebel (Cyber R) cyber operations.
13

In early March 2014, about a

week after the revolution in Kyiv, Figure 1 shows a spike in attacks by CB.

The same month saw the establishment of the pro-Kyiv Ukrainian Cyber

Forces, partly in response to CB’s attacks. However, UCF operations do not

become visible until May 2014, following an influx of volunteers to the group.

May 2014 is also notable for a rise in activities by another pro-Russian cyber

group, Cyber Riot Novorossiya—named after the czarist-era term (“New

Russia”) for territories in southeastern Ukraine. After the first Minsk cease-

fire agreement in September 2014, operations by pro-Ukrainian hackers con-

verge to a steady rate of two to four per day, with occasional flare-ups, as in

December 2014. Activities by pro-Russian hackers, by contrast, declined after

the summer 2014.

Ukraine Violent Events Data

Our data on kinetic operations include 26,289 violent events from Ukraine’s Donbas

region, recorded between February 28, 2014, and February 29, 2016. To offset

reporting biases in any one source, while guarding against potential disruptions in

media coverage due to cyber attacks, these data draw on seventeen Ukrainian,

Russian, rebel, and international sources.
14

As before, we include only events that

appeared in more than one source.

To extract information on dates, locations, participants, and other event details,

we relied on a combination of supervised machine learning (Support Vector

Machine) and dictionary-based coding. The Online Appendix describes our mea-

surement strategy and provides summary statistics.

Figure 1b shows the temporal distribution of pro-Ukrainian (Kinetic U) and pro-

Russian rebel (Kinetic R) physical violence. The plot shows several notable flare-

ups of fighting—during a government offensive in late June 2014 and a rebel

offensive in January 2015—as well as lulls following cease-fire agreements in

September 2014, February 2015, and September 2015. Compared to the cyber

operations in Figure 1, this plot reveals a clear correlation between kinetic operations

326 Journal of Conflict Resolution 63(2)

T
a
b

2
.

T
yp

e
s

o
f
C

yb
e
r

O
p
e
ra

ti
o
n
s

(U
k
ra

in
e
an
d
S
yr

ia
).

P
ro

p
ag

an
d
a

U
k
ra
in
e
(%
)
S
yr

ia
(%

)
D

is
ru

p
ti
o
n

U
k
ra
in
e
(%
)
S
yr
ia
(%

)
B

o
th

U
k
ra
in
e
(%
)
S
yr
ia
(%
)

P
P
I—

p
u
b
lis

h
in

o
n
lin

e
p
ri

va
te

in
fo

m
at

io
n

o
f

th
e

m
e
m

b
e
rs

o
f
th

e
co

n
fl
ic

n
g

p
ar

ti
e
s

4
7

(2
)

5
9

(9
)

A
V
G

—
au

d
io

-,
vi

d
e
o
-,

an
d

ge
o
-i
n
te

lli
ge

n
ce

co
lle

ct
io

4
2
3

(2
3
)

1
(< 1 )

W
D

T
—

w
e
b
si

te
d
e
fa

ce
m

e
n
t

5
1

(3
)

3
8
9

(5
7
)

P
R
M

/P
U

M
—

p
o
st

in
g

p
ro

–
re

b
e
l
an

d
p
ro

–
U

k
ra
in
ia
n
m

e
ss

ag
e
s

o
n
lin
e
5
4

(3
)/

5
(<

1
)

—
C
P
I—

co
lle

ct
in

g
p
ri

va
te
in
fo
rm
at
io
n

vi
a

o
p
e
n

u
rc

e
s
1
3
(< 1 ) 1 0 (< 2 )

U
W

P
—

u
p
d
at

in
g
o
n
lin

e
p
ag

e
s

6
(<

1
)

—
D

D
o

S
—

d
is

tr
ib

u
te

d
d
e
n
ia

l-
o
f-

se
rv

ic
e

at
ta

ck
4
9
9

(2
7
)

7
8

(1
1
)

O
D

S
—
o
th
e
r
at
ta

ck
s

w
it
h

a
p
u
rp

o
se

o
f
d
is

ru
p
ti
o
n

o
r

e
sp

io
n
ag

9
(1

)
1
0

(< 2 )

S
P
E
—

sp
e
ar

-p
h
is

h
in

g
e
-m

ai
l

2
3
4

(1
3
)

1
7

(2
.5

)
S
T
M

—
se

n
d
in

g
m

as
si

ve
te

x
t

m
e
ss

ag
e
s
o
r

ca
lli

n
g

p
h
o
n
e
s

n
o
n
-s

to
p

4
0
(2
)
1
(< 1 )

W
B
G

—
w

e
b
si

te
b
lo

ck
ag

e
2
5
7

(1
4
)

3
7
6

(5
5
)

W
FC

—
ga

in
in

g
co

n
tr

o
l
o
f

W
i-
F
i
ac

ce
ss

p
o
in

ts
an

d
ch

an
gi

n
g

th
e
m

to
th

o
se
o
f
th

e
o
p
p
o
n
e
n
ts

3
1

(< 2 ) — T o ta

l
1
,8

4
1
(1
0
0
)
6
8
2
(1
0
0
)
1
,8
4
1
(1
0
0
)
6
8
2
(1
0
0
)
1
,8
4
1
(1
0
0
)
6
8
2
(1
0
0
)

327

by the two sides, with government and rebel attacks rising and falling in tandem.
15

Although this interdependence is not surprising, the data suggest that—with few

exceptions—physical violence in Ukraine has been a reciprocal affair.

From a brief glance at the timing of cyber and physical operations (Figure 1a

and b), there are relatively few signs of a compellence effect—changes in the

former do not appear to drive changes in the latter. However, a visual compar-

ison can be misleading. Some of the variation may be due to fighting on the

ground or in cyberspace, but other changes may reflect secular trends or shocks

due to elections and other events not directly related to conflict. To account for

these potential confounding factors and to gauge whether there is a stronger

cyber–kinetic relationship than we would expect by chance, we conduct a series

of more rigorous tests.

Figure 1. Cyber and kinetic operations in Ukraine (March 2014–February 2016). U (blue)
indicates operations by Ukrainian government forces; R (red) indicates operations by pro-
Russian rebel groups.

328 Journal of Conflict Resolution 63(2)

Empirical Strategy

To evaluate the relationship between cyber and kinetic operations in Ukraine, we

estimate a series of vector autoregressive models
16

Yt ¼
Xp

BjYt�j þ GXt þ m0 þ m1t þ �t; ð1Þ

where Yt ¼
h
y

KineticðUÞ
t ; y

KineticðRÞ
t ; y

CyberðUÞ
t ; y

CyberðRÞ
t

i0
is a matrix of endogenous

variables, and Xt ¼ ½x1t; . . . ; xkt�
0

is a matrix of k exogenous variables, which

includes indicators for key dates and events during the war, like presidential and

parliamentary electoral campaigns in Ukraine and breakaway territories; cease-fire

agreements; and Ukrainian, Russian, and Soviet holidays. Deterministic components

include a constant term (m0) and trend (m1t). p is the lag order, selected via Bayesian
information criterion, and �t is a vector of serially uncorrelated errors.

We control for Ukrainian, Russian, and Soviet holidays because anecdotal

accounts suggest significant increases in cyber activity during such times. The UCF,

for instance, had an operation called “Happy New Year,” which sought to print pro-

Ukrainian messages from hacked printers in Crimea, Russia, and Donbas. National

election campaigns represent another time when such activities may spike. Before

and during the presidential elections, for instance, hackers bombarded Ukraine’s

Central Electoral Committee website with DDoS attacks. Finally, we may expect

cease-fire agreements aimed at reducing physical violence to also have an effect in

the cyber domain. For example, the cyber espionage operation “Armageddon”—

directed against Ukrainian government websites—intensified before the Minsk I

agreement went into force but then rapidly declined.

Because we are interested in the relationship between cyber attacks and physical

violence during war, we limit our primary analysis to the active phase of military

operations between May 11, 2014, and February 15, 2015—the period following

independence referendums organized by the self-proclaimed Donetsk and Luhansk

People’s Republics and the second Minsk cease-fire agreement. In the Online Appen-

dix, we present additional analyses of the full data set, which produced similar results.

Results

Data from Ukraine support the skeptical view of cyber coercion. The impulse–

response curves in Figure 2 show a strong, escalatory dynamic between kinetic

operations by the two sides (Kinetic U, Kinetic R), but no tangible links in either

direction between kinetic and cyber operations, and no reciprocity between cyber

actions (Cyber U, Cyber R).

Following a standard deviation increase in kinetic rebel attacks, government

violence sees a delayed rise, peaking around two days after the shock and gradually

Kostyuk and Zhukov 329

R
es
po
ns
e:

K
in

et
ic

(U
)

0
5

10
15

20
25

0246

0
5
10
15
20
25
30

0.00.51.01.52.0

0
5
10
15
20
25
30

−0.8−0.40.00.4

0
5
10
15
20
25
30

−1.5

−1.0−0.50.0

0
5
10
15
20
25
30

0.01.02.03.0

0
5
10
15
20
25
30

0123456

0
5
10
15
20
25
30

−0.6−0.20.20.6

0
5
10
15
20
25
30
−1.0−0.50.0
0
5
10
15
20
25
30

−0.2

0.00.10.20.3

0
5
10
15
20
25

30
−0.10.10.3

0
5
10
15
20
25
30
0.01.02.03.0
0
5
10
15
20
25
30

−0.10.00.10.20.3

0
5
10
15
20
25
30

−0.100.000.05

0
5
10
15
20
25
30

−0.050.050.15

0
5
10
15
20
25
30

−0.06−0.020.02

0
5
10
15
20
25
30

0.00.20.4

K
in
et
ic

(R
)

C
yb
er

(U
)
C
yb
er
(R
)

Im
pu
ls
e:

K
in
et
ic
(U
)

K
in
et
ic
(R
)

C
yb
er
(U
)

C
yb
er
(R
)

F
ig

u
r
e

2
.

Im
p
u
ls

e
re

sp
o
n
se

m
at

ri
x
,

d
ai

ly
ti
m

e
se

ri
e
s

(U
k
ra

in
e
).

L
ig

h
t

gr
ay

ar
e
a

re
p
re

se
n
ts

9
5

p
e
rc

e
n
t

co
n
fi
d
e
n
ce

in
te

rv
al

s,
m

e
d
iu

m
gr

ay
9
0

p
e
rc

e
n
t,

d
ar

k
gr

ay
6
8

p
e
rc

e
n
t.

“U
”

in
d
ic

at
e
s

re
p
o
rt

e
d

k
in

e
ti
c

an
d

cy
b
e
r

o
p
e
ra

ti
o
n
s

b
y

p
ro

-U
k
ra

in
ia
n
go

ve
rn

m
e
n
t

fo
rc

e
s,

an
d

“R
”

in
d
ic
at
e
s
o
p
e
ra
ti
o
n
s
b
y
p
ro

-R
u
ss

ia
n

re
b
e
l
fo

rc
e
s.

330

declining back to zero (top row, second column). Rebel operations also rise after

shocks to government operations (second row, first column), but the response here is

immediate, without the delay we observe in government operations. This pattern

may reflect command and control inefficiencies in the Ukrainian army, particularly

early in the conflict, when indecision and leadership turnover lengthened decision

cycles.

The relationship between cyber and kinetic operations is far weaker than that

between rebel and government violence on the ground. Cyber attacks by pro-

Ukrainian forces see no increase after shocks in kinetic government operations, and

a positive, but uncertain increase after shocks in kinetic rebel operations (third row,

first and second columns).

There is even less evidence that cyber attacks drive kinetic operations. The

impulse–response function (IRF) curve for pro-Ukrainian government violence is,

in fact, negative after shocks to rebel cyber operations (top row, two rightmost

columns). Although this negative response might otherwise suggest that cyber

attacks compel a decline in violence—consistent with coercive success—the esti-

mate is also highly uncertain. Following shocks to pro-Ukrainian cyber activities,

meanwhile, the main change in rebel kinetic operations is a short-term increase in

volatility (second row, third column). In sum, the data suggest that cyber attacks may

make violence less predictable but do not systematically change its intensity.

Perhaps most surprisingly, there is little or no apparent strategic interaction

between “cyber-warriors” on each side of the conflict. A shock in pro-Ukrainian

cyber attacks yields no discernible change in pro-rebel cyber attacks (bottom row,

third column) and vice versa (third row, fourth column). The two cyber campaigns,

the data suggest, have unfolded independently of each other and independently of

events on the ground.

As the diagonal elements in Figure 2 suggest, there is strong autocorrelation in

each series. For each of the four categories, past shocks in operations yield a sig-

nificant spike in subsequent operations. To evaluate whether the other categories of

events can help us predict future values of each series, after we take this autocorre-

lation into account, Table 3 reports the results of Granger causality tests. The tests

confirm that past levels of prorebel and pro-Kyiv kinetic operations help predict

each other’s future values. Kinetic operations, however, do not appear to “Granger

cause”—or be “Granger caused” by—cyber attacks on either side.

Table 4 reports the forecasting error variance decomposition, representing the

proportion of variation in each series (rows) due to shocks in each endogenous

variable (columns). For most variables, their own time-series account for almost

all variation at the outset, but this dependency gradually decreases. As before,

there is far more dependence within kinetic operations than between kinetic and

cyber or within cyber actions. By the thirty-day point in the daily time series,

shocks in rebel attacks account for 7 percent of variation in Ukrainian government

operations, while shocks in government operations explain 12 percent of variation

in rebel violence.

Kostyuk and Zhukov 331

Table 4. Variance Decomposition, Daily Time Series (Ukraine).

Operation type Kinetic (U) Kinetic (R) Cyber (U) Cyber (R)

Kinetic (U)
1 Day 1.000 .000 .000 .000
2 Days 0.920 .060 .002 .018
7 Days 0.906 .071 .002 .020
30 Days 0.906 .071 .002 .020

Kinetic (R)
1 Day 0.108 .892 .000 .000
2 Days 0.121 .873 .000 .006
7 Days 0.122 .870 .000 .008
30 Days 0.122 .870 .000 .008

Cyber (U)
1 Day 0.000 .002 .998 .000
2 Days 0.000 .002 .997 .000
7 Days 0.000 .003 .997 .000
30 Days 0.000 .003 .997 .000

Cyber (R)
1 Day 0.012 .023 .000 .964
2 Days 0.014 .023 .001 .962
7 Days 0.015 .023 .001 .961
30 Days 0.015 .023 .001 .961

Note: “U” indicates kinetic and cyber operations by pro-Ukrainian government forces, and “R” indicates
operations by pro-Russian rebel forces.

Table 3. Granger Causality Test, Daily Time Series (Ukraine).

Effects F statistic p value

Kinetic (R) ! Kinetic (U) 40.26 .00
Cyber (U) ! Kinetic (U) 0.50 .48
Cyber (R) ! Kinetic (U) 0.09 .76
Kinetic (U) ! Kinetic (R) 12.29 .00
Cyber (U) ! Kinetic (R) 1.44 .23
Cyber (R) ! Kinetic (R) 2.70 .10
Kinetic (U) ! Cyber (U) 1.40 .24
Kinetic (R) ! Cyber (U) 1.88 .17
Cyber (R) ! Cyber (U) 0.00 .95
Kinetic (U) ! Cyber (R) 1.74 .19
Kinetic (R) ! Cyber (R) 0.14 .71
Cyber (U) ! Cyber (R) 0.89 .35

Note: “U” indicates reported kinetic and cyber operations by Pro-Ukrainian government forces, and “R”
indicates operations by Pro-Russian rebel forces.

332 Journal of Conflict Resolution 63(2)

By contrast, shocks to cyber activities account for very little variation in kinetic

operations. The highest value is for pro-Russian rebel cyber activities, which

account for 2 percent of short-term variation in government violence. Cyber attacks

by each side also have a relatively small impact on each other. Indeed, rebel kinetic

operations explain more of the variation in cyber attacks by each actor than do cyber

attacks by the other side.

In sum, our analysis suggests that low-level cyber attacks in Ukraine have had no

effect on the timing of physical violence. Not only is there no evidence that cyber

attacks have compelled opponents to de-escalate fighting, there is no discernible

reciprocity between the cyber actors themselves. Each group of hackers seems to

operate in its own bubble, disengaged from unfolding events in both cyberspace and

the physical world.

Robustness Checks

To gauge the sensitivity of our results to various modeling and measurement

choices, we conducted extensive robustness checks. We summarize their results

briefly here (Table 5) and more fully in the Online Appendix.

The first set of tests considers vector autoregression models with alternative

orderings of the four endogenous variables, which affects estimation of impulse

responses. We find no substantive differences across the twenty-four permutations.

In a second set of robustness checks, we account for systematic differences in the

kinds of conflict events that Ukrainian and Russian media report, which may bias

statistical estimates—for example, by underreporting violence by a given actor.

Using kinetic data from exclusively Russian or exclusively Ukrainian sources does

not change the results.

A third set of robustness tests examines different subsets of cyber attacks.

Because purely disruptive activities may impose greater immediate costs than

quasi-propagandistic hybrid attacks, pooling these events may dilute their coercive

effect. Our results are consistent for all three subsets.

The last set of robustness checks examines different time periods of the conflict,

since some cyber attacks predated military activity. In particular, we compare the

period of intense fighting previously analyzed (May 11, 2014–February 15, 2015) to

the entire date range for which we have data (February 28, 2014–February 29, 2016).

Our results remain unchanged.

Evidence from Interviews

In interviews, Russian and Ukrainian cyber security experts highlighted five poten-

tial explanations for the apparent failure of cyber coercion in Ukraine: (1) lack of

resources, (2) lack of coordination, (3) lack of targets, (4) lack of audience, and (5)

lack of effort.

Kostyuk and Zhukov 333

T
a
b

le
5
.

R
o
b
u
st

n
e
ss

C
h
e
ck

s
(U

k
ra
in
e
an
d
S
yr

ia
). U

k
ra
in
e

(m
ai

n
re

su
lt
s;

M
ay

1
1
,
2
0
1
4
–
F
e
b
ru

ar
y

1
5
,
2
0
1
5
)

ID
C

yb
e
r

F
(d

)
IR

F
(w

)
IR

F
(o

)(
d
)

IR
F
(o

)(
w

)
IR
F
(d

)
so

u
rc
e
s

(R
U

)
IR
F
(d
)
so
u
rc
e
s
(U
)

1
D

is
ru
p
ti
o
n
an
d

b
o
th

K
in

)
$

K
in
(U
)
K
in

)
!

K
in
(R
)
K
in

(R
)
$

K
in
(U
)
K
in

(U
)
$

K
in
(R
)
K
in
(U
)
$
K
in
(R
)
K
in

(U
)
!

K
in

(G
)

ID
C
yb
e
r

G
C

T
(w

)
V

D
(d

)
(3

0
d
ay

)
V

D
(w

)
(1

2
w

e
e
k
)

1
D
is
ru
p
ti
o
n
an
d
b
o
th
K
in

(R
)
!

7
%

K
in
(U
)
K
in
(R
)
!

2
%

C
yb
(R
)
K
in
(U
)
!

1
2
%

K
in
(R
)
K
in
(U
)
!
2
%
C
yb
(R
)
K
in
(R
)
!

1
0
%

C
yb
(R
)
K
in
(U
)
!

2
1
%

K
in
(R
)
K
in
(U
)
!

1
7
%

C
yb
(R
)
C
yb
(U
)
!

4
%

C
yb
(R
)
ID
C
yb
e
r

IR
F
(d

)
IR
F
(w

)
G

C
T

(d
)

G
C
T
(w
)
V
D
(d
)
(3
0
d
ay
)
V
D
(w
)
(1
2
w
e
e
k
)
U
k
ra
in
e

(M
ar

ch
2
2
,
2
0
1
4
–
F
e
b
ru

ar
y

2
9
,
1
6
)

2
A

ll
K

in
(R

)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
$
K
in
(U
)
C
yb

(U
/R

)
$
K
in
(U
)
C
yb
(U
)
$
K
in
(R
)
K
in
(R
)
!
K
in

/C
yb

(U
)
K
in
(U
)
!
C
yb
(R
)
K
in
(R
)
!

3
%

K
in
(U
)
K
in
(U
)
!
1
7
%
K
in
(R
)
K
in
(R
)
!

8
%

K
in
(U
)
K
in
(U
)
!

5
%

K
in
(R
)
K
in
(U
)
!
3
%
C
yb
(R
)

3
P
ro

p
ag
an
d
a
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
C
yb
(U
)
!
K
in
(U
)
K
in

(R
)$

K
in
(U
)
C
yb
(U
)
!
K
in
/C
yb
(R
)
K
in
(U
)
!
C
yb
(R
)
K
in
(R
)
!
K
in

(U
)/

C
yb
(R
)
K
in
(U
)
!
C
yb
(R
)
K
in
(R
)
!
3
%
K
in
(U
)
K
in
(U
)
!

1
8
%

K
in
(R
)
K
in
(R
)
!

9
%

K
in
(U
)
K
in
(R
)
!
3
%
C
yb
(R
)
K
in
(U
)
!

6
%

K
in
(R
)
K
in
(U
)
!
5
%
C
yb
(U
)
K
in
(U
)
!
2
%
C
yb
(R
)

4
D

is
ru
p
ti
o
n
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
$
K
in
(U
)
C
yb
(U
)
$
K
in
(U
/R

)
K

in
(R
)
!
K
in
/C
yb
(U
)
K
in
(R
)
!
3
%
K
in
(U
)
K
in
(U
)
!
1
7
%
K
in
(R
)
K
in
(R
)
!
8
%
K
in
(U
)
K
in
(U
)
!

4
5
%

K
in
(R
)

5
D

is
ru
p
ti
o
n
an
d
b
o
th
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
$
K
in
(U
)
C
yb
(U
)
$
K
in
(R
)
K
in
(U
)
!
C
yb
(U
)
K
in
(R
)
!
K
in
/C
yb
(U
)
K
in
(U
)
!
C
yb
(R
)
K
in
(R
)
!
3
%
K
in
(U
)
K
in
(U
)
!
1
7
%
K
in
(R
)
K
in
(R
)
!
8
%
K
in
(U
)
K
in
(U
)
!
4
5
%
K
in
(R
)

(c
o
n
ti
n
u
ed

)

334

T
a
b
le
5
.

(c
o
n
ti
n
u
e
d
)

ID
C
yb
e
r
IR
F
(d
)
IR
F
(w
)
IR
F
(o
)(
d
)
IR
F
(o
)(
w
)
IR
F
(d
)
so
u
rc
e
s
(R
U
)
IR
F
(d
)
so
u
rc
e
s
(U
)
U
k
ra
in
e

(M
ay

1
1
,
2
0
1
4
–
F
e
b
ru
ar
y

1
1
,
2
0
1
5
)

6
A

ll
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
$
K
in
(U
)
K
in
(R
)
!
7
%
K
in
(U
)
K
in
(U
)
!

1
3
%

K
in
(R
)
K
in
(R
)
!
2
%
C
yb
(U
)
K
in
(R
)
!
1
8
%
C
yb
(R
)
K
in
(U
)
!

3
0
%

K
in
(R
)
K
in
(U
)
!
2
%
C
yb
(U
/R

)
C

yb
(U

)
!
4
%
K
in
(R
)
C
yb
(R
)
!
3
%
K
in
(U
)

7
P
ro

p
ag
an
d
a
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
C
yb
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
$
K
in
(U
)
K
in
(R
)
!
C
yb
(R
)
K
in
(R
)
!
7
%
K
in
(U
)
K
in
(U
)
!
1
3
%
K
in
(R
)
K
in
(U
)
!

2
7
%

K
in
(R
)
K
in
(U
)
!
4
%
C
yb
(U
)
K
in
(R
)
!
5
%
C
yb
(U
)
K
in
(R
)
!
3
%
C
yb
(R
)
C
yb
(U
)
!
9
%
K
in
(U
)
C
yb
(U
)
!
2
%
K
in
(R
)
C
yb
(U
)
!

2
0
%

C
yb
(R
)
C
yb
(R
)
!
5
%
K
in
(U
)
C
yb
(R
)
!
2
%
C
yb
(U
)

8
D

is
ru
p
ti
o
n
K
in
(R
)
!
K
in
(U
)
K
in
(U
)
!
K
in
(R
)
K
in
(U
)
!
K
in
(R
)
K
in
(R
)
$
K
in
(U
)
K
in
(U
)
!
C
yb
(U
)
K
in
(R
)
!
7
%
K
in
(U
)
K
in
(R
)
!
2
%
C
yb
(R
)
K
in
(U
)
!
1
2
%
K
in
(R
)
C
yb
(R
)
!
2
%
K
in
(U
)
K
in
(U
)
!

2
9
%

K
in
(R
)
K
in
(U
)
!

3
4
%

C
yb
(U
)
K
in
(U
)
!

2
2
%

C
yb
(R
)
K
in
(R
)
!
3
%
K
in
(U
)
K
in
(R
)
!
1
0
%
C
yb
(U
)
K
in
(R
)
!
1
3
%
C
yb
(R
)
C
yb
(U
)
!
2
%
K
in
(U
)
C
yb
(U
)
!
6
%
C
yb
(R
)
C
yb
(R
)
!
3
%
K
in
(R
)
C
yb
(R
)
!
7
%
C
yb
(U
)
S
yr

ia
(M

ar
ch

1
7
,
2
0
1
1
–
Ju

ly
1
0
,
2
0
1
6
)

9
D

is
ru
p
ti
o
n
an
d
b
o
th
K
in

(G
)
!

K
in
(R
)
K
in
(R
)
$
K
in
(U
)
K
in
(U
)
!
2
%
K
in
(R
)
N
o
te

:
IR

F
¼

im
p
u
ls

e
re
sp
o
n
se

fu
n
ct

io
n
s;

G
C

T
¼

G
ra

n
ge

r
ca

u
sa

lit
y

te
st

s;
V

D
¼

va
ri

an
ce

d
e
co

m
p
o
si

ti
o
n
;
d
¼

d
ai

ly
;
w
¼

w
e
e
k
ly

;
o
¼

al
te

rn
at

iv
e

o
rd

e
ri

n
gs

;
R

U
¼

R
u
ss

ia
n
;

U
¼
U
k
ra
in
ia

n
.

335

The first explanation for coercive failure emphasizes limited resources and cap-

abilities, particularly for the Ukrainian government. Ten years ago, the SBU briefly

had a cyber department but shut it down after a year (Kostyuk and Zhukov 2017, #3).

This unit has recently reopened but continues to lack funding and personnel (Kos-

tyuk and Zhukov 2017, #3, #9). It is possible that, with adequate resources, cap-

abilities, and human capital, the Ukrainian cyber campaign might have been more

effective. Resource constraints, however, do not explain coercive failure on the pro-

Russian side, where investment in cyber capabilities is more robust.

A second explanation is lack of government coordination with hackers, especially

in Kyiv (Maurer and Geers 2015). UCF founder Eugene Dokukin claims to regularly

provide the SBU with intelligence from hacked CCTV cameras and has offered

cooperation in the past, with no success (Kostyuk and Zhukov 2017, #1). The SBU’s

lack of desire to cooperate with the UCF could be due to the illegality of the latter’s

activities or the low priority the SBU assigns to cyber actions in the first place

(Kostyuk and Zhukov 2017, #1, #3, #9). Yet again, this explanation is less plausible

on the pro-Russian side, where the Kremlin has cultivated extensive ties with non-

state hacktivists.

A third explanation is that—even with requisite capabilities and coordination—

there are few opportune targets for disruption in Ukraine. Most industrial control

systems that run Ukraine’s critical infrastructure—particularly its Soviet-era com-

ponents—are off-line, making remote access difficult (Geers 2015; Kostyuk and

Zhukov 2017, #3, #13). Yet some experts disagreed, noting that “weakness of

infrastructure [security] should have provoked a DDoS attack” (Kostyuk and Zhu-

kov 2017, #11). The 2015 and 2016 hacks of Ukraine’s power grid also seem to

challenge this explanation.

The peculiarities of Ukraine’s online population represent a fourth explanation

for the indecisiveness of cyber attacks. Since only 44.1 percent of Ukrainians have

Internet access—compared to 88.5 percent in the United States and 71.3 percent in

Russia (see http://www.internetlivestats.com/internet-users-by-country/)—and most

use it only for social media, a low-level cyber attack that blocks or defaces govern-

ment websites is unlikely to influence the masses (Kostyuk and Zhukov 2017, #3).

Some experts speculated that this online population pays more attention to purely

propagandistic campaigns than disruptive ones (Kostyuk and Zhukov 2017, #7,

#11). Our data suggest that, even if this were the case, propagandistic attacks still

had no effect on violence.

The final explanation is that cyber compellence failed because it was never seri-

ously attempted. At first, our interviews with individual hackers revealed no shortage

of coercive intent. UCF leader Eugene Dokukin claimed to conduct low-level attacks

daily and vowed to continue until pro-Russian rebels lay down their arms. Dokukin

further insisted—contrary to our findings—that there is close coordination between

Russia’s cyber and kinetic campaigns (Kostyuk and Zhukov 2017, #1).

While UCF and other nonstate groups have explicitly sought to affect battlefield

outcomes, some interviewees questioned whether this intent extended to the Russian

336 Journal of Conflict Resolution 63(2)

http://www.internetlivestats.com/internet-users-by-country/

government. Since Ukraine’s information and telecommunication networks gener-

ally use Russian hardware and software, Moscow can monitor its neighbor with

assets already in place (Kostyuk and Zhukov 2017, #5, #12).
17

This access, along

with vigorous cyber espionage—some of it ongoing since 2010—may create incen-

tives against more aggressive actions, which could compromise valuable sources of

intelligence.

Consistent with the “lack of effort” explanation, some experts noted a shift in

Russia’s broader cyber strategy, away from disruption and toward propaganda (Kos-

tyuk and Zhukov 2017, #11). When in 2011 Vyacheslav Volodin replaced Vladislav

Surkov as head of the Presidential Administration, he toughened existing laws

against Russia’s opposition and promoted the use of mass media and online plat-

forms—tools already mostly under state control—to conduct information cam-

paigns. If Russia’s cyber activities have shifted toward propaganda due to this

strategy change, weak short-term battlefield effects should not be surprising (Kos-

tyuk and Zhukov 2017, #2, #14).

Evidence beyond Ukraine: Syria’s Digital Front

According to evidence from microlevel data and interviews, cyber attacks did not

affect battlefield events in Ukraine. During one of the first armed conflicts where

both sides used low-level cyber actions extensively, events in the digital realm have

unfolded independently of—and have had no discernible effect on—events on the

ground. Conditions in Ukraine were in many ways optimal to observe the coercive

impact of cyber actions, for reasons we already discussed (i.e., visibility of major

attacks, regular claims of responsibility, less uncertainty over attribution). Yet we

found no evidence that low-level cyber attacks affected physical violence. Nor did

hackers on each side even affect each other’s activities.

While important, Ukraine is not the only contemporary conflict with a significant

cyber dimension. In Syria, state and nonstate actors have employed low-level cyber

actions extensively for propaganda and disruption, complementing traditional tools

of warfare in the deadliest conflict ongoing today. Syria’s war has also lasted three

years longer than Ukraine’s. Over this time, its digital front has expanded in scope

and sophistication, offering a glimpse of cyber coercion in a more protracted setting.

An in-depth study of Syria’s digital front lies beyond the scope of this article. A

brief analysis of the data, however, suggests that our findings from Ukraine may be

part of a broader pattern: cyber capabilities have not yet evolved to the point of

having an impact on physical violence.

To evaluate the effectiveness of cyber compellence in this second case, we

replicated the model in (equation 1), using an analogous daily time series of cyber

attacks and violent events in Syria. Our data comprise 9,282 kinetic and 682 low-

level cyber attacks ranging from March 2011 until July 2016.
18

Table 2 provides a

breakdown of cyber techniques used in the Syrian conflict, their brief description,

and frequency.
19

Our data on kinetic operations rely on human-assisted machine

Kostyuk and Zhukov 337

coding of event reports from the International Institute for Strategic Studies Armed

Conflict Database (see Online Appendix for details).

Given the complex nature of the Syrian conflict and the multiple parties involved,

we restrict our analysis only to operations by progovernment forces (i.e., Syrian

Army, Hezbollah and pro-Assad militias) and the main rebel opposition (i.e., Free

Syrian Army, Jaish al-Fatah, including Al Nusra Front). Table 1 provides a list of

cyber actors in the Syrian conflict, their targets, and frequency of their activities.

The dynamics of cyber and kinetic operations in Syria exhibit similar patterns to

what we saw in Ukraine. Raw data (Figure 3a and b) suggest relatively little overlap

in timing, especially at the beginning of the conflict. The IRF curves in Figure 4

show a rise in rebel operations following shocks to government operations (second

row, first column), and mostly negligible (though negative) links between cyber and

kinetic operations, and across cyber attacks by each actor. Links between kinetic

Figure 3. Cyber and kinetic operations in Syria (March 2011–July 2016). G (blue) indicates
operations by pro-Assad government forces; R (red) indicates operations by anti-Assad rebel
groups.

338 Journal of Conflict Resolution 63(2)

R
es
po
ns
e:
K
in
et
ic
(G
)
K
in
et
ic
(R
)
C
yb
er
(G
)
C
yb
er
(R
)
Im
pu
ls
e:

K
in
et
ic
(G
)

K
in
et
ic
(R
)

C
yb
er
(G
)

C
yb
er
(R
)
0
5
10
15
20
25
30
0.01.02.03.0
0
5
10
15
20
25
30

−0.20−0.100.00

0
5
10
15
20
25
30

−0.100.000.10

0
5
10
15
20
25
30
−0.20−0.100.00
0
5
10
15
20
25
30

−0.020.020.06

0
5
10
15
20
25
30
0.00.10.20.3
0
5
10
15
20
25
30

−0.025

−0.0100.000

0
5
10
15
20
25
30

−0.025−0.0100.005

0
5
10
15
20
25
30
−0.0100.000
0
5
10
15
20
25

−0.020−0.0100.000

0
5
10
15
20
25
30

0.000.100.20

0
5
10
15
20
25
30
−0.020−0.0100.000
0
5
10
15
20
25
30
−0.0100.000
0
5
10
15
20
25
30
−0.0100.000
0
5
10
15
20
25
30
−0.0100.000
0
5
10
15
20
25
30

0.000.050.100.15

F
ig
u
r
e

4
.

Im
p
u
ls
e
re
sp
o
n
se
m
at

ri
x
,
d
ai

ly
ti
m
e
se
ri
e
s

(S
yr

ia
).
L
ig
h
t
gr
ay
ar
e
a
re
p
re
se
n
ts
9
5
p
e
rc
e
n
t
co
n
fi
d
e
n
ce
in
te
rv
al
s,
m
e
d
iu
m
gr
ay
9
0
p
e
rc
e
n
t,
d
ar
k
gr
ay
6
8
p
e
rc
e
n
t.

“G
”

in
d
ic
at
e
s
re
p
o
rt
e
d
k
in
e
ti
c
an
d
cy
b
e
r
o
p
e
ra
ti
o
n
s
b
y
p
ro
-A
ss

ad
go

ve
rn
m
e
n
t
fo
rc
e
s,
an
d
“R
”
in
d
ic
at
e
s
o
p
e
ra
ti
o
n
s
b
y

an
ti
-A

ss
ad
re
b
e
l
fo
rc
e
s.

339

operations—and their disconnect from cyber attacks—are also evident in variance

decomposition results, and Granger tests, provided in the Online Appendix.

There are several reasons for caution in interpreting these results. The Syrian

conflict involves a larger constellation of actors than Ukraine, and our dyadic anal-

ysis may overlook significant interactions elsewhere, particularly between actors

with more developed cyber capabilities (e.g., Russia, United States). We also lack

interview evidence that might help contextualize the null effect. However tentative,

these results do align with what we saw in Ukraine: low-level cyber attacks have had

little or no impact on violence.

Conclusion

The evidence we presented in this article—based on analysis of new data and expert

interviews—suggests that cyber attacks are ineffective as a tool of coercion in war.

Although kinetic operations explain the timing of other kinetic operations, low-level

cyber attacks have no discernible effect on violence in the physical world. In

Ukraine and Syria, the “cyberwar” has unfolded in isolation from the rest of the

conflict.

This finding has several implications for theory and policy. First, by providing the

first statistical analysis of modern low-level cyber campaigns, our study comple-

ments the qualitative focus of previous empirical work. Second, our research sheds

light on a theoretical question about the strength and direction of the cyber–kinetic

relationship and—in so doing—begins to fill an empirical gap in political science

literature on this topic. Third, to the extent that policymakers might overestimate the

importance of cyber actions due to a lack of empirical evidence to the contrary, our

findings can potentially help correct this misperception. Finally, and more worry-

ingly, our results suggest that—due to their disconnect from physical violence—

low-level cyber attacks are very difficult to predict.

Further research is needed to understand the dynamics of low-level cyber attacks.

One such area of research is cyber coercion in the context of symmetric, conventional

war. While our study helps illuminate dynamics of cyber compellence between parties

with asymmetric capabilities, we may well observe different patterns when major

powers use cyberspace against peer competitors. Thankfully, no armed conflict has

yet provided researchers with the data needed to evaluate this possibility.

Second, our scope in this article has been exclusively on short-term military

consequences rather than long-term political effects. The latter are no less theore-

tically significant, but—unlike simple counts of violent events—potentially more

difficult to measure and analyze. A study of long-term political effects would also

need to more systematically incorporate purely propagandistic cyber activities and

their impact on public opinion, which we omitted here due to our focus on short-term

military compellence.

Although the secretive nature of many ongoing physical and digital operations is

a challenge for this research, questions over the coercive potential of cyber attacks

340 Journal of Conflict Resolution 63(2)

will become only more salient in the future. In June 2017, the New York Times

reported that US cyber efforts against the IS—previously lauded as “a [major] shift

in America’s war-fighting strategy and power projection” (Sabah 2016)—have

yielded few tangible successes (Sanger and Schmitt 2017). Our data from Ukraine

indicate that the US experience may be part of a broader pattern.

At best, coordination between low-level cyber and kinetic operations today is on

roughly the same level as that between airpower and ground operations in World

War I. Back then, armies were increasingly using aircraft for reconnaissance and

surveillance on the front but were not yet able to fully exploit their potential for

ground combat support and strategic bombing. That revolution appeared on the

battlefield twenty-five years later, with devastating effect. As cyber capabilities

develop and synchronization challenges become less severe, there will be a growing

need for assessments of how far we have come. We hope that analyses of the sort we

provided in these pages can serve as an early benchmark.

Authors’ Note

A previous version of this article was presented at the 2015 Peace Science Society Interna-

tional annual meeting, Oxford, MS, and at the Association for the Study of Nationalities

Convention at New York, NY.

Acknowledgments

We are grateful to Maura Drabik, Paulina Knoblock, Neil Schwartz, and Alyssa Wallace for

excellent research assistance. Robert Axelrod, Myriam Dunn-Cavelty, Eric Gartzke, Miguel

Gomez, Todd Lehmann, Jon Lindsay, Tim Maurer, Brandon Valeriano, Christopher Whyte,

and workshop participants of the Conflict & Peace, Research & Development workshop at the

University of Michigan, of the Bridging the Gap Workshop on Cyber Conflict at Columbia

University, of the Cross-Domain Deterrence lab at the University of California, San Diego,

and of the Center for Security Studies at ETH Zurich provided helpful comments on the earlier

drafts of

this article.

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, author-

ship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of

this article.

Supplemental Material

Supplemental material for this article is available online.

Notes

1. We define coercion as an attempt to influence a target’s behavior by increasing the costs

associated with an unwanted action. Cyber activities apply these costs through the

Kostyuk and Zhukov 341

disruption, destruction, malicious control, or surveillance of a computing environment or

infrastructure (Kissel 2013). Kinetic or physical operations apply costs through physical

force. Low-level cyber attacks cause minor disruptions and include web-page deface-

ments, phishing, distributed denial of service attacks. High-level cyber attacks include

serious disruption with loss of life and extensive infrastructure disruption.

2. Deterrence seeks to convince a target to not start an unwanted action. Compellence seeks

to convince the target to stop an ongoing unwanted action.

3. We use propaganda when referring to the propaganda category, cyber attacks when

referring to disruption (Cartwright and James 2010), and hybrid cyber operations when

referring to hybrids of the two.

4. For example, US Cyber Command has used low-level cyber operations to “disrupt the

ability of the Islamic State to spread its message, attract new adherents, circulate orders

from commanders and [pay] its fighters” (Sanger 2016).

5. A zero-day vulnerability is a security hole previously unknown to the target.

6. This trade-off is not unique to the cyber domain. In civil conflict, for example, pro-

government militias pose a similar dilemma for state repression (Gohdes and Carey

2017).

7. Another potentially illuminating case, which we are unable to analyze here, is the Rus-

sian–Georgian War of 2008. This earlier conflict laid much of the groundwork for the

crisis in Ukraine. For the first time in history, cyberspace played a highly visible role in

armed conflict, facilitating strategic communication between civilian and military lead-

ership, disabling or degrading key infrastructure, exploiting or hijacking government

computer systems, while also serving as a tool for propaganda (Deibert, Rohozinski, and

Crete-Nishihata 2012). While some of the lessons of the Russian–Georgian War might

well run counter to our claims in this article, its short duration (five days) complicates

analysis, for three reasons. First is a lack of sufficient variation in cyber attacks over this

abbreviated period. Second is the difficulty of differentiating the “cyber effect” from the

near-simultaneous effects of conventional military operations. Third is the problem of

generalizability: its five-day duration is an extreme outlier among interstate and civil

wars (interstate wars, on average, tend to last a few years; the average civil war lasts

between seven and twelve years post-1945). For these reasons, we are unable to quanti-

tatively establish whether synchronized usage of cyberspace, along with traditional tools

of war, had a tangible coercive impact in Georgia.

8. Sections 3.1 and 3.2 along with the Online Appendix provide an overview of these

sources.

9. Rebel sources include Donetsk News Agency. Russian sources include RIA Novosti,

Sputnik, and Vesti.ru. Ukrainian sources include Interfax-Ukraine, Segodnya, and

RBK-Ukraina. Western sources include technical (Arstechnica, Digital Dao, Information

Week, F-Secure, Graham Cluley, and TechWeek Europe) and mainstream news (Die

Welt, Newsweek, New York Times, Politico, Postimees (Estonia), Security Affairs, and

The Christian Science Monitor).

10. Our Ukrainian interviewees included experts from the Ukrainian Cyber Forces, Computer

Emergency Response Team of Ukraine, StopFake, InfoPulse, Luxoft, Berezha Security,

342 Journal of Conflict Resolution 63(2)

Open Ukraine Foundation, and the Ukrainian Central Election Committee. Western

experts’ affiliations include New York University, Chatham House, the Center for Stra-

tegic and International Studies, RAND Corporation, The Economist, Mashable, New

America Foundation, and the North Atlantic Treaty Organization Cyber Center of Excel-

lence. Due to the complicated political situation in Russia at the time, many of our

contacts there refused to speak on record, with the exception of a journalist from Agen-

tura.ru. However, many Western interviewees have lived in Russia, speak the language,

and are knowledgeable on Russia’s information security issues.

11. This is a very conservative standard of attribution, since it includes only direct claims of

responsibility and not accusations by others—even if the latter are substantiated by

evidence. For instance, we marked as “disputed” the cyber espionage operation Arma-

geddon—which multiple governments and private security firms have attributed to the

Russian state—because Moscow never claimed responsibility.

12. Excluded operations included the malware Blackenergy, first launched by Quedagh in

2010; Operation Potao Express, a targeted espionage campaign launched in 2011 against

the Ukrainian government, military, and news agencies; and Snake, a cyber espionage

campaign against Ukrainian computer systems.

13. We aggregated these data to daily time series because geolocation is not possible.

Although some individual cyber attacks could, in theory, be tracked to their targets, they

represent a small proportion of events. As a result, our cyber data are national-level time

series. Even if we could geolocate all targets of cyber attacks, the diffuse nature of the

target set makes spatial matching difficult—servers do not need to be physically located

in the war zone for service disruptions to have an effect in the war zone.

14. Ukrainian sources include Channel 5, Espresso.tv, Information Resistance, 112 Ukraina,

and the newswire services Interfax-Ukraine and Ukrinform. Russian sources include the

state-owned television news channel Russia-24; the independent TV station Dozhd;

nongovernment news websites Gazeta.ru, Lenta.ru, and BFM.ru; and the Interfax news-

wire service. Pro-rebel sources include Donetsk News Agency, NewsFront, and Rus-

vesna.su. Also included are the Russian language edition of Wikipedia and daily

briefings from the Organization for Security and Co-operation in Europe Special Mon-

itoring Mission to Ukraine. Since these are mostly online resources, cyber disruptions can

potentially cause underreporting of violence. Our approach helps ensure that if, for

instance, a Ukrainian media firms’ servers went down, information could still reach the

outside world through one of the sixteen other sources. While unlikely, such endogenous

disruptions should increase our chances of finding a coercive cyber effect.

15. Because geolocation is not possible for cyber attacks, we aggregate the physical violence

data to daily time series to merge and analyze the data sets.

16. Vector autoregression is a common method to study interdependence among multiple

time series in economics and political science. Previous applications to conflict research

include studies of reciprocity in civil conflicts (Pevehouse and Goldstein 1999) and the

dynamics of terrorism (Enders and Sandler 2000; Bejan and Parkin 2015).

17. An example is Russia’s Sistema operativno-rozysknykh meropriyatiy (system for opera-

tional investigative activities), which searches and monitors electronic communications.

Kostyuk and Zhukov 343

18. Sources of cyber operations include social media accounts of anonymous or anonymous-

supported groups (e.g., New World Hacking); Syrian Electronic Army’s social media

accounts; reports by tech companies (e.g., risk-based security, Electronic Frontier Foun-

dation); computer-security news sources including Graham Cluley, TechWeek Europe,

Arstechnica, Information Week, Digital Dao, Computer Weekly, Tech News, Wired, and

Security Affairs; Middle Eastern mass media sources (e.g., Turkish News, Arabiya, Doha

News); Russian mass media and social media (e.g., RT.com, Yahoo.com); and Western

news sources (e.g., Security Affairs, The Christian Science Monitor, Politico, Die Welt,

Reuters, International Business Times, Mashable, Washington Times, The Guardian,

British Broadcasting Corporation, etc.).

19. Since propaganda operations are not a major focus of our article, we collected only a

small sample of such events during the Syrian conflict.

References

Andres, Richard. 2012. “The Emerging Structure of Strategic Cyber Offense, Cyber Defense,

and Cyber Deterrence.” In Array Cyberspace and National Security: Threats, Opportuni-

ties, and Power in a Virtual World, 1st ed., translated by Derek S. Reveron, 89-104.

Washington, DC: Georgetown

University Press.

Andress, Jason, and Steve Winterfeld. 2013. Cyber Warfare: Techniques, Tactics and Tools

for Security Practitioners. Boston, MA: Elsevier.

Atran, Scott. 2003. “Genesis of Suicide Terrorism.” Science 299 (5612): 1534-39.

Axelrod, Robert. 2014. “A Repertory of Cyber Analogies.” In Cyber Analogies, edited by

Emily O. Goldman and John Arquilla. Monterey, CA: Department of Defense Information

Operations Center for Research.

Axelrod, Robert, and Rumen Iliev. 2014. “Timing of Cyber Conflict.” Proceedings of the

National Academy of Sciences 111 (4): 1298-303.

Bailard, Catie Snow. 2015. “Ethnic Conflict Goes Mobile: Mobile Technology’s Effect on the

Opportunities and Motivations for Violent Collective Action.” Journal of Peace Research

52 (3): 1-15.

Baum, Matthew A., and Yuri M. Zhukov. 2015. “Filtering Revolution: Reporting Bias in Inter-

national Newspaper Coverage of the Libyan Civil War.” Journal of Peace Research 9:10-11.

Bejan, Vladimir, and William S. Parkin. 2015. “Examining the Effect of Repressive and

Conciliatory Government Actions on Terrorism Activity in Israel.” Economics Letters

133:55-58.

Cartwright, James, and W. James. 2010. Joint Terminology for Cyberspace Operations.

Memorandum. Washington, DC: Joint Chiefs of Staff (JCS).

Cha, Victor D. 2000. “Globalization and the Study of International Security.” Journal of

Peace Research 37 (3): 391-403.

Clarke, Richard A., and Robert K. Knake. 2010. Cyber War: The Next Threat to National

Security and What to Do about It. The Library of Congress. New York: Harper Collins.

Crabtree, Charles, David Darmofal, and Holger L Kern. 2014. “A Spatial Analysis of the

Impact of West German Television on Protest Mobilization during the East German

Revolution.” Journal of Peace Research 52: 269-84.

344 Journal of Conflict Resolution 63(2)

Czosseck, Christian, and Kenneth Geers. 2009. The Virtual Battlefield: Perspectives on Cyber

Warfare, vol. 3. Amsterdam, the Netherlands: IOS Press.

Davenport, Christian, and Allan Stam. 2006. “Rashomon Goes to Rwanda: Alternative

Accounts of Political Violence and Their Implications for Policy and Analysis.” Unpub-

lished manuscript. Accessed January 15, 2017. http://www.gvpt.umd.edu/davenport/

dcawcp/paper/mar3104 .

Deibert, Ronald J., Rafal Rohozinski, and Masashi Crete-Nishihata. 2012. “Cyclones in

Cyberspace: Information Shaping and Denial in the 2008 Russia–Georgia War.” Security

Dialogue 43 (1): 3-24.

Enders, Walter, and Todd Sandler. 2000. “Is Transnational Terrorism Becoming More Threa-

tening? A Time-series Investigation.” Journal of Conflict Resolution 44 (3): 307-32.

Eun, Yong-Soo, and Judith Sita Aßmann. 2014. “Cyberwar: Taking Stock of Security and

Warfare in the Digital Age.” International Studies Perspectives 17:343-60.

Gartzke, Erik. 2013. “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to

Earth.” International Security 38 (2): 41-73.

Geers, Kenneth. 2015. Cyber War in Perspective: Russian Aggression against Ukraine.

Tallinn, Estonia: CCDCOE.

Gohdes, Anita R. 2014. “Pulling the Plug: Network Disruptions and Violence in Civil Con-

flict?” Journal of Peace Research 52 (3): 352-67.

Gohdes, Anita R., and Sabine C. Carey. 2017. “Canaries in a Coal-mine? What the Killings of

Journalists Tell Us about Future Repression.” Journal of Peace Research 54 (2): 157-74.

Griniaiev, Sergei. 2004. “Pole bitvy: kiberprostranstvo [The battlefield is cyberspace].” (Po

materialam inostrannoj pechati /) Mn: Harvest.

Hare, Forrest. 2012. “The Significance of Attribution to Cyberspace Coercion: A Political

Perspective.” In 2012 4th International Conference on Cyber Conflict (CYCON 2012,

edited by C. Czosseck, R. Ottis, and K. Ziolkowski, 1-15. Tallinn, Estonia: NATO CCD

COE

Healey, Jason. 2013. A Fierce Domain: Conflict in Cyberspace, 1986 to 2012. Arlington, VA:

Cyber Conflict Studies Association.

Il’chenko, Oleksandr. 2016. “Rozstily Oleha Kalashnikova i Olesya Buzyny – rik potomu

[Shootings of Oleg Kalashnikov of Oles Buzina—a year later].” Segodnya.

Junio, Timothy J. 2013. “How Probable Is Cyber War? Bringing IR Theory Back In to the

Cyber Conflict Debate.” Journal of Strategic Studies 36 (1): 125-33.

Kello, Lucas. 2013. “The Meaning of the Cyber Revolution: Perils to Theory and Statecraft.”

International Security 38 (2): 7-40.

Kissel, Richard. 2013. Glossary of Key Information Security Terms. NISTIR 7298, Revision

2. Gaithersburg, MD: National Institute of Standards and Technology, the US Department

of Commerce.

Kostyuk, Nadiya, and Yuri Zhukov. 2017. “Online Appendix B: Interviews on Cyber and

Information Warfare in Ukraine.” Journal of Conflict Resolution.

Lemay, Antoine, José M. Fernandeza, and Scott Knight. 2010. “Pinprick Attacks, A Lesser

Included Case.” In Conference on Cyber Conflict Proceedings, edited by C. Czosseck and

K. Podins, 183-94.

Tallinn, Estonia: CCD COE.

Kostyuk and Zhukov 345

http://www.gvpt.umd.edu/davenport/dcawcp/paper/mar3104

Libicki, Martin C. 2007. Conquest in Cyberspace: National Security and Information War-

fare. Cambridge, MA: Cambridge University Press.

Libicki, Martin C. 2009. Cyberdeterrence and Cyberwar. Santa Monica, CA: Rand

Corporation.

Libicki, Martin C. 2011. “Cyberwar as a Confidence Game.” Strategic Studies Quarterly

5 (1): 132-46.

Libicki, Martin C. 2015. “The Cyberwar that Wasn’t.” In Cyber War in Perspective: Russian

Aggression against Ukraine, edited by Kenneth Geers, 49-54. Tallinn, Estonia: NATO

Cyber Center of Excellence, NATO CCD COE.

Liff, Adam P. 2012. “Cyberwar: A New ‘Absolute Weapon’? The Proliferation of Cyberwar-

fare Capabilities and Interstate War.” Journal of Strategic Studies 35 (3): 401-28.

Lynn, William J. 2010. “Defending a New Domain: The Pentagon’s Cyberstrategy.” Foreign

Affairs 89 (5): 97-108.

Martin-Shields, Charles Patrick. 2013. “Inter-ethnic Cooperation Revisited: Why Mobile

Phones can Help Prevent Discrete Events of Violence, Using the Kenyan Case Study.”

Stability: International Journal of Security and Development 2 (3): Art. 58.

Maurer, Tim, and Kenneth Geers. 2015. “Cyber Proxies and the Crisis in Ukraine.” In Cyber

War in Perspective: Russian Aggression against Ukraine, edited by Kenneth Geers, 79-86.

Tallinn, Estonia: NATO Cyber Center of Excellence, NATO CCD COE.

McGraw, Gary. 2013. “Cyber War is Inevitable (Unless We Build Security In).” Journal of

Strategic Studies 36 (1): 109-19.

Nye, Joseph S., Jr. 2010. Cyber Power. Cambridge, MA: Belfer Center for Science and

International Affairs, Harvard Kennedy School.

Ottis, Rain. 2010. “From Pitch Forks to Laptops: Volunteers in Cyber Conflicts.” In Confer-

ence on Cyber Conflict Proceedings 2010, edited by C. Czosseck and K. Podins, 97-109.

Tallinn, Estonia: CCD COE.

Pape, Robert A. 2003. “The Strategic Logic of Suicide Terrorism.” American Political Sci-

ence Review 97 (03): 343-61.

Pape, Robert A. 2014. Bombing to Win: Air Power and Coercion in War. Ithaca, NY: Cornell

University Press.

Pevehouse, Jon C., and Joshua S. Goldstein. 1999. “Serbian Compliance or Defiance in

Kosovo? Statistical Analysis and Real-time Predictions.” Journal of Conflict Resolution

43:538-46.

Pierskalla, Jan H., and Florian M. Hollenbach. 2013. “Technology and Collective Action: The

Effect of Cell Phone Coverage on Political Violence in Africa.” American Political Sci-

ence Review 107 (02): 207-24.

Rid, Thomas. 2012. “Cyber War Will Not Take Place.” Journal of Strategic Studies 35 (1):

5-32.

Rios, Billy K. 2009. “Sun Tzu was a Hacker: An Examination of the Tactics and Operations from

a Real World Cyber Attack.” The Virtual Battlefield: Perspectives on Cyber Warfare 3:143.

Sabah, Daily. 2016. “Cyber Bombs Being Used to Destroy Daesh: US Defense Chief.”

February 29, 2016. Accessed March 15, 2017. https://www.dailysabah.com/mideast/

2016/02/29/cyber-bombs-being-used-to-destroy-daesh-us-defense-chief.

346 Journal of Conflict Resolution 63(2)

https://www.dailysabah.com/mideast/2016/02/29/cyber-bombs-being-used-to-destroy-daesh-us-defense-chief

Sanger, David E. 2016. “U.S. Cyberattacks Target ISIS in a New Line of Combat.” The New

York Times. Accessed March 15, 2017. https://www.nytimes.com/2016/04/25/us/politics/

us-directs-cyberweapons-at-isis-for-first-time.html?_r¼0.
Sanger, David E., and Eric Schmitt. 2017. “U.S. Cyberweapons, Used Against Iran and North

Korea, Are a Disappointment Against ISIS.” New York Times, p. A5. Accessed June 15,

2017. https://www.nytimes.com/2017/06/12/world/middleeast/isis-cyber.html.

Schelling, Thomas C. 1966. Arms and Influence. New Haven, CT: Yale.

Schmitt, Michael N. 1999. “Computer Network Attack and the Use of Force in International

Law: Thoughts on a Normative Framework.” Columbia Journal of Transnational Law 37:

1998-99.

Sharma, Amit. 2010. “Cyber Wars: A Paradigm Shift from Means to Ends.” Strategic Anal-

ysis 34 (1): 62-73.

Valeriano, Brandon, and Ryan C. Maness. 2014. “The Dynamics of Cyber Conflict between

Rival Antagonists, 2001–11.” Journal of Peace Research 51 (3): 347-60.

Weidmann, Nils B. 2015. “Communication, Technology, and Political Conflict Introduction

to the Special Issue.” Journal of Peace Research 52 (3): 263-68.

Woolley, John T. 2000. “Using Media-based Data in Studies of Politics.” American Journal of

Political Science 44:156-73.

Zetter, Kim. 2017. “The Ukrainian Power Grid Was Hacked Again.” Motherboard. Accessed

June 15, 2017. http://bit.ly/2jEUqW3.

Kostyuk and Zhukov 347

https://www.nytimes.com/2016/04/25/us/politics/us-directs-cyberweapons-at-isis-for-first-time.html?_r=0

http://bit.ly/2jEUqW3

<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile (Gray Gamma 2.2) /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.3 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 1048576 /LockDistillerParams true /MaxSubsetPct 100 /Optimize true /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts true /TransferFunctionInfo /Apply /UCRandBGInfo /Remove /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 266 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Average /ColorImageResolution 175 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.50286 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages true /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.40 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >>
/ColorImageDict << /QFactor 0.76 /HSamples [2 1 1 2] /VSamples [2 1 1 2] >>
/JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >>
/JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >>
/AntiAliasGrayImages false
/CropGrayImages false
/GrayImageMinResolution 266
/GrayImageMinResolutionPolicy /OK
/DownsampleGrayImages true
/GrayImageDownsampleType /Average
/GrayImageResolution 175
/GrayImageDepth -1
/GrayImageMinDownsampleDepth 2
/GrayImageDownsampleThreshold 1.50286
/EncodeGrayImages true
/GrayImageFilter /DCTEncode
/AutoFilterGrayImages true
/GrayImageAutoFilterStrategy /JPEG
/GrayACSImageDict << /QFactor 0.40 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >>
/GrayImageDict << /QFactor 0.76 /HSamples [2 1 1 2] /VSamples [2 1 1 2] >>
/JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >>
/JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >>
/AntiAliasMonoImages false
/CropMonoImages false
/MonoImageMinResolution 900
/MonoImageMinResolutionPolicy /OK
/DownsampleMonoImages true
/MonoImageDownsampleType /Average
/MonoImageResolution 175
/MonoImageDepth -1
/MonoImageDownsampleThreshold 1.50286
/EncodeMonoImages true
/MonoImageFilter /CCITTFaxEncode
/MonoImageDict << /K -1 >>
/AllowPSXObjects false
/CheckCompliance [
/None
]
/PDFX1aCheck false
/PDFX3Check false
/PDFXCompliantPDFOnly false
/PDFXNoTrimBoxError true
/PDFXTrimBoxToMediaBoxOffset [
0.00000
0.00000
0.00000
0.00000
]
/PDFXSetBleedBoxToMediaBox false
/PDFXBleedBoxToTrimBoxOffset [
0.00000
0.00000
0.00000
0.00000
]
/PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2)
/PDFXOutputConditionIdentifier (CGATS TR 001)
/PDFXOutputCondition ()
/PDFXRegistryName (http://www.color.org)
/PDFXTrapped /Unknown
/CreateJDFFile false
/Description << /ENU
>>
/Namespace [
(Adobe)
(Common)
(1.0)
]
/OtherNamespaces [
<< /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >>
<< /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >>
<< /AddBleedMarks false /AddColorBars false /AddCropMarks false /AddPageInfo false /AddRegMarks false /BleedOffset [ 9 9 9 9 ] /ConvertColors /ConvertToRGB /DestinationProfileName (sRGB IEC61966-2.1) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /ClipComplexRegions true /ConvertStrokesToOutlines false /ConvertTextToOutlines false /GradientResolution 300 /LineArtTextResolution 1200 /PresetName ([High Resolution]) /PresetSelector /HighResolution /RasterVectorBalance 1 >>
/FormElements true
/GenerateStructure false
/IncludeBookmarks false
/IncludeHyperlinks false
/IncludeInteractive false
/IncludeLayers false
/IncludeProfiles true
/MarksOffset 9
/MarksWeight 0.125000
/MultimediaHandling /UseObjectSettings
/Namespace [
(Adobe)
(CreativeSuite)
(2.0)
]
/PDFXOutputIntentProfileSelector /DocumentCMYK
/PageMarksFile /RomanDefault
/PreserveEditing true
/UntaggedCMYKHandling /UseDocumentProfile
/UntaggedRGBHandling /UseDocumentProfile
/UseDocumentBleed false
>>
]
/SyntheticBoldness 1.000000
>> setdistillerparams
<< /HWResolution [288 288] /PageSize [612.000 792.000] >> setpagedevice

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

Order Now Talk to Us

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

Most Qualified Writer $10FREE
Plagiarism Scan Report $10FREE
Unlimited Revisions $08FREE
Paper Formatting $05FREE
Cover Page $05FREE
Referencing & Bibliography $10FREE
Dedicated User Area $08FREE
24/7 Order Tracking $05FREE
Periodic Email Alerts $05FREE

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

On-time Delivery
24/7 Order Tracking
Access to Authentic Sources

Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

Call Us +1 (877) 657-8180 Discuss Order Details Now

See How We Helped 9000+ Students Achieve Success

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

Clear elicitation of your requirements.
Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

Proactive analysis of your writing.
Active communication to understand requirements.

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

Thorough research and analysis for every order.
Deliverance of reliable writing service to improve your grades.

Place an Order Start Chat Now

Research paper on the topic Cyber warfare and its implications

What Will You Get?

Premium Quality

Experienced Writers

On-Time Delivery

24/7 Customer Support

Complete Confidentiality

Authentic Sources

Moneyback Guarantee

Order Tracking

Areas of Expertise

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Areas of Expertise

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Trusted Partner of 9650+ Students for Writing

Preferred Writer

Grammar Check Report

One Page Summary

Plagiarism Report

Free Features $66FREE

Our Services

Academic Writing

Professional Editing

Thorough Proofreading

Thorough Proofreading

Delegate Your Challenging Writing Tasks to Experienced Professionals

Check Out Our Sample Work

It May Not Be Much, but It’s Honest Work!

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate

Process as Fine as Brewed Coffee

Share Your Requirements

Place Order & Deposit Funds

Release Payment to Your Writer

See How We Helped 9000+ Students Achieve Success

We Analyze Your Problem and Offer Customized Writing

We Mirror Your Guidelines to Deliver Quality Services

We Handle Your Writing Tasks to Ensure Excellent Grades