Networked information and communications technologies (ICTs) have become an essential part of everyday life. The societal benefits of these technologies are beyond dispute. It is also evident, however, that these technologies generate new kinds of societal vulnerabilities.
Increased reliance on computer and networked technologies in most state and business operations, as well as the personal sphere, has created a situation where a single cyber incident affecting the normal functioning of one ICT system can cause major societal disruptions, which in turn can have major economic, societal and political consequences. The reason cyber incidents can take a political turn
is that the cause of a cyber incident is not always clear. It may take some time to determine if a cyber incident is the result of cyberattack, human error, system malfunction or natural phenomenon. Uncertainty surrounding the cause of a cyber incident may then in turn lead to misperceptions and actions that may be escalatory in nature and lay the ground for conflict. The belief that a cyber incident
might be the result of a cyberattack, along with pressure from the public and the media to respond promptly, might lead politicians to attribute responsibility for the incident too hastily. They may point the finger at another state or group, despite the fact that they only have incomplete information. This in turn may trigger an actual political crisis between states.
The question of how this type of escalation can be prevented has been the focus of a nine-month research project conducted by the Stockholm International Peace Research Institute (SIPRI) in partnership with the Swedish Civil Contingencies Agency (MSB). The objective of this project is to help national crisis management authorities not only to improve their strategies for preventing, detecting and
handling cyber incidents, but also to equip them for managing the societal and potentially political aftermath. As part of this project, an expert workshop on ‘De-escalation of cyber incidents’ was held in Stockholm on 24 May 2019. This report builds on the outcomes of the project workshop and on desk research to provide insights and recommendations on preventing and de-escalating such crises.
This report is unique in its emphasis on the importance of employing de-escalatory strategies and actions for managing the consequences of cyber incidents. Although the recommendations were developed for the Swedish context, they are relevant to the larger international community of policymakers and practitioners who work on cybersecurity and crisis management. SIPRI also commends this report to researchers in politics and international relations, as well as to members of the general public who are interested in understanding the particulars of conflict escalation in the cyber context.