The Reality of Cyber Operations in the Grey Zone - The Emerging Geopolitics
Abstract: The impact of cyberattacks has been discussed through the scenario of devastating attacks by an adversary on critical infrastructure. As cyberspace is an emerging domain, methods and defence mechanisms are still being developed. The use of offensive operations is technically demanding and fought with unintended consequences, leading to the development of coercive measures through information domination in the grey zone. Cyberconflict has been included in political strategies through low-intensity cyber operations often displayed in situations such as election interference, ransomware attacks, or industrial espionage. These strategies consist of operations aimed at strategic gains having a limited impact on national security, which better reflects the concept of cyberconflict as part of covert operations falling in the grey zone.
Problem statement: How to make policymakers understand the internalisation of cyberspace as part of the grey zone through state strategies and its practice? And, what are states' evolving postures to address the cyber threat in the grey zone?
Bottom-line-up-front: Cyber operations in the form of espionage, influence operations, and disruption are commonplace in conflict today, and as technology improves, they will continue to disrupt states. The geopolitical tensions are fuelling the desirability to use cyber operations for gains in the international sphere by providing advantages of ambiguity and deniability.
So what?: In the wake of campaigns by major powers, particularly China and Russia, and other states' efforts to respond by combining defensive and offensive postures. There should be an evaluation of harm and consideration of a plausible chain of consequences for cyber operations that extends beyond technical, affecting various critical sectors, including the social. The Ukrainian response to Russian aggression shows the need for multisectoral collaboration in cybercapability. These are demonstrated in active support of allies and private sector role in threat intelligence, information sharing, and capacity building of Ukrainian cybercapabilities confronting Russia cyberattacks.
Below the Threshold of Armed Conflict
Before Russia’s full-scale invasion of Ukraine, to disrupt and degrade various methods were deployed over the years by Russia, including the use of proxy soldiers, economic coercion, cyber attacks aimed at critical infrastructures such as the electric grid, and large-scale disinformation in Ukraine along with other European states and the US. Russia’s strategy has been highlighted as an example of using grey zone conflict to influence the targets without resorting to full force to disrupt Western politics and society. Though the term ‘grey zone’ is itself subject to debate over what it constitutes and how far it extends. The grey zone has been defined as the space between peace and war, characterised by the ambiguity of objectives, the participants involved, and the role of military force in response that remains below the level of war. Australia’s updated 2020 defence strategy defines the grey zone “as activities designed to coerce countries in ways that seek to avoid military conflict... paramilitary forces, militarisation of disputed features, exploiting influence, interference operations and the coercive use of trade and economic levers."
The grey zone has been defined as the space between peace and war, characterised by the ambiguity of objectives, the participants involved, and the role of military force in response that remains below the level of war.
The term grey zone is not new and bears similarity to the political warfare of the cold war, using overt measures as an alliance, economic programs, and covert as psychological and propaganda. However, an important addition is using non-state actors as proxies or independent actors in conflict as active participants. During the tensions between Russia and Estonia in 2007, following the relocation of the Bronze Soldier of Tallinn — a WWII monument to Soviet liberators of Tallinn — Estonia suffered a wave of cyberattacks. The attacks disrupted critical services, including government and banking. However, they did not cause significant harm or damage. The attacks were blamed on Russia. However, establishing the attackers' identity and their relation to the government posed questions over the likely punishment appropriate for the disruption caused. The threshold of armed conflict with the physical loss of life with kinetic attacks was not crossed in this episode, casting doubts on appropriate responses. The issue of what constitutes an armed attack in cyberspace and the measures applied are widely discussed. The centrality of information that constitutes cyberspace with limited capability to cause physical harm has emerged as a challenge to the application of established measures. For example, it is unclear how or if there is any applicability for the collective defence defined in Article 5 of the North Atlantic Treaty or for self-defence as defined in Article 51 of the United Nations treaty as a response in case of a cyberattack posing an imminent threat.
Cyberspace as an Enabler of Grey Zone Operations
Due to global interconnections, cyberspace has eliminated geographical constraints and allows the participation of diverse users from private sector companies to proxy militias and extremist groups at the international level. In the security sphere, interdependent networks across military and civilian sectors have led to varied usage, from website defacement to complex malware attacks on sensitive areas such as the electric grid, government services, and industries. Moreover, cyberspace enables disruption by nonphysical threats such as wiping data of a multinational firm, which can affect critical systems and remain unattributed. The technical nature of cyberspace is based on the flow of information which is not overtly violent, which is unlikely to fulfill the traditional criteria of interstate war focusing on kinetic attack and physical harm. This property of cyberspace expands the capability of states to inflict damage, making it an enabler for operations between peace and war.
Cyberspace is a complex network with protocols, technical layers, and updates that imposes time, preparation, and uncertainty displayed in the waging cyber-attacks. Stuxnet virus, for example, destroyed Iranian nuclear centrifuges; it required preparation and resources available only to actors with significant cyber capabilities. The nature of the operating environment complicates discrimination between defensive and offensive operations. An attack on an electric grid can be a warning shot, a major attack, or an unintended result of failed reconnaissance. States may design operations that cause limited damage and do not aggravate a response. Especially as the influence of cyberweapons and their unintended consequences are unknown, a situational spiral can occur, as in the NotPetya malware case of 2017. This incident was attributed to Russia and saw Ukraine attacked by exploiting a vulnerability in accounting software that several companies ran. NotPetya spread globally, affecting major multinationals and reflecting the power of the code.
The nature of the operating environment complicates discrimination between defensive and offensive operations. An attack on an electric grid can be a warning shot, a major attack, or an unintended result of failed reconnaissance.
The system environment provides an advantage for using low-threshold attacks that are easy to execute. Many states use low-cost cyber operations to disrupt, exploit information, or signal intent. Compared to conventional tactics, which are not subtle, they cause major damage and demand retribution in the form of sanctions. Cyberoperations provide options for conflict and the ability to rebalance power with high certainty of anonymity. These fall in line with the concept of the Grey zone, which encompasses processes varying in intensity, legitimacy, and ambiguity that fall between peace and war.
Internalising Cyberoperations in State Conflict
Cyberspace applicability for the conflict has been explored and publicised in defence circles with the notion of netwar and information war. 9/11 terror attacks forced a review of the US security doctrine and had global implications. An important focus was on the rise of unconventional threats as non-state actors use information technology to cause damage to critical infrastructure. The threat review changed posture, equating cyberspace to the military in the 2004 national security strategy. The Obama administration prioritised cyber operations in Presidential Directive 20 and laid out the guidelines for using offensive cyber operations as part of the strategy to counter threats. The cyberstrategy has been extended to conduct operations outside the US network as part of a strategy to defend forward in 2018 during the Trump administration. Soon after the announcement of the new strategy, the US disrupted the operations of the Internet Research Agency linked to the Russian government targeting the midterm elections in 2018 as part of deterring the Russian disinformation campaign. Such a cyberattack has never been acknowledged by the government and has been reported by security firms and journalists, maintaining ambiguity over the events remaining in the grey zone.
The Obama administration prioritised cyber operations in Presidential Directive 20 and laid out the guidelines for using offensive cyber operations as part of the strategy to counter threats.
US focus remains on the critical infrastructure and computer system; other states, particularly those of authoritarian, have developed a different position for defining and using cyberspace, focusing on a broader interpretation of information, including physiological and social aspects. The geopolitical reality has informed these of the rise of Russia and China challenging the liberal order.
Russia's 2010 cyber doctrine formalised the concept of informatisation, which includes the physical and psychological aspects of information. It also lays out the use of non-military means of information warfare, including cyberspace, for strategic gains. In Russia’s strategic thinking, the geopolitical position of Russia versus the West and the changing nature of war were indicated as necessary to change security policy. General Valeri Gerasimov's doctrine emphasises the role of the non-military means for achieving strategic advantages and their growing importance.
The changes are reflected in the 2014 military doctrine noting the use of non-conventional tools in integrated use through military, political, economic, informational, and civilian spaces. The military doctrine lays out the development of forces and resources for information confrontation to modernise Russia’s armed forces. Russia’s cyberstrategy has expanded to creating information forces within the military, alongside the different state-supported groups such as Fancy Bear and Cozy Bear, to achieve the state’s objective. The Internet Research Agency, a private firm, has been operating on behalf of the government by using social media for large-scale disinformation, as in the US elections of 2016, for the ability to affect public opinion, undermining national security.
China uses informatisation—the dominance of information technology—for achieving strategic objectives. Civil-military relations have been an essential part of the strategy to integrate the civilian economy, such as academia, private companies, and civilian institutions, into the information domain. China's 2015 and 2019 Defence White Papers emphasised the multifaceted domain stating that "China’s national defence is the responsibility of all Chinese people. China’s armed forces give full play to the overall power of the people’s war by innovating its strategies, tactics and measures.”
The non-military means have been added to tactics with information dominance through narratives, coercive diplomacy, and economic sanctions. The Strategic Support Force, created in 2015 as part of the reform of the PLA, recognizes the integration of information operations, cyberspace capabilities, space, and psychological warfare into military operations. These are in addition to the larger strategic strategy of influence operations based on the principle of three warfare; psychological, cognitive warfare, and legal warfare. These have been visible in the application of consistent narratives over territorial disputes in the South China Sea or India, using historical and legal precedents to assert a claim and coercing claimants politically, economically, and through cyber operations. This, in turn, has provided time for building a military force to strengthen its position by pushing back against potential military threats.
The Strategic Support Force, created in 2015 as part of the reform of the PLA, recognizes the integration of information operations, cyberspace capabilities, space, and psychological warfare into military operations.
Based on its relations with the US and Israel, Iran has developed a strategy for cyberspace to gain strategic advantages. Iran uses perceived victimhood to justify attacks and cyberspace for espionage, deterrence, and disruption. Low-cost cyberattacks with plausible deniability are part of the Iranian cyberstrategy. These are tied to the regime to deter adversaries, deceive their armed forces and shape global opinion tied to the regime's stability countering western influence. Iran has established a network of organised groups to conduct cyber operations under the various security organisations and independently conduct cyber operations.
Emerging Practices in the Grey Zone
Emerging activities of using cyberattacks and information subversion reflect not only conflict but also competition underlying the revisionist intent of China and Russia to modify the international system. Strategies have been employed in the efforts to control information, capital, and credit dominated by the United States and its allies. The operations in cyberspace have been developed to target all the areas of contestation, including political, economic, and social.
The 2016 disinformation campaign during the US presidential election highlighted the threat to open societies' values and social stability. Russian activity was clearly articulated in the Mueller report on the extent of the Internet Research Agency, a Russian government-linked company's efforts to undermine the US political system. The disinformation campaign included targeted political advertisements on social media and political rallies, among the various methods used. Though Russia was attributed to election interference, debates raged over the credible response to the attack based on the unintended consequences and escalation of cyberattacks. Iranian-based hackers made a similar attempt as part of influence operations in the 2020 elections mimicking the Russian techniques with low-intensity attacks.
Russian activity was clearly articulated in the Mueller report on the extent of the Internet Research Agency, a Russian government-linked company's efforts to undermine the US political system.
Another area for exploitation is the economy. China has been involved in large-scale industrial espionage operations directed mainly toward the United States since the 2003 Titan Rain attacks. The 2013 Mandiant report revealed a sustained cyber campaign by the Chinese People’s Liberation Army (PLA) involving the theft of intellectual property on a large scale. This illustrates how states make use of cyberspace during supposed peacetime. The US has preponderant deterrence capability in traditional military matters, pushing its adversaries to use sub-conventional means. The sub-conventional nature provides the avenue to take greater risk and offensive operations. It also offers the opportunity to deny responsibility by state-sponsored actors. Authoritarian states have internalised the practice of conducting grey zone operations, facilitated by fewer restrictions due to the centralised governmental command structure and technical possibilities to maintain anonymity.
Geopolitics of Cyberspace
In the case of grey zone operations, there is ambiguity with the combination of the military and civilian spaces for exploitation. Cyber activities are not isolated; empirical studies have shown that cyber conflicts are part of the modern-day coercive diplomatic toolkit. Thus, cyber operations are part of the overall political strategy. Russian cyber operations were widely publicised during the cyberattacks on Estonia in 2007 and Georgia in 2008 before the invasion. Ukrainian inclination towards the EU and growing support for democracy culminated in the Euromaidan revolution in 2014 that challenged Russia’s dominance.
The 2015 and 2017 cyberattacks on the Ukrainian power grid were attributed to Russia. In this sense, Ukraine has served as a lab for Russian cyberattacks with efforts to affect infrastructure and perception. Cyberattacks have continued to affect Ukrainian government agencies' websites with messages such as “to be afraid and expect the worst”. Amid Russia's war in Ukraine, cyberattacks have served as part of the overall strategy by targeting government and private systems. The cyber attacks have been undertaken to degrade information systems in Ukraine and affect people’s access to services and trust in the government.
Other emerging geopolitics aspects of cyber can be seen in the Indo-Pacific. Chinese interference in Australia extends back over a decade and involves student media, news media, and cyberspace. Australia’s changed posture over the issue of political interference and the ban of the Chinese telecommunications companies Huawei and ZTE in 5G deployment resulted in a series of cyberattacks aimed at Australia’s infrastructure and government department. Similarly, amid ongoing tension on the Himalayan border, India experienced a cyberattack on its electric infrastructure to signal the ongoing conflict's implications.
Chinese interference in Australia extends back over a decade and involves student media, news media, and cyberspace.
Apart from the retaliatory actions, cyberspace creates the need for defence. After the Iranian attack on a US Unmanned Aerial Vehicle (UAV) in 2019, various options were considered for punishment, including kinetic strikes that would cause massive damage and potentially lead to an escalatory response. Then-President Trump favoured cyber disruption of Iranian computers. This allowed for the punishment of the adversary without the risk of being dragged into an armed conflict.
Narratives to Dominate
Grey zone operations are part of the international and domestic arena and change the way power flows. Control of the population through information technology has been widely used, especially in authoritarian states. Regulations such as China’s Great Firewall and Russia’s Sovereign Internet Law have been enacted to place greater scrutiny and state control over information, contributing to the internet’s fragmentation. Control over information allows the persistent narrative to be amplified through cyberspace (in addition to traditional media) both at the domestic and global levels, facilitating states’ claims.
In the broader spectrum, sustained campaigns change the balance of power between major powers. China has imposed severe penalties and restrictions on its technology firms, including China’s most prominent technology firm Alibaba. These actions are part of achieving total control of the tech leadership. A similar campaign is visible in Russia’s ongoing war against Ukraine, where Russia has diverted internet traffic from occupied territory Kherson to its servers to control the flow of information as part of an information dominance strategy conceived to shape narratives and maintain control.
The internet has been a US development reflecting its liberal values, which have been reinforced over time through open-source development platforms. The Communications Decency Act of 1996 established that intermediaries would not be responsible for published content and formed the bedrock allowing for growing ideas and innovation on the platform. The abuse of this freedom—as in the Artificial Intelligence (AI) usage by Facebook and other social platforms—is under scrutiny. The conflict is at the cognitive level, as revealed by whistleblower Frances Haugen who confirmed that there was a malicious use of algorithms to propagate harmful content.
The Communications Decency Act of 1996 established that intermediaries would not be responsible for published content and formed the bedrock allowing for growing ideas and innovation on the platform.
The debates in the United States over the social division exacerbated by January 06, 2022, Capitol riot raises the question of trust, which is vital to the functioning of democracy, especially amid the revelations of fake accounts—bots operated on social media by adversaries.
Challenges to Respond
The cyber domain exists at the intersection of the technical, political, and social spheres, and different states are evolving postures to confront reality. The United States adopted the persistent engagement and the defend forward strategy in 2018 to resolve the issue of sustained cyberattacks. The strategy states to “disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict” and engage continuously. It would result in greater awareness of the adversary to impose a cost deterring the ability to attack.
Similarly, Australia revised its strategy from 2016 to the 2020 Defence Strategic Update in the wake of continuing cyberattacks and formally recognised the threat from the grey zone. There is an emphasis on using offensive strike capabilities in the Australian Defence Strategic Update as part of the deterrence capabilities. There are also similar considerations in India for deterring cyberattacks with establishing a cybercommand in India and the existing tri-services cyber defence agency, given the emerging challenges.
The changed posture has resulted in reports of the United States conducting offensive operations against Russia in retaliation for its cyberattacks with the stated goal of proportionality in response to attacks. However, efforts to retaliate have pushed the states into using sub-conventional threats more efficiently through disruption to cause damage. The use of grey zone tactics was evident to target diversified sectors in the US, including software vendor Solar Winds, meat supplier JBS, and fuel supplier Colonial Energy. In the latter case, it created long queues and panic among the public over fuel supply disruption in the US. It exposed vulnerability extended toward society through the use of proxies by the state and opened the door to more attacks. Influence operations through cyberspace rely on the cognitive methods of perception dominance, where there is the ability to magnify the divisions and create disruptions.
The use of grey zone tactics was evident to target diversified sectors in the US, including software vendor Solar Winds, meat supplier JBS, and fuel supplier Colonial Energy.
Collective action is emerging with NATO, EU, Australia, New Zealand, and Japan in calling out the cyberattack on Microsoft exchange servers in 2021 from China. These are with the “high degree of attribution” directly attributing the Ministry of State of China through the conduct of the cyberattacks. While naming and shaming were conducted earlier, it was limited to individuals or groups. Sanctions have emerged as part of the US strategy to deter this behaviour, with Russia being sanctioned by the US over the 2016 election interference to the recently conducted SolarWinds hack headed by Russia to discourage attacks. A prominent example emerging of collaboration is Ukraine, where support by the US, NATO, and EU through information sharing, resources, and cyber exercises support Ukraine's cybersecurity in the wake of Russia’s war. The private sector has been crucial in detecting threats, information sharing, and countering misinformation. It has played an important role in Ukraine's defence that could serve as a model for other states' cybersecurity.
Another area to confront cyber threats in the grey zone is the ability to shape norms and principles for technology in the wake of increasing assertion. The idea of techno-democracies has been endorsed by Jared Cohen and Richard Fontaine in Foreign Affairs, where they called for allying with major democracies. It takes on the formation of norms and governing technologies, which face challenges from autocracies, especially China and Russia. The US Senate passed the Innovation and Competition Act 2021, posing for additional funding for semiconductor development and the development of institutions for critical technology, including the capacity-building of allies and partners. This is also reflected in the so-called QUAD (the United States, India, Australia, and Japan), which has formed a working group on supply chain resilience, indicating the convergence of the alignment of technology and values. This converges with the decision to ban Chinese tech companies and applications and the placing of greater scrutiny on Chinese hardware. It also reverberates in the Declaration of the Future of the internet, a nonbinding document by the US along with 60 other states that contain provisions for trusted partners for open network development calling for “risk-based assessments containing both technical and non-technical factors for network security.”
Coercive Diplomacy In the Shadows
The information systems are varied in nature, compromising the open and another that is closed, as a military network that is difficult to enter. It restricts attacking the classified system promoting the use of low-intensity cyber attacks that are conducted without penalty. Benjamin Jensen refers to cyber operations as “coercive diplomacy in the shadows to influence adversary foreign policy options.” What is evolving is the practice of conducting operations below the confrontation threshold either to advance strategic gains or to signal intentions that otherwise would have led to severe retaliatory measures. States are developing strategies of using measures to counter threat low-intensity attacks, including offensive operations. These are in addition to sanctions as punitive measures being adopted by various states to deter adversaries. President Biden’s meeting in Geneva with President Putin stressed the red lines that would bring severe retaliation, clearing the ambiguity on acceptable behaviour but still leaving space to exploit.
What is evolving is the practice of conducting operations below the confrontation threshold either to advance strategic gains or to signal intentions that otherwise would have led to severe retaliatory measures.
The dichotomy lies in the red-blue-grey zone where red is the adversary control area, blue is a state’s own network, and grey includes everything in-between. Attacks in cyberspace are covert, targeting multiple destinations simultaneously and complicating the ability to respond effectively. However, cyberspace is not a monolith; it is governed by technical parameters and consists of infrastructure, including software, hardware, people, and organisations. The technical analysis must be evaluated with strategic intent and gains. Measures must be applied accordingly, thinking about the plausible chain of consequences for their actions for a cyberattack, despite the limitations of deterrence. One of the necessary means is collaboration focusing on more intelligence sharing, defensive measures, and the role of the private sector emerging in Ukraine's cybersecurity amid assault from Russia.
Sachin Tiwari is a PhD candidate at the Centre for Canadian, US, and Latin American Studies at the School of International Studies, Jawaharlal Nehru University, India. He also serves as an honorary research associate at the Kalinga Institute of Indo-Pacific Studies. His thesis focuses on the various debates shaping cybersecurity policies in the United States. He has published on various aspects of cybersecurity and contributes to online forums. His areas of academic interest include working on national security, politics, and technology issues. The views contained in this article are the author's alone and do not represent the views of Jawaharlal Nehru University.
 Kathleen Hicks, Russia in the Gray Zone, Aspen Institute, July 19, 2019, https://www.aspeninstitute.org/blog-posts/russia-in-the-gray-zone/ See also J. Gannon, Erik Grate, Jon Lindsay and Peter Schram, Why Did Russia Escalate Its Gray Zone Conflict in Ukraine? LawFare, January 16, 2022, https://www.lawfareblog.com/why-did-russia-escalate-its-gray-zone-conflict-ukraine.
 Joseph L. Votel, 'The Gray Zone' (White Paper, USSOCOM, Tampa, Florida, 2015).
 Department of Defence, 2020 Defence Strategic Update, July 01, 2020, https://www.defence.gov.au/about/publications/2020-defence-strategic-update.
 Nadiya Kostyuk and Erik Gartzke, “Why Cyber Dogs Have Yet to Bark Loudly in Russia’s Invasion of Ukraine,” Texas National Security Review, Summer 2022, https://tnsr.org/2022/06/why-cyber-dogs-have-yet-to-bark-loudly-in-russias-invasion-of-ukraine/.
 Joseph Nye, “Deterrence and Dissuasion in Cyberspace,” International Security, Vol.41 No. (3) (2016/17, doi:10.1162/ISEC_a_00266.
 Thomas Rid and Ben Buchanan, “Attributing Cyber Attacks,” Journal of Strategic Studies, Vol. 38, Nos. 1–2 (2015), 25.
 Andy Greenberg, “The Untold Story of NotPetya, the Most Devastating Cyberattack in History,” Wired, August 22, 2018, https://www.wired.com/.
 Oliver Fitton, “Cyber Operations and Gray Zones: Challenges for NATO,” Connections: The Quarterly Journal 15, no. 2 (2016): 109–19, http://dx.doi.org/10.11610/Connections.15.2.08.
 US Cyber Command, Our History, https://www.cybercom.mil/About/History/.
 National Security Archive, PDD-20 U.S. Cyber Operations Policy, October 16, 2012, https://nsarchive.gwu.edu/document/21533-document-2-9.
 Ellen Nakashima, “U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms,” Washington Post, February 27, 2019, https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html.
 Valery Gerasimov, Gen., “The Value of Science is in the Foresight,” Military Review (January–February 2016), https://www.armyupress.army.mil/.
 Bilyana Lilly and Joe Cheravitch, “The Past, Present, and Future of Russia’s Cyber Strategy and Forces,” 2020 12th International Conference on Cyber Conflict, https://www.ccdcoe.org/.
 Janne Hakala and Jazlyn Melnychuk, Russia’s Strategy in Cyberspace, NATO CCDCOE, June 2021 https://stratcomcoe.org/cuploads/pfiles/Nato-Cyber-Report_15-06-2021.pdf.
 Kieran Richard Green, “People's War in Cyberspace: Using China's Civilian Economy in the Information Domain,” Military Cyber Affairs 2, no. 1 (2016), http://doi.org/10.5038/2378-07126.96.36.1992.
 State Council Information Office, “China’s National Defence in the New Era,” 2019 Defence White Paper, People’s Republic of China, July 2019.
 John Costello and Jo McReynolds, “China’s Strategic Strategic Support Force: A Force for a New Era,” China Strategic Perspectives, No. 13(2018), https://ndupress.ndu.edu/Media/News/Article/1651760/chinas-strategic-support-force-a-force-for-a-new-era/.
 Emily Bienvenue, Zac Rogers, and Sian Troath, “Trust as a Strategic Resource for the Defence of Australia,” The Cove, October 30, 2018, https://cove.army.gov.au/. See also Brahma Chellaney, “China’s Global Hybrid War,” The Strategist, December 10, 2021, https://www.aspistrategist.org.au/.
 Alex Campbell, CJ Dixon, Gussie Gronquist, Tala Haikal, and Matthew Kalin, “How Does Iran Conceive of Cyber as Part of Its National Strategy?,” report for FireEye Threat Intelligence as part of Capstone project, https://www.sipa.columbia.edu/.
 Pierre Pahlavi, “Iran’s Cyber Influence Strategy Poses Formidable Challenges for the West,” The National Interest, https://nationalinterest.org/blog/techland-when-great-power-competition-meets-digital-world/iran%E2%80%99s-cyber-influence-strategy-poses.
 Gabi Siboni, Léa Abramski, and Gal Sapir, Iran’s Activity in Cyberspace: Identifying Patterns and Understanding the Strategy, INSS, 4(1) 2020, https://www.inss.org.il/wp-content/uploads/2020/03/Cyber4.1ENG_e-23-42.pdf.
 John Raine, “War or Peace? Understanding the Grey Zone,” International Institute for Strategic Studies, April 03, 2019, https://www.iiss.org/.
 Robert Mueller, “Report on the Investigation into Russian Interference in the 2016 Presidential Election,” US Department of Justice, 14, March 2019, https://www.justice.gov/.
 Monica Kaminska. “Restraint under Conditions of Uncertainty: Why the United States Tolerates Cyberattacks,” Journal of Cybersecurity 7, no. 1 (2021), https://doi.org/10.1093/cybsec/tyab008.
 Lily Newman, How Iran Tried to Undermine the 2020 US Presidential Election, The Wired, 18 Nov 2021, https://www.wired.com/story/iran-2020-election-interference/.
 David E. Sanger, David Barboza, and Nicole Pelroth, “Chinese Army Unit Is Seen as Tied to Hacking against U.S.,” New York Times, February 18, 2013, https://www.nytimes.com/.
 Tim Maurer, “A Dose of Realism: The Contestation and Politics of Cyber Norms,” Hague Journal on the rule of Law 12 (2020): 283–305, https://doi.org/10.1007/s40803-019-00129-8.
 Brandon Valeriano and Ryan C. Maness, Cyber War versus Cyber Realities: Cyber Conflict in the International System (Oxford: Oxford University Press, 2015).