Cyber Persistence Theory

Redefining National Security in Cyberspace

🎙️ Comps Prep (Oral Comprehensive Exam)

• If cyberspace is an interconnected, constant-contact strategic environment, then security is a persistent struggle for initiative, because actors can continuously exploit and reconfigure vulnerabilities. So what for strategy: stop treating cyber as a deterrence-only problem and shift to campaign thinking. (p. 24–26)

• If the environment rewards persistence and offers abundant exploitable opportunities, then states will run campaigns of cyber faits accomplis that cumulate strategic gains below armed conflict, because unilateral exploitation scales without requiring adversary “concession.” So what for strategy: prioritize preclusion and continuous contestation over episodic response. (p. 25; p. 40–44)

• If cyber competition is tacitly bounded by “cyber agreed competition,” then competitive interaction—not escalation—will dominate, because actors can gain strategically while avoiding armed-attack equivalence. So what for strategy: manage stability by watching for ceiling-breaching conditions (e.g., sustained initiative imbalance/extraordinary gains). (PDF p. 65; p. 124)

• This reframes cyber operations as IW-like, below-threshold strategic competition over control/initiative—an analytic bridge to SAASS 644’s Patterson framing of IW + strategic competition (and, by analogy, Kalyvas’s control/information logic). (p. 7; p. 122–124)

Online Description

Cyber Persistence Theory argues that cyberspace constitutes a distinct strategic environment—defined by interconnectedness and constant contact—where states pursue security primarily through persistent exploitation rather than episodic coercion. The authors develop a structural theory explaining why cyber campaigns below armed conflict produce cumulative strategic effects, and they connect that theory to policy prescriptions centered on seizing and maintaining initiative. (p. 24–26; p. 122–125)

Author Background

TBD

---

60‑Second Brief

• Core claim (1–2 sentences):

  Cyber Persistence Theory (CPT) argues that cyberspace is a distinct strategic environment where security depends on persistent initiative and exploitative campaigning—“an alternative to war”—rather than on deterrence through threatened punishment. (p. 24–26)

• Causal logic in a phrase:

  Interconnectedness + constant contact → initiative persistence → exploitation-centric behavior (faits accomplis / occasional direct engagement) → competitive interaction (not escalation) → stability managed by bounded competition + norm/law evolution.

• Why it matters for IW / strategic competition (2–4 bullets):

  • It offers a theory of below-threshold strategic competition where cumulative effects—not “decisive battle”—drive outcomes. (p. 122–124)

  • It reframes “success” as persistently setting security conditions (initiative balance), which maps cleanly to IW logics of protraction and control. (p. 24; p. 35)

  • It provides a rationale for persistent engagement / defend forward as structural adaptation, not doctrinal fashion. (p. 124; p. 135)

  • It links cyber stability to bounded competition + norm formation, which matters for long-run strategic competition governance. (PDF p. 65; p. 96)

• Best single takeaway (1 sentence):

  In cyberspace, strategy is less about deterring one catastrophic act and more about winning a continuous campaign for initiative and cumulative advantage. (p. 122–124)

Course Lens

• How does this text define/illuminate irregular warfare?

  • CPT does not define IW explicitly, but it analyzes persistent, competitive activity below armed conflict that aims to shape security conditions and accumulate strategic advantage—an IW-adjacent logic of competition short of open war. (p. 7; p. 124)

• What does it imply about power/control, success metrics, and timeline in IW?

  • Power/control: Control is expressed as initiative and control of key cyberspace terrain (access, persistence, and the ability to set/reset conditions). (p. 24–25; p. 44)

  • Success metrics: Measure success as the ability to anticipate and persistently set the conditions of security and the relative balance of vulnerability vs. exploitability (initiative). (p. 24; p. 35)

  • Timeline: The relevant unit is the campaign over time; “no operational pause” implies protracted, continuous competition. (p. 122; p. 124)

• How does it connect to strategic competition?

  • CPT treats cyber activity as a “new competitive space” where actors pursue national interests and values through cumulative effects and norm contestation—i.e., strategic competition in a persistent-contact environment. (p. 124)

---

Seminar Questions (from syllabus)

• What assumptions define Cyber Persistence Theory?

• What policy implications arise from Cyber Persistence Theory?

• To what extent does the Lonergans’ argument challenge the “persistent engagement” posture?

• How about Lindsay?

• How does Cyber Persistence Theory align with democratic values, transparency, and oversight discussed in Perlroth, and Bradford?

• Does this theory rely more heavily on defense or offensive cyber?

• How should the US determine its strategy for defense versus offence in cyberspace?

• How should the US measure success?

• How about assessments in general?

• How do we know it is working?

✅ Direct Responses to Seminar Questions

• Q: What assumptions define Cyber Persistence Theory?

  • A:

    • Cyberspace is a distinct strategic environment whose defining features include interconnectedness and constant contact, not episodic interaction. (p. 120; p. 31–35)

    • Security requires initiative persistence: states must persistently set and maintain security conditions rather than rely on episodic coercion. (p. 24–25; p. 35)

    • The core logic is exploitation (not coercion): actors can directly change the “virtualscape” through persistent exploitation without war. (p. 25; p. 26)

    • Security conditions are defined by a relative balance of vulnerability vs. exploitability—a structural, shifting measure rather than a binary “secure/insecure.” (p. 24)

    • Most consequential cyber competition remains short of armed-attack equivalence, creating a bounded competition space (“cyber agreed competition”) in which actors often avoid actions that would justify armed retaliation. (p. 44; PDF p. 65)

• Q: What policy implications arise from Cyber Persistence Theory?

  • A:

    • Shift from “incident/threshold” thinking to campaign-minded strategy: “the campaign is the relevant unit of analysis.” (p. 122)

    • Prioritize initiative through continuous operations: “no operational pause” implies that operational restraint can cede initiative. (p. 124)

    • Focus on preclusion (thwarting/foreclosing adversary campaigns) and on exploiting “targets of opportunity now,” rather than only holding targets at risk for future contingencies. (p. 124; p. 135)

    • Demand synergy across instruments (not segmentation): interconnectedness means cyber competition cannot be managed by isolated actors or stovepiped policies. (p. 123)

    • Use diplomacy and law to mature the cyber strategic environment: build more settled expectations about acceptable/unacceptable behavior and articulate state positions (including on countermeasures and “domaine réservé” like elections). (p. 125; p. 96; p. 125)

    • Treat stability management as guardrailing behavior within bounded competition, while monitoring conditions that could incentivize ceiling breaches (e.g., sustained initiative imbalance, extraordinary gains). (p. 124; PDF p. 65)

    • Actively contest emerging de facto norms (e.g., IP theft, privacy violations, interference in democratic processes) to prevent normalization. (p. 124)

• Q: To what extent does the Lonergans’ argument challenge the “persistent engagement” posture?

  • A:

    • CPT frames persistent engagement / defend forward as an operational expression of initiative persistence, and it uses U.S. strategy evolution as evidence of adaptation toward that posture. (p. 124; p. 135)

    • The PDF references Borghard & Lonergan primarily in notes/bibliography and does not directly summarize or adjudicate their critique in the main text; a precise “extent” comparison is TBD without the Lonergans reading. (PDF p. 168; p. 216)

    • CPT’s internal response to the most likely critique space (destabilization/escalation concern) is to argue stability is structurally supported and to specify ceiling-breaching conditions policymakers should monitor. (p. 124; PDF p. 65)

• Q: How about Lindsay?

  • A:

    • CPT argues that day-to-day cyber competition is best understood as persistent competitive interaction around initiative rather than as episodic coercion; this is the benchmark for evaluating any critique of persistent engagement. (p. 25; p. 124)

    • The PDF cites Lindsay mainly in notes/bibliography and does not directly engage his argument in the main text; a faithful comparison is TBD without Lindsay’s assigned reading. (PDF p. 165; p. 216)

    • CPT’s position implies that critiques premised on “deterrence is the core problem” miss the theory’s foundation: security and stability flow from deliberate cumulative action, not prospective threats. (p. 124)

• Q: How does Cyber Persistence Theory align with democratic values, transparency, and oversight discussed in Perlroth, and Bradford?

  • A:

    • CPT explicitly warns that cyber campaigns are shaping “national interests and values” and describes de facto norms that include “violations of privacy” and “interference in democratic debates and processes,” arguing they must be actively contested. (p. 124)

    • CPT highlights transparency as a stabilizing move in norm development—for example, citing the idea that states should publicly explain how international law applies “to improve transparency.” (p. 96)

    • CPT implies more operational activity and cross-sector collaboration (e.g., operations beyond DoD networks; continuous collaboration with the private sector), which increases the importance of legitimacy, accountability, and oversight—even if the book does not provide a detailed democratic oversight framework. (p. 135; p. 123)

    • Perlroth appears in the notes/bibliography, but the main text does not develop a direct comparison; Bradford is not located in this PDF. Specific alignment with Perlroth/Bradford’s arguments is TBD without those texts/metadata. (PDF p. 192; p. 244)

• Q: Does this theory rely more heavily on defense or offensive cyber?

  • A:

    • CPT rejects a simple offense-versus-defense dominance frame: the environment’s engagement dynamics “are not captured” by that conceptualization. (p. 25)

    • The theory centers on initiative, which can involve defensive and offensive actions simultaneously in practice; what matters is who sets the security conditions. (p. 25)

    • Persistent engagement / defend forward implies active contestation and preclusion (not purely defensive posture), but CPT treats this as part of a single exploitative campaign logic. (p. 124; p. 135)

• Q: How should the US determine its strategy for defense versus offence in cyberspace?

  • A:

    • Start from CPT’s baseline: constant contact means security is about persistently setting conditions, not deciding between two separable “modes.” (p. 24–25; p. 120)

    • Organize around campaigns: treat the campaign as the unit and evaluate cumulative effects rather than one-off events. (p. 122)

    • Build operational approaches that sustain initiative (preclusion, continuous tempo) while remaining inside bounded competition (avoid incentives to breach the tacit upper bound). (p. 124; PDF p. 65)

    • Ensure policy and authorities support agility and persistence; avoid segmentation (synergy test) and build whole-of-nation-plus collaboration. (p. 123; p. 128; p. 135)

    • Invest in norm/law maturation to create predictability and transparency (including articulation of international law positions and countermeasure logic). (p. 96; p. 125)

• Q: How should the US measure success?

  • A:

    • CPT defines success as being able to “effectively anticipate and persistently set the conditions of security… in their favor.” (p. 35)

    • Use the initiative metric embedded in CPT: the “relative balance” between vulnerability to exploitation and ability to exploit others’ vulnerabilities. (p. 24)

    • Assess at campaign scale: “the campaign is the relevant unit of analysis.” (p. 122)

    • Include stability constraints: success also means sustaining bounded competition without incentivizing armed-attack equivalent behavior. (PDF p. 65)

• Q: How about assessments in general?

  • A:

    • CPT’s empirical posture implies assessments must be multi-method and cautious about data limits (the authors explicitly discuss constraints and how they address them). (p. 59–61)

    • Assessments should prioritize patterns over time (campaign effects, initiative balance), not just incident counts or catastrophic hypotheticals. (p. 122; p. 124)

    • Include institutional/legal/partner variables as part of assessment, because segmentation undermines effectiveness in an interconnected environment. (p. 123)

• Q: How do we know it is working?

  • A:

    • When U.S. and partner actions measurably improve their ability to set/reset security conditions (initiative) and prevent adversaries from accumulating gains—i.e., successful preclusion over time. (p. 124; p. 122)

    • When competitive activity remains bounded (no persistent ceiling breaches) while adversary campaigns are disrupted/forced to adapt—evidence consistent with stability within cyber agreed competition. (p. 124; PDF p. 65)

    • When undesirable de facto norms (privacy violations, democratic interference, IP theft) are actively contested rather than normalized. (p. 124)

    • Inference (bounded by CPT): “working” is a longitudinal pattern across campaigns, not a single decisive event.

---

Chapter-by-Chapter Breakdown

Note: This PDF appears to place Chapter 5 before Chapter 4 in pagination order; the breakdown below is ordered by chapter number and includes PDF page ranges for traceability.

Chapter 1: The Misapplied Nexus of Theory and Policy (PDF p. 8–15)

• One-sentence thesis: The authors argue cyber strategy has been trapped in misapplied war/deterrence frames and needs a structural theory aligned to persistent exploitative competition below armed conflict.

• What happens / what the author argues (5–10 bullets):

  • Frames the book’s purpose: align theory with policy for cyberspace as a strategic environment.

  • Reviews competing “cyber war” vs “skeptic” perspectives and argues both miss key features of observed cyber behavior.

  • Critiques deterrence theory’s dominance in U.S. national security thinking as an inheritance from nuclear strategy.

  • Emphasizes that states can pursue strategic ends through campaigns that “routinely avoid operations that could justify armed retaliation.” (p. 44)

  • Sets up the need for concepts explaining persistent exploitation and cumulative effects.

• Key concepts introduced (0–5):

  • Misapplied deterrence nexus

  • Paradigm change (theory-policy alignment)

• Evidence / cases used:

  • Primarily conceptual framing + literature positioning; illustrative references to persistent cyber activity below armed conflict.

• IW / strategy relevance (2–4 bullets):

  • Explains why competition below armed conflict can still be strategically decisive (cumulative effects).

  • Flags a campaign mindset consistent with IW protraction and “control” logics.

• Links to seminar questions: Q1, Q2, Q6, Q8–Q10

• Notable quotes (0–2):

  • (none)

Chapter 2: The Structure of Strategic Environments (PDF p. 16–43)

• One-sentence thesis: Cyberspace’s structure produces an initiative-persistent strategic environment with a logic of exploitation that redefines security and demands different strategic concepts than conventional/nuclear deterrence.

• What happens / what the author argues (5–10 bullets):

  • Builds a comparative framework across conventional, nuclear, and cyber strategic environments.

  • Argues conventional and nuclear strategy are tied to war/war avoidance and coercion, while cyber is not.

  • Defines cyber security as “the alternative to war.” (p. 26)

  • Establishes initiative persistence and explains why offense-defense language is “too limiting” at the strategic level. (p. 24–25)

  • Identifies key features enabling persistence (recursive simplicity, accessibility, affordability) and especially interconnectedness and constant contact. (p. 26–35)

  • Defines security conditions as the relative balance of being vulnerable vs being able to exploit vulnerabilities. (p. 24)

  • Concludes that success requires persistent anticipation and condition-setting, not episodic deterrence. (p. 35)

• Key concepts introduced (0–5):

  • Initiative persistence

  • Interconnectedness / constant contact

  • Virtualscape

• Evidence / cases used:

  • Historical analogies (conventional and nuclear evolution), plus conceptual grounding of cyberspace as sociotechnical environment.

• IW / strategy relevance (2–4 bullets):

  • Provides a coherent theory for protracted, below-threshold competition and “control” in a nonphysical domain.

  • Reorients success metrics from decisive events to enduring condition-setting.

• Links to seminar questions: Q1, Q2, Q6–Q8

• Notable quotes (0–2):

  • (none)

Chapter 3: Cyber Behavior and Dynamics (PDF p. 44–64)

• One-sentence thesis: CPT identifies the dominant behaviors of cyber competition (faits accomplis; rarer direct engagement) and argues they create bounded “cyber agreed competition” characterized by competitive interaction rather than escalation.

• What happens / what the author argues (5–10 bullets):

  • Defines strategic cyber exploitation beyond traditional espionage framing.

  • Introduces cyber fait accompli as the primary behavior enabling unilateral gains that persist through target unawareness or inability/unwillingness to respond. (p. 40; p. 44)

  • Illustrates cyber faits accomplis with examples like OPM and Cloud Hopper as strategic exploitation shaping conditions. (p. 42)

  • Defines direct cyber engagement as mutually dependent competition for control over key terrain; explains why it’s relatively scarce in practice. (p. 44)

  • Develops cyber agreed competition: a tacitly bounded competition space below armed-attack equivalence, reinforced by avoidance of operations that justify armed retaliation. (p. 44; PDF p. 65)

  • Argues the dominant dynamic is competitive interaction; escalation constructs are often misapplied from other environments. (p. 51)

  • Considers AI’s potential to increase direct engagements via better situational awareness, while not altering initiative persistence. (p. 54)

• Key concepts introduced (0–5):

  • Cyber fait accompli

  • Direct cyber engagement

  • Cyber agreed competition

  • Competitive interaction

• Evidence / cases used:

  • Illustrative incidents (OPM, Cloud Hopper), conceptual distinctions, and environment-based logic.

• IW / strategy relevance (2–4 bullets):

  • Clarifies how strategic gains can accrue without coercion or open conflict (IW-like competitive accumulation).

  • Offers a stability frame for “gray zone” behavior in cyber.

• Links to seminar questions: Q1, Q2, Q6–Q10

• Notable quotes (0–2):

  • (none)

Chapter 4: Theory and the Empirical Record (PDF p. 98–125)

• One-sentence thesis: The authors test CPT’s hypotheses against open-source evidence and find strong support for persistent exploitative competition, dominant competitive interaction, rare escalation, and limited direct engagement.

• What happens / what the author argues (5–10 bullets):

  • Lays out explicit hypotheses derived from CPT (persistence, exploitation, faits accomplis, competitive interaction, rare escalation, scarce direct engagement). (PDF p. 98–99)

  • Explains an open-source, multi-method empirical strategy and addresses representativeness limits. (p. 59–61)

  • Presents evidence consistent with persistent operational tempos and long-running exploit campaigns.

  • Argues that many operations exhibit fait accompli dynamics (e.g., delayed discovery, difficulty responding effectively).

  • Connects cyber campaigns to strategic outcomes (e.g., economic power/innovation trajectories; sanctions evasion/financial theft). (p. 73–76)

  • Examines rivalry dyads and argues patterns fit competitive interaction more than escalation dynamics. (p. 77–80)

  • Finds escalation within and across domains is rare and often context-dependent.

• Key concepts introduced (0–5):

  • Hypotheses as observable implications

  • “Hard cases” / rivalry dyads framing

• Evidence / cases used:

  • Open-source reporting and datasets; examples include China-related IP theft/innovation claims and North Korea cyber-enabled sanctions evasion/financial theft. (p. 73–76)

• IW / strategy relevance (2–4 bullets):

  • Demonstrates empirically how cumulative, below-threshold actions can shift strategic balances.

  • Supports campaign-level assessment over incident-level accounting.

• Links to seminar questions: Q1, Q2, Q8–Q10

• Notable quotes (0–2):

  • (none)

Chapter 5: Cyber Stability (PDF p. 65–97)

• One-sentence thesis: Persistent action is not inherently unstable; stability can be structurally supported in cyber competition, but risks emerge from initiative imbalance, unintended incidents, and spiraling complexity, requiring guardrails via tacit and explicit mechanisms.

• What happens / what the author argues (5–10 bullets):

  • Defines cyber stability as a condition in which states are not incentivized to breach the tacit upper bound with armed-attack equivalent cyber operations or conventional/nuclear armed attack. (PDF p. 65)

  • Links stability to initiative persistence: continuous activity can be compatible with bounded competition.

  • Identifies destabilizing pathways: winning/losing too much (initiative imbalance), unintended incidents, spiraling complexity (including AI). (PDF p. 65)

  • Argues that certain restraint strategies can cede initiative and potentially produce destabilizing incentives.

  • Discusses stabilizing mechanisms and emphasizes the distinctness of the cyber environment while allowing for additive cross-environment management.

  • Evaluates explicit norm efforts (e.g., UN processes; G7/G20 statements) and highlights transparency/predictability challenges. (p. 96)

  • Emphasizes tacit coordination/bargaining as mechanisms for settling expectations and contributing to stability. (p. 54; p. 96–99)

• Key concepts introduced (0–5):

  • Cyber stability (as bounded-competition condition)

  • Destabilizing pathways (imbalance/incidents/complexity)

• Evidence / cases used:

  • Norm process examples (G7/G20; UN work), conceptual parallels to crisis management and inadvertent escalation analogies. (p. 96–99)

• IW / strategy relevance (2–4 bullets):

  • Shows how stability in protracted competition depends on bounded behavior and guardrails (relevant to gray zone management).

  • Reinforces “measure success over time” logic under sustained competition.

• Links to seminar questions: Q1, Q2, Q5, Q8–Q10

• Notable quotes (0–2):

  • (none)

Chapter 6: The Cyber Aligned Nexus of Theory and Policy (PDF p. 126–133)

• One-sentence thesis: CPT implies a policy shift toward campaign-based, initiative-seizing, preclusion-focused operations coupled with legal/diplomatic maturation to manage bounded cyber competition.

• What happens / what the author argues (5–10 bullets):

  • Reasserts the structural basis for initiative persistence (interconnectedness + constant contact). (p. 120–121)

  • Prescribes a campaign mindset: “the campaign is the relevant unit of analysis.” (p. 122)

  • Argues cumulative effects—not use-of-force/armed-attack equivalence—are the key metric for consequential behavior. (p. 122)

  • Calls for domestic legal and policy frameworks enabling persistent, agile operations and avoiding segmentation. (p. 123)

  • Introduces the synergy vs segmentation test for policies. (p. 123)

  • Emphasizes continuous tempo and preclusion: no pause; restraint cedes initiative. (p. 124)

  • Frames stability as flowing from deliberate cumulative action rather than threats; identifies conditions that might incentivize escalation. (p. 124)

  • Calls for maturing cyber competition and contesting de facto norms; urges paradigm shift away from deterrence. (p. 124–125)

• Key concepts introduced (0–5):

  • Campaign as unit of analysis

  • Preclusion

  • Synergy vs segmentation

• Evidence / cases used:

  • Illustrative direct engagement examples (Trickbot; ISIS network administrators; APT29 competition) and U.S. policy authority references. (p. 121–123)

• IW / strategy relevance (2–4 bullets):

  • Provides a strategist’s “how to campaign” logic under persistent competition short of armed conflict.

  • Links operations, law, and diplomacy as mutually reinforcing instruments of competition.

• Links to seminar questions: Q1, Q2, Q5–Q10

• Notable quotes (0–2):

  • (none)

Chapter 7: United States Case Study (PDF p. 134–164)

• One-sentence thesis: The U.S. shifted toward defend forward and persistent engagement as a structural adaptation consistent with CPT, but legacy deterrence and segmentation continue to constrain implementation.

• What happens / what the author argues (5–10 bullets):

  • Uses the U.S. as a least-likely case to examine theory-policy alignment over 2010–2021. (p. 127–128)

  • Describes early U.S. emphasis on deterrence, norms, and defense/resilience, alongside operational restraint.

  • Argues adversary activity and strategic effects challenged U.S. assumptions, pushing reassessment.

  • Highlights the 2018 DoD shift to “defend forward,” and USCYBERCOM’s call to “persistently contest malicious cyber activity in day-to-day competition” short of armed conflict. (p. 135)

  • Presents Nakasone’s logic: in cyber, “use” is more consequential than threatened use, reinforcing persistence posture. (p. 135)

  • Emphasizes operational concepts (anticipatory resilience, contest) and expanded collaboration with institutions and private sector. (p. 135)

  • Identifies constraints and argues for whole-of-nation-plus integration to meet initiative persistence requirements. (p. 128; p. 135)

• Key concepts introduced (0–5):

  • Defend forward

  • Persistent engagement

  • Whole-of-nation-plus

• Evidence / cases used:

  • U.S. strategic documents and leadership statements; JTF Ares experience; evolution in policy authorities and operational posture. (p. 135)

• IW / strategy relevance (2–4 bullets):

  • Shows institutional adaptation as a prerequisite for effective strategic competition (organizational IW analogue).

  • Highlights legitimacy/oversight stakes when campaigning in/through a civilian-owned domain.

• Links to seminar questions: Q2–Q7, Q9–Q10

• Notable quotes (0–2):

  • (none)

---

Theory / Framework Map

• Level(s) of analysis:

  • Primarily systems/structural (strategic environment features shaping imperatives and behavior), with a secondary policy/institutional level in the U.S. case study. (p. 120–121; p. 127–135)

• Unit(s) of analysis:

  • States (and “peer cyber States” in direct engagement), plus their campaigns and interactions in a shared cyber strategic environment. (p. 44; p. 122)

• Dependent variable(s):

  • Security conditions (initiative balance); stability within bounded competition; dominant dynamics (competitive interaction vs escalation). (p. 24; PDF p. 65; p. 77–80)

• Key independent variable(s):

  • Interconnectedness; constant contact; reconfigurable terrain; macro-resilience/micro-vulnerability; abundance of exploitable opportunity. (p. 26–35; p. 124)

• Mechanism(s):

  • Initiative persistence → exploitation logic → cyber faits accomplis (primary) / direct cyber engagement (secondary) → cyber agreed competition → competitive interaction patterns and bounded stability. (p. 25; p. 44; p. 51; PDF p. 65)

• Scope conditions / where it should NOT apply:

  • When activity reaches armed-attack equivalence or shifts to conventional/nuclear coercion logic (outside bounded cyber competition). (p. 44; PDF p. 65)

• Observable implications / predictions:

  • Persistent operational activity; exploitation dominance; frequent faits accomplis; scarce direct engagement; competitive interaction dominates; escalation rare. (PDF p. 98–99)

Key Concepts & Definitions (author’s usage)

1. Cyber strategic environment

• Definition: A strategic environment defined by ICT-enabled interconnectedness and constant contact in/through cyberspace, producing distinct security imperatives. (p. 120–121)

• Role in argument: Ground truth for why deterrence/war frames misfit.

• Analytical note: Operationalize via measures of interdependence, connectivity, and persistent interaction pathways.

2. Initiative persistence

• Definition: A structurally driven imperative to persistently set and maintain security conditions in an ever-changing “virtualscape.” (p. 24; p. 35)

• Role in argument: Core logic replacing offense dominance and deterring war.

• Analytical note: Track as a relative balance of vulnerability vs exploitability plus tempo and access persistence.

3. Logic of exploitation

• Definition: Strategic action oriented toward exploiting inherent vulnerability to directly change the virtualscape and set conditions, rather than coercively shaping opponent calculus. (p. 25)

• Role in argument: Explains why cyber competition is not primarily coercion/deterrence.

• Analytical note: Identify exploitative effects that persist independent of immediate opponent “concession.”

4. Cyber fait accompli

• Definition: A limited unilateral gain at a target’s expense that persists when the target is unaware, unable, or unwilling to respond effectively. (p. 40)

• Role in argument: Primary behavior of cyber competition; drives cumulative effects.

• Analytical note: Look for long dwell times, delayed discovery, and gains retained despite exposure.

5. Direct cyber engagement

• Definition: Mutually dependent exploitative action short of armed-attack equivalence competing for control of key terrain. (p. 44)

• Role in argument: Secondary behavior enabling tacit bargaining and boundary-setting.

• Analytical note: Detect via adversary-interactive operations where each side’s actions depend on the other’s live posture.

6. Cyber agreed competition

• Definition: A tacitly bounded competition space below armed-attack equivalence; actors often avoid operations that could justify armed retaliation. (p. 44; PDF p. 65)

• Role in argument: Explains stable persistent competition without default escalation.

• Analytical note: Operationalize via patterns of restraint + consistency in threshold avoidance.

7. Competitive interaction

• Definition: Repeated competitive actions shaping security conditions (through exploitation) rather than bargaining/coercive escalation dynamics. (p. 51; p. 77–80)

• Role in argument: Central dynamic the theory predicts and empirically defends.

• Analytical note: Expect reciprocal but non-escalatory patterns, with adaptation rather than crisis escalation.

8. Cyber stability

• Definition: A condition where states are not incentivized to pursue armed-attack equivalent cyber operations or conventional/nuclear armed attack (breaching the tacit upper bound). (PDF p. 65)

• Role in argument: Addresses the “persistence = instability?” critique.

• Analytical note: Monitor incentives—especially initiative imbalances and extraordinary gains—that could shift behavior.

9. Preclusion

• Definition: Operational approach emphasizing thwarting/foreclosing adversary campaigns and exploiting targets of opportunity now rather than holding targets at risk for future contingencies. (p. 124)

• Role in argument: Practical expression of initiative persistence in policy/operations.

• Analytical note: Evaluate by reduction in adversary campaign freedom of action over time.

10. Synergy vs segmentation (policy test)

• Definition: A diagnostic question—are instruments and policies mutually reinforcing (synergy) or stovepiped (segmentation) in an interconnected environment? (p. 123)

• Role in argument: Bridges theory to institutional design and policy practice.

• Analytical note: Use as an assessment lens for interagency, public-private, and allied integration.

---

Key Arguments & Evidence

• Argument 1: Cyberspace is a distinct strategic environment; cyber security is “the alternative to war,” grounded in initiative persistence and exploitation rather than deterrence/coercion.

  • Evidence/examples:

    • Comparative strategic environment logic and definitional claims about how cyber differs from conventional/nuclear security. (p. 24–26)

  • So what:

    • Reorients doctrine and policy away from episodic deterrence postures toward persistent campaigning.

• Argument 2: The dominant behavior is exploitative campaigning—especially cyber faits accomplis—that produces cumulative strategic effects below armed conflict.

  • Evidence/examples:

    • Conceptual definition of cyber fait accompli and illustrative cases (e.g., OPM; Cloud Hopper). (p. 40–42)

    • Chapter 4’s empirical tests connecting campaigns to strategic outcomes. (PDF p. 98–99; p. 73–76)

  • So what:

    • The “center of gravity” is campaign disruption and preclusion, not just punishment threats.

• Argument 3: Cyber competition is largely stable and bounded; the dominant dynamic is competitive interaction, with escalation rare and conditional.

  • Evidence/examples:

    • Theoretical logic of cyber agreed competition and stability definition. (p. 51; PDF p. 65)

    • Empirical rivalry discussion emphasizing competitive interaction over escalation. (p. 77–80)

  • So what:

    • Policy should be built around guardrailing bounded competition and monitoring conditions that might incentivize ceiling breaches.

• Argument 4: Policy should align with CPT via campaign-based operations, continuous tempo, preclusion, and legal/diplomatic maturation; U.S. shift to defend forward/persistent engagement illustrates partial alignment.

  • Evidence/examples:

    • Campaign unit and cumulative effects metric. (p. 122)

    • “No operational pause” and cumulative-action logic; contesting de facto norms. (p. 124)

    • U.S. case study citing 2018 defend forward and persistent contestation logic. (p. 135)

  • So what:

    • Strategic advantage comes from persistent use and integration, not episodic threat signaling.

⚖️ Assumptions & Critical Tensions

• Assumptions the author needs:

  • Cyberspace remains a constant-contact environment where actors cannot “exit” interdependence at scale. (p. 120–121)

  • Exploitation yields strategic gains short of armed conflict often enough to sustain bounded competition. (p. 124; PDF p. 65)

  • Macro-resilience/micro-vulnerability discourages escalation while enabling persistent campaigning. (p. 124)

• Tensions / tradeoffs / contradictions:

  • Persistent engagement may strengthen security conditions but also increases operational activity in civilian-owned networks—raising legitimacy, oversight, and externalities tensions. (p. 135; p. 123)

  • Norm building: reliance on tacit mechanisms may be slow or ambiguous, but explicit agreements can be nonbinding and vague. (p. 96–99)

  • A stability theory premised on bounded incentives must still explain outlier events and strategic surprises (e.g., extraordinary gains shifting incentives). (p. 124)

• What would change the author’s mind? (mark clearly as inference)

  • Inference: Systematic evidence that persistent engagement reliably triggers cross-domain escalation or incentivizes routine ceiling breaches (armed-attack equivalence) would challenge CPT’s stability claims.

Critique Points

• Strongest critique:

  • CPT is strategically persuasive but can under-specify how democratic legitimacy, transparency, and oversight should scale with continuous operations in civilian space (it flags law/policy needs but not an oversight model). (p. 123; p. 135)

• Weakest critique:

  • The theory’s insistence that deterrence frames are misapplied can be read as overstated if one treats deterrence as one tool among many; CPT’s value may be as reframing the baseline, not abolishing deterrence entirely.

• Method/data critique (if applicable):

  • The empirical record relies on open-source data and vendor reporting; the authors address limitations, but coverage biases remain an inherent constraint. (p. 59–61)

• Missing variable / alternative explanation:

  • Organizational capacity and domestic political constraints might independently explain variation in initiative persistence across states (beyond structural incentives). (Inference)

---

Policy & Strategy Takeaways

• Implications for the US + partners:

  • Adopt a campaign-centric strategy that treats persistent cyber competition as normal, not anomalous. (p. 122–124)

  • Build whole-of-nation-plus and allied collaboration to match interconnectedness (public-private and interagency integration as a strategic requirement). (p. 135; p. 123)

  • Contest emerging de facto norms (privacy violations, democratic interference, IP theft) using all instruments of national and international power. (p. 124)

• Practical “do this / avoid that” bullets:

  • Do: Build capabilities and authorities for continuous operational tempo and preclusion; avoid operational restraint that cedes initiative. (p. 124)

  • Do: Evaluate policy architecture for synergy vs segmentation; align cyber operations with diplomatic and legal positions. (p. 123; p. 125)

  • Avoid: Measuring cyber success primarily by absence of catastrophic attack or by single-incident outcomes; CPT pushes campaign-level cumulative assessment. (p. 122)

• Risks / second-order effects:

  • Expanded operational activity increases risks of unintended incidents, legitimacy backlash, and partner friction; stability requires guardrails and expectation-setting. (PDF p. 65; p. 96–99)

  • Aggressive contestation can accelerate adversary adaptation; persistent competition implies persistent innovation and assessment loops. (Inference bounded by campaign logic; p. 122–124)

• What to measure (MOE/MOP ideas) and over what timeline:

  • MOE (CPT-grounded): initiative balance—ability to anticipate and persistently set security conditions. (p. 35; p. 24)

  • MOE: campaign outcomes—adversary campaign disruption/preclusion and inability to cumulate gains over time. (p. 122–124)

  • MOE: bounded stability—frequency/severity of ceiling-breaching incentives/events (armed-attack equivalence). (PDF p. 65; p. 124)

  • Timeline: multi-year (campaign scale); quarterly operational assessments feeding annual strategic reassessment (inference consistent with “campaign as unit” logic). (p. 122)

⚔️ Cross‑Text Synthesis (SAASS 644)

• Where this aligns:

  • Patterson (IW + strategic comp): CPT’s “day-to-day competition short of armed conflict” framing maps to IW-as-strategic-competition logic (cyber as a competitive space with cumulative effects). (p. 124; p. 135)

  • Kalyvas (control/info/violence): CPT’s emphasis on initiative and situational awareness asymmetries echoes the intuition that control and information dynamics shape outcomes (inference). (p. 25; p. 44)

• Where this contradicts:

  • It pushes back on coercion/deterrence-first framings that mirror nuclear strategic logic, arguing cyber security is not primarily war avoidance through threatened punishment. (p. 24–26; p. 125)

• What it adds that others miss:

  • A structural theory explaining why persistent, below-threshold cyber competition can be both strategically consequential and (often) stable, and why the “incident/threshold” mindset is strategically misleading. (p. 122–124; PDF p. 65)

• 2–4 “bridge” insights tying at least TWO other readings together:

  • CPT + Patterson: cyber competition demonstrates how strategic competition can be conducted persistently below armed conflict while still shaping power distributions—useful for thinking about IW as continuous contestation. (p. 124)

  • CPT + Biddle (institutions/tech/stakes): CPT implies effectiveness hinges on institutional adaptation (authorities, interagency coordination, public-private integration), not just capability—technology and institutions co-produce advantage. (p. 123; p. 135)

  • CPT + Simpson (war as politics/narrative): CPT’s warning about de facto norms (privacy violations; democratic interference) suggests cyber campaigning is political contestation over values and legitimacy, not merely technical competition. (p. 124)

---

❓ Open Questions for Seminar

• Under what observable conditions does bounded cyber competition fail—what is the strongest empirical indicator of an impending ceiling breach? (PDF p. 65; p. 124)

• How should a democracy design oversight that preserves operational tempo (initiative persistence) without undermining legitimacy or enabling abuse? (p. 123; p. 135)

• If the campaign is the unit of analysis, what is the best operational definition of “campaign” in cyber, and how do we bound it for assessment? (p. 122)

• Can tacit bargaining and customary law formation move fast enough to counter normalization of harmful de facto norms? (p. 96–99; p. 124)

• Does AI-driven situational awareness meaningfully shift the balance between faits accomplis and direct cyber engagement—or does it mostly intensify the same logic? (p. 54)

• How should allies coordinate “defend forward” approaches without creating collective action problems or divergent norms? (p. 123; p. 135)

✍️ Notable Quotes & Thoughts

• “cyber security rests in the alternative to war.” (p. 26)

• “The complexity of this environment and its engagement dynamic are not captured in a simple offense versus defense conceptual frame.” (p. 25)

• “Those conditions are measured as the relative balance between being cyber vulnerable to exploitation and being able to exploit the cyber vulnerabilities of others.” (p. 24)

• “Direct cyber engagement is a cyber exploitative action short of armed-attack equivalence in a mutually dependent competition for control of key cyberspace terrain.” (p. 44)

• “We define cyber stability as a condition within the cyber strategic environment in which States are not incentivized to pursue armed-attack equivalent cyber operations…” (PDF p. 65)

• “In strategic cyber competition, the campaign is the relevant unit of analysis.” (p. 122)

• “Security and stability in cyberspace flow from deliberate, cumulative action, not the threat of prospective action.” (p. 124)

• “The past decade has witnessed the emergence of de facto norms defined by massive theft of intellectual property…” (p. 124)

• “Consequently, cyber persistence theory should supplant deterrence theory as States’ touchstone for developing cyberspace strategy and policy.” (p. 125)

• “The threat of using something in cyberspace is not as powerful as actually using it.” (p. 135)

Exam Drills / Take‑Home Hooks

• Prompt 1: Is cyberspace a distinct strategic environment? What does CPT add beyond deterrence frameworks?

  • Outline (3-part):

    1. Define strategic environments + CPT’s structural features (interconnectedness/constant contact → initiative persistence).

    2. Show why coercion/deterrence is misapplied; explain exploitation logic and security as “alternative to war.”

    3. Strategy implications: campaign unit, cumulative effects, preclusion, and stability management.

• Prompt 2: Does persistent engagement improve or undermine cyber stability? Under what conditions might it escalate?

  • Outline (3-part):

    1. Define cyber stability and cyber agreed competition (bounded competition).

    2. CPT case for stability + why restraint can be destabilizing (initiative ceding).

    3. Escalation conditions (initiative imbalance, extraordinary gains, unintended incidents) + how to monitor/guardrail.

• Prompt 3: How should the U.S. measure success in cyber strategic competition?

  • Outline (3-part):

    1. CPT’s success definition: anticipate + persistently set security conditions; initiative balance.

    2. Campaign metrics: cumulative effects and preclusion; avoid incident-count traps.

    3. Tie to stability: bounded competition + norm contestation.

• Prompt 4: What does CPT imply for democratic governance (values, transparency, oversight) in cyber strategy?

  • Outline (3-part):

    1. CPT diagnosis: de facto norms affecting privacy and democratic processes.

    2. CPT prescriptions: transparency (law articulation), whole-of-nation-plus synergy, continuous operations.

    3. Governance problem: oversight/legitimacy requirements implied but under-specified—propose mechanisms (explicitly as inference).

• If I had to write a 1500‑word response in 4–5 hours, my thesis would be:

  Cyber Persistence Theory shows that cyberspace is an initiative-persistent strategic environment where security and stability are produced through campaign-based cumulative action (preclusion and persistent contestation), not primarily through deterrent threats—requiring institutional, legal, and allied adaptation.

  • 3 supporting points + 1 anticipated counterargument:

    • Support 1: Structural features (interconnectedness/constant contact) redefine security conditions as a balance of vulnerability vs exploitability. (p. 24–25; p. 120–121)

    • Support 2: Dominant behaviors (faits accomplis; limited direct engagement) produce bounded competitive interaction and explain why escalation is not the default. (p. 44; p. 51; PDF p. 65)

    • Support 3: Policy implication is campaign-minded preclusion and continuous tempo; U.S. pivot to defend forward/persistent engagement illustrates partial adaptation. (p. 122–124; p. 135)

    • Counterargument (anticipate): Persistent engagement risks destabilization and democratic legitimacy costs; CPT offers stability logic and transparency hooks but leaves oversight design under-specified. (p. 124; p. 96; p. 135)