There is an academic and societal gap in distinguishing between cyber espionage and other cyber operations such as cyber-attacks. Scholar’s and the media are contradicting each other when referring...Show moreThere is an academic and societal gap in distinguishing between cyber espionage and other cyber operations such as cyber-attacks. Scholar’s and the media are contradicting each other when referring to cyber activities. These contradictions may create problems for policymakers, as there can be no international regulation if there is no distinction between these two operations. Therefore, this thesis analyzes the case studies of Stuxnet and Duqu and how they inform us about cyber espionage. This thesis used a qualitative and an inductive approach in order to analyze the case studies. The results indicate that cyber espionage is used for secretly stealing information without inflicting damage. In addition, cyber espionage can be a part of a multiphase campaign where it operates as a pre-face for a cyber-attack. Moreover, as there is an absence of a regulatory framework regarding cyber espionage, states are motivated to invest in their offensive and defensive cyber capabilities.Show less
Ever since the rise of computers, society has undergone a massive transition with the introduction of cyberspace. This new domain brought many opportunities, but also many new threats to...Show moreEver since the rise of computers, society has undergone a massive transition with the introduction of cyberspace. This new domain brought many opportunities, but also many new threats to governments and citizens worldwide. This paper focusses on one of the main cyber threats of this time: cyber espionage. This research discusses how the official position of the Dutch government regarding cyber espionage has evolved from 2011 onwards. As a heavily digitalized country that greatly contributes to the regulation of cyberspace and cyber espionage in international fora, the Netherlands is the ideal country to analyse. This is done by looking at policy documents and official statements of Dutch government officials at international fora. Two case studies – the DigiNotar hack in 2011 and the Organisation for the Prohibition of Chemical Weapons hack in 2018 – illustrate how policy is put to practice.Show less
State cyber espionage has become a severe threat. The Advanced Persistent Threat (APT) is predominantly responsible for that threat, as APTs are a very sophisticated, persistent and hard to detect...Show moreState cyber espionage has become a severe threat. The Advanced Persistent Threat (APT) is predominantly responsible for that threat, as APTs are a very sophisticated, persistent and hard to detect method of cyber espionage. Interdisciplinary scholarly work on APT actors and cyber espionage is scarce, as most literature is either technical or political. Additionally, the relationship between state actors and APT groups, the actors behind APTs, remains to be studied in the scholarly literature. Therefore, this study analyses the relationship between state actors and APT groups in cyber espionage using three case studies on respectively APT41, Turla and OilRig. The analysis shows that APT groups operate on at least a contractual basis for governments. It appeared however that defining the relationship between state actors and APT groups is troublesome and that similar research in the future is valuable.Show less