This paper about cyber intelligence in the context of national and international security builds on the discussion held during the third EU Cyber Direct Research Seminar organised by Leiden University on 3 November 2022.
The paper acknowledges that despite earlier assumptions, cyberspace is less a war-fighting domain than one in which there is constant competition between intelligence agencies. It highlights the scope, scale and tenacity of many of the intelligence and intelligence-led cyber operations discovered over the past decade, each of which has set new precedents in terms of the number of government institutions, businesses and individuals affected, has caused much consternation, yet has led to little discernible action in terms of discussing possible legal or normative restraints or limits at the international level.
The paper nonetheless highlights some of the normative actions that are slowly taking place at the national level, or in specialised bodies that shape national-level decisions, to place some restraints on the means and methods used in intelligence and intelligence-led cyber operations.
Finally, the paper calls for a franker discussion among states on intelligence-led cyber operations and the different types of action (espionage/intelligence collection, covert action) that they consider to fall under that rubric. Such a discussion can start bilaterally or among a small number of states, but at some stage it will need to be broadened. The paper puts forward some suggestions on what such a discussion could focus on.