Taylor Grossman is a Senior Researcher in the Cyberdefence Project with the Risk and Resilience Team at the Center for Security Studies (CSS) at ETH Zurich. She is also a nonresident scholar with the Technology and International Affairs Program at the Carnegie Endowment for International Peace. Her other research interests include cyber norm development, ethics of war, and bureaucratic politics in national security decision making. She holds an MPhil in International Relations from the University of Oxford and a B.A. in Political Science from Stanford University.

Twitter - @tgrossman_

Narratives are central in securitization politics: threat frames codify risks and threats, elevating certain issues above others in both the public consciousness and on the political agenda and creating a foundation for mitigation – who should respond, and how. Offensive and defensive cyber operations can, and largely have, been analogized into comparative activities. However, military analogizing can place undue emphasis on threat-focused activities, particularly on offensive operations, which are most readily viewed along the cultural values of traditional military activities. This analogizing can also lead to underemphasis of key cyber fields – including network functioning and maintenance – that do not fit easily into existing paradigms of traditional warfighting activities. Finally, military analogizing can neglect key distinctions between cyber and other domains, such as issues of attribution and the difficulty of claiming outright victory or defeat. This paper explores military analogizing of cyber operations across three distinct national military systems: the United States, France, and the United Kingdom. These three countries have advanced cyber operations strategies and infrastructure; additionally, they have each placed the military at the forefront of cybersecurity operations, including through active cyber defense postures. The goal of this paper is to assess the extent of military analogizing in each country, and ultimately to offer conclusions as to the way such analogizing has affected the development of cybersecurity – with a particular eye toward how analogizing has impacted the development of non-traditional offense/defense activities, such as network maintenance.