Aanya Dandass is a cyber threat intelligence analyst at the Deutsche Cyber-Sicherheitsorganisation GmbH (DCSO) in Berlin. She holds a Master’s degree in International Affairs, with a specialisation in International Security, from the Hertie School. Her research examines the strategic and geopolitical dimensions of cyberspace, with a particular focus on China-nexus threat actors and U.S. cyber strategy.

‍

LinkedIn

Since 2018, the United States’ cyber strategy has shifted from deterrence and defence toward the proactive doctrines of Persistent Engagement and Defend Forward. While officially framed as defensive, this approach blurs the line between defence and offence, authorising operations beyond U.S. networks while portraying them as legitimate precautionary measures.

This paper examines how these doctrines have contributed to the emergence of a norm that normalises offensive cyber operations, particularly among U.S. allies. Using the norm life cycle framework, it analyses doctrinal framing and a series of illustrative operations (2018–2025) to trace how U.S. actions progressed from securing domestic legitimacy to cultivating allied participation. The evidence suggests a growing routinisation of operations beyond domestic networks, greater openness in acknowledging them publicly, and a shift from covert disruption to overt multilateral campaigns.

The paper argues that while the norm remains in the stage of emergence, it is edging toward a tipping point. By leveraging strategic framing and repetition in practice, the U.S. is gradually legitimising offensive cyber activity in ways that risk setting dangerous precedents for future misuse.