Dr. Matthias Schulze is the head of the research focus "International Cybersecurity" at the IFSH. Before he joined IFSH in October 2023, he was the deputy head of the Security Research Group at the German Institute for International and Security Affairs (SWP), as well as the Principal Investigator in the European Repository of Cyber Incidents project. He completed research stays at the Canadian Citizen Lab and researched and taught at the Chair of International Relations at the Friedrich-Schiller University in Jena, where he obtained his PhD in Political Science. In addition, he is the host of the Percepticon.de podcast on his main topics: cyber conflicts, cyber espionage, and disinformation.

‍

Project website

Personal website

Mastodon

Bluesky

This paper investigates whether the adoption of offensive cyber policies-specifically the ""persistent engagement"" and ""defend forward"" doctrines exemplified by the 2018 U.S. Department of Defense Cyber Strategy-correlates with an increased frequency of cyberattacks targeting adopting states. The research is grounded in the theoretical debate between proponents of persistent engagement, who argue that continuous, proactive cyber operations foster a stable ""agreed competition"" and reduce escalation risks, and critics who, drawing on security dilemma dynamics and spiral escalation theory, contend that such postures may be perceived as threatening, provoking adversaries to intensify their own cyber operations.

Employing a quasi-experimental, interrupted time-series design, the study analyzes cyberattack frequency data from states that have explicitly adopted offensive cyber postures-including the United States, United Kingdom, Israel, and others-contrasted with a control group of states that have not articulated such policies. The independent variable is the adoption of an offensive cyber policy, operationalized as a binary or timed event, while the dependent variable is the frequency of cyberattacks against the state, measured at regular intervals before and after policy adoption. Data sources include the Dyadic Cyber Incidents Dataset, the European Repository of Cyber Incidents, and national cyber incident statistics.

Control variables account for geopolitical context, a nation’s digital dependence and digital attack surface, adversary offensive capability, and national defensive maturity. The analysis examines both immediate (level) and longer-term (trend) changes in attack frequency following policy adoption, with particular attention to potential confounding factors such as periods of heightened geopolitical tension or changes in digital infrastructure exposure. Preliminary test results show a statistically significant increase in attack frequency post-adoption, supporting the view that active cyber defense postures may inadvertently trigger adversary escalation.