Cyber conflicts blur the line between warfare and subversion. Cyber operations, like subversion, aim to manipulate systems, but lack physical force.

How can cyber operations subvert societies?

Cyber conflicts blur the line between warfare and subversion. Cyber operations, like subversion, aim to manipulate systems, but lack physical force.


Cyber conflicts represent a significant societal issue that could cause extensive interruptions to critical infrastructure. In reality, cyber attacks haven’t lived up to the ‘cyberwar’ fears, falling short of the doomsday declaration. Recent theorizing suggests cyber operations as revolutionary new instruments in conflict short of war, also called ‘grey zone’ conflict. The United States has developed a new cyber strategy called ‘persistent engagement‘ based on the concept of ‘grey zone’ conflicts and designed to counter these emerging threats without resorting to war.

Upon closer examination of the real impact of cyber operations and the respective outcomes, it becomes clear that they are neither means of warfare nor revolutionary novel tools, as suggested by current studies. Rather, they are the digital offspring of the shadowy world of covert operations and subversion. War is organized violence, concentrating as much of your material capabilities and destructive firepower on your opponent. Subversion involves covertly entering and tampering with systems to cause them to behave unintendedly, harming the targeted party and providing advantages for the instigator. Cyber operations fundamentally aim to manipulate systems, meaning they don’t apply physical force but disrupt computer systems.

Hacking means subverting computer systems

The reason is straightforward: hackers do not have the ability to exert physical force. They instead deceive computer systems into performing unintended actions. Originally, “hacking” referred to an original and creative way to solve technical problems. The more recent association with hacking is based on hooded bad guys who furiously type code to break into systems and cause havoc. Hacking is fundamentally about creatively bending the rules and clandestinely picking locks rather than kicking down doors.

Hackers cannot use force to get into systems but rather depend on the existing design of a system. They exploit flaws in this design to gain access and manipulate the system to harm its users and owners. At the same time, they must evade detection. Consequently, cyber operations have more in common with traditional undercover spy operations than warfare. Just like hackers, spies infiltrate systems and make them do things they are not supposed to do. They target social systems, specifically organizations, political systems and societies.

Given the subversive nature of cyber operations, it is helpful to revisit the studies on subversion to understand how they matter in world politics and what feasible strategies are in cyber conflict. The literature on subversion identifies three specific strategies: manipulation, erosion, and overthrow. Despite popular belief, cyber operations can only mimic one of these strategies, and they do so with notable constraints.

Manipulation, erosion, and overthrow in political conflict

Manipulation seeks to steer government policy in a direction that benefits the subverter. This can be achieved by directly infiltrating the government using covert agents or indirectly shifting public sentiment through propaganda and misinformation. The targeted government unknowingly makes decisions and carries out actions that benefit the subverter without being aware of the manipulation happening in the background.

On the other hand, erosion does not intend to alter particular decisions or actions directly. Instead, its objective is to weaken the affected state over an extended period gradually. This is achieved by undermining public trust in the government, eroding societal unity, and sabotaging crucial institutions and infrastructure. In the ideal scenario, it shifts the balance of power in favour of the subverter, rendering it unable to resist further aggression, requiring armed intervention.

Finally, overthrow aims to topple governments through an internal coup facilitated by undercover agents that infiltrated a government or through an external revolution carried out by proxy groups supported and coordinated by the subverting state. Regarded as the most strategic, this approach replaces the target government with one that aligns with the subverter’s interests. Consequently, this leads to a fundamental transformation in the underlying preferences and even the identity of the targeted state.

Subversion in strategy: Reality check

In theory, subversion thus offers significant potential for states to achieve strategic goals and gain advantages without escalating to war. In practice, however, subversion often falls short because manipulating systems and people without being discovered is difficult. Notably, the same applies to cyber operations, which are often too slow, weak, or volatile to produce strategic value.

On top of these constraints, cyber operations offer a more limited strategic scope than traditional subversion: they can only fully implement erosion strategies. The infiltration of governments, which manipulation strategies necessitate, is beyond the capabilities of cyber operations as long as the government remains outside computer systems’ control. As such, infiltration requires people. Disinformation campaigns via social media platforms can help sway public opinion. However, emerging evidence shows the effectiveness of such digital means of manipulation likely falls flat compared to traditional means.

Overthrowing regimes similarly require either agents within the government or boots on the ground to mount a revolution. Both are beyond the reach of cyber operations. Erosion, meanwhile, is absolutely within the scope of cyber operations. Their ability to scale up effects because of the ubiquity of interconnected devices renders them very useful for long-term campaigns to undermine the pillars of an adversary’s strength through disruptions, sabotage and disinformation. The shift towards a strategy of persistent engagement is closely aligned with the strategic role of cyber operations.

Hacking means subverting computer systems
Credit. Midjourney

Implications and strategies for today’s threat landscape

This subversive nature of cyber operations leads to two key implications. A close examination of the history of subversion and covert operations is crucial to comprehend the menace they present to victims and the advantages they offer to their sponsors. This analysis will aid in developing effective defensive and offensive strategies. Rather than a novel technological phenomenon, cyber operations are a new way to pursue existing strategies of subversion.

Moreover, many types of cyber operations range from passive espionage to highly disruptive infrastructure sabotage. Effective strategies must consider and adjust to the diverse types of operations and associated threats rather than attempting to defend against a monolithic cyber threat. Persistent engagement does not achieve this goal, but it establishes a robust basis for developing a more refined strategy that does so.

Spies still matters

Furthermore, the more significant and critical inquiry revolves around how the ascent of information technology impacts the nature and effectiveness of subversion. I have done so in my PhD and my upcoming book (“Subversion”), where I compare the mechanisms and effectiveness of traditional subversion to cyber operations.

The astonishing results reveal that cyber operations exhibit a more limited strategic scope and lack the intensity seen in traditional means. These limitations, and the operational constraints that cause them, are crucial to developing accurate threat assessments–with the associated problem of a severe lack of agreement on what constitutes success and failure in cyber conflict.

These limitations and the mismatch to prevailing expectations about the havoc cyber operations can cause came to the fore again, most recently in the wake of Russia’s full-scale invasion of Ukraine last year. Russian cyber operations have fallen far short of expectations before and since the invasion, underlining their limitations. Therefore, it is important not to overstate the threat, especially compared to traditional subversion, which remains relevant today.


Journal reference

Maschmeyer, L. (2023). A new and better quiet option? Strategies of subversion and cyber conflict. Journal of Strategic Studies46(3), 570-594.

Lennart Maschmeyer is a Senior Researcher at the Center for Security Studies at ETH Zurich. He holds a PhD in Political Science from the University of Toronto and an MPhil in International Relations from the University of Oxford. Lennart's research examines the nature of cyber power, operational mechanisms of cyber conflict, resulting strategic dynamics, as well as knowledge production processes in cybersecurity. He is the co-founder and co-chair of the FIRST Threat Intel Coalition SIG, an initiative aimed at assisting vulnerable civil society organizations in preventing, detecting, and mitigating cyber attacks. Additionally, he is the co-founder and co-chair of the European Cybersecurity Seminar, which brings together academics and practitioners in cybersecurity, providing them with a platform to present research projects and receive feedback.