The Illogic of Plausible Deniability: Why Proxy Conflict in Cyberspace May No Longer Pay

Journal of Cybersecurity

49 Pages Posted: 20 Jun 2020 Last revised: 6 Apr 2022

Date Written: May 27, 2020


It is believed that states can achieve military and foreign policy objectives “on the cheap” by outsourcing cyber operations to willing proxy actors, be they cyber mercenaries, patriotic zealots, pranksters, or simply allies of convenience. By outsourcing, this logic goes, a host government can claim plausible deniability while cashing in on strategic gains. Puzzlingly, proxy-associated behavior across three datasets appears to show that activity associated with outsourcing has flagged. Do cyber proxies still pay? A formal model is used to hypothesize about how new norms of attribution (specifically, the willingness of victims to make accusations on the basis of circumstantial evidence) are developing. Sponsors who learn that they will take the heat regardless have fewer incentives to rely on proxies. Empirical evidence drawn from two cyber incident datasets offers support for this proposition. This should decrease our confidence that plausible deniability is the primary reason why states outsource their cyber operations to non-state hackers. The paper joins an emerging body of research that has questioned the logic of plausible deniability in covert action, including cyber conflict.

Keywords: patriotic hackers, attribution, cyber, conflict, strategy, model, decision theory, game theory, formal theory, cyber-security, proxy, principal-agent

Suggested Citation

Canfil, Justin Key, The Illogic of Plausible Deniability: Why Proxy Conflict in Cyberspace May No Longer Pay (May 27, 2020). Journal of Cybersecurity, Available at SSRN:

Justin Key Canfil (Contact Author)

Harvard Kennedy School

79 JFK Street
Cambridge, MA 02138
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics