Cyber Peacekeeping

Cyber Peacekeeping Introduction

Cyber Peacekeeping is defined as cyber conflict prevention, mitigation, aftermath containment and rehabilitation with a focus on conflict de-escalation and civilian security.

We defined Cyber Peacekeeping (CPK) to be quite broad, not just focusing on keeping peace, but also creating and actively maintaining peace efforts. In this post, I will discuss each area that Cyber Peacekeeping is concerned with. In future posts, we will talk about the specific jobs that Cyber Peacekeepers have during each stage of conflict.

Cyber Conflict / Cyber War

Cyber conflict or cyber war have many definitions. One of the best resources talking about cyber conflict is the Tallinn Manual, although it’s practical application to online conflict is also questionable. If we accept cyber war as one government actively attacking another to disrupt normal operations, then cyber war happens quite often. However, cyber war has never been “declared”. Even with active attacks against critical infrastructure, still no cyber war has been declared.

From our perspective, cyber conflict and cyber war increase the potential for kinetic war, and vice-versa. When we discuss Cyber Peacekeeping, we believe that cyber warfare does not stand on it’s own but is part of a larger warfare strategy. In this context, peacekeeping (and peacebuilding) efforts should also think holistically.

Cyber Peacekeepers need to consider both digital and physical spaces and coordinate or conduct activities in both spaces to ensure peace.


Before a conflict in digital or physical space, Cyber Peacekeepers have the task of conflict prevention and mitigation.


Conflict prevention comes in many forms. For Cyber Peacekeepers it involves capacity building in at-risk areas (later we will describe our idea for Cyberspace Safe Layer), monitoring the current state of attacks and conflict online. This could include releasing malware, targeted attacks against governments, or psychological warfare against citizens using online platforms. Tools can include malware analysis and coordination, information clearinghouse development, and diplomatic talks between countries.


When a conflict, or the beginning of a conflict, is detected Cyber Peacekeepers are tasked with determining the parties involved and their respective goals. Where possible, Cyber Peacekeepers will take technical measures to mitigate ongoing attacks, or work with countries to support a response to attacks against their infrastructure.

During Conflict

During a conflict CPK is concerned with a return to peace and protection of civilians. This includes helping to protect critical infrastructure, helping to reduce the spread of propaganda and helping to positively identify related actors.


Post conflict, Cyber Peacekeepers are interested in cleanup. Specifically, cyber weapons (malware) that was created and used during conflict that still has the potential for massive damage, or may be re-purposed to cause damage, is the focus. Further, analyzing how and what kind of cyber attacks were used in conjunction with kinetic attacks (if any), and how to prevent such conflict escalation in the future.

Other Tasks

In the referenced paper, we discuss in-depth the goals and tasks of Cyber Peacekeeping. This is just a brief overview of some of the responsibilities that CPK will have at each stage of conflict. Feel free to contact us if you have any questions or comments.


[1] Akatyev, N., & James, J. I. (2015). Cyber Peacekeeping. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 157, pp. 126–139).