Internet, Social Media and Conflict Studies Can Greater Interdisciplinarity Solve the Analytical Deadlocks in Cybersecurity Research?

In recent years, computational research methods, digital trace data and online human interactions have contributed to the emergence of new technology-oriented sub-fields within International Relations (IR). Although the cybersecurity scholarship had an initial promise to be the primus inter pares among these emerging fields, the main thrust of this new methodological innovation came through the digital conflict studies sub-field. By integrating Internet and social media research tools and questions into its core topics of sub-national violence, terrorism and radical mobilization, digital conflict studies has recently succeeded in addressing some of the data validity and methodology problems faced by the cybersecurity scholarship. This article begins by briefly reviewing some of the persistent data and method-oriented hurdles faced by the cybersecurity scholarship. Then, it moves onto a more detailed account of how digital conflict studies have been addressing some of these deadlocks by focusing individually on the literature on onset, mobilization, targeting, intensity/duration and termination phases of conflicts. Ultimately, the article concludes with the suggestion that the cybersecurity scholarship could move past its own deadlocks by building more granular and dedicated research datasets and establishing mechanisms to share event data with the scientific community.

💡 Research Summary

The paper begins by diagnosing a set of persistent methodological and data‑related deadlocks that have hampered cybersecurity scholarship within the broader field of International Relations (IR). While early hopes placed cybersecurity at the forefront of emerging digital‑oriented sub‑fields, the discipline has struggled with ambiguous definitions of what constitutes a cyber incident, fragmented event datasets, limited access to real‑time traces, and a lack of a coherent analytical framework that maps the life‑cycle of cyber conflicts. In particular, the literature has rarely applied the classic conflict‑phase model—onset, mobilization, targeting, intensity/duration, and termination—to cyber attacks, leaving scholars without a systematic way to trace causal pathways or compare cases across time and space.

The authors then turn to digital conflict studies, a sub‑field that has successfully integrated internet and social‑media research tools to address similar challenges in the study of sub‑national violence, terrorism, and radical mobilization. Digital conflict studies rely on “digital trace data” harvested from platforms such as Twitter, Facebook, forums, and web logs. Their methodological core consists of a four‑stage pipeline: (1) systematic data collection from open‑source APIs, (2) preprocessing and de‑duplication, (3) multi‑coder event coding using standardized taxonomies, and (4) rigorous reliability checks (inter‑coder agreement, automated validation scripts). This pipeline produces high‑quality, time‑stamped event databases that are openly shared through repositories adhering to FAIR (Findable, Accessible, Interoperable, Reusable) principles.

Applying this pipeline to cybersecurity, the paper illustrates how each conflict phase can be operationalized with digital trace indicators. In the onset phase, early reconnaissance traffic and the diffusion of hacking tools are linked to specific hashtags or URLs, allowing researchers to pinpoint the first signs of an emerging campaign. During mobilization, the size and cohesion of attacker groups are inferred from activity levels on hacking forums, chat channels, and cryptocurrency transaction networks. Targeting is mapped by cross‑referencing victim IP ranges, industry classifications, and geolocations, often visualized with GIS tools. The intensity and duration phase employs time‑series regression and survival analysis to model attack frequency, payload size, and damage estimates. Finally, termination is detected through a decline in adversary communications, public statements of cease‑fire, or policy announcements, captured via sentiment analysis of social‑media discourse. By aligning cyber incidents with this phase‑based schema, scholars gain a granular, comparable view of cyber conflict dynamics that was previously missing.

Beyond analytical advances, the authors argue that cybersecurity must adopt the open‑data sharing culture championed by digital conflict studies. They propose the creation of a dedicated, community‑maintained cyber‑event repository that includes standardized metadata (e.g., attacker attribution confidence, victim sector, technical vectors) and a governance framework for data access, privacy protection, and quality assurance. Such a repository would enable replication, meta‑analysis, and cross‑disciplinary collaboration among IR scholars, computer scientists, policy makers, and industry practitioners.

In conclusion, the paper contends that the “deadlocks” in cybersecurity research are not insurmountable technical glitches but structural issues that require a shift toward finer‑grained datasets and shared validation mechanisms. By borrowing the methodological rigor, phase‑based analytical lens, and open‑science infrastructure of digital conflict studies, cybersecurity can move beyond its current impasse, produce more robust causal explanations, and ultimately inform more effective policy responses to the evolving landscape of cyber threats.