Unpacking Russia's Cyber-Incident Response

Western states are increasingly holding foreign governments accountable for cyberattacks. They couple public attribution of cyberattacks (PAC) with indictments, sanctions, and collective "naming and shaming" campaigns. Russia, however, while routinely subject to foreign cyber-intrusions, has seemed much less responsive toward these attacks. I argue that Russia's restraint regarding PAC stems from its desire to maintain the relative impunity of state-sponsored cyberattacks. This strategy stems from Moscow's technological inferiority to the West and from the strategic benefits of internationally tolerated cybercrime. Despite the harm to Russia, tolerance toward cybercrime helps the Kremlin steal foreign technology, improve its defensive and offensive cyber capabilities, and facilitate covert action against democracies abroad. Merging securitization theory with criminology, I propose a novel theoretical lens to explain this phenomenon and then test it-quantitatively and qualitatively-against a large dataset of Russian-language media reports, forensic investigations, and policy documents. I argue that threat perception of cyberattacks is not a given but rather is contingent upon the material distribution of cyberpower among nations and intrinsic utility of cybercrime as a political tool.