COMPONENTS OF DEFENCE STRATEGIES IN SOCIETY’S INFORMATION ENVIRONMENT: A CASE STUDY BASED ON THE GROUNDED THEORY

The goal of this study is to explore the components of defence strategies faced by society in its information environment, and how these strategies are inter-related. This qualitative in-depth case study applied past research and empirical evidence to identify the components of defence strategies in a society’s information environment. The data collected was analysed using the Grounded Theory approach and a conceptual framework with the components of defence strategies and the relationships between these components was developed using the Grounded Theory. This study shows that the goal of politically and militarily hostile actors is to weaken society’s information environment, and that their operations are coordinated and carried out over a long time period. The data validates past studies and reveals relationships between the components of defence strategies. These relationships increase confidence in the validity of these components and their relationships, and expand the emerging theory. First, the data and findings showed 16 inter-connected components of defence strategies. Second, they showed that the political, military, societal, power, and personal goals of the hostile actors carrying out cyber operations and cyber attacks are to weaken society’s information environment. Third, they revealed that cyber operations and cyber attacks against networks, information and infrastructures are coordinated operations, carried out over a long time period. Finally, it was revealed that the actors defending society’s information environment must rapidly change their own components of defence strategies and use the newest tools and methods for these components in networks, infrastructures and social media.

[1]  Erja Mustonen-Ollila,et al.  Historical Research in Information System Field: From Data Collection to Theory Creation , 2008 .

[2]  Kjell Hausken Defence and attack of complex interdependent systems , 2019, J. Oper. Res. Soc..

[3]  Anselm L. Strauss,et al.  Strauss, Anselm, and Juliet Corbin. Basics of Qualitative Research: Grounded Theory Procedures and Techniques. Newbury Park,CA: Sage, 1990. , 1990 .

[4]  K. Eisenhardt Building theories from case study research , 1989, STUDI ORGANIZZATIVI.

[5]  Vilma Luoma-aho,et al.  Understanding Stakeholder Engagement : Faith-holders, Hateholders & Fakeholders , 2015 .

[6]  Izak Benbasat,et al.  The Case Research Strategy in Studies of Information Systems , 1987, MIS Q..

[7]  Karri Wihersaari Intelligence acquisition methods in cyber domain : examining the circumstantial applicability of cyber intelligence acquisition methods using a hierarchical model , 2015 .

[8]  I. Bourgeault,et al.  The SAGE Handbook of Qualitative Methods in Health Research , 2010 .

[9]  Pamela Jordan Basics of qualitative research: Grounded theory procedures and techniques , 1994 .

[10]  Asma Ben Yaghlane,et al.  Systems under attack-survivability rather than reliability: Concept, results, and applications , 2017, Eur. J. Oper. Res..

[11]  Izak Benbasat,et al.  Strategy in Studies of Information Systems , 2016 .

[12]  Myriam Dunn,et al.  The socio-political dimensions of critical information infrastructure protection (CIIP) , 2005, Int. J. Crit. Infrastructures.

[13]  Klaus Krippendorff,et al.  Content Analysis: An Introduction to Its Methodology , 1980 .

[14]  Martin Gürtler NATO Cooperative Cyber Defence Centre of Excellence , 2021, 2021 13th International Conference on Cyber Conflict (CyCon).

[15]  Robert L. Perry PRINCIPLES OF STRATEGIC COMMUNICATION FOR , 2008 .

[16]  Leigh Armistead,et al.  Information Operations: Warfare and the Hard Reality of Soft Power , 2004 .

[17]  William E Gortney Department of Defense Dictionary of Military and Associated Terms , 2016 .

[18]  Yixian Yang,et al.  Defense Strategy of Network Security based on Dynamic Classification , 2015, KSII Trans. Internet Inf. Syst..

[19]  Elfi Furtmueller,et al.  Using grounded theory as a method for rigorously reviewing literature , 2013, Eur. J. Inf. Syst..

[20]  Martti Lehto Phenomena in the Cyber World , 2015 .

[21]  Bel G. Raggad Information Security Management: Concepts and Practice , 2010 .

[22]  M. Markus,et al.  Information technology and organizational change: causal structure in theory and research , 1988 .

[23]  Mirva Salminen,et al.  The fog of cyber defence , 2013 .

[24]  Saara Jantunen,et al.  Strategic communication : practice, ideology and dissonance , 2013 .

[25]  Latif Al-Hakim,et al.  Information Systems Research Methods, Epistemology, and Applications , 2008 .

[26]  Gregory M. Schechtman Manipulating the OODA Loop: The Overlooked Role of Information Resource Management in Information Warfare , 2012 .

[27]  Christine Nadel,et al.  Case Study Research Design And Methods , 2016 .

[28]  Elena Neiterman,et al.  What is Grounded Theory and Where Does it Come From , 2010 .

[29]  David Ríos Insua,et al.  Critical networked infrastructure protection from adversaries , 2016, Reliab. Eng. Syst. Saf..

[30]  A. Strauss,et al.  The discovery of grounded theory: strategies for qualitative research aldine de gruyter , 1968 .

[31]  Martti Lehto,et al.  Finnish Cyber Security Strategy and Implementation , 2015 .

[32]  Johan Sigholm,et al.  Non-State Actors in Cyberspace Operations , 2013 .

[33]  G. Klein,et al.  A recognition-primed decision (RPD) model of rapid decision making. , 1993 .