ArchiveOODA OriginalSecurity and Resiliency

Severing Diplomatic Ties: A New Approach to Confronting State Cyber Aggression?

In July 2022, a cyber attack attributed to Iran severely damaged critical infrastructure in Albania impacting public services in addition to disabling several government websites, and in some instances, destroying data.  The Albanian government quickly solicited support from NATO and private sector companies to help remediate, recover from, and investigate the attack.  The overall operation reflected both soft and hard power variables.  In addition to causing disruption and destruction, social media sympathizers engaged in influence activities in concert with the cyber element of the attack.  Albania quickly severed officially diplomatic ties with Iran, an unprecedented move on the international stage where state responsibility in cyberspace is continually debated to a standstill.  The Albanian government expelled Iranian diplomats from the country.  Though Tehran did not officially comment, Albanian experienced a second attack from Iran in reaction to their expulsion.

There is little doubt that cyber attacks are used by both state and nonstate actors a medium to support their geopolitical views and positions during times of regional and global crisis.  The Ukraine conflict has underscored what has been going on for several years – actors resorting to offensive cyber operations to register their displeasure against an offender and his allies.  In the early days, such as when NATO erroneously bombed the Chinese Embassy in Yugoslavia in 1999, or ongoing clashes over disputed territories like Kashmir, foreign policy decisions have been protested via an onslaught of cyber malfeasance.  Fast forward to today, and this type of hacktivism has greatly evolved, moving from primarily the work of aggrieved nonstate politically-minded online activists, to more organized groups, sometimes sponsored by a nation state, and even in some cases, directed by them or state agents.

States themselves have used cyber attacks in response to geopolitical conflict. North Korea frequently has employed these types of offensives to respond to perceived transgressions against its government. or conduct them against its adversaries in reaction to geopolitical events it does not like.  Iran has been linked to DDoS attacks and wiper malware for the same reasons, and Russia’s activities are already well documented.  But such attacks as are not limited to authoritarian regimes.  The United States was allegedly behind the attack that temporarily knocked the Hermit Kingdom off the Internet, its own political response to North Korea’s attack on Sony.  While cyber attacks perhaps do not make advantageous tools to influence another nation’s foreign policy considerations (that is, they fail to change a government’s behavior), they certainly are relied heavily on to express foreign policy discontent and anger.

Retaliatory cyber strikes and the implementation of cyber sanctions have been the go-to venues for governments to punish offenders, or weakly attempt to alter their behavior.  Neither has achieved their goals.  Punishment is fleeting at best and has yet to make a government rethink how it operates in cyberspace, and cyber sanctions have yet to inflict enough financial damage that causes a government to recalibrate its future decisions.  But breaking diplomatic relations is entirely new ground, and a bold move for one of the smallest countries in the world.  Typically, such acts have occurred during periods of extreme turmoil such as the 1961 termination of relations with Cuba after Castro seized power, or the 1979 Iranian Revolution that took over the U.S. Embassy and held hostages.  The fact that other countries have experienced similar levels of cyber attack activity and did not pursue this endeavor raises up Albania as a leader, putting a new spin on an old problem – putting cyber aggressors in check.

The fact that no other state has pursued this path may be a testament to the lingering uncertainty when it comes to cyber-related matters. The United Nations through its Group of Government Experts and Open-Ended Working Group continually fail to make any substantial progress when it comes to codifying state behavior in cyberspace.  And even though NATO updated its defense policy to reflect that cyber attacks could warrant Article 5 enactment of its defense clause, there seems to be some questions with respect to establishing the threshold criteria for such an action.  The Estonia DDoS attack in 2007, and the cyber offensives conducted in 2008 against and 2014 against Ukraine certainly prompted NATO’s decision to change the policy in principle, but not enough to follow through on implementing it in the myriad of cyber conflicts that have since ensued.

It’s clear that the international community has not been decisive when it comes to cyber-related matters, continually struggling to codify activities that occur within the digital domain.  This indecision continues to favor keeping the current environment in favor of those cyber powerful governments and at the expense of those less capable.  The move by Albania is extraordinary because as one of the latter, it has responded in a proportionate manner to an assault that temporarily crippled its ability to operate internally, and it did so independently, without the influence of any other nation.  This is important because despite its political stature, Albania exercised its sovereign right, and mete out a punishment not seen before.  The extent with which this works will remain to be seen.  But it’s a new approach and one worthy of further review, especially if used in tandem with other measures like sanctions.

Perhaps more important is that breaking relations is a tool that small states could use to offset advantages by their larger counterparts and is a lead that other states may follow.  The success of such endeavors will depend on their strategic value to other states, but there may be an opportunity for small states to influence an outcome that they didn’t have before.   What’s more, such novel approaches to cyber issues may help to influence the very norms of behavior that continue to elude the large forums.  The longer global consensus is a wish, countries like Albania could help set those very norms by taking actions within their sovereign rights and having them replicated by others.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency


The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.