Research Articles

Denmark’s Offensive Cyber Capabilities: Questionable Assets for Prestige New Risks of Entrapment

Authors: {'first_name': 'Mikkel Storm', 'last_name': 'Jensen'}


In 2019, Denmark declared its military offensive cyber capability operational. This article analyses how this capacity compares to another recent acquisition, the F-35 multirole combat aircraft, in Denmark’s general military security strategy. Snyder’s article, “The Security Dilemma in Alliance Politics”, from 1984 explain why and how the strategic challenge for Danish decision-makers is to minimize the risk of abandonment by the United States while avoiding becoming involuntarily entrapped in U.S. conflicts (Snyder, 1984). Denmark has consciously sought to balance this dilemma since joining NATO in 1949. This article shows that the F-35 acquisition is well suited for this strategy and that the new offensive cyber capacity functions differently, creating new risks of entrapment. While this does not disqualify offensive cyber as a useful Danish military capability, it does imply that decision makers must evaluate offensive cyber on terms other than those of conventional means.

Keywords: Denmarkoffensive cyber strategysmall statesalliancesentrapmentabandonment 
 Accepted on 10 May 2022            Submitted on 11 Jan 2022

What is the Role of Denmark’s New Offensive Cyber Capabilities?

Since the end of the Cold War, Denmark’s military strategy has been conducted in accordance with the following theory of success: if Denmark acquires deployable military capabilities, and makes them available to the United States through NATO or through ad hoc coalitions with few caveats, then Denmark gains prestige, increasing the incentive of the United States to protect it because Denmark thus proves itself to be a useful ally. This strategy has been counterbalanced by two factors: strategic risk of involuntary entrapment in international conflicts, and financial costs (Jakobsen, 2022; Jakobsen et al., 2018; Ringsmose, 2013).

Assuming that offensive cyber capabilities generate prestige and protection in the same way and with a similar risk to conventional weapons, Denmark’s theory of success would recommend the country should acquire such means and make them available to NATO, so strengthening the alliance and the bond to the United States. Thus it made sense when, in 2018, Denmark declared its intent to acquire capabilities to conduct offensive cyberspace operations. Accompanying statements emphasized that these would be available for integration in NATO operations. The capability became operational in 2019, placing Denmark among the first NATO-members to volunteer such capabilities for the Alliance (FE, 2019, p. 11; Forsvarsministeriet, 2018; Regeringen, 2018).

This article demonstrates that such an assumption has significant flaws. It contributes to the emerging academic literature in the field of military cyber strategy and alliances, the main body of which, like traditional academic realist literature on strategy, is implicitly written from the standpoint of major powers (Jakobsen et al., 2018). Most literature on cyber strategy describes choices and dilemmas of states that consider using or reacting to offensive cyber means in direct relation to the actions’ direct costs and benefits to the state and the effects on an opponent (Hughes & Colarik, 2016, p. 19; Robinson et al., 2015). For a small state like Denmark, the effect on allies is likely more important (Jakobsen et al., 2018; Schaub & Jakobsson, 2018). Hughes and Colarick are one of the few who have included the alliance perspective in small states and offensive cyber analysis, using New Zealand as their example (Hughes & Colarik, 2016, p. 174). However, due to New Zealand’s membership of the “Five Eyes” intelligence sharing community, Hughes and Colarick assume that offensive cyber means are shared with allies; therefore they do not investigate the potential for inter-alliance secrecy to influence the analysis.

The offensive cyber capabilities discussed are the means to conduct destructive attacks through cyberspace, often termed Computer Network Attacks (CNA). This is because CNA is significantly different to both other types of military cyber means and conventional weapons: the technical and tactical properties of CNA make it more difficult to use in coalitions than conventional means. Defensive cyber operations (Computer Network Defence, CND) is uncontroversial self-defence and information and capabilities are sharable amongst allies. While cyber-enabled espionage (Computer Network Exploitation, CNE) may provide new means for espionage, the exchange of covertly obtained information (and the challenges this brings) is not new to alliances. CNA capabilities, however, are very difficult to share or even coordinate between allies, as there are strong operational incentives to keep CNA-means secret in order to ensure their efficacy and to protect the intelligence sources used for their development. Thus, Hughes and Colarick’s assumption of information sharing on CNA represents a special case, not the default situation in NATO. Hence, unlike with conventional means, NATO has not attempted to coordinate the members’ CNA; it has, rather, created mechanisms to allow it to be integrated in operations with NATO’s permission, but without sharing information on the means and their effects (Jensen, 2022).

The article initially uses Snyder’s article, “The Security Dilemma in Alliance Politics”, from 1984 to explain why and how the strategic challenge for Danish decision-makers is to minimize the risk of abandonment by the United States while avoiding becoming involuntarily entrapped in U.S. conflicts (Snyder, 1984). According to Snyder, alliances come with a dilemma: states constantly risk abandonment if allies fail to fulfil their commitments, and may find themselves entrapped in the conflicts of their allies, against their best interests (Snyder, 1984, pp. 466–467). After briefly illustrating this dilemma in a historical context, it the article demonstrates how Denmark’s recently acquired 27 F-35 multirole combat aircraft are very well suited to achieve that end by analysing the parameters: interoperability, economy of scale, strengthening of NATO, potential for prestige, transparency (of allocated resources and efficacy), and risk from entrapment. Then offensive cyber is subjected to the same analysis based on its particular technical and tactical properties. This double comparative analysis is then put into a security policy perspective by comparing the (limited) available declared Danish strategic intents regarding its CNA-capability with the declared intents of the United States.

The analysis demonstrates that Denmark’s traditional expectation of the United States conferring prestige and protection is significantly less of a given in the case of the accession of CNA to NATO’s arsenal compared to the recent acquisition of 27 F-35s. The U.S. reaction may be lack of awareness or indifference due to difficulties in coordinating offensive cyber means – even annoyance if Denmark is perceived as withholding support for U.S. operations due to concerns over entrapment, say, or unwillingness to reveal classified means. Furthermore, the continued failure of the United States to deter state-initiated CNA below the threshold of armed conflict, particularly from China and Russia, poses a threat of entrapment in the cyber aspects of the ongoing great power conflict. The article concludes that CNA-capabilities demonstrably do not fit the historical Danish theory of success, and that their strategic value should be assessed differently than that of conventional military means.

Denmark’s Theory of Success: IF Prestige THEN Protection BECAUSE Useful

As a small state with inadequate means to deter opponents independently, Denmark must balance externally, adding to its available resources by acquiring allies (Clausewitz, 1918, p. 28; Snyder, 1984, p. 472; Waltz, 1979). However, as Snyder describes, alliances come with a dilemma: states constantly risk abandonment if allies fail to fulfil their commitments, and may find themselves entrapped in the conflicts of their allies, against their best interests (Snyder, 1984, pp. 466–467). Since 1949, Denmark’s alliance with the United States through NATO and other coalitions has been the bedrock of its military security policy (Jakobsen, 2021; Regeringen, 2018, p. 2). As a security-dependent ally, Denmark deals with both aspects of Snyder’s alliance dilemma. Entrapment if U.S. policies drag Denmark or NATO into conflict with Russia or China, abandonment if the United States declines support to NATO, whether from fear of nuclear annihilation or merely from a decreased interest in Europe (Joffe, 1989, pp. 35–36; Kaufman, 2017, p. 261; Snyder, 1984, p. 491).

Since the end of the Cold War, abandonment appears to have been the major concern for Denmark. With the last decades of increasing confrontation between the United States, China and Russia, entrapment has returned as a consideration (Jakobsen, 2021, pp. 6–14). Indeed, most realist scholars have predicted a reduction in U.S. commitment to NATO since the demise of the Soviet Union (Hyde-Price, 2015, p. 41; Waltz, 1993, p. 75). In 1984, Snyder assessed the risk of European allies being abandoned by the United States to be relatively low under the bi-polar system of the Cold War, but predicted that the risk would increase in a multipolar system (Snyder, 1984, p. 466). European fears of U.S. abandonment rose during President Trump’s term (2016–2020) following threats to abandon NATO members that failed to meet the commitment to spend 2% of GDP on defence (NATO, 2014). Such fears have been present, however, since 1949, as U.S. administrations considered ways to reduce their involvement and assets tied in Europe (Crowley, 2020; Marcus, 2016; Ringsmose & Henriksen, 2017, pp. 36–38; Schuessler & Shifrinson, 2019). European fears of abandonment were further intensified as Trump was outspoken about U.S. concerns of entrapment through NATO Article 5 obligations in European conflicts, particularly in areas of NATO nations closest to Russia (Gotev, 2018; Henriksen & Ringsmose, 2018).

Since 1949, according to Jakobsen, Denmark’s strategy has indeed followed Snyder’s description of the attempt to balance and mitigate the risks of abandonment and of entrapment through the application of shifting levels of caveats. Jakobsen adds the observation that Denmark has consistently sought to do this at the lowest possible financial cost (Jakobsen, 2021). The strategy roughly falls in three phases: the high-threat, bipolar Cold War period (1949–1990); the arguably unipolar, low-threat world order (1990–2014)and the increasingly multipolar, multi-threat environment (2014 to the present day).

Following Snyder’s framework, Denmark’s efforts to strengthen U.S.-Danish relations increased after the Cold War as the risk of entrapment in a U.S.-Soviet conflict was replaced by more complex and diffuse security threats, tilting Denmark’s combined entrapment-abandonment concerns towards giving priority to mitigating against abandonment (Jakobsen, 2021, p. 15; Snyder, 1984, p. 473). Since 1991, Denmark has increased its willingness to participate in U.S.-led military campaigns while actively working against the emergence of competing European military alternatives such as the EU (Branner, 2013, pp. 140, 145). U.S.-led wars outside NATO’s borders were not seen as a risk of entrapment, but as opportunities to gain prestige through participation, so strengthening relations with the United States (Jakobsen, 2016; Jakobsen et al., 2018). The relationship to the United States was amongst Denmark’s most important reasons for participation in the U.S.-led wars in Kosovo, Iraq, Afghanistan, Libya, and the coalition against ISIS. In Kosovo, Iraq, and Libya, Denmark was even willing to participate alongside the United States with questionable, or no, UN resolutions to legitimize the military action (Berlingske, 2013; Jakobsen, 2016; Mariager & Wivel, 2019, pp. 469–470). Denmark has, however, been more willing to sacrifice blood than treasure. Simultaneous to the caveat-free participation in Afghanistan, Iraq, and Libya, Danish politicians reaped a significant peace dividend, almost halving defence spending as a percentage of GDP, in spite of coming from a very low, and in NATO highly criticised, level of defence spending at the end of the Cold War (Jakobsen, 2021, pp. 6, 10).

Notwithstanding the significant defence cuts, Denmark’s willingness to participate in any U.S.-led operation strengthened the relationship with the United States, so gaining prestige (Henriksen & Ringsmose, 2011; Jakobsen et al., 2018). The means to provide expeditionary forces came, however, at the cost of dismantling forces employed for national territorial defence; this became a problem after the Russian annexation of Crimea, as U.S. leaders put less value on the willingness of allies to participate in out-of-area operations. They now prioritize spending 2% of GDP on defence and the ability to conduct the defence of NATO’s own territory (Jakobsen & Ringsmose, 2017, p. 4).

Complicating matters and increasing the possibility of entrapment for Denmark, the United States furthermore demands allied support below the threshold of armed conflict and outside the military realm, such as in the case of Huawei products in Alliance 5G infrastructure (Blatchford et al., 2020). The Huawei issue is a good example of Denmark’s strategic dilemma. Along with the other European allies of the United States, Denmark has become entrapped in the ongoing U.S.-Chinese conflict over domination of this critical future infrastructure. To avoid U.S. criticism (and, in Snyder’s terms, to reduce the risk of abandonment), Denmark has complied with demands to limit potential suppliers to allied nations, risking China’s wrath by effectively rejecting Huawei as a provider of 5G (Breinstrup, 2020). Most recently, the Biden administration has sought support from European allies to condemn and counter Russian and Chinese hostile acts in the cyber domain (Kanno-Youngs & Sanger, 2021; The White House, 2021). Denmark has reacted by increasing its defence budget to the same level as that of Germany, a level deemed just sufficient to avoid being entirely shamed in NATO. Denmark is also likely to increase the budget further in the next defence agreement to deflect criticism from NATO – particularly the United States (Jakobsen, 2021, p. 15). In spite of the incomplete and delayed fulfilment of Denmark’s stated material and financial commitments to NATO, prestige arguably remains a stated end in the 2018 defence agreement, which mentions Denmark’s position as a “core member of NATO” as an explicit objective of the policy (Frederiksen, 2021; McGhie, 2021; Regeringen, 2018, p. 2).

Danish F-35s – Ideal “Plug and Play” Means for Prestige and Protection

Denmark’s failure to fulfil NATO/U.S. spending demands leads Snyder to predict that Danish decision-makers will seek to compensate for this. Lake and Hyde-Price suggest this might be achieved through the provision of direct economic advantages through economy of scale, purchasing the same equipment as the hegemon. Compatible equipment also facilitates contributions to operations, freeing up military resources for the hegemon while providing less tangible second order effects such as international legitimacy. Furthermore, the hegemon benefits from the influence conferred on it by the sale of arms to its security-dependent allies, who are incentivized to discourage fellow allies from establishing alternatives to the alliance (Hyde-Price, 2015, pp. 48–49, 52; Lake, 1999, p. 44, 47).

Thus, a U.S.-produced military capacity, operationally compatible and able to operate along with or instead of U.S. forces, would present an ideal opportunity for Denmark to optimize the alliance-strengthening aspect of a military acquisition. The F-35 multirole combat aircraft comes close to this ideal. When Denmark decided to acquire 27 F-35s in 2016, the relationship to the United States was directly stated as a major factor driving Denmark’s largest military investment in decades (Danish Ministry of Defence, 2016). This was also the case with the purchase of F-16 fighter jets in 1975 (Ringsmose, 2013, p. 109).

How, then, does Denmark’s new F-35 capability provide opportunities for prestige and protection? And what are the financial costs and what are the risks for entrapment?

From a purely financial standpoint, Denmark’s purchase of the F-35, like its F-16 predecessor, provides not only the potential for prestige, but offers direct advantages through economy of scale to the United States. The Danish acquisition lowers the costs of the U.S. fleet of F-35s by spreading the fixed costs – research and development, tooling up factories for production, etc. – on more aircraft (Congressional Research Service, 2020, p. 1). Operationally and tactically, the Danish F-35s provide strategic potential for prestige by participating in U.S.-led coalition or NATO tasks such as air policing over the Baltic NATO-partners, stabilization operations such as that of Libya in 2011, and the ongoing campaign against ISIS in Iraq and Syria (Forsvaret, n.d.; Ingvorsen, 2017; Schaub & Michaelsen, 2018, p. 16). This provides the potential for a division of labour that frees up U.S. resources for other tasks while conferring international legitimacy to the missions. This U.S. advantage is further facilitated by the fact that Denmark has bought the planes along with pilot training in the United States, and according to U.S. doctrines, making them highly compatible and easy to integrate in U.S.-led operations. Hence, the Danish F-35s become a plug-and-play capability, available to seamlessly support the continued strategic Danish intent of participating in U.S. military endeavours, whether in NATO or in willing coalitions, so increasing Danish opportunities for gaining prestige. These factors should decrease the risk of abandonment in accordance with the Danish theory of success.

From the highly sensitive perspective of Danish finances, the cost of the F-35 is a disadvantage. Cost is the permanent counterbalance to the desire to gaining prestige, and thus protection, from the United States, as demonstrated by Denmark’s lacklustre approach to NATO’s 2014 2% target for defence spending (NATO, 2014). The F-35 capability is expensive, although the acquisition, due to reductions elsewhere in the Danish armed forces, has kept the increase in the defence budget relatively restrained. In order not to increase the budget or to further cannibalize the rest of Denmark’s defence capability, however, Denmark has only bought 27 planes to replace 40 F-16s (Forsvaret, 2021). In comparison, Norway has replaced 56 F-16s with 52 F-35 planes (Mehta, 2017). To explain the difference, Danish assessments of aircraft and crew efficacy have been significantly more optimistic than those of other NATO partners, including Norway, to demonstrate that the 27 F-35s will fulfil the capabilities promised to the organisation (Bredsdorff, 2017). Whether the optimistic Danish assessments will hold up will only be clear once the capability is established. Should the Danish assessments not hold up, the 27 F-35s will fall visibly short of the promised capability, making Denmark vulnerable both to criticism and to demands for the purchase of further aircraft from the United States.

From a Danish entrapment-risk reducing perspective, the F-35’s very conventional military nature is convenient, or at the very least a known quantity, in that regard. The United States may call upon Denmark’s F-35 in order to, say, deter Russian aggression in the Baltics by participating in NATO’s air policing mission (NATO, 2021). While such activities will be received with displeasure by Russia, years of historical experience from similar activities with the F-16 suggest that they are unlikely to provoke a direct response, let alone an attack or even armed conflict (Axe, 2021). Hence, while the risk of entrapment is present, it is limited, and a known quantity for Danish decision-makers, who can draw on precedent in assessing the risk if the United States should request new uses of the capacity. The operations may be similar to the recent inclusion of Norwegian F-35s in the first exercises including U.S. B1-bombers over the Barents Sea – activities that Russia perceives as escalatory (Cenciotti, 2021). Furthermore, the very limited number of available Danish aircraft may provide an excuse for Danish decision-makers to demur from participation in operations that entail risks of entrapment.

Computer Network Attacks (CNA): Offensive Cyber is Different

NATO (2020, p. 4) defines cyberspace as “the global domain consisting of all interconnected communication, information technology and other electronic systems, networks and their data, including those which are separated or independent, which process, store or transmit data.” Offensive cyberspace operations (OCO) are defined as “actions in or through cyberspace that project power to create effects which achieve military objectives.” In this analysis, “offensive cyber” is a more legible shorthand for the non-doctrinal term “offensive cyberspace operation capabilities” and includes, for example, the technology, programming, trained personnel, command and control, and so on, necessary to conduct military OCO.

U.S. doctrine formerly distinguished between two different subcategories of OCO: computer network attacks (CNA) and computer network exploitation (CNE). Current U.S. and Danish military doctrines for cyberspace operations (CO) only distinguish between OCO and defensive cyber operations (DCO; (FAK, 2019; Joint Chiefs of Staff, 2018). However, while no longer officially in use, CNE and CNA are analytically very helpful categories (NIST, n.d.). CNE is cyber-enabled espionage, “enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary information systems or networks” (Department of the Army, 2003, pp. 2–11). CNA are destructive attacks: “operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves” (Joint Chiefs of Staff, 1998, p. GL-5). Definitions of the effects of CNA from the older U.S. doctrine vary slightly from, but are all covered by, the effects listed in the NATO doctrine (NATO, 2020, p. 18).

A brief description of how CNAs are conducted may be useful for readers less familiar with offensive cyber than with conventional military means (Figure 1). CNA can be inflicted directly against data and associated IT-hardware, and inflicted on physical hardware connected to the cyber-affected systems, directly or indirectly, as a second or higher order effect. Offensive cyber operations to conduct CNA follow a “kill chain” of activities: reconnaissance, weaponization, delivery, exploit, installation, establishment of command and control, and, finally, action against the objective (Yadav & Rao, 2015). Initially, a prospective attacker conducts reconnaissance to identify a target, its systems, and exploitable weaknesses. These can be technical or may exploit un-patched known weaknesses, often in legacy systems or where the target runs pirated copies of software (Sikdar, 2017, p. 22). CNAs can also exploit organizational weaknesses such as poor training or lax procedures. Having reconnoitred the target and identified an exploitable flaw, the attacker moves to the next step in the kill chain, weaponizing the flaws by choosing or developing software – the actual “cyber weapon” – that can exploit them. The next steps are to deliver this to the targeted system and to trigger the payload. The CNA may here jump to the final step and act on the objective – that is “disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves,” in the words of the older U.S. doctrine quoted above. Alternatively, the CNA may install and trigger further payloads that enable continued, and perhaps spreading, access to other connected systems and command and control on elements connected to these systems, preparing the way for either further CNAs or other OCO such as computer network exploitation.

Show Computer Network Attacks (CNA) as subset of Cyberspace Operations (CO)
Figure 1 

Computer Network Attacks (CNA) as subset of Cyberspace Operations (CO).

Although conducted by a non-state actor, the 2021 CNA on Colonial Pipeline provide an illustrative example. Through reconnaissance, Russian criminals had discovered that the U.S. company had very lax security procedures – some employees used similar passwords at home and at the company’s systems, for example, while the company did not deploy two-factor authorization. The criminals then weaponized these flaws by using an employee’s password, compromised from another hack and sold in bulk on the dark net to gain access to Colonial Pipeline systems. They used the access to deploy and then to trigger software designed to scramble and encrypt data (the “disruption” of the doctrinal terminology), seeking to take Colonial Pipeline’s ability to operate hostage: the company would have to pay a ransom to get a code that could un-scramble the data. It is unclear whether the resulting chaos was fully attributable to the CNA (first order effects) or partially resulted from to the company’s attempts to limit the impact of the initial attack (second order effects). Regardless, the CNA halted operations for days, caused a 45% drop in fuel distribution, and made 17 states on the east coast of the United States declare a state of emergency (Panettieri, 2021; Turton & Mehrota, 2021).

This article only investigates how the acquisition by small states of capabilities for the conducting of CNA compares to conventional military means in alliances. So why exclude CNE, and its operational derivative, cyber espionage enabled or enhanced influence operations, from the analysis? There is no question that the emergence of the cyber domain exponentially increases the potential scale and speed of the ability of states to conduct espionage and to spread propaganda. More, the internet provides new opportunities to do so clandestinely – see, for example, the Russian use of cyber-enabled espionage combined with fake cyber identities and algorithmically targeted spreading of misinformation on social media to influence the U.S. presidential election in 2016, or China’s use of cyber-enabled espionage for both counter intelligence purposes and the theft of intellectual property; both represent threats at the strategic level (Nakasone, 2019b, p. 3). But espionage and propaganda are not new tools in a state’s strategic toolbox. Thus, from the alliance perspective, while the sharing between allies of intelligence acquired through CNE may offer new opportunities, it does not differ in principle from the sharing of intelligence acquired by traditional means. CNA capabilities, however, present allies with entirely new challenges due to their inherent technical and operational traits. Hence CNA capabilities will be the sole focus of this analysis. The article does not offer an evaluation of the other potential benefits of the acquisition of CNA capabilities (a better understanding of cyber threats, useful to the improvement of cyber defence capabilities, for example), focusing solely on the potential effects on small states and their security-providing allies.

Computer network attacks present small states with several new strategic opportunities. Due to their low cost of entry compared to conventional means, they provide financially accessible ways to increase military capabilities (Green, 2015, p. 35). Furthermore, since offensive cyber means are kept exceptionally secret due to operational needs, they represent a unique opportunity to impress allies with a little swagger and to deter opponents through the simple implication that a state possesses effective cyber weaponry (Montgomery, 2020, p. 312). They also have disadvantages, however, which make them hard to wield through alliances: due to CNA’s extraordinarily high need for secrecy to ensure efficacy, they are far more difficult, perhaps insurmountably so, to coordinate between allies (Jensen, 2022). Finally, CNA differ from conventional military means, being increasingly used by states as instruments for inflicting of damage on opponents with substantially less risk of crossing a threshold to instigate armed conflict than would be incurred by the use of conventional weapons (ODNI, 2021, p. 20).

CNA vs. F-35 – Less Influence on Protection, More Risk of Entrapment

Unlike the F-35, CNA capabilities do not perfectly fit the mould for the utility and influence of small allies. In the main, this is because they are very likely to be kept completely secret at the national level and not shared with allies (Jensen, 2022). The limited information available suggests that sharing even non-cyber related classified information within NATO has been a longstanding challenge (Atkeson, 2009; Binnendijk & Priebe, 2019, p. 50; de Graaff, 2017; Dempsey, 2017; Gramer, 1999, pp. ii, 7; Seagle, 2015, p. 565, 570). Even bilateral sharing of intelligence is fraught with difficulties (Maras, 2017). Information regarding CNA capabilities appears to be even more difficult to share. The very limited unclassified evidence, mostly from cyberspace operations against ISIS, suggests that even the coordination of mundane CNA-capabilities poses very significant challenges between different U.S. entities, let alone between the members of a coalition (Martelle, 2020). Software involved in CNA is not developed in a collaborative multilateral effort, but by organisations typically under the aegis of, or associated with, the national intelligence services, whose highly classified and usually un-sharable intelligence is often the all-important prerequisite for the “tailored” part of the production of offensive cyber capabilities with tailored access (Kaplan, 2016, Chapter 8).

In Denmark, the unit responsible for developing and deploying such means is the Military CNO-sector under the Danish Defence Intelligence Service (DDIS Organisation, n.d.). In the United States, it is Cyber Command (USCYBERCOM), which is closely associated to the National Security Agency (NSA). USCYBERCOM and NSA are independent units, but both under the command of the same general (Pomerleau, 2018). Consequently, research and development costs are highly unlikely to be shared, and multinational burden-sharing by specialization within particular fields, say, is unlikely to take place. Interviews with operators of offensive cyber capabilities indicate that even generic offensive means, which are less dependent on being kept secret and more sharable with allies, are kept secret at the national level – perhaps because the cyber domain is still in its infancy and hence an immature domain for conflict. Such generic and perhaps over-classified means have yet to be transferred from national intelligence organizations to regular military forces, so becoming an everyday part of military operations on a par with other means (P. Breuer, personal communication, 23 October 2020). This extraordinarily high level of secrecy, compared to conventional means, makes it challenging to deploy CNA capabilities in multinational operations.

The Danish doctrine for cyberspace operations acknowledges that there is an undefined subset of cyberspace operations that cannot be shared with allies (FAK, 2019, p. 14). So how are military effects deployed in a multinational joint operation if you cannot tell your partners what you are doing? To solve this conundrum, NATO has developed the concept of “Sovereign Cyber Effects Provided Voluntarily by Allies” (SCEPVA) through NATO’s newly formed Cyber Operational Command (CyOC; Goździewicz, 2019). This allows members to offer offensive cyber effects, without disclosing anything about which or how they intend to achieve them; the involved NATO partners agree to allow the SCEPVA, and hence accept the risk involved with using the cyber means without any way of assessing them beyond the word of the provider (NATO, 2020, pp. 11, 21). NATO’s joint doctrine for cyberspace operations acknowledges that this is perhaps a suboptimal way to manage operations (NATO, 2020, p. 26). But the procedure is a compromise that, at least, opens a venue for NATO members to deploy offensive cyber capabilities in support of the alliance without having to disclose classified information. Furthermore, by ignoring the difficulties that would possibly arise from lack of information sharing on offensive cyberspace operations in an actual crisis, the SCEPVA-concept allows NATO, e.g. through exercises, to gain experience and develop doctrines and procedures.

No unclassified information is available on NATO’s experiences so far. In the operations against ISIS, the United Kingdom, Australia, and the United States have all deployed offensive cyber (Burgess, 2019; Flemming, 2018; Sanger & Schmitt, 2017). However, the limited available information on these offensive cyber operations suggests that inter-organizational de-confliction within the United States alone proved problematic, and the dilemma of whether or not to involve allies was a significant concern (Loleski, 2019, p. 123; Nakashima, 2017b; U.S.CYBERCOM, 2016).

These difficult operational issues are compounded by the lack of international agreement as to what constitutes the legal use of offensive cyber capabilities in international conflict, even within NATO. SCEPVAs need to be legal, but if NATO accepts a Danish SCEPVA, it will be legal according to Danish interpretations of international law (NATO, 2020, p. 21). Danish understandings of international law may differ from those of the United States – but as the SCEPVA is secret, the United States would not be able to assess its legality according to its own interpretation. The legal implications of NATO’s use of offensive cyber means are thus potentially manifold (Taillat, 2019, p. 373; Teglskov Jacobsen, 2017, p. 7). Even though the potentially illegal effects of a SCEPVA would formally be the legal responsibility of the executing member, other members of NATO would likely be held responsible at the political and strategic level, which may represent a sort of entrapment in itself.

That said, the United States has likely been pleased to notice that Denmark was amongst the first NATO member to pledge their emerging CNA capabilities in the service of the alliance through the SCEPVA procedures, as this pledge adds legitimacy and support to the ability of the larger state to deploy such means on behalf of the alliance. Presumably, some prestige, and hence protection, was gained on that account. Further prestige may follow if Denmark should one day instigate, or be called upon to provide, CNA in support of a NATO or U.S.-led coalition operation. In such a case, Denmark would be able to demonstrate a new way of providing support with little or no caveats by giving the United States access to information about the CNA capabilities in question. This would represent a national sacrifice: it involves the classified CNA means and presents a significant risk of disclosing the intelligence sources behind their development. Furthermore, the experience of the last three decades, that prestige may be gained through conventional support for NATO and U.S.-led operations, is not necessarily useful in determining the strategic benefits of CNA.

From the financial perspective, CNA has the potential (if temporary) advantage of being secret. With a high degree of legitimacy, Denmark can refuse to tell allies anything about the resources allocated to and the expected efficacy of its offensive cyber capabilities due to their generally accepted classified nature. The lack of transparency provides more room for interpretation and swaggering based on implied capabilities than conventional military means, at least up to the point where Denmark’s allies request support from the CNA capability. While, to paraphrase Lincoln, you are unlikely to fool all the people all of the time, this may provide some temporary room for manoeuvre in a pinch. If Denmark were to be caught bluffing about its CNA capabilities, however, damage to prestige could be significant and long-lasting, and the risk of abandonment could increase.

Regarding entrapment, the discussion above has focused on the challenges of supporting NATO or U.S.-led coalition operations with Danish CNA. But such operations in a NATO framework would most likely be conducted in some variant of armed conflict. Regular armed conflicts involve manageable risks for entrapment for Denmark in wars of choice, or less relevant entrapment concerns in case of all-out war for survival. It is thus relevant to reiterate the particular entrapment challenges from conflict in the cyber domain below the threshold of armed conflict as “competition” or “grey zone” increasingly replace “peace” as the preferred descriptor for the normal state of international affairs (Burkhart & Woody, 2017).

At some point in the future, the United States may ask for assistance from allies to form a “coalition of the willing” to respond with offensive cyber means to the increasing number of damaging cyber-attacks the country has long been subjected to from state actors, particularly Russia and China. Such ongoing attacks are individually destructive but well below the threshold of armed response (Sanger et al., 2021). Such a request would place Denmark squarely in Snyder’s alliance dilemma, as already demonstrated by the conflict with China over 5G-infrastructure (Snyder, 1984, p. 467). Failure to respond to U.S. demands would reduce prestige and hence increase the risk of abandonment. Answering the call and conducting CNA against powerful opponents will require significant resistance to risk aversion amongst the Danish decision-makers. It would not only expose Denmark to retaliation in the cyber domain from opponents that have already demonstrated a lack of both restraint and regard for collateral damage, but, in China’s case, to the likelihood of significant economic retaliation. The paucity of historical experience with the use of CNA as signalling between nations in conflicts exacerbating this risk from entrapment, and may lead to unintended escalation.

Denmark’s Stated Intent on CNA Fits Poorly with U.S. Strategy

There are few official statements on how Denmark intends to use its new offensive cyber capabilities. The decision to acquire a military computer networks operations (CNO) capability came in 2009 with the 2010–14 defence agreement, which did not mention offensive capabilities or tasks (Forligspartierne, 2009, p. 9). Offensive cyber capabilities were first mentioned in the 2013 defence agreement without any specification on what the offensive tasks could involve (Forligspartierne, 2012, p. 15). It is likely, however, the tasks considered were CNA; cyber-enabled espionage would not require any changes to the tasks of the Danish Defence Intelligence Service (DDIS). Next, an official white paper from 2016 stated that the capabilities were intended to supplement conventional military means, and that parliament must be notified before cyberattacks resulting in effects comparable to conventional attacks – that is, physical destruction and risk of fatalities – can be authorized by the government against both states and non-state actors (Det Udenrigspolitiske Nævn, 2016, pp. 6, 9). The offensive capabilities were not mentioned in the Danish 2018-defence agreement, even if two of the document’s 15 pages describe cyber threats and defensive cyber initiatives (Regeringen, 2018, pp. 10–11). However, in August 2018, the Ministry of Defence published a statement that Denmark was developing offensive cyber means that would be operational from 2019, and that they were intended for use in support of NATO (Forsvarsministeriet, 2018). In late 2018, the then chairman of the Danish Parliament’s defence committee, Naser Khader, gave an interview on the topic (Lindegaard & Nielsen, 2018). In contrast to the scope for offensive operations given in the 2016 white paper, Khader called for Danish cyberattacks against Russian hackers to deter their activities. No government officials or other members of parliament came out in support of, or even commented on, Khader’s statements, however; indeed, neither the then liberal-led government nor the present social democratic-led government have made any further statements on the subject. In a 2019 survey of offensive cyber’s role in Danish and European defence, Liebetrau calls upon the Danish politicians to consider how they envision the use of the new capabilities outside the realm of armed conflict (Liebetrau, 2020, p. 10).

While the tasks of the military CNO-branch are described in very generic terms on the homepage of the DDIS, nothing is mentioned regarding alliances (DDIS Organisation, n.d.). Only in June 2021 was there was an allusion to the government’s intent regarding offensive capabilities as 40 million kroner were dedicated to offensive purposes out of 50 million kroner designated for a combined cyber defence initiative. The document only mentions non-state actors, specifically pirates and terrorists, as potential targets. Surprisingly, the document lists attribution as one of the tasks under the headline of Offensive Tools. If the initiative’s intention is to finance attribution capabilities, which are arguably a defensive capability, with means allocated for offensive purposes, this suggests that less than 40 million kroner will be left for the purely offensive tasks (Bramsen, 2021, pp. 11, 14).

In summary, the Danish government has made few statements on how it intends to use Denmark’s offensive cyber capabilities, except for the uncontroversial statement that they can supplement other military means employed by the Danish Armed Forces in armed conflicts. There are no indications on how, when, or even if Denmark would consider using these means against state actors below the level of armed conflict. No public information is available on the organization, the size of the capability, or actual operations. What Denmark is very clear about, however, is that the means are intended to be used within the framework of, and in support of, NATO.

With the United States, the picture is the opposite. While initially shrouded in secrecy, the use of offensive cyber capabilities by the United States in the international system in conflicts above and particularly below the level of armed conflict has become increasingly open over the last decade. A natural starting point could be the STUXNET cyberattack on Iran, first reported in 2010, that, while never acknowledged, has been generally attributed to the United States and Israel (Tikk et al., 2021, p. 30). While parts of the 2006 National Military Strategy for Cyber Space Operations remain classified, it does say that the United States must achieve military superiority in cyber space, and that this is best done by combining offensive and defensive capabilities (Rumsfeld, 2006, pp. 10, 13). While not officially acknowledged, and hence to be considered with care, a leaked version of President Obama’s directive no. 20 gives more detailed insight into U.S. policies on what it terms Offensive Cyber Effects Operations (OCEO; Obama, 2013). It states that the United States “shall identify potential targets of national importance where OCEO can offer a favourable balance of effectiveness and risk as compared with other instruments of national power, establish and maintain OCEO capabilities integrated as appropriate with other U.S. offensive capabilities Operations” (p. 12). The directive does put some limitations in place: notably, foreign nations must be notified if the cyber effects takes place on or via their territory – unless a presidential permission to forgo that warning is given (Obama, 2012, p. 7). While remaining unspecified, the admitted U.S. use of offensive cyber against state and non-state actors and above and below the level of armed conflict grew after STUXNET (Sanger & Schmitt, 2017).

After some years marked by U.S. frustration over its inability to deter both Russian interference in political processes and Chinese espionage, the Trump administration signalled that it would put greater weight on in-domain deterrence (Mallory, 2018, p. 18; Nakashima, 2017a). In 2018, the U.S. emphasis on the role of offensive cyber capabilities as a means for deterrence by punishment was announced along with new directions for U.S. Cyber Command, together intended to afford a wider scope for offensive operations before it was required to involve the president (Sanger, 2018). The unclassified version of the 2018 National Cyber Strategy is kept in very broad terms but represents nonetheless a significant shift towards in-domain deterrence (Smeets, 2020; Trump, 2018). John Bolton, the then National Security Advisor, and General Nakasone, commander of Cyber Command and NSA since 2018, have given a number of interviews and official hearings where they stress the doctrine of “persistent presence” – the ability to be constantly present in the networks of other nations in order both to identify threats as they develop and to punish hostile actions (JFQ, 2019; Nakashima, 2018a, 2018b; Nakasone, 2019a, 2019b; Nakasone & Sulmeyer, 2020). As part of the signalling of will and capability, besides suggesting capability through the vaguely described publicly announced offensive operations, the United States has disclosed some information on the force behind the persistent presence doctrine: approximately 6000 personnel in 133 teams (Nakasone, 2019b). While this may or may not be true, it is at least an indication of the capability.

When it comes to intentions on the use of offensive cyber by the United States in alliances, the available information is sparse and vague. The glimpses that can be gleaned from the declassified parts of the 2006 strategy and the 2012 presidential directive primarily mention international collaboration on defensive cyber issues (Obama, 2012; Rumsfeld, 2006, p. 17). The 2017 National Security Strategy mentions allies in just one sentence regarding information sharing on threats and mutual assistance in attribution (Trump, 2017). The 2018 National Cyber Strategy states:

The imposition of consequences will be more impactful and send a stronger message if it is carried out in concert with a broader coalition of like-minded states. The United States will launch an international Cyber Deterrence Initiative to build such a coalition and develop tailored strategies to ensure adversaries understand the consequences of their malicious cyber behavior. The United States will work with like-minded states to coordinate and support each other’s responses to significant malicious cyber incidents, including through intelligence sharing, buttressing of attribution claims, public statements of support for responsive actions taken, and joint imposition of consequences against malign actors. (Trump, 2018, p. 21)

The intention of collaboration is reflected in very broad terms in a paragraph in the Defense Department’s cyber strategy (DoD, 2018, p. 5). But, as of mid-2021, nothing concrete regarding this initiative has been disclosed by either the United States or any prospective “like-minded” nation. Unlike most of the Danish policy papers, none of the policy papers referred to in this article specifically mentions NATO. President Biden’s call for allies to react against Chinese cyber espionage, however, could indicate an increased, and perhaps more formal and active, role for allies in U.S.-initiated active cyber deterrence below the threshold of armed conflict (Kanno-Youngs & Sanger, 2021).

To sum up, with the declared intention of increasing in-domain deterrence, the United States has been increasingly vocal over the last decade about its willingness and capability to punish hostile cyber activities. The guidance of, and outreach to, allies on what role they may play in this context is very vague – at least at the unclassified level. There may of course be confidential communication ongoing in parallel with the publicized strategies, defying analysis in this context and capable of changing the conclusion.

While it is outside the scope of this article to discuss the efficacy of the U.S. strategy, the lack of clarity raises two questions for its allies. First, how might the U.S. strategy to strengthen the relationship be supported? This question is particularly difficult if their strategies, like those of Denmark, only address the use of CNA in armed conflict, where the United States strongly signals a will, and hence the potential for, requesting support for the use of CNA below that threshold. Second, will the new strategy increase the risk of entrapment in offensive operations instigated by the United States, given that much of the forward engagement will likely be conducted through allied cyberspace (Smeets, 2020, p. 447)? In a crisis, under pressure, and likely working to time constraints, victims of offensive operations instigated by the United States but directed through allied cyberspace may have difficulty attributing the origin of the attacks, and may retaliate against other actors.

From the point of view of the allies, the risk of entrapment in U.S. cyber conflicts is likely higher than the risk of entrapment in conventional conflicts, even if simplified to a statistical likelihood based on the number of events. Unlike conventional means, the use of offensive cyber means is not only a regular occurrence; it features increasingly frequent events below the threshold of armed conflict between the United States and its opponents. In the ongoing day-to-day cyber conflict in the grey zone below the threshold of armed conflict, allies are increasingly likely to be called upon to support U.S. operations, either passively, or by actively providing CNA against economically or militarily powerful state actors that would be able to inflict significant punishments both within and without the cyber domain.

Conclusion: CNA, Questionable for Protection, New Risks for Entrapment

This article set out to investigate an assumption: CNA capabilities influence the relationship between a small state and its security provider in a military alliance in a similar fashion to conventional military capabilities. By analysing the case of Denmark and the United States and comparing the likely effects of Denmark’s new CNA-capability and its acquisition of 27 F-35s, it has demonstrated this assumption to have significant and non-trivial flaws.

CNA-capabilities demonstrably do not fit the standard and historical Danish theory of success achieved by offering self-evident advantages to a state security guarantor. Thus, Danish decision-makers will have to assess CNA’s strategic value apart from conventional military means.

Table 1 summarizes how F-35 and CNA respectively fit into the Danish theory of success: if Denmark makes deployable military capabilities available for the United States through NATO or in ad hoc coalitions with few or no caveats, then Denmark gains prestige and increases the incentive of the United States to protect because Denmark is a useful ally.

Table 1

D F-35 and CNA effects on U.S.-Danish alliance.


Interoperability Direct benefit to United States => reduce risk of abandonment Little or no benefit to U.S. => little or no effect on risk of abandonment

Economy of scale Direct benefit to U.S. => reduce risk of abandonment Little or no benefit to U.S. => little or no effect on risk of abandonment

Strengthen NATO capabilities in armed conflict Direct benefit to U.S. => reduce risk of abandonment Benefit to U.S., directly within the limited framework of SCEPVA and indirectly from political support of U.S. ability to conduct CNA in NATO ops by SCEPVA => reduce risk of abandonment

Potential for prestige through participation in ops High, according to historical experience from Afghanistan, Iraq and Libya => reduce risk of abandonment. More, lack of Danish caveats has further enhanced prestige, standing out in comparison to allies with caveats.
Caveat: should the ops involve high risk of entrapment, participation would, based on past policies, likely be declined or at least conditional.
No historical experience => Impact on risk of abandonment difficult to assess. U.S. official strategy unclear on role of allies, but stress use below threshold of armed conflict. Danish intent on use below threshold of armed conflict undeclared – hence no a priori Danish support for U.S. operations below that threshold.
If ops are conducted, prestige is limited to decision-makers with access to knowledge of the likely highly classified operations – and then only if the U.S. is informed of the ops efficacy.

Transparency of allocated resources and capability efficacy Disadvantageously high: U.S. and NATO have good insight into efficacy of capability and if insufficient may press for increased resource allocation. Advantageously low, at least until called upon to deliver: non-disclosure of resources allocated to and efficacy of CNA capability accepted among allies.

Risk from entrapment Some risk from entrapment. However, historical experience would allow some basis for assessing the risk and provide guidance for the use of the capability to de-escalate a conflict. Likely relatively higher risk of entrapment due to widespread and increasing use below the threshold of armed conflict: arguably more likely than conventional means to be requested by the U.S. to conduct in-domain punishment to deter opponents such as China and Russia.
This risk exacerbated by lack of historical experience with the use of CNA to de-escalate conflict, the ambiguity and clandestine nature of the means, as well as low threshold for opponents to counter-escalate if used.

Among other less tangible benefits, F-35 demonstrably presents the potential for providing prestige through operational and financial advantages to the United States. Viewed through Snyder’s lens, the limited amount of information available suggests that Denmark’s new CNA-capabilities do not fit the standard Danish strategy of strengthening such ties. There are several challenges to the capacity of these capabilities to reduce the risk of abandonment. First, it is unlikely that the new capabilities provide any enhancement of U.S. economies of scale. Second, it is likely that the Danish capabilities are kept secret at the national level (as are the U.S. capabilities), meaning that opportunities for burden-sharing are likely left unexplored. Third, it is likely that offensive cyber capabilities are more difficult to deploy in support of U.S.-led military operations than conventional means, whether in NATO under the SCEPVA-format or in other coalitions.

However, Denmark’s CNA capabilities have some potential for providing prestige: Denmark’s early pledge for NATO’s SCEPVA-concept likely suited U.S. interests well, conferring some prestige. Actual participation in operations could provide further prestige, especially if combined with Denmark’s traditional low level of caveats demonstrated, for example, by a willingness to sacrifice national interests by giving the United States access to classified CNA means. Furthermore, the secrecy surrounding the allocated financial and material resources allow some – if only temporary - room for swaggering based on the mere claim to possess CNA capability. Finally, as mentioned in the introduction, CNA-acquisition may have positive effects outside the relations with allies that have not been addressed here.

These potential positive effects mitigating against abandonment are counterbalanced by CNA’s higher risk of entrapment compared to conventional means due to the observably lower threshold for their use in current interstate affairs, where “competition” and “grey zone” are increasingly replacing “peace” as pertinent descriptors. Both the United States and its opponents use offensive cyber with increasing frequency and significantly below the threshold of armed conflict. Hence, the mere claim of a Danish offensive cyber capability opens a venue for involvement that did not exist before 2019.

The theoretical considerations following the Snyder analysis are underlined by the apparent mismatch between the stated strategies of Denmark and the United States. The latter is very clear on its intention to use CNA below the threshold of armed conflict, but leaves allies guessing how they may contribute, while Denmark has mainly stated it intends to use CNA in armed conflict, leaving the United States to guess whether CNA-support can be expected below that threshold.

As mentioned initially, U.S. relations were an important parameter for Denmark’s choice, and as demonstrated, the F-35 is well suited for that purpose. As not all Danish military equipment is U.S. produced, other parameters may also influence Danish military investments: Denmark bought German Leopard II tanks in the late ‘90s, Swedish infantry fighting vehicles (IFV) in the early 2000s and recently self-propelled artillery from France (Forsvaret, 2020; Forsvarsministeriet, 2004; Regeringen, 2005). Neither of these investments were on a comparable scale, however, leaving room for prioritizing aspects other than their financial benefits to the United States. Also the tanks and the IFVs played a very active role in Denmark’s operations in Afghanistan, the Leopards on occasion providing direct support to U.S. ground forces in Helmand (Antonsen, 2018, p. 143). Hence, they have checked more of the listed “useful ally asset” boxes than CNA is likely to do.

The conclusion of this analysis is not that CNA’s equivocally positive effects on the Danish-U.S. alliance disqualify it as a military means. CNA capabilities may provide operational advantages that have not been brought forward by the analysis through Snyder’s lens, and they are arguably relatively cheap: a parameter historically appreciated by frugal Danish governments. However, Danish decision-makers should recognize that CNA must be assessed on terms other than conventional means when considering whether their operational and financial advantages outweigh the increased risks of entrapment that come with their introduction.

Competing Interests

The author has no competing interests to declare.


  1. Antonsen, T. (2018). Danish Leopards in Helmand: From the crew’s perspective. Trackpad Publishing. 

  2. Atkeson, E. B. (2009). NATO Intelligence: A contradiction in Terms (redacted, unclassified 2009 version). Studies in Intelligence, 53(1): 1–11. 

  3. Axe, D. (2021). American Bombers Blaze Toward Russia In Provocative Show Of Force. Forbes. 

  4. Berlingske. (2013, August 27). Helle Thorning-Schmidt støtter indgreb i Syrien. Berlingske. 

  5. Binnendijk, A., & Priebe, M. (2019). An Attack Against Them All? Drivers of Decisions to Contribute to NATO Collective Defense. RAND Corporation. DOI: 

  6. Blatchford, A., Hendeland, J., & Cerelus, L. (2020, December 2). How Biden could galvanize the world against Huawei. POLITICO. 

  7. Bramsen, T. (2021). Et styrket dansk cyberforsvar. Forsvarsministeriet. 

  8. Branner, H. (2013). Denmark Between Venus and Mars: How Great a Change in Danish Foreign Policy? Danish Foreign Policy Yearbook, 134–166. 

  9. Bredsdorff, M. (2017, October 11). Nu er det officielt: Forsvarsministeriets F35-køb hviler på super-optimisme. Ingeniøren. 

  10. Breinstrup, T. (2020, June 8). Forsvarsminister: Nej til 5G-udstyr fra ikke-allierede lande. 

  11. Breuer, P. (2020, October 23). Interview via Skype 23. Oct. 2020 with Dr. Pablo Breuer by Major M. Storm Jensen (M. S. Jensen, Interviewer) [Personal communication]. 

  12. Burgess, M. (2019). Director-General ASD speech to the Lowy Institute | ASD Australian Signals Directorate. Australian Signals Directorate. 

  13. Burkhart, D., & Woody, A. (2017). Strategic Competition: Beyond Peace and War. JFQ: Joint Force Quarterly, 86, 20–27. 

  14. Cenciotti. (2021, February 26). ‘Arctic Bone’: U.S. B-1 Bombers Fly First Mission From Norway Over Eastern Barents Sea, ‘Russia’s Naval Backyard’. The Aviationist. 

  15. Clausewitz, C. von. (1918). On War, Vol. 1. (J. J. Graham, Trans.). Kegan Paul, Trench, Trubner & C. 

  16. Congressional Research Service. (2020). F-35 Joint Strike Fighter (JSF) Program (ver. 79 27 MAY 2020). Congressional Research Service. 

  17. Crowley, M. (2020, September 3). Allies and Former U.S. Officials Fear Trump Could Seek NATO Exit in a Second Term. The New York Times. 

  18. Danish Ministry of Defence. (2016). Type selection of Denmark’s new fighter aircraft. 

  19. DDIS Organisation. (n.d.). Danish Defence Intelligence Service. Retrieved 13 March 2021, from /en/about-ddis/organisation/. 

  20. de Graaff, B. (2017). NATO Intelligence. University of Utrecht. 

  21. Dempsey, J. (2017). NATO’s Intelligence Deficit: It’s the Members, Stupid! - Carnegie Europe—Carnegie Endowment for International Peace. In Carnagie. 

  22. Department of the Army. (2003). Field Manual No. 3–13 Information Operations: Doctrine, Tactics, Techniques, and Procedures. 

  23. Det Udenrigspolitiske Nævn. (2016). Redegørelse fra den tværministerielle arbejdsgruppe om Folketingets inddragelse ved anvendelse af den militære Computer Network Attack (CNA)-kapacitet. Regeringen. 

  24. DoD. (2018). 2018 DoD Cyber Strategy and Cyber Posture Review Sharpening our Competitive Edge in Cyberspace. US Department of Defense. 

  25. FAK. (2019). Værnsfælles Doktrin for Militære Cyberspaceoperationer. Forsvarsakademiet.ærnsfælles%20Doktrin%20for%20Militære%20Cyberspaceoperationer%20VDMCO%202019.pdf. 

  26. FE. (2019). FE beretning 2017-18-2019. Forsvarets Efterretningstjeneste. 

  27. Flemming, J. (2018, April 12). Director’s speech at Cyber UK 2018—GCHQ.GOV.UK. GCHQ. 

  28. Forligspartierne. (2009). Forsvarsforlig 2010–2014. Regeringen. 

  29. Forligspartierne. (2012). AFTALE PÅ FORSVARSOMRÅDET 2013-2017. Regeringen. 

  30. Forsvaret. (n.d.). Libyen—RDAF F-16 Libya Force. Forsvaret. Retrieved 13 March 2021, from https://da/opgaver/afsluttede-operationer/libyen/libyen---rdaf-f-16-libya-force/. 

  31. Forsvaret. (2020). Caesar 8X8 155 mm Haubits. Forsvaret. 

  32. Forsvaret. (2021). Få forklaringen her: Derfor bliver danske F-35 kampfly i USA. F-35. 

  33. Forsvarsministeriet. (2004). K:\Folket\2004\akt\528435\ 11-08-04 09:13:49 k01 pz. 

  34. Forsvarsministeriet. (2018). Offensive cybereffekter. 

  35. Frederiksen, M. (2021). Statsminister Mette Frederiksens tale til Det Udenrigspolitiske Selskabs 75-års jubilæum den 29. Oktober 2021. 

  36. Gotev, G. (2018, July 18). Why die for Montenegro, Trump asks. Www.Euractiv.Com. 

  37. Goździewicz, W. (2019, November 11). Sovereign Cyber Effects Provided Voluntarily by Allies (SCEPVA). Cyber Defense Magazine. 

  38. Gramer, G. K. (1999). Optimizing Intelligence Sharing in a Coalition Environment. Naval War College. 

  39. Green, J. A. (2015). Cyber Warfare: A Multidisciplinary Analysis. Routledge. DOI: 

  40. Henriksen, A., & Ringsmose, J. (2011). Hvad fik Danmark ud af det?: Irak, Afghanistan og forholdet til Washington. Danish Institute for International Studies. 

  41. Henriksen, A., & Ringsmose, J. (2018). “We’re America, Bitch!”: Europæisk og dansk sikkerhed under Trump. Internasjonal Politikk, 76(3), 121–139. DOI: 

  42. Hughes, D., & Colarik, A. (2016). Small State Acquisition of Offensive Cyberwarfare Capabilities: Towards Building an Analytical Framework. JFQ: Joint Force Quarterly, 83(4): 19–26. DOI: 

  43. Hyde-Price, A. (2015). NATO and the European security system—A neo-realist analysis. In Theorising NATO - New perspectives on the Atlantic alliance (pp. 41–60). Routledge. DOI: 

  44. Ingvorsen, E. S. (2017, April 24). TIDSLINJE Danske F16-fly smed 384 bomber i Syrien og Irak. DR. 

  45. Jakobsen, P. V. (2016). Danmark gaar ikke i krig med ISIS for at vinde, men for at være med. Ræson, 02/2016, 60–67. 

  46. Jakobsen, P. V. (2021). Denmark in NATO, 1949–2019: From laggard to leader to loyal? In M. Testoni (Ed.), NATO and Transatlantic Relations in the 21st century: Foreign and Security Policy Perspectives. Routledge. DOI: 

  47. Jakobsen, P. V. (2022). Understanding and teaching military strategy as theories of success at the Royal Danish Defence College (Forthcoming). Scandinavian Journal of Military Studies, Special Issue. 

  48. Jakobsen, P. V., & Ringsmose, J. (2017). The Trump effect won’t last (Policy Brief No. 16/2017; p. 4). Norwegian Institute of International Affairs. 

  49. Jakobsen, P. V., Ringsmose, J., & Saxi, H. L. (2018). Prestige-seeking small states: Danish and Norwegian military contributions to US-led operations. European Journal of International Security, 3(02): 256–277. DOI: 

  50. Jensen, M. S. (2022). Five good reasons for NATO’s pragmatic approach to offensive cyberspace operations. Defence Studies, 1–25. DOI: 

  51. JFQ. (2019). An Interview with Paul M. Nakasone. Joint Force Quarterly, 92, 4–9. 

  52. Joffe, J. (1989). Nato and the Dilemmas of a Nuclear Alliance*. Journal of International Affairs, 43(1), 29. 

  53. Joint Chiefs of Staff. (1998). JP 3–13 Joint Doctrine for Information Operations. 

  54. Joint Chiefs of Staff. (2018). Joint Publication 3–12 Cyberspace Operations. Joint Chiefs of Staff. 

  55. Kanno-Youngs, Z., & Sanger, D. E. (2021, July 19). U.S. Accuses China of Hacking Microsoft. The New York Times. 

  56. Kaplan, F. M. (2016). Dark territory: The secret history of cyber war (First Simon&Schuster hardcover edition). Simon & Schuster. 

  57. Kaufman, J. P. (2017). The US perspective on NATO under Trump: Lessons of the past and prospects for the future. International Affairs, 93(2): 251–266. DOI: 

  58. Lake, D. A. (1999). Entangling Relations. Princeton University Press. DOI: 

  59. Liebetrau, T. (2020). Dansk offensiv cybermagt mellem angreb, spionage og forsvar. Københavns Universitet, Center for militære studier. 

  60. Lindegaard, R., & Nielsen, N. S. (2018). Naser Khader: Vi skal angribe russiske hacker-netværk | Politik | DR. DR. 

  61. Loleski, S. (2019). From cold to cyber warriors: The origins and expansion of NSA’s Tailored Access Operations (TAO) to Shadow Brokers. Intelligence and National Security, 34(1): 112–128. DOI: 

  62. Mallory, K. (2018). New Challenges in Cross-Domain Deterrence. RAND Corporation. DOI: 

  63. Maras, M.-H. (2017). Overcoming the intelligence-sharing paradox: Improving information sharing through change in organizational culture. Comparative Strategy, 36(3): 187–197. DOI: 

  64. Marcus, J. (2016, July 21). Trump says US may abandon automatic protections for Nato countries. BBC News. 

  65. Mariager, R., & Wivel, A. (2019). Hvorfor gik Danmark i krig? Irak og tvaergaaende analyser Bind 3. Københavns Universitet. 

  66. Martelle, M. (2020). USCYBERCOM After Action Assessments of Operation GLOWING SYMPHONY | National Security Archive. In National Security Archive. 

  67. McGhie, S. N. (2021, March 9). Danmark må opgive at levere en kampklar brigade til NATO i 2024. 

  68. Mehta, A. (2017, January 27). As F-35 Comes Online, Norway to Scrap F-16 Fleet. Defense News. 

  69. Montgomery, E. B. (2020). Signals of strength: Capability demonstrations and perceptions of military power. Journal of Strategic Studies, 43(2): 309–330. DOI: 

  70. Nakashima. (2017a). Trump administration pulls back curtain on secretive cybersecurity process—The Washington Post. Washington Post. Campaign&utm_medium=email&utm_source=Sailthru&u. 

  71. Nakashima. (2017b, May 9). U.S. military cyber operation to attack ISIS last year sparked heated debate over alerting allies—The Washington Post. Washington Post. 

  72. Nakashima. (2018a). Trump gives the military more latitude to use offensive cyber tools against adversaries—The Washington Post. The Washington Post. 

  73. Nakashima. (2018b, September 20). White House authorizes ‘offensive cyber operations’ to deter foreign adversaries. Washington Post. 

  74. Nakasone, P. M. (2019a). A Cyber Force for Persistant Operations. Joint Force Quarterly, 10–14. 

  75. Nakasone, P. M. (2019b). Statement of General Paul M. Nakasone Commander United States Cyber Command Before the Senate Committee on Armed Services. Senate Committee on Armed Services. 

  76. Nakasone, P. M., & Sulmeyer, M. (2020). How to Compete in Cyberspace. Foreign Affairs. 

  77. NATO. (2014). Wales Summit Declaration issued by the Heads of State and Government participating in the meeting of the North Atlantic Council in Wales. 

  78. NATO. (2020). AJP-3.20, Allied Joint Doctrine for Cyberspace Operations (Edition A). NATO Standardization Office. 

  79. NATO. (2021, June 23). NATO Air policing: Securing NATO airspace. NATO. 

  80. NIST. (n.d.). computer network exploitation (CNE)—Glossary | CSRC. National Institute of Standards and Technology. Retrieved 29 January 2021, from 

  81. Obama, B. (2012). PRESIDENTIAL POLICY DIRECTIVE/PPD-20. In Presidential Policy Directive. 

  82. Obama, B. (2013, January 1). Presidential Policy Directive 20 [Fact Sheet] (Presidential Policy Directive 20; PDD 20). Homeland Security Digital Library. 

  83. ODNI. (2021). ODNI Annual Threat Assessment. Office of the Director of National Intelligence. 

  84. Panettieri, J. (2021, June 7). Colonial Pipeline Cyberattack: Timeline and Ransomware Attack Recovery Details. MSSP Alert. 

  85. Pomerleau, M. (2018). Cyber Command chief will weigh in on split from NSA. Fifth Domain. 

  86. Regeringen. (2005). Forsvarsforlig-2005–2009. 

  87. Regeringen. (2018). Forsvarsforlig 2018. 

  88. Ringsmose, J. (2013). Investing in Fighters and Alliances: Norway, Denmark, and the Bumpy Road to the Joint Strike Fighter. International Journal, 68(1): 93–110. DOI: 

  89. Ringsmose, J., & Henriksen, A. (2017). Trump, nato og den europæiske sikkerhedsarkitektur: Usikkerhed i den transatlantiske alliance. Danish Institute for International Studies. 

  90. Robinson, M., Jones, K., & Janicke, H. (2015). Cyber warfare: Issues and challenges. Computers & Security, 49, 70–94. DOI: 

  91. Rumsfeld, D. (2006). National Military Strategy for Cyberspace Operations 2006. US DOD. 

  92. Sanger, D. E. (2018). Trump Loosens Secretive Restraints on Ordering Cyberattacks—The New York Times. New York Times. 

  93. Sanger, D. E., Barnes, J. E., & Perlroth, N. (2021, March 7). Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China. The New York Times. 

  94. Sanger, D. E., & Schmitt, C. (2017, June 12). U.S. Cyberweapons, Used Against Iran and North Korea, Are a Disappointment Against ISIS – The New York Times. New York Times. 

  95. Schaub, G., & Jakobsson, A. K. (2018). Denmark in NATO : Paying for Protection, Bleeding for Prestige. War on the Rocks. 

  96. Schaub, G., & Michaelsen, H. P. H. (2018). Integrating the F-35 into Danish Defence (p. 70). Københavns Universitet, Center for militære studier. 

  97. Schuessler, J. M., & Shifrinson, J. R. (2019). The Shadow of Exit from NATO. Strategic Studies Quarterly, 13(3): 38–51. 

  98. Seagle, A. N. (2015). Intelligence Sharing Practices Within NATO: An English School Perspective. International Journal of Intelligence and CounterIntelligence, 28(3): 557–577. DOI: 

  99. Sikdar, B. (2017). Cybersecurity Risks from Non-Genuine Software. National University of Singapore (NUS) Faculty of Engineering. 

  100. Smeets, M. (2020). Intelligence and National Security US cyber strategy of persistent engagement & defend forward: Implications for the alliance and intelligence collection. DOI: 

  101. Snyder, G. H. (1984). The Security Dilemma in Alliance Politics. World Politics, 36(04): 461–495. DOI: 

  102. Taillat, S. (2019). Disrupt and restraint: The evolution of cyber conflict and the implications for collective security. Contemporary Security Policy, 40(3): 368–381. DOI: 

  103. Teglskov Jacobsen, J. (2017). Danmark bør undgå en “digital Genèvekonvention”. RDDC. 

  104. The White House. (2021, April 15). Imposing Costs for Harmful Foreign Activities by the Russian Government. The White House. 

  105. Tikk, E., Kerttunen, M., & Hovhannisyan, K. (2021). Cyber Conflict Fact Book 2020. CPI Press. 

  106. Trump. (2017). National Security Strategy of the United States of America. The White House. 

  107. Trump. (2018). National Cyber Strategy of the United States of America. 

  108. Turton, W., & Mehrota, K. (2021, June 4). Hackers Breached Colonial Pipeline Using Compromised Password. Bloomberg.Com. 

  109. USCYBERCOM. (2016). USCYBERCOM After Action Assessments of Operation GLOWING SYMPHONY (pp. 1–13). National Security Archive. 

  110. Waltz, K. N. (1979). Theory of International Politics. Addison-Wesley Publishing Company. 

  111. Waltz, K. N. (1993). The Emerging Structure of International Politics. International Security, 18(2), 44. DOI: 

  112. Yadav, T., & Rao, A. (2015). Technical Aspects of Cyber Kill Chain. In J. H. Abawaji (Ed.), SSCC 2015 (pp. 438–452). Springer International Publishing. DOI: