Cyber Persistence Theory Redefining National

Security In Cyberspace Michael P Fischerkeller

download

https://ebookbell.com/product/cyber-persistence-theory-
redefining-national-security-in-cyberspace-michael-p-
fischerkeller-43575986

Explore and download more ebooks at ebookbell.com

Here are some recommended products that we believe you will be
interested in. You can click the link to download.

Cyber Persistence Theory Redefining National Security In Cyberspace

Michael P Fischerkeller

https://ebookbell.com/product/cyber-persistence-theory-redefining-
national-security-in-cyberspace-michael-p-fischerkeller-70435394

Cyber Persistence Theory Redefining National Security In Cyberspace

Bridging The Gap Michael P Fischerkeller

https://ebookbell.com/product/cyber-persistence-theory-redefining-
national-security-in-cyberspace-bridging-the-gap-michael-p-
fischerkeller-43630966

Attribution Of Advanced Persistent Threats How To Identify The Actors

Behind Cyberespionage Timo Steffens

https://ebookbell.com/product/attribution-of-advanced-persistent-
threats-how-to-identify-the-actors-behind-cyberespionage-timo-
steffens-56934620

Cyber Security Practitioners Guide Hamid Jahankhani Editor

https://ebookbell.com/product/cyber-security-practitioners-guide-
hamid-jahankhani-editor-44921550
Cyber Security Applications For Industry 40 R Sujatha G Prakash

https://ebookbell.com/product/cyber-security-applications-for-
industry-40-r-sujatha-g-prakash-45108124

Cyberphysical Systems Ai And Covid19 Ramesh Poonia Basant Agarwal

https://ebookbell.com/product/cyberphysical-systems-ai-and-
covid19-ramesh-poonia-basant-agarwal-46110064

Cyber Security For Microgrids Subham Sahoo Frede Blaabjerg Tomislav

Dragicevi

https://ebookbell.com/product/cyber-security-for-microgrids-subham-
sahoo-frede-blaabjerg-tomislav-dragicevi-46231338

Cyber Investigations Andr Rnes

https://ebookbell.com/product/cyber-investigations-andr-rnes-46518278

Cybersecurity Threats And Response Models In Power Plants Carol Smidts

https://ebookbell.com/product/cybersecurity-threats-and-response-
models-in-power-plants-carol-smidts-46518464
 Advance Praise for Cyber Persistence Theory
“Michael Fischerkeller, Emily Goldman, and Richard Harknett have once again
made an incredibly valuable contribution to the development of American
cyber policy and strategy through the writing of Cyber Persistence Theory. The
authors push its readership to think beyond classical deterrence theory to new
concepts for engaging and defeating undeterred adversaries in cyberspace. In
short, this book argues the need for change and to take more risk to close an
increasingly larger risk in our defense and national security as well as our public
safety posture as American citizens. To do so, the authors argue will require not
only persistent engagement, but a ‘whole-of-nation plus’ effort. A must-read for
both national and cyber security professionals!”
—Robert J. Butler, former Deputy Assistant Secretary of
Defense for Cyber and Space Policy

“Time will tell whether cyberspace operations can have coercive effect, but it is
unambiguously true that to date, nations have used cyberspace mostly to gain
advantage in competing with other nations. Understanding how they do so is a
new challenge that scholars of international relations would do well to take on,
and this book is a superb point of departure for them.”
—Herb Lin, Hank J. Holland Fellow in Cyber Policy and
Security, Hoover Institution, Stanford University

“This book helps to fill a crucial gap in strategic thinking about the fundamentals
of cyberspace and sets out a clear course of action for the US government. It is a
must-read for students, analysts, and policymakers.”
—Max Smeets, Senior Researcher ETH Zurich, Center for
Security Studies, and author of No Shortcuts: Why States Struggle
Develop a Military Cyber-Force
 BRIDGING THE GAP
Series Editors
James Goldgeier
Bruce Jentleson
Steven Weber
The Logic of American Nuclear Strategy:
Why Strategic Superiority Matters
Matthew Kroenig
Planning to Fail:
The US Wars in Vietnam, Iraq, and Afghanistan
James H. Lebovic
War and Chance:
Assessing Uncertainty in International Politics
Jeffrey A. Friedman
Delaying Doomsday:
The Politics of Nuclear Reversal
Rupal N. Mehta
Delta Democracy:
Pathways to Incremental Civic Revolution in Egypt and Beyond
Catherine E. Herrold
Adaptation under Fire:
How Militaries Change in Wartime
David Barno and Nora Bensahel
The Long Game:
China’s Grand Strategy to Displace American Order
Rush Doshi
A Small State’s Guide to Influence in World Politics
Tom Long
Cyber Persistence Theory:
Redefining National Security in Cyberspace
Michael P. Fischerkeller, Emily O. Goldman, and Richard J. Harknett
 Cyber Persistence Theory
Redefining National Security in Cyberspace

M I C H A E L P. F I S C H E R K E L L E R , E M I LY O. G O L D M A N,
A N D R I C H A R D J. H A R K N E T T
Oxford University Press is a department of the University of Oxford. It furthers
the University’s objective of excellence in research, scholarship, and education
by publishing worldwide. Oxford is a registered trade mark of Oxford University
Press in the UK and certain other countries.

Published in the United States of America by Oxford University Press

198 Madison Avenue, New York, NY 10016, United States of America.

© Oxford University Press 2022

All rights reserved. No part of this publication may be reproduced, stored in

a retrieval system, or transmitted, in any form or by any means, without the
prior permission in writing of Oxford University Press, or as expressly permitted
by law, by license, or under terms agreed with the appropriate reproduction
rights organization. Inquiries concerning reproduction outside the scope of the
above should be sent to the Rights Department, Oxford University Press, at the
address above.

You must not circulate this work in any other form

and you must impose this same condition on any acquirer.

Library of Congress Control Number: 2022934428

ISBN 978–​0–​19–​763826–​2 (pbk.)

ISBN 978–​0–​19–​763825–​5 (hbk.)

DOI: 10.1093/​oso/​9780197638255.001.0001

1 3 5 7 9 8 6 4 2
Paperback printed by Marquis, Canada
Hardback printed by Bridgeport National Bindery, Inc., United States of America
 FOREWORD

As the Department of Defense (DoD) established United States Cyber

Command in 2010, the United States was only beginning to understand the
complexity and challenges of how the military would operate in cyberspace.
Over the next six years, much was accomplished in fielding forces, training, and
planning; however, there was still a need to develop an operational approach
suited to the domain. By 2016, Michael Fischerkeller, Emily Goldman, and
Richard Harknett were laying the foundation for the Command’s approach of
Persistent Engagement.
US Cyber Command drew on this thinking in its 2018 Vision, just as forces,
policy, and training had matured to enable effective operations. The results: a
growing operational tempo in defense of US elections and in support of US mil-
itary operations, as well as improved cybersecurity for the DoD. These results in
turn promoted collaboration between government agencies and private-​sector
companies to address common threats in cyberspace.
In their book, the authors demonstrate the value of a deep grounding in
the scholarship of international relations theory and thorough analysis of the
attributes and emerging dynamics of the cyber domain. As we gain experience
and learn through action, this volume offers a framework for understanding that
can improve operational effectiveness moving forward. Our understanding of
cyberspace and how it is exploited has grown since Cyber Command’s founding,
as it undoubtedly will in the years ahead. The authors have made an important
contribution to this understanding, and I look forward to seeing the role it plays
in the continued development of strategy, national security, and cybersecurity
scholarship.
—​General Paul M. Nakasone, US Army
The views expressed are the writer’s own, and do not necessarily represent
the views of the US Department of Defense or the US Army.

ix
 ACKNOWLEDGMENTS

Fischerkeller—​I would like to thank the senior leadership, recent past and pre-
sent, of the Institute for Defense Analyses for their unwavering support of my re-
search behind this work, with a special thank you to Dr. Margaret Myers, General
(retired) Larry Welch, Dr. David Chu, General (retired) Norty Schwartz, and
Mr. Phil Major. To the many colleagues who’ve offered expert commentary and
strong encouragement over the past four years, I’m thankful for that support
and look forward to many more engagements. To my colleagues, Emily and
Richard, it is my hope that all research professionals, no matter their field, experi-
ence such an extraordinary collaborative effort. And to Naomi, I have boundless
gratitude for creating an environment in which my contribution to this volume
was inspired, nurtured, and matured.
Goldman—​I want to thank the women and men of US Cyber Command
and the National Security Agency, who increase my knowledge of cyber-
space each and every day. My deepest gratitude to Michael Warner and Steve
Peterson, whose insights, support, optimism, and faith inspire me to persevere.
Jake Bebber, Ryan Symonds, Gary Corn, and TJ White are treasured colleagues
who continually broaden and deepen my understanding. LTG Steve Fogarty’s
vision and support were crucial to these ideas taking root inside the Command.
Without the support of ADM Mike Rogers, I would not have had the oppor-
tunity or latitude to challenge conventional thinking and without GEN Paul
Nakasone I would not have been able to continue those efforts which lie be-
hind this book. A special thanks to Lou Nolan who shepherded the manuscript
through security review. To my coauthors, Michael and Richard, this has been a
remarkable intellectual journey, a destination no one of us would have reached
without the others. And finally, my deepest thanks and love to Catherine, Alex,
and JR, the lights of my life, my greatest sources of strength and resilience.
Harknett—​This book does not develop as it has without the initial bridge-​
builder, my coauthor Emily, who recognized the opportunity to broaden

xi
xii Ack nowl edg me nt s

perspective in the policy community and who, with the support of ADM Mike
Rogers, launched the initiative that allowed me to freely cross back and forth
between the scholarly and policy worlds, seeking new ways to map, exploit, and
eventually advance thinking about cyberspace. Along with those mentioned
above, I would add policy and academic colleagues in the United Kingdom, who
added great perspective as well as opportunity to explore how new conceptu-
alization would impact security, as I developed a new relationship with Oxford
University through the ever-​important Fulbright program. I would like to thank
among many who have pushed and critiqued, Jelena Vicic, Monica Kaminska,
Florian Egloff, Lucas Kello, Mustafa Sagir, Graham Fairclough, Jim Miller, and
my colleagues at the Center for Cyber Strategy and Policy at Cincinnati, par-
ticularly Stephanie Ellis. Along the way, Michael and Emily have been the ideal
co-​thinkers, persistently giving and taking. Finally, my enduring faith that things
can always get better flows from the positive unwavering support I am blessed
to receive every day from Kathryn and Margot—​the two reasons for everything.
 1

The Misapplied Nexus of

Theory and Policy
Theory should cast a steady light on all phenomena so that we can
more easily recognize and eliminate the weeds that always spring from
ignorance: it should show how one thing is related to another, and
keep the important and unimportant separate. . . . The insights gained
and garnered by the mind in its wanderings among basic concepts are
benefits that theory can provide. Theory cannot equip the mind with
formulas for solving problems, nor can it mark the narrow path on
which the sole solution is supposed to lie by planting a hedge of princi-
ples on either side. But it can give the mind insight into the great mass
of phenomena and of their relationships.1

Developing a new theory to shine light on complex emerging phenomena is no

easy task. Finding acceptance for a new theory that questions a dominant para-
digm is more challenging. Translating that new theory into a noteworthy change
in strategy and policy pushes the envelope of the improbable. This book strives
for all three, despite the herculean nature of the task, because these objectives
have been intertwined for the three authors of this book over the past sev-
eral years.
We offer a structural theory of cyber security that explains the core logic
driving cyberspace competition and conflict and that reveals the existence of a
distinct strategic environment to which all States are subject. It is a theory that
is applicable to all State, and potentially non-​State, behavior. We posit that align-
ment to the structural features and strategic opportunities of the strategic envi-
ronment that emerged from the creation of global networked computing will, in
large measure, determine how well States and non-​State actors leverage cyber-
space to advance their interests and values.
To place the bottom line up front, cyber persistence theory posits that cyber-
space must be understood primarily as an environment of exploitation rather
than coercion. Achieving strategic gains in the cyber strategic environment does

Cyber Persistence Theory. Michael P. Fischerkeller, Emily O. Goldman, and Richard J. Harknett, Oxford University Press.
© Oxford University Press 2022. DOI: 10.1093/​oso/​9780197638255.003.0001
2 Cyber Persistence Theory

not require concession of the opponent. We recognize this is no minor asser-

tion.2 Nevertheless, we demonstrate how States can reset the cyber playing field
to their advantage without shaping the decision calculus of the opposing side.
All actors in the cyber strategic environment have this opportunity and as a re-
sult, States must continuously anticipate the persistent resetting of the security
conditions in cyberspace by others as they seek to do so in turn.
The logic captured by cyber persistence theory presented in this book does
not amount to just a competing explanation of cyber security dynamics in the
early twenty-​first century. Rather, it reaches the level of dissonance with dom-
inant thinking in national security studies that satisfies the often referenced,
but not often met, criterion Thomas Kuhn established for paradigms and their
changes. As Kuhn notes in his classic work, The Structure of Scientific Revolutions,
a paradigm provides a community with its basic assumptions, key concepts,
and methodology.3 Once established, a paradigm becomes very difficult to dis-
lodge, even in the face of empirical evidence that the assumptions, concepts, and
methods do not align with observed behavior.
However, paradigms do not fall simply due to the friction between the ex-
pected and the observed. For a shift or “change in worldview” to occur, there
must first be a realization of the misalignment between theory and reality.4 This
must be coupled with an alternative way of thinking, one resting on different and
more compelling assumptions, concepts, and methods. Paradigms are stubborn,
and there is no guarantee that new concepts will win the day; in fact, Kuhn’s
analysis suggests there will be much resistance.
For our purposes, this is relevant on both sides of the bridge—​growing ac-
ademic acceptance of the principles of cyber persistence does not guarantee
effective policymaker adoption, nor does prescriptive adaptation shut down ac-
ademic disagreement.
The purpose of this book is to establish cyber persistence theory and position
it for greater development by both the academic community of security studies
scholars and the policy community managing national security strategy in the
digital age. In the following chapters, we examine the limitations of traditional
security paradigms and offer policy prescriptions derived from cyber persistence
theory. In order to bridge the gap between theory and policy, we offer in our
closing chapter an analysis of the United States as an example of actual policy
adjustment that requires ongoing shifts in fundamental conceptual thought that
constitute paradigm change.
Global digital connectivity is now a feature of modern human interactions,
and we hope a contribution of this book is a broad rethinking of international re-
lations theory and practice. Mis-​framed theory or misapplied policy are equally
troublesome, and this book rests on the assertion that both are present in this
early intersection of global networked computing and international relations
 The Mis appli ed Ne x us 3

theory and policy. Theorists have defaulted to framing State-​driven cyber dy-
namics in terms of traditional notions of coercion and war. Policymakers in
many countries have defaulted to a strategy of deterrence to solve the inter-​State
challenges posed by global networked computing. Our theoretical explanation
challenges the primacy of both coercion theory and deterrence strategy for un-
derstanding and mitigating the strategic impact of cyberspace on international
security.

War, Coercion, and Deterrence

From the outset of global networked computing, policymakers and stra-
tegic thinkers were legitimately concerned about the consequences of cyber
capabilities for war and viewed cyberspace through the lens of war. In “A Brief
History of Cyber Conflict,” Michael Warner explains that cyberspace be-
came a military matter when “governments and institutions began storing and
moving wealth and secrets in the form of digital data in and among networked
computers having international connections” and when “those same enterprises
also began maneuvering to protect their secrets and wealth against opponents
who wanted to steal or impair them.”5 The highest levels of the US government
acknowledged the national security risks from converging telecommunications
and automated information systems in 1984. A presidential directive foresaw
that US and foreign national security data could be not only exploited by foreign
adversaries but also corrupted or destroyed, with strategic implications, to in-
clude the security of both superpowers’ nuclear command and control systems.6
To wit, in the 1980s the Democratic People’s Republic of Korea (DPRK) was
laying the foundations of its strategic cyber program, by, among other things,
establishing the Pyongyang Informatics Center (PIC) and reportedly hiring
twenty-​five Soviet instructors to train military students in “Cyber warfare.”7
Interestingly, these early 1980s examples reveal one State that saw the national
security consequences of network computing as a threat, while another saw it as
an opportunity.
Views of cyberspace also became intertwined with concepts of information
war, particularly after the 1991 Persian Gulf War. Information at the tactical
and strategic levels proved to be critical to the US-​led international coalition’s
swift victory, and pundits quickly dubbed it “the first ‘information war.’ ” Not
long after, prominent defense intellectuals John Arquilla and David Ronfeldt
published their seminal article, “Cyberwar Is Coming!”8 In it, they describe how
information had become as important to victory on the battlefield as capital,
labor, and technology, altering the character of conflict and extending the battle-
field beyond geographic terrain to the electromagnetic spectrum.9
4 Cyber Persistence Theory

In 2010, US Deputy Secretary of Defense William Lynn III declared cyber-

space a new domain of warfare, “as critical to military operations as land, sea, air,
and space. As such, the military must be able to defend and operate within it.”10
Other countries would follow suit.11
Seeking to understand if and how States could engage in cyber war, the ac-
ademic and policy communities have paid particular attention to the disrup-
tive and destructive nature of cyber operations.12 For more than two decades,
cybersecurity literature debated if, when, and how cyber war would occur.13 The
compelling work of Arquilla and Ronfeldt in the context of the First Gulf War
spurred scholarly debate on how military forces’ information and communica-
tions systems could be disrupted or even destroyed in a future militarized crisis
or conflict.14 In the late 1990s, the debate turned to the potential of cyber oper-
ations to cripple a society’s critical infrastructure.15 In the decade that followed,
perceptions of the impact of the Distributed Denial of Service (DDoS) attacks
against Estonia (2007) and Georgia (2008) reinforced this shift.16
The academic and policy communities’ focus on cyber war did not reflect a
consensus about its practicality or potentiality. Some argued that concerns about
cyber war were well founded and that it may already be upon us. In 2009, Mike
McConnell, former Director of National Intelligence and the National Security
Agency (NSA), wrote, “[W]‌e have entered a new age of threat, defense, deter-
rence and attack equivalent in some ways, to the atomic age. Cyberattacks have
the potential to damage our way of life as devastatingly as a nuclear weapon.”17 In
2010, Richard Clarke and Robert Knake argued that “cyberwar is real” and “has
begun.”18 In 2013, Gary McGraw opened his article with the following:

Information systems control many important aspects of modern society,

from power grids through transportation systems to essential finan-
cial services. These systems are riddled with technical vulnerabilities.
Consequently, our reliance on these systems is a major factor making
cyber war inevitable, even if we take into account (properly) narrow
definitions of cyber war.19

Other scholars and analysts, for various reasons, remained skeptical of the
notion of cyber war and the argument that cyber operations or campaigns that
are not “war” could be strategically consequential. For example, the absence of
physical violence in reported cyberattacks encouraged Thomas Rid to argue that
cyber war has not and will not occur.20 According to Rid, no cyberattack meets
all three of Clausewitz’s criteria of war as “violent,” “instrumental,” and “polit-
ical.”21 Instead, Rid concluded that “all past and present political cyberattacks
are merely sophisticated versions of three activities that are as old as war-
fare itself: subversion, espionage, and sabotage.”22 Erik Gartzke shared Rid’s
 The Mis appli ed Ne x us 5

perspective in arguing that cyberattacks have not transformed States’ pursuit of

strategic advantage and dubbed cyberwar a “myth.”23
Gartzke also argued that cyber operations could only be relevant in “grand
strategic terms” or “pivotal in world affairs” if they independently “accomplish
tasks typically associated with terrestrial military violence.”24 These include
deterring or compelling, maintaining or altering the distribution of power, and
resisting or imposing disputed outcomes. Gartzke referenced Clausewitz in
his arguments, concluding that “[t]‌he internet is generally an inferior substi-
tute to terrestrial force in performing the functions of coercion or conquest.
Cyber ‘war’ is not likely to serve as the final arbiter of competition in an an-
archical world and so should not be considered in isolation from more tradi-
tional forms of political violence.”25 Adam Liff, exploring the implications of
the proliferation of cyberwarfare capabilities for the character and frequency
of inter-​State war, arrived at the same conclusion: “[c]yberwarfare appears
to be a tool for states to pursue political (strategic) and/​or military (tac-
tical) objectives at relatively low cost only under very limited circumstances.
Although Stuxnet manifests cyberwarfare’s potential to become a useful brute
force measure, no examples of irrefutably effective coercive CNA [Computer
Network Attack] exist.”26 Martin Libicki similarly doubted that “strategic cy-
berwar”—​c yberattacks that determine the outcome of war or “state policy”—​
would occur in the future.27
Despite differing perspectives regarding the salience and potential of State
cyber behaviors for war, these groups share a common paradigm. Scholars and
analysts who are focused on cyber and war construct their arguments through
the lens of coercion theory. The study of war, particularly in the nuclear era, has
been anchored firmly on coercion. Robert Art and Kelly Greenhill succinctly
describe how coercion focuses on change in the behavior of an opponent
(inducing change in how they calculate benefits and costs through compellence
or deterrence) and “always involves some cost or pain to the target or explicit
threat thereof, with the implied threat to increase the cost or pain if the target
does not concede.”28
Many who argue that the notion of cyber war is valid and should be a cen-
tral concern of cyber strategy adopt the coercion paradigm when they call for
a strategy of deterrence to be the central feature of States’ cyber strategies. This
outcome is not surprising, since it seemed logical to apply the strategic approach
of coercing others not to attack through the threat of response—​deterrence—​
that had been successful in the physical domains to the information environ-
ment, in general, and cyberspace, in particular.
The “deterrence default” was reinforced by a national security enterprise
dominated for nearly two generations by deterrence thinking. The vast majority
of contemporary national security practitioners and senior academics were
6 Cyber Persistence Theory

schooled during or immediately after the golden years of Cold War scholarship,
which produced a trove of classics focused on coercion theory.29
Over many decades, deterrence proved to be conceptually well aligned with
the Cold War strategic environment. Nuclear deterrence was associated with
the strategic stability and absence of major war between the United States and
the Soviet Union during the unprecedented historical period from the end of
World War II through the Cold War—​what John Lewis Gaddis called the “Long
Peace.”30 It attracted an enduring group of scholars and practitioners away from
examining how to fight and win war and toward how to deter war. As a result, in
the first decades of the twenty-​first century, the United States and other Western
democracies assumed cyberspace was a deterrence strategic environment and
that prospective response and operational restraint would produce positive
norms and stability.
Without question, the seventy-​year history of deterrence serving as the cen-
tral security strategy for the United States and its allies influenced policymakers
immediate gravitation toward the same strategy for cyberspace. However, their
inclination was further exacerbated by the fact that scholars had failed to pro-
vide policymakers with an alternative paradigm (to coercion theory) for un-
derstanding State cyber behaviors and developing strategy aligned to the cyber
strategic environment. In the end, we are not surprised that a fixation on co-
ercion, militarized crisis, and war in cyberspace led to a “high-​and-​right” bias
in the cyber literature. For over two decades, practitioners and academics have
been debating if, when, and how cyberwar will occur, why coercion appears in-
effective and can be made more effective, and why cyber deterrence fails and
must be fixed.31

It’s Strategic Exploitation

The reality of State behavior and interaction in cyberspace over the past two
decades has been quite different from the model of war, catastrophic attack, and
coercion upon which the cyber strategy and policy of many countries is based.
Most adversary State-​sponsored cyber activity occurs outside armed conflict
and has not been primarily coercive in application.32 Instead, we have seen the
persistent use of cyber operations and continuous nonviolent campaigns for a
variety of purposes—​to circumvent sanctions; to increase economic compet-
itiveness through cyber-​enabled illicit acquisition of intellectual property and
research and development (R&D) at scale; to erode an opponent’s military
capabilities through supply-​chain manipulation; and to weaken domestic po-
litical cohesion, undermine confidence in government institutions, and erode
international alliances through disinformation and information manipulation.
 The Mis appli ed Ne x us 7

Moreover, increasingly assertive activity in cyberspace has not escalated into

armed conflict. This book offers an explanation as to why this is the dominant
reality. In simple terms, we argue that States are persistently active in sustained
campaigns within cyberspace deliberately calibrated to remain below a threshold
that would likely elicit an armed response, seeking instead to produce cumulative
gains over time. Each intrusion, hack, or technical action—​although not strate-
gically consequential on its own—​often cumulatively results in effects that, in
past generations, required armed conflict or a threat thereof. The theory of cyber
persistence argues this is due to a combination of structural features, strategic
incentives, and, importantly, the emergence of a non-​coercion-​based primary
mechanism for achieving strategically relevant outcomes. In the chapters ahead,
we develop the argument that exploitation of cyberspace vulnerabilities and
opportunities and not coercion is the primary route toward gain. This is a sig-
nificant theoretical proposition, one that opens the aperture of security studies
from its previous foci and suggests that States may pursue the same ends of war
through other ways and means than what we have known for millennia.
The academic and policy default to coercion has assumed that its absence in
cyberspace results in a sideshow. If cyber operations cannot be used to coerce
another for strategic gain, cyber operations inherently are strategically inconse-
quential.33 An important distinction between coercion theory and cyber persist-
ence theory lies in the recognition that while all strategic bargaining is a form of
competition, not all strategic competition requires bargaining. What if the ab-
sence of coercion as a dominating behavior in cyberspace is due to the inherent
features of cyberspace itself and to States having figured out how to exploit those
features with an expectation (and achievement) of strategic advantage?34

Purpose of This Book

This is a book about aligning theory with reality to create a basis for properly
applied policy. To achieve this outcome we take seriously Clausewitz’s call for
“wanderings among basic concepts.” From a theory construction standpoint, we
introduce the core notion of strategic environments, which we argue are defined
by structural features and security dynamics that are distinctive in character.
Much of previous academic literature and the policy reaction focused on cyber-
space took their cue from the nuclear and conventional strategic environments.
Theories and strategies that work in those realms do not necessarily fit into a third
strategic environment—​cyberspace—​whose features set it apart (just as the nu-
clear environment stood distinct from the conventional strategic environment).
Throughout this book, we try and strike a balance in introducing new termi-
nology only when analytically and prescriptively necessary to bring clarity to the
8 Cyber Persistence Theory

phenomena we examine. Where appropriate, we use the lexicon of conventional

and nuclear studies when clean breaks are not required.
In the end, States must manage all three of these strategic environments si-
multaneously, so using common language when appropriate is our default.
However, the first several decades of dealing with cyberspace and security
followed the expectations of Thomas Kuhn, with new phenomena squeezed into
existing concepts, thinking, organizing, and acting. This has produced analytical
and prescriptive misalignment, and obscured blind spots that require change.
Cyber persistence theory provides a framework for the expansion of aca-
demic research and adoption of more effective policy and strategy to address
strategic competition in and through cyberspace. We hope that the theory drives
policy outcomes in order to achieve a more cyber secure and stable international
environment. The first step to such an outcome is getting the fundamentals right,
which is the task to which we now turn.
 2

The Structure of
Strategic Environments
The transition from a paradigm in crisis to a new one from which a
new tradition of normal science can emerge is far from a cumulative
process, one achieved by an articulation or extension of the old para-
digm. Rather it is a reconstruction of the field from new fundamentals,
a reconstruction that changes some of the field’s most elementary the-
oretical generalizations as well as many of its paradigm methods and
applications.1

This chapter focuses on the structure of strategic environments to explain

the dynamics of security-​seeking in contemporary inter-​State relations. It
establishes that security in and through cyberspace rests on a distinct defi-
nition of security, one that differs from the dominant security paradigms of
the twentieth and early twenty-​first centuries associated with nuclear and con-
ventional weapon environments—​deterrence and warfighting. The theory of
cyber persistence requires a reconstruction of how we think about security in
the digital space. This is because the structures of the strategic environments
in which warfighting and deterrence are most logically salient and ration-
ally practiced differ from the structure of the cyber strategic environment
created by ubiquitous networked computing. This reconstruction leads to
novel prescriptions for strategy, doctrine, operating concepts, organization,
resourcing, and legal authorities. In other words, it alters how States should
practice security-​seeking.
The main strength of structural theorizing is its parsimony. It is a form of
theory construction and practice that derives explanatory power from a focus
on fundamentals rather than comprehensive details.2 In this spirit, the straight-
forward proposition to be developed in this chapter is that competition over
national security now takes place in three distinct strategic environments.
What makes these environments distinguishable is how one conceives of the

Cyber Persistence Theory. Michael P. Fischerkeller, Emily O. Goldman, and Richard J. Harknett, Oxford University Press.
© Oxford University Press 2022. DOI: 10.1093/​oso/​9780197638255.003.0002
10 Cyber Persistence Theory

definition of security itself. That definition aligns with the challenge to security
that exists at its most core (structural) level and which is shaped fundamentally
by the dominant technology that can be used to challenge security.
Some may view this argument as technology deterministic; we do not
conceive it that way. Although technology anchors each of the strategic
environments, what makes them distinct is not the technology itself, but how
the technology shapes conceptions of security. While the Truman administra-
tion understood that the atom bomb was a distinctive weapon, they employed it
twice in a manner that was not significantly different from all the other strategic
bombing raids employing conventional munitions that had preceded Hiroshima
and Nagasaki. Countries could have continued the practice of using atom bombs
as weapons of war, but the unique elements of the technology enabled a different
concept of security to emerge. Once that different concept was realized, a re-
construction of theory was introduced that translated into new practice, which
was then continually reinforced over time through the emergence of a commu-
nity of strategists and practitioners trained in the theory and prescriptions of
nuclear deterrence. At its core, this change in paradigm was related to a strategic
environment characterized by the mutual possession of nuclear weapons (and
the extension of protection by means of a security commitment made by States
possessing nuclear weapons to those that did not). The ends, ways, and means
associated with the conventional war paradigm continued to be salient for secu-
rity relations conducted by States outside of or parallel to the nuclear strategic
environment (non-​nuclear vs. non-​nuclear, nuclear vs. non-​nuclear, or nuclear
vs. nuclear via proxy).3
The thesis presented here is that the technical, tactical, and operational
features of conventional, nuclear, and cyber strategic environments are dis-
tinct enough that these environments require their own paradigms—​that is,
exemplars, theories, lexicon, rules of investigation, and practice—​with distinct
prescriptions for how States should organize themselves effectively to advance
their security in and through these environments. By “strategic” we mean that
actions taken within and through these environments can directly impact the
sources of national power upon which the distribution of power regionally and
globally rests.
To support our claim that the cyber strategic environment requires its
own paradigm consisting of distinct theory and practice, the first part of this
chapter discusses the more familiar environments organized around con-
ventional and nuclear weapons. It then turns to an explanation of the cyber
strategic environment and its impact on core security dynamics, which, we
argue, requires reorienting the ways and means used in the pursuit of na-
tional interests and redefining what it means to be secure in and through
cyberspace.
 The Str uc t ure o f Strateg i c Env ironme nt s 11

Thinking Structurally
Debates over different approaches to theorizing are rich and vigorous, but we
will not justify one approach over another in this chapter.4 Rather, our purpose
is to show how organizing our thinking around structure can help illuminate fun-
damental aspects of security as pursued primarily by States. Thus, our starting
point adopts the organizing concept of the strategic environment and uses that
to explore how fundamental elements are organized in the pursuit of security.
We define a strategic environment as a concept that describes core features of
a technology or composite of technologies capable of independently maintaining
or altering the international distribution of power that generate distinct systemic
conditions, and thus distinct security logics, influencing the full spectrum of in-
terstate strategic competition from competition short of armed conflict through
militarized crisis and war. The adjective “strategic” is meant to distinguish this
set of conditions as driven by an intentional focus on the contest over relative
power. Although international relations are generally shaped through an overall
structure characterized by an absence of centralized power (anarchy) and self-​
reliance that applies across all strategic environments, that recognition only tells
us that a contest over power is possible. It does not tell us much about how States
organize themselves to pursue security in the specific conditions to which they
are subject at any given time in history. Those specific conditions, based on the
interplay of technical, tactical, and operational features, ultimately drive security
thinking, organization, and behavior. That is the consequence of the strategic
environment’s inherent structure.
Although the complexity of these conditions is significant, we adopt the most
parsimonious starting point to explain how States think about security, organize
for it, and act to achieve it in and through cyberspace. Our contention is that the
core features of networked computing and the digital interfaces that have devel-
oped around it combine to produce a set of conditions distinguishable from the
two other strategic environments that States must navigate to achieve security.
Before we discuss the cyber strategic environment, it is important to outline the
core logics associated with the two other coexisting strategic environments that
shape the pursuit of security.

The Structure of the Conventional and Nuclear

Strategic Environments
Throughout most of human history, challenging the core sources of power of
a unit—​be it a tribe, city-​state, empire, or nation-​state—​required direct access
12 Cyber Persistence Theory

to those sources of power. As those sources existed primarily in the physical

control of land, adjacent sea, and eventually the air, territoriality has been a
dominant conceptualization of how one should organize to secure one’s most
important resources. Specifically, territoriality consists of the set of State policies
and organizations constructed to deny the extension of direct political control
over, and to ameliorate indirect political influence of one’s territory from, hostile
external forces.
Understood as such, territoriality supports and is reinforced by the modern
manifestation of sovereignty, in which political authority structures are ter-
ritorially bounded.5 Thus, one’s control over territorially based or designated
sources of power ultimately has been the principal metric in determining rela-
tive security. The more one is in control, sustains that control, and, in certain
circumstances enhances that control over territory, the more secure the unit of
political organization could consider itself to be. Although measures of power in
absolute terms could tell us something about a State (we will use this modern
form of unit henceforth in this chapter as our default), understanding how that
power measured up against the power of others is key to measuring security.6
It does not necessarily matter if one has significant sources of power to control
territory and hold on to power if someone else has more capacity to take those
sources of power away from you.
The potential to lose or gain sources of power, fundamentally, follows from
the fact that sources of power (arable land, accessible water, energy sources,
populations, resources for the dominant tools of the day) are unevenly distrib-
uted throughout our planet. If everyone had everything that they needed, being
concerned about what others had would be unnecessary. It is the variance in
the distribution of power across the globe that sets the stage for international
politics and enables a contest over controlling sources of power. This uneven
distribution of power has driven States to seek specific capabilities whose main
purpose is to contest control over sources of power.7 Primarily, States have
sought capacity to defend control over sources of power, but in seeking that ca-
pacity, they have created a condition that undermines the confidence and ability
of others to control their sources of power. A dilemma regarding the pursuit of
security emerges because one needs the capacity to protect sources of power,
but because power is distributed unevenly, that very capacity to protect one’s
own power has the potential to undermine someone else’s relative capacity to
feel or be secure.8 The dilemma rests on the notion that if one does not pursue
that capacity, they themselves become exposed relative to others, but the pur-
suit necessitates others to act to further their now uncertain capacity. Some have
described this fundamental interaction as a “tragedy.”9
Flowing out of this uneven distribution of sources of power, the history of
military conflict and military studies rests on the basic conditionality of what
 The Str uc t ure o f Strateg i c Env ironme nt s 13

emerged as a conventional strategic environment. The pursuit of security in

such an environment depends on the alignment of strategy to the relative ad-
vantage or disadvantage of engaging in defensive (protecting) and offensive
(extending) control over sources of power anchored around territory. Across
military theorists from Clausewitz to Mahan to Douhet, the richness of military
studies revolves fundamentally around the analytical concepts of defense and
offense. At any given time, the combination of military technology, tactics, and
operations may favor the offense or defense to the point of a structural advan-
tage. Under such defined conditions, if military strategy, preparation, and ex-
ecution are not aligned with the advantage, a State can be punished severely.
Alternatively, strong alignment with the structural advantage brings reward. To
be clear, adopting the frame of a distinct conventional strategic environment
does not mean assessing the ability of one State to defend or attack relative to
another State. Rather, it means thinking about how the overall environment
that springs from the combination of conventional technical, tactical, and oper-
ational features impacts how a State should organize for and employ technology,
tactics, operations, and strategy.
Across human history, the relative combinations of these features have
created conventional strategic environments that essentially range between
combinations that advantage the defense to combinations that advantage the of-
fense. Although this range has remained fluid historically, it has been remarkably
stable as a range regardless of the technical base (be it horse, chariot, or armored
tank, for example). If the combination at the time of contest advantages the of-
fense and a State has organized itself for a defense-​advantaged environment, the
likelihood of defeat rises. The classic example of this is the French military in
the 1920s and 1930s, which created the most impressive defensive works of its
time in the Maginot Line,10 drawing on the lessons of the First World War in
which the defense had been advantaged. The technical, tactical, and operational
innovation of the blitzkrieg was the unsettling manifestation that proved to the
French that the conventional strategic environment had shifted to a relative ad-
vantage for the offense, which persisted through the remainder of the Second
World War.11
The First World War is the exemplar of how misalignment with the prevailing
structural conditions of the conventional strategic environment can be cata-
strophic. By 1914, the General Staffs of each of the great powers about to com-
mence in hostilities built their thinking, organizing, and actions in pursuit of
security on the assumption that the combination of the technology, tactics, and
operational features so advantaged the offense that to even conceive of defense
was to concede defeat. So committed were they to this assumption that as po-
litical leaders broached the possibility of a more defensive approach, whether in
the case of Czar Nicholas of Russia raising the prospect of a partial mobilization
14 Cyber Persistence Theory

or Kaiser Wilhelm speculating about a blocking action against the French, the
conclusion, as articulated succinctly by German Chief of the General Staff
Helmut Von Moltke, was that it could not be done.12 Importantly, the view that
the offense was advantaged was so pervasive among leaders that the conduct of
the war persisted with a commitment to offensive assaults despite the mounting
evidence that the conventional strategic environment of the time was defense-​
advantaged. Being misaligned to the structural conditions of the strategic en-
vironment at the time meant a catastrophic loss of life and very little shift of
territory on the battlefield.
Our intent is not to analyze the history of world wars, but rather to make the
conceptual point that security in a conventional military environment rests on
how well one aligns to the relative advantages of the moment between defense
and offense. At its most basic, the security of the State depends on being able to
fight and win military engagements in a relative struggle between offense and
defense.
August 6 and 9, 1945, changed this equation. The technical achievement of
the atomic bomb, creating the practical outcome of one bomb, one plane, one
city, so overshot the destructive potential of even industrial warfare that in short
order, the State possessing the new weapon and those that followed fundamen-
tally reoriented their thinking, organizing, and acting in the pursuit of security.
In 1946, Bernard Brodie captured the distinction between the conventional and
nuclear strategic environments almost immediately when he concluded, “Thus
far the chief purpose of our military establishment has been to win wars. From
now on its chief purpose must be to avert them. It can have almost no other
useful purpose.”13
The emergence of this second strategic environment, one in which the pur-
suit of security no longer rested on the range of offense to defense advantage,
was remarkable in its comprehensive introduction of not only new technolog-
ical developments but also new bureaucracies, authorities, and even lexicon. In
military strategy terms, the recognition of the nuclear strategic environment fits
Thomas Kuhn’s notion of a paradigm change.14 What is noteworthy is that the
United States pivoted so rapidly to recognizing this new strategic environment
despite just completing a war in which the relative advantage it had in bringing
to bear offensive operations on two fronts had produced significant victory that
transformed its position in global politics. We have become so accustomed to
the logic and approach of nuclear deterrence that we have perhaps forgotten
what a radical departure it was to organize principally around deterrence from
the several millennia of human history that preceded, particularly in the context
of just winning a war.
Imagine for a moment that, upon the unconditional surrender of Germany on
May 8, 1945, Congress held a hearing on how the United States should organize
 The Str uc t ure o f Strateg i c Env ironme nt s 15

itself to pursue its security (making the assumption that victory over Japan
would also occur in due time). Imagine that an academic strategist proposed
that Congress should prepare to spend trillions of dollars over decades to build
a military capability whose main purpose would be not to be used. Note this ad-
vice would have been provided in the context of a war just won in which military
capability was produced, moved, and used on the battlefield as fast as possible.
The scale, scope, and speed of that production and use was in large measure why
the United States won. How quickly would that strategist have been thrown
out of the hearing room? The mushroom clouds over Hiroshima and Nagasaki
so totally refocused thinking that, what would have been dismissed as illogical
months before, became a necessity from that moment forward. In contrast to
the extreme mismatch between thinking and strategic environment that existed
in 1914, the post-​1945 pursuit of security in the nuclear strategic environment
stands out for its significant and logical alignment.
The conventional strategic environment is structurally conditioned around
a shifting range of offense to defense advantage. The structural condition of the
nuclear strategic environment rests on the dominance of the offense. Here we
insist on a greater precision in the use of the term “dominance” than has here-
tofore been used in security studies literature. There is an extensive literature
that examines the balance between what has been called offense-​or defense-​
dominant conditions. The logic and debate associated with that balance is
best understood as a balance (what we call a shifting range) been offense-​and
defense-​advantaged environments. The term “dominance,” we argue, as an ana-
lytical term for theoretical development should be reserved for a condition in
which the outcome between offense and defense is not contestable but assured.
To suggest that the offense is dominant is to assert that the consequences that
flow from the offense will always overwhelm the mitigation that can flow from
defense. Anything short of that should be understood as an offense-​advantaged
environment in which mitigation is still possible at some level (denoting the ad-
vantage is to imply that ultimate success will follow if you are aligned with the
capacity that is advantaged at the time of contest, but leaves room for the contest
to still play out in which relative skill and other factors can impact the outcome).
The conventional strategic environment, in fact throughout most of history, has
been fluid between the offense and the defense. If there are periods of conven-
tional structural advantage in either the offense or defense direction, they tend
to be relatively short and open to shift between conflicts as well as shift even
during a conflict. Thus, offense dominance is, in fact, rare and found currently
only as a structural condition of the nuclear strategic environment.
In the conventional strategic environment, one’s planning revolves around
having the right alignment with offense or defense advantage. The security ques-
tion boils down to “Can I attack or defend in order to win?” To say that the
16 Cyber Persistence Theory

nuclear strategic environment is offense-​dominant is to rest our thinking on the

assumption that the destructive potential associated with nuclear weapons is
incontestable. The core security question, drawing from Brodie, in the nuclear
environment is essentially, “How can I secure when I cannot effectively defend
at all?” The presumption of offense dominance necessitated a shift to the logic
of deterrence. This radical shift in thought meant that security did not princi-
pally rest in my own hands (imposing force through the contest of offense and
defense), but in the mind of my opponent. In a nuclear strategic environment,
I must convince my opponent not to attack because I cannot rely on physically
preventing the consequences of an attack if it were to occur. In this context,
deterrence should be understood as a structural imperative—​it becomes the
necessary security strategy due to the condition that defense can no longer ef-
fectively secure the nation.
The literature on deterrence is quite extensive and it is not our purpose to
examine deterrence comprehensively as a strategy in this chapter. However, be-
cause it has so anchored the approach to managing the nuclear environment and
subsequently has become so pervasive in national security thinking, a summary
here is appropriate to distinguish organizing around deterrence as a response to
offense dominance and the construct of defense and offense advantage that still
anchors the conventional strategic environment. We will return to this notion of
structural imperative in the subsequent section.

Deterrence
Although “deterrence” as a term is commonplace in the academic field of
strategic studies and in the policy community, specific variations of the term
abound.15 Our purpose here is to discuss it in its most commonplace under-
standing in the policy space and leave the academic nuance to the volumes al-
ready published.16
We start from the perspective that one only needs to consider the national
security form of deterrence (as opposed to criminal forms of deterrence) or, for
that matter, offense and defense in a setting in which opposing decision makers
are considering how to pursue actions that will directly harm the national
sources of power of a country through aggressive action. In this context, deter-
rence involves delineating the range of actions an opponent may contemplate so
that the cost associated with action that directly undermines national security
outweighs the benefit the opponent may wish to achieve.17
Deterrence is successful when the challenger is convinced that attacking is
not a cost-​effective option. Success rests on several variables, but most critical
are the following elements:18 the country attempting deterrence must commit
 The Str uc t ure o f Strateg i c Env ironme nt s 17

itself to protect a certain source of power, communicate this commitment to its

adversary, possess the credible capability to threaten costs that may exceed the
adversaries’ expected gains, and display the credible resolve to follow through on
the threat. What is key here is the perceptions of the challenger, specifically their
assessment of the will of the deterrer to respond and the expected effectiveness
of the deterrer’s response.19
Deterrence strategy is prospective threat. It represents a committed contin-
gency to engage in action that will impose costs that outweigh benefits. Imposing
costs directly moves us out of prospective threat and into action—​it moves us
into a condition beyond deterrence, one involving fighting, contesting, blunting,
countering, and other forms of operations.
Thomas C. Schelling, in his 1963 classic The Strategy of Conflict, presents a
similar definition of deterrence, while raising two additional points that (al-
though obvious) should be noted. “The deterrence concept requires that there
be both conflict and common interest between the parties involved.”20 Although
the presence of conflict is obvious, what is implied by the situation of common
interest? It is best exemplified by the nuclear strategic environment of mutual
vulnerability in which nuclear States find themselves. Schelling’s concept of
common interest suggests that what is being deterred is an action that both sides
wish to avoid in the long run. The element of common interest adds stability
to the deterrence regime. If, however, the avoidance of certain actions is not
considered by one State to be in its own interest, then deterrence is unstable and
in due time will fail.

Defense and Deterrence by Denial

Patrick Morgan concludes that defense and deterrence are “analytically dis-
tinct.”21 Although the distinction was eloquently presented in the early 1960s by
Glenn H. Snyder, it is a definitional problem that many contemporary theorists
and policymakers have either forgotten or gloss over. In short, military hardware
can be described as possessing an offensive/​defensive value or deterrent value.22
Defensive value refers to the capability of mitigating the damage resulting from
adversarial aggression. The deterrent value of weapon systems refers to their
ability to reduce the likelihood of aggression by an adversary.23
This distinction also holds for national policies. Deterrence deals with
intentions and the ability to influence them. Defense deals with actions and the
capability to thwart, mitigate, or contain them. Simply put, “there is a difference
between . . . fending off an assault and making one afraid to assault you, between
holding what people are trying to take and making them afraid to take it . . . [it]
is the difference between defense and deterrence.”24
18 Cyber Persistence Theory

The distinction is significant because deterrence by denial is analytically a

deterrence approach, not a defense strategy. As such, it remains an attempt to
raise concern (fear) that the aggressor’s actions will backfire and cost them more
than the action is worth. Deterrence by denial is not simply relying on actual de-
nial of benefits, as many now conceive of it.25 While during the Cold War, both
superpowers tried to enhance the credibility of their deterrence commitments
by marshaling conventional forces that would defend their respective interests
and thus presumably raise costs to an unacceptable level, this conventional form
of deterrence (or its limited nuclear warfighting variant), which is the empirical
foundation of the concept of deterrence by denial, remained an uneasy and un-
stable form of deterrence due to the contestability of conventional weapons.26
In other words, differing military technology—​conventional and nuclear—​
impacts the effectiveness of deterrent threats and the outcome of deterrence
strategies. In fact, the nature of the core technology has an anchoring effect on
the structure of each of the three strategic environments. Thus, understanding
the features of a strategic environment requires an assessment of the technical
foundation of the environment and the tactics, operations, and strategies that
then flow from it.

Technology but Not Technological Determinism

British Major-​General J. F. C. Fuller stated, “[W]‌eapons, if only the right ones
can be found, constitute ninety-​nine percent of victory.” This sentiment, as his-
torian Martin van Creveld points out, is based on the presumption that “where
once war was waged by men employing machines, more and more war [is]
seen as a contest between machines that are served, maintained, and operated
by men.”27 Although the debate may be struck over the correct proportion, few
would argue with the implication: that basic weapons technology significantly
impacts the manner in which wars are fought and their ultimate outcomes.
A distinction needs to be drawn between a weapon’s technical capacity (what
it can do) and its military capability (its impact and effectiveness in war). Military
capability should be viewed as the combination of technology with techniques
and tactics for employment and utilization.28 What a weapon can accomplish
in time of war is not merely a function of what is technically feasible. Again, to
acknowledge Fuller’s comment, a weapon’s capability is dependent to some ex-
tent on being correctly “found,” that is, being chosen and utilized in the proper
circumstances in the appropriate manner. The French mitrailleuse is an appro-
priate example. Introduced in the Franco-​Prussian War of 1870, this prototype
machine gun had the capacity to fire at an unprecedented rate; however, it was
 The Str uc t ure o f Strateg i c Env ironme nt s 19

employed not at the front as a tool of the infantry, but as a supplement to heavy
artillery, thus significantly lowering its military capability.29
Aside from the necessity of proper employment and use, military capability
is also affected by war itself. Carl von Clausewitz, in his classic military treatise
On War, begins to broach this broader appraisal of military capability during
his discussion of the inherent elements of war that work against the application
of force:

Action in war is like movement in a resistant element. Just as the

simplest and most natural of movements, walking, cannot easily be
performed in water, so in war it is difficult for normal efforts to achieve
even moderate results.30

Deterrence is concerned with the calculation and application of costs, typi-

cally evaluated based on the amount of expected damage to be incurred versus
gains to be accrued. Expected damage cannot be viewed simply as the technical
destructive capacity of a deterrent; it must be assessed on a much broader scale.
A bullet fired from a rifle has a certain understandable destructive capacity—​it
can pierce through human skin. A soldier positioned as a sniper has the potential
to threaten to shoot anyone who walks within line of sight. Assessing this threat
is intricately more complex than simply understanding that a bullet can pierce
skin. An opponent contemplating moving through the sniper’s line of sight (as-
suming they have no doubt that the sniper will shoot) will have to consider how
good a shot the sniper is (how steady are their hands, how sharp are their eyes),
whether their movement is in the effective range of the rifle, and whether there
are any evasive movements (such as ducking) or protection (such as a bullet-
proof vest) that can be employed. Bringing civilians into the contested space
might even undermine the will of the sniper to shoot. Ultimately, the effective
raising of costs to deter enemy movement is much more involved than simply
possession of a rifle; the bullet must hit its mark and the opponent is going to try
to ensure that such an outcome does not occur.
In sum, recognizing that military capability (to include nuclear weapons) is
a function not simply of technology but of human and environmental interac-
tion is important for understanding and assessing the effectiveness of deterrent
threats, managing warfighting threats, and, as we will discuss related to the cyber
strategic environment, competition threats. What capability is necessary to ef-
fectively shape cost-​benefit calculation is different from that which is needed
for effective offensive and defensive warfighting, and as we will add to the theo-
retical mix that which is needed to compete over the exploitation of networked
computing vulnerabilities and opportunities.
20 Cyber Persistence Theory

Structure and Imperatives

The shifting range of offense-​defense advantage that flows from the nature of
conventional weapons technology structures the conventional strategic envi-
ronment and necessitates a general imperative—​States must be able to engage
in offense and defense effectively if they are to be secure. This requires States
to organize to fight and protect. The actual strategies employed to secure will
vary based on many factors (including conventional deterrence) and can lev-
erage nonmilitary capabilities, including diplomatic, information, and economic
instruments of national power.
While in early human history physical proximity was required to attack na-
tional sources of power, military technology developed over time to make geo-
graphic distance less of a hurdle for more actors. This increased the importance
of timely information about potential and imminent threats, the capacity for
rapid mobilization if necessary, and the ability to be resilient while under at-
tack. Placing a premium on understanding the other side has been a principle
of State action for two millennia. While the core saliency of Sun Tzu’s maxim of
understanding your opponent better than you know yourself has not varied in
the conventional strategic environment, the complexity in now achieving that
knowledge would likely amaze him.31
Despite increased demands on the necessity of preparation to fight, and at
times, because of it, conventional armed aggression has remained a constant
of human history. In the past twenty years we have seen great powers attacked,
armed aggression between States, including in Europe, where the loss of terri-
tory through armed attack is no longer a distant memory of the Second World
War.32 The conventional strategic environment supports a strategic dynamic in
which action involves preparing for potential conflict and, unfortunately too
often, engaging in it. In sum, in the conventional strategic environment the final
arbiter of national security—​the protection of national sources of power—​is the
ability to fight and win wars.
The offense dominance that flows from the nature of nuclear weapons tech-
nology, which structures the nuclear strategic environment, necessitates its own
imperative. If national security is to be achieved, States must be able to advance
their interests, while avoiding war. Herein lies the core difference between these
two strategic environments: in the conventional environment, I can look to ad-
vance interests despite war and sometimes through its prosecution. War and ad-
vancement of national interest are not incompatible. In a nuclear environment,
advancement of interest and the prosecution of nuclear war are incompatible.
The recognition of that latter relationship has led to a wholly different ap-
proach to security. Aside from the base strategy of deterrence, crisis management,
 The Str uc t ure o f Strateg i c Env ironme nt s 21

escalation control, arms control, coercive diplomacy, and sanctions all took on
prominence. The new logic and lexicon associated with the nuclear strategic en-
vironment became so pervasive that its terms and concepts have been exported
to the conventional environment. We must, however, not lose sight of the unique
conditions they were originally developed to address.
This does not mean that tactics and operational approaches are not applicable
across strategic environments; far from it. What we have learned from managing
the nuclear challenge has indeed shaped and impacted how conventional forces
are conceived and used. However, the distinctiveness of the thought, organi-
zation, and action that emerged after fission and then fusion were weaponized
is profound. Nuclear States fundamentally think, organize, and behave differ-
ently when confronting each other than when States are only conventionally
armed (or when nuclear States confront non-​nuclear States or non-​nuclear al-
lied States). The fact remains that the only two times the weapon has been used
were against a State that did not have them and when they were in short supply.
The exponential growth in numbers and lethality as well as the increase in the
number of States in possession of them has not led to a third use.
This is a fundamental departure from the behavior we see of States (and some
of the same States) in the conventional strategic environment. This absence of
use reflects States operating in a distinctly recognized and structured strategic
environment with its own organizing principle, logic, and dynamics. Nuclear
weapons altered the manner and practice of coercion and the use of force. The
focus of coercion and force became the threat to use them, rather than their
actual application. The coercive (deterrent) power of nuclear weapons comes
from their possession, not their use. Ultimately, conventional security rests in
the presence of war; nuclear security in the absence of war.

Existing Strategic Environments and

Cyber Activity
For over seven decades, the conventional and nuclear strategic environments
have coexisted. A small set of States have had to manage both simultaneously
and have done so with different integrative strategies: extending nuclear deter-
rent commitments to allies while pursuing strategic deterrence of the homeland
but use of force globally (the United States and Soviet Union); bolstering con-
ventional forces to deter any level of direct war (the United States, Soviet Union,
Russia, North Korea); enhancing deterrence of strategic war while recognizing
territorial flashpoints require some flexibility on conventional use of force (India,
Pakistan, and Israel’s opaque possession); and, finally, strategic deterrence of the
22 Cyber Persistence Theory

homeland and the use of conventional forces globally (France and the United
Kingdom). Although there is a relationship between the two environments, the
thinking, organization, and behavior within the nuclear strategic environment
remain recognizably distinct from the conventional strategic environment. The
environments are distinct in logic, but States must also understand how those
logics intersect if they are to secure themselves. This intersection-​distinction di-
chotomy is important to keep in mind as we examine the emergence of a third
strategic environment.
It is our contention that the fundamental logics of the nuclear and conven-
tional strategic environments do not capture what we are seeing behaviorally in
and through cyberspace. At first blush, one might look at the empirical record of
cyber operations to date and contend that this is explained through the logic of
the conventional strategic environment. National interests are being advanced
through a contest of offensive and defensive capabilities designed and executed
with the recognition that use of force and the cyber equivalence to armed attack
are viable options. Networked computing technology is the same as the milita-
rization of the airplane—​a new means to conduct war. This view has certainly
dominated the lexicon of the past twenty years, where the term “cyber war” has
been used to describe all manners of cyber operations.
And yet, there is an empirical problem with this view—​despite millions of ex-
ecuted cyber operations, few States have treated and reacted to these operations
as a use of force or armed attack. There are three plausible explanations for this
remarkable absence of war in the presence of so much activity: (1) the tech-
nology only enhances “subversion, espionage, and sabotage”;33 (2) deterrence
of war, armed attack, and use of force is stable, so States are choosing to just
rely on cyber means to subvert, spy, and occasionally (and in limited degrees)
destroy, but if deterrence could be designed around, cyber war would occur;34
or (3) there is a fundamentally different strategic logic driving the behavior not
captured by the logics of coercion and warfighting, and it is of a strategic, rather
than tactical, subversive or only intelligence-​gathering nature.35
Many in the academic and policy communities have applied the logic of the
nuclear strategic environment to explain cyber activity. Almost as prevalent as
cyber war, the term “cyber deterrence” has been a default for many arguments
and policy documents during the 1990s through 2020s.36 The empirical reality
of ubiquitous cyber activity, however, challenges the notion that we should think
about, organize, and use cyber means based on the logic that security rests on
the avoidance of action. Using nuclear logic to explain cyber behavior relies on
a related set of plausible explanations parallel to those stated above: (1) cyber
activity is traditional statecraft below war and thus deterrence does not apply, as
the activity is not strategic in nature;37(2) cyber activity is potentially war-​ena-
bling, but such use for coercive purposes is avoided due to fears of escalation to
 The Str uc t ure o f Strateg i c Env ironme nt s 23

war; or (3) States are deterred from war generally, but the activity we are seeing
is a strategic response to opportunity, rather than an acceptance of a limitation.
The reality of continuous cyber operations and campaigns on a massive scale
strains the logic associated with existing security studies theory and policy (in-
telligence, coercion, escalation, deterrence, and war). We must be open to the
possibility that, from a scholarly explanatory perspective and from a policy
development and execution standpoint, something fundamentally different is
occurring and it requires a new explanation and policy prescriptions. Getting this
wrong could have dire consequences for international security, as we witnessed
in 1914 and 1939.
In the chapters that follow we provide direct challenges to the notion that
the cyber strategic environment is old wine in new bottles—​that it is just espio-
nage or coercion by other means and/​or ways. Here, we introduce the theoret-
ical basis for the standalone argument that the extraordinary amount of cyber
activity we are seeing follows a distinct logic. To develop the parameters of a
theory of cyber persistence, we must first explain the structure of a third strategic
environment.

The Structure of the Third Strategic Environment

States are heavily engaged in the use of cyberspace directly and indirectly to ad-
vance their national interests. Networked computing integrates all aspects of
governance and the conduct of State relations internationally in and through
cyberspace. It is the backbone for commerce and communication globally. This
means that the full range of competitive and conflictual interactions that define
international security relations must be understood in the context of the dig-
ital world.
Cyberspace is becoming so ubiquitous and so integrated into human activity
that, at some point not in the distant future, appending the word “cyber’ as an
adjective will appear redundant. Both the academic and policy communities re-
quire the analytical tools to understand the most basic of State activities as they
relate to security and to capture what it means to operate and pursue national
interests in the digital age. There is much to be gained in both academic research
and policy development, if we build a set of assumptions and concepts that map
to the reality we face and will face. Relying, instead, on existing paradigms that
do not align with fundamentals will result in non-​policy-​relevant research and,
potentially, policy failure.
This reorientation must begin by recognizing the distinctiveness of a third
strategic environment, one in which protecting and enhancing national sources
of power rests on a set of conditions predicated on the unique features of
24 Cyber Persistence Theory

networked computing and its digital interfaces. These features of networked

computing create, as did conventional and nuclear capabilities, distinguishable
conditions that require new concepts to align logic, thought, organization, and
action for national security.
The nature of cyberspace requires a redefinition of security itself.
Whereas the structural conditions of the conventional strategic environ-
ment rest on the interplay of offense and defense advantage and those of the
nuclear environment on offense dominance, it is the distinct notion of initia-
tive persistence that flows from the features of information communication
technology (ICT, broadly understood as networked computing and its digital
interfaces) that comprise the cyber strategic environment. This third environ-
ment necessitates its own imperative. If national security is to be achieved, States
must persistently set and maintain the conditions of security in and through cy-
berspace in their favor. Those conditions are measured as the relative balance be-
tween being cyber vulnerable to exploitation and being able to exploit the cyber
vulnerabilities of others.38 Given the features of this space, a State can only set
conditions if they are able to anticipate where those conditions will lie in an ever-​
changing “virtualscape.” Thus, we argue, there is an imperative that necessitates
persistence in striving for initiative.
The term “initiative persistent” is meant to be as descriptively accurate and
analytically useful as possible. The idea that cyberspace is offense-​dominant or
offense-​advantaged or even defense-​advantaged has been raised before in the
literature—​by some of us a decade ago.39 However, the analysis presented here
leads to a different argument—​the terms “offense” and “defense” are analytically
too limiting and are not explanatorily helpful.
Offense and defense are terms that can still be ascribed to tactics in cyber-
space. However, the ever-​changing features of the technology and the rapid
adaptation of its use at the tactical, operational, and strategic levels are so sig-
nificant that thinking in terms of building offensive and defensive capabilities,
of conducting offensive and defensive operations, and of defining campaigns as
being offensive and defensive at the strategic level misses the most crucial point
about persistence. That is, we are dealing with fluidity on a scale and scope such
that what is meaningful to outcomes is whether or not one has the initiative—​
whether one is anticipating the exploitation that will come next by either you as a
defender or another State as an attacker. Tactically, a State may exploit to protect
or exploit to advance. However, the cyber strategic environment is defined not
by such tactics but instead by the fact that persistent exploitation in setting the
conditions of cyberspace is the means to more or less security.
It is not useful to think about cyber operations as basketball on fast for-
ward. It is not just speed of play that is at issue. It is the addition of scale
(in number) and scope (in variety) of players as well as playing surfaces
 The Str uc t ure o f Strateg i c Env ironme nt s 25

(software-​hardware-​processes that connect them and humans that use them) that
combines with speed of play to make this a fundamentally different game. The
complexity of this environment and its engagement dynamic are not captured in
a simple offense versus defense conceptual frame. Neither offense nor defense
is dominant or inherently advantaged. If I track an active breach of my network
and simultaneously protect aspects of that network, but allow access to other
sectors of the network to understand the techniques, tactics, and procedures of
the opponent and then use information gained to enhance a prepositioned set of
code and execute my own exploitation of the opponent’s systems all in a simulta-
neous set of maneuvers that take effect in a matter of minutes, if not seconds, at
what point am I playing defense and at what point offense?
We assert that the better way to conceptualize this environment is to rec-
ognize that what is occurring is grappling over initiative, something initially
lost at the breach moment, regained at the detection moment, reversed at the
tracking moment, and sustained at the moment the opponent’s systems are
exploited. These are not episodic linear actions of attack and protect, as many
have conceptualized. Rather, it is a fluid set of engagements driven by who has
the initiative at any given moment.
Understanding this third strategic environment as an initiative-​persistent
space captures the essence of the primary cyber behavior of the past twenty
years: cyber faits accomplis (a concept we develop in Chapter 3). Much of what is
happening in cyberspace consists of parallel attempts to gain enough initiative to
be able to set the conditions of security and insecurity within and across devices,
systems, and networks. Although direct cyber engagement (another concept de-
veloped in Chapter 3) can occur between an attacker and a defender, most of
what is occurring consists of continuously flowing parallel operations that do
not start with any expectation of shaping the other side’s calculus, but rather
focus on exploiting inherent vulnerability. We contend, therefore, that the cyber
strategic environment is a space of exploitation, not principally one of coercion.
What is shared by both the conventional and nuclear strategic environments
is a logic associated with war (or war avoidance) and coercion to achieve po-
litical ends in which there is direct exchange or expected exchange between
protagonists. In these environments, attack or the prospect of attack that shapes
behavior and the advancement of strategic ends is transactional. It flows from
the exchange (or expected exchange) between mutually engaged and identifi-
able protagonists.
In the cyber strategic environment, States can advance strategic-​level cumu-
lative effects without direct exchange, without coercive shaping of behavior, and
without war because they can directly change the virtualscape in which they
seek to advance their security through exploitation of vulnerabilities that allow
them to access, maneuver, fire, and—​at the highest point—​control without
26 Cyber Persistence Theory

directly interacting with other States. Even when the actions are not covert or
become discovered, the exploitation of vulnerability is not wholly dependent on
the target’s actions. A security patch can certainly shut down one vector of ex-
ploitation, but it does not fundamentally alter a capacity to exploit in general. In
some circumstances, patching can send an attacker back to the drawing board for
some time, but it does not negate the capacity of an attacker persisting to regain
initiative through some alternative exploitative option.
To update the comparative summation provided earlier, conventional secu-
rity rests in the presence of war, nuclear security rests in the absence of war, and
cyber security rests in the alternative to war.

An Alternative Theory
The remainder of this book turns to the construction of a comprehensive theory
of cyber persistence to explain a strategic environment based on initiative per-
sistence (rather than offense dominance) that requires States to understand a
logic of exploitation (rather than coercion).
Here we discuss the core tenets of this theory and then turn in Chapter 3 to a
deeper analysis of new concepts and their prescriptive implications.
The cyber strategic environment’s initiative persistence rests on the features of
the technology itself and the construct that organizes those features. Specifically,
we are referring to recursive simplicity and interconnectedness.
The most fundamental components of computing technology, both the hard-
ware circuit board and the software code, rest on an overall default of iteratively
building from a simple starting point, essentially building on simpler versions of
the version we have. Although not all hardware and software is specifically built
in such a fashion, the inherent nature of computing technology has sought and
leveraged recursive simplicity.40
Recursion can be defined as self-​similarity in structure where symmetry runs
across scale—​in essence, “pattern inside pattern.”41 Put another way, a recur-
sive structure is one in which the whole is structurally identical to its parts.42
Although recursive structures exist in nature (e.g., snowflakes and ferns), they
were originally discovered as mathematically based constructions. By identifying
the principle of self-​similarity across scale, mathematicians Helge von Koch and
Benoit Mandelbrot showed that fractal patterns could lead to infinite length in
a finite space.43 These observations laid the foundation upon which early soft-
ware developers constructed large programs out of existing smaller ones. The
recursiveness of software tremendously simplifies its development. Instead of
regarding each independent part of a design separately, base commands can be
reused in similar but broader commands. Thus, one need only know a fraction
 The Str uc t ure o f Strateg i c Env ironme nt s 27

of the levels (essentially its foundation) to understand and construct multilevel

designs.
Recursiveness as a structuring principle allows for exponential growth factors.
The microchip (integrated circuit) has been constructed with a similar recursive
logic. In a broad sense, the faster chip is simply more transistors pressed into
one central component. The ability to construct a chip simply by compressing
more transistors into the same space through greater miniaturization means that
the basic design of the chip is not radically altered from its slower antecedent.
Gordon Moore’s “Law” first articulated in 1965 that one could double the
number of transistors on a chip every year; it was modified in 1975 to doubling
every two years and has remained remarkably prescient for nearly fifty years.
While that law may now need a third modification, increasing computing power
remains viable.44 This is due, in part, to the fact that the integrated circuit became
a “general purpose technology—​one so fundamental that it spawns all sorts of
other innovations and advances in multiple industries” and as such created the
economic incentive to follow Moore’s Law, which in turn has created economic
patterns that assume adherence to the law.45 There are also significant variables
that affect the pace of the changing rate of computing power, including, for ex-
ample, coding efficiency.46
Understanding recursiveness broadly as inherent to the nature of computing
technology creates some specific consequences that we will discuss later. As im-
portant as this base nature is, the organizing construct that undergirds the cyber
strategic environment, itself, is of equally profound importance. What makes
the cyber strategic environment distinct is how the combined computational
and communicative power of the micro-​processing silicon-​chip-​powered com-
puter has been networked. While individual computers in isolation represent
powerful tools, it is the connecting of these devices that has proven so funda-
mental to the creation of the cyber strategic environment.
Computer networks support everything from local, regional, and national
banking systems to telephone switching systems and transportation structures.
ICT has enabled the stitching together of people, platforms, and performance in
a dense interconnectedness that is aptly conceived of as a “web.” The Internet—​
the network of networked computers—​while not comprehensive of cyberspace
is both the conceptual and physical driver of this organizing principle. Initially
conceived of as part of an American defense plan to improve communications
during a nuclear attack, the Internet transformed computer usage.47
While the creation, accumulation, and manipulation of information has
always been a central part of human activity (warfare in particular), the com-
putational and communicative power of the networked computer is creating dis-
tinctive consequences—​a qualitative shift anchored on quantitative factors that
moved incrementally during previous periods of human history.48 In isolation,
28 Cyber Persistence Theory

none of these variables themselves require discontinuity in strategic thought—​a

paradigm change—​but in combination, they open such a possibility. In this con-
text, four variables seem most important: accessibility, availability, speed, and
affordability.
Accessibility. The networking of personal computers has led to the networking
of individual networks. The universe of these networks, cyberspace, carries data
and information in all its forms and enables action and interactions that previ-
ously were not possible at the scale and productivity rates now being achieved.
Accessibility constrained by geographical proximity is changing, not in that ge-
ography is simply becoming less a limitation or constraint, but rather that the
relationship between geography, information, and individuals is fundamentally
shifting. Whereas throughout human history I had to travel to access informa-
tion, people, and places, I now bring information, people, and places to me.
Interconnectedness means that physical location now has little or no impact on
the ability to access information.
Availability. Traditional terrestrial-​based systems of information retrieval
depended on geographic proximity for access and thus required an enormous
amount of duplication to guarantee efficient availability of information. In this
system, availability depends on how many copies can be made and stored in rela-
tion to how many information retrievers are at work. The difference between ac-
cessibility and availability is important. Living near a library might mean one has
access to a book, but if someone has already checked out the only copy, the book
will not be available for some specified time. Cyberspace offers a significant ad-
vance in availability by creating the opportunity for simultaneous retrieval of
information. The limitation on availability is dependent not on how many copies
of a particular instrument exists, but on the server’s capacity to manage users si-
multaneously accessing the digitized database. While servers can crash, we are
fast approaching the stage where availability is not a vexing or cost-​prohibitive
problem due to interconnectivity. Increasing a computer network’s ability to
handle more users is proving to be more cost-​effective than having to duplicate
the actual source of information by the same number of users.
Availability can also be discussed in quantitative terms with regard to the im-
pact on managing available resources. There is, at a base level, too much infor-
mation available via cyberspace. The systems meant to manage availability of
the past were built on an assumption of scarcity—​for example, a waiting list to
be the next person at the library to get the one copy of the book when it was
returned by the previous user a month later. One of the challenges at the start
of the 2020s, with serious national security implications, is that societies have
yet to figure out systems to manage availability abundance. Debates around free
speech on social media platforms, for example, miss this more fundamental
qualitative shift that has occurred. Managing availability abundance requires
 The Str uc t ure o f Strateg i c Env ironme nt s 29

a fundamentally different system of laws, organizations, and social expecta-

tions/​norms than environments of availability scarcity. In the realm of national
security, States can wreak havoc on each other in the absence of such a man-
agement system through a variety of information manipulation and distortion
opportunities that undermine trust in data, information, institutional authority,
and leaders.
Speed. A third variable profoundly impacted by interconnectedness of net-
work computing is computational and communicative speed. Enormous
increases in both directly boost the ability to rapidly cycle through the basic se-
quence of observation, orientation, decision, and action (OODA loop).49 When
vast sums of accessible available information can be disseminated and processed
in seconds, time relative to managing the OODA loop may shrink to the point of
collapsing the loop. This has serious security implications.
Counterintuitively, traditional models of efficiency defaulted to the compres-
sion of time to achieve greater productivity or effectiveness. Interconnectedness
enables such an extreme level of time compression that the challenge becomes
finding mechanisms for time expansion within the OODA loop that do not cede
initiative to the other side while retaining ones’ capacity to observe, orient, and
effectively decide before acting. The entire debate about automation and the
emergence of algorithmic decision-​making rests on recognizing this profound
shift in time management and efficiency. For many human interactions, being
“in the loop” is not efficient—​the computer can process the OODA loop more
effectively. This creates a deepening of reliance on code to take action, whether it
is directing people via GPS, driving one’s car, or flying a plane. Such reliance has
knock-​on effects, such as a current generation of youth who are less proficient
at understanding the concepts of north, south, east, and west because they no
longer need (or believe they need) to understand such directional constructs.
Their software tells them the best route and they simply follow the arrow (or
voice).50
The pursuit of efficiency through time compression raises ethical, social,
and national security concerns, including reliance on algorithmic medical
assistants rather than doctors to diagnose, the use of predictive modeling for
conditional crime proclivity, and reliance on autonomous weapon systems
and robotic soldiers that will resist being “out of the loop.” Managing speed
will require models of decision-​making that allow humans to be not in or out,
but critically, “on the loop.”51 States’ ability to manage and manipulate time
compression and expansion relative to action is at a premium in the cyber stra-
tegic environment.
Affordability. A fourth distinctive feature of interconnecting networks of
computers is that the resource base required to exploit the advantages of this
technology is relatively low and has continually declined over time. In terms
30 Cyber Persistence Theory

of computing power, the median-​income family in the United States has more
computing power in its home in 2020 than many countries could afford or de-
ploy only a few decades ago. The nature of the technology itself also lowers cost
in terms of skill development. There has been an inverse relationship between
increases in the complexity of the technology and what it can do, and the ease
at which the technology can be used. The time, energy, and cost necessary to
effectively use increasing complex platforms has continually declined. ICT is af-
fordable in the broad sense of that term. Training, possession, and use require
less time, less money, and fewer resources.
Due to its recursive simplicity, accessibility, availability, speed, and afforda-
bility, networked computing creates a profoundly different organizing principle
on which the relationship between people, platforms, and place rests. The den-
sity at the global scale is truly remarkable. It took fourteen years to reach one
billion users of the Internet, but only three years to add the last billion (2020
estimates suggest 4.5 billion users, or about 60 percent of the world’s popula-
tion).52 It took approximately twenty years to create 250 million websites (dis-
tinct hostnames). It took fewer than two years to double that and less time still
to double it again. In 2019, the estimate was about 1.75 billion publicly acces-
sible websites.53 As with Koch’s snowflake, the growth in these features is driving
the creation of a vast and ever-​expanding virtualscape even though the principal
device we use—​the computer—​represents a finite space inhabiting a finite ter-
restrial globe.
Thus, interconnectedness, as we present it here, is not simply the technical
feature that follows from the Internet’s backbone; it is not synonymous with net-
working. Rather, understanding interconnectedness conceptually as a structural
feature of the cyber strategic environment requires us to see it as the sum of
the four variables discussed above that, in combination, creates a virtualscape of
continuous flux and sustained linkage.
In cyberspace, one can “be” anywhere at any time, in which “be” means “suffi-
cient presence to take meaningful action.” In terms of State relations, to be inter-
connected means to be in constant contact with one another at a level in which
the potential to influence or affect sources of national power exists. This condi-
tion within the cyber strategic environment is different from that found in the
conventional and nuclear environments, in which contact is episodic, potential,
or imminent, but not constant. This is because terrestrial space is organization-
ally segmented (vice interconnected)—​defined geographically and reinforced
through international law’s principle of sovereignty.
From the perspective of structural theory, constant contact must be under-
stood as a condition, not a choice. It is a circumstance that follows logically
from being in an environment organized by interconnectedness. If the system is
not interconnected—​that is, it is segmented—​then the base condition is not a
 The Str uc t ure o f Strateg i c Env ironme nt s 31

connection that is constant. The two are inextricably linked, and that linkage is
profoundly significant.
One would be hard-​pressed to find a State strategy document, policy state-
ment, or corporate report that does not refer to cyberspace as “global” and “in-
terconnected.”54 However, what mostly follows in those documents does not
treat interconnectedness as a distinctive structural feature that drives an inher-
ently different logic from segmentation. Particularly when it comes to State re-
lations over security, the working assumptions of most State strategy relative to
cyberspace have been grounded for decades in a logic that assumes security is
to be found in barriers and separation (firewall thinking, for example). To be
interconnected is to be in constant contact, which cannot be solved by denying
this fundamental feature. Yes, I can disconnect from the network, but that does
not achieve security within a cyber strategic environment. Removing oneself
from the situation is not a sustainable solution because it precludes one from
leveraging the beneficial outcomes of networked computing. National cyber
security must solve the challenge of interconnectedness and constant contact
working within, not outside or in spite of, the unique features of cyberspace.
Digital life is a reality; securing it requires we accept that reality.
The implications of this combination alone raise some distinct security
concerns. One must, as a planning principle, allow for the prospect that it is pos-
sible for an adversary to persist on the networks of critical infrastructure (elec-
tricity, water treatment, transportation, healthcare), the networks of leading
industries, the networks of government agencies, and the core communication
networks within society. This constant contact may position the adversary for
exfiltration or manipulation of data resident on or traversing those systems in
such a manner as to create adverse effects cumulatively over time. This can occur
without some overt crossing of a terrestrial boundary that, in the past, had been
the demarcation between peace and war.
Interconnectedness and constant contact, however, only create the potential.
Unfortunately, the nature of the technology itself makes that potential a contin-
uous reality. At its most fundamental starting point, the notion of the network
was meant to replace the vulnerability of a single point failure that existed in
the communication bureaucratic hierarchy. Specifically, as it related to solving
the threat of a surprise nuclear attack that might decapitate the top of a hier-
archically based decision-​making system of communication, the ARPANET’s
innovation was to create centralized control without a center. The magnificence
of the Internet is that its recursive structure created systemic wide redundancy
at a level of efficiency out of reach of industrial age technology. It did this essen-
tially through a portal system, where there is always a route around closed doors.
It was not built to deny access, an essential ethos behind security, but rather to
expedite it.
32 Cyber Persistence Theory

This base default to access is exacerbated by the way cyberspace has ex-
panded. Although there have been many benefits from releasing software
version updates—​constantly evolving code builds on previous configurations—​
the sheer size of software packages alone is staggering. It is estimated that
the Windows 10 operating system stands on 50 million lines of code, while
the Google platform leverages nearly 40 times that number, at 2 billion lines.
Regardless of system, a basic reality is that this accessible terrain is of such vast-
ness that any mistake, unanticipated use, or truly novel application can enable an
unauthorized user (or insider threat) to create terrain, which they can configure,
and thus control, to advance their interests.55
Within the conventional and nuclear strategic environments, the tech-
nology of war is effectively distinct from the terrain in which war is conducted.
The plane is different from the air in which it flies, the ship from the water
it sails, and the tank from the land it traverses. In the cyber strategic envi-
ronment, computer code is simultaneously the means to maneuver and the
space through which one maneuvers. Although cyber physical systems—​the
integrated circuit, for example—​reside physically in some device and are
thus distinct from code, the processing that it accomplishes is all driven by
the code that not only activates programmed action through the integrated
circuit, but can add functions previously not present for that integrated cir-
cuit to process. Those new functions effectively become an addition to the
virtualscape—​new terrain that is being traversed by the new code that has
created it. In this sense, every new software update, new hardware version,
and new process that links them together reconfigures the space that had
existed previously. The scale, scope, and form of maneuver is ever shifting in
cyberspace.
At the tactical level, you indeed can defend in cyberspace, but you only de-
fend in the moment—​in the configuration of software, hardware, and processing
that existed at the time you deployed a configuration you thought was secure.
As noted earlier in the discussion of deterrence by denial, the effects of that de-
fensive mitigation are not sufficient to attrite capacity to the point of denying an
adversary another way around. This highlights the mismatch between the struc-
tural conditions of the cyber strategic environment and what is necessary for de-
terrence by denial to succeed. It is one reason deterrence by denial should not be
relied on as the primary strategy to achieve security in cyberspace. Deterrence
by denial relies on a calculus on the part of the prospective attacker that it will
expend more force in attacking than can be sustained to achieve or hold a gain.
The prospect of attrition is how significant defense and resilience capabilities
might dissuade an attack. That other vectors of intrusion are likely available and
that exploitative code can be produced (or otherwise acquired), manipulated,
and repurposed with relative ease undermine that prospect. Thus the loss of an
 The Str uc t ure o f Strateg i c Env ironme nt s 33

avenue of intrusion or of an exploit’s effectiveness, where and when it occurs, is

surmountable. Attrition cannot anchor security in such an environment.
The scale and scope of the technical backbone and speed at which it can re-
configure mirror the scale and scope of the actors that can engage in consequen-
tial action in cyberspace. This is a province not exclusive to great powers, who
are interconnected with States that typically could not engage in similar activi-
ties, but can do so in cyberspace.56 To be clear, funding sophisticated ICT de-
velopment costs money, it requires trained skilled operators, and great powers
tend to have the resource base that provides them some advantages. However,
the nature of ICT does not have the same barriers to achieve levels of ICT pos-
session and skill in operation required to produce nuclear weapons or sustain
conventional force. At the level of episodic consequential action, sophisticated
individuals and small groups with open source cyber technology can have stra-
tegically consequential impact.57
From a national security planning standpoint, interconnectedness means that
States’ sources of national of power are constantly connected not only to more
States than in the past, but to non-​State actors, private industry, organized crime,
and others, all of whom may act from a different motivation base. Their pur-
suit of interests might not be directly adversarial to mine, but in the cross-​cut-
ting density that is cyberspace, their actions may impact me quite negatively. In
January 2018, a student in Australia started tweeting comments about heat maps
released by the fitness company Strava that showed the exercise patterns of what
clearly became recognized as forward-​deployed military bases of several Western
countries. Although many of them were known locations, others were not. More
troubling is that the data could enable military intelligence agencies to track in-
dividual soldiers’ movements and potentially discern deployment patterns. It is
likely that when the marketing team at Strava met to look at their heat maps,
they probably said, “This is really cool—​we are even in the most remote places
of the world. Let’s put that up on the web.” It is reasonable given their motivation
(profit-​seeking through increased visibility and user support) that they never
once thought they were undermining US Special Forces’ operational security.
The detail of global military personnel movements that this fitness company
published would have been inconceivable for even the largest and best intelli-
gence agencies in the Second World War. In a classic case of interconnectedness
and constant contact, US Central Command now had to address the “threat”
posed by a San Francisco–​based fitness company.58
The virtualscape of cyberspace is, therefore, vast in the scale and scope of its
technical base, user base, and, most important for assessing behavior, motiva-
tion base. Taken as a whole, the reconfiguration of the space to advance one’s
interests is not simply potential, it is a continuous reality. Somewhere, someone
at any given moment is both capable and motivated to shift cyberspace to align
34 Cyber Persistence Theory

with their interests. In business activities, that is a normal and legal practice in
the competitive pursuit of profit. In the world of statecraft, it can be normal and
legal practice through regulation, such as the EU’s 2018 General Data Protection
Regulation, which required significant shifts in how data are held in and trav-
erse across cyberspace.59 Such shifts might also be direct attempts to create
conditions to enhance security in one’s favor that might have a neutral or nega-
tive effect on adversaries’ security or may be direct attempts to create conditions
of insecurity for an opponent to unbalance them or set back advantages they
may have been seeking to gain.
The structural feature of interconnectedness and the condition of constant
contact combined with the inherent capacity to reconfigure introduce a signifi-
cant incentive to be in some control of setting the conditions within and across
networked computing and the digital interfaces that knit together cyber activity
in one’s favor, rather than ceding that capacity and action to others. We are left
as a result with structurally induced persistence, defined through a continuous
willingness and capacity to seek initiative. As such, in security terms, persistence
is a structural imperative. In a strategic environment in which the conditions of
security and insecurity can be configured directly, States must persist in ensuring
as best they can that their constant contact with this vast interconnected set of
actors is configured in a way that their core sources of national power can lev-
erage the interconnectedness for growth (be it economic wealth, social cohe-
sion, improved national health, education, informed public policy, or military
might) while remaining secure.
This requires a premium to be placed on anticipating exploitation of software,
hardware, and the processes that link them together and on translating that an-
ticipation into a favorable advancement of their interests. Exploitation can take
the form of simply using the technology lawfully in unexpected ways, but from
a planning perspective one must also anticipate exploitation of vulnerabilities
through illegal and unauthorized ways. Cyberspace is littered with vulnerabilities
that leave all actors, including the most powerful States, exposed to exploitation.
In fact, the States most dependent on cyberspace are at once both very powerful
and very vulnerable cyber actors.
Systemically, we are left with the realization that cyberspace is macro-​resilient
(and thus stable) and micro-​vulnerable (and thus inherently exploitable). The
inherent vulnerability to exploitation is what raises the potential for cyber ac-
tivity to have strategic effect, because the opportunity exists for cumulative effect
achieved through setting and resetting the configurations of the virtualscape to
yield strategic gains in relative power over time. Blood loss from a thousand
nicks can be as devastating to capacity as the loss of blood from a single mas-
sive wound.
 The Str uc t ure o f Strateg i c Env ironme nt s 35

We now have the outlines of a theoretical framework. Cyber persistence

theory, as a structural theory, posits that the combination of a core structural fea-
ture (interconnectedness), core condition (constant contact), and reinforcing
structural features (e.g., macro-​resilience and micro-​vulnerability) forms the
basis of a distinct logic (exploitation) that carves out a form of strategic behavior
(initiative persistence) among States in the pursuit of security that is distinguish-
able from the conventional and nuclear strategic environments.60
The cyber strategic environment is, therefore, the product of inter­
connectedness, constant contact, and an inherently reconfigurable terrain and
capacity to act across and through that terrain. The structural features of the
cyber strategic environment reward those States that succeed in initiative persist-
ence, where success is measured as being able to effectively anticipate and per-
sistently set the conditions of security in their favor in and through cyberspace.
Those that do not persist and cede the continuous reconfiguration of cyberspace
to others, minimally, will suffer from a lack of alignment with the ever-​changing
virtualscape. In adversarial relations, States that cede the initiative can assume
that opponents will directly set conditions that will increase their insecurity and
ultimately risk degradation of their sources of national power. Over time, the
cumulative effect of such action, in relative terms, will begin to shift the relative
distribution of power among States. In the context of cyberspace relations, this
opens the prospect that State relations, strategically, will be defined not through
the prosecution of war, or the avoidance of war, but by an alternative to war.

Conclusion
Bernard Brodie, in two highly enlightening explanatory essays on the great work
of Carl von Clausewitz, On War, concluded that what makes that work endur-
ingly relevant to modern security studies was the approach that Clausewitz took
to his daunting task of explaining war. Clausewitz’s main achievement, Brodie
argued, “was to get to the fundamentals of each issue he examined beginning
with the fundamental nature of war itself.”61
Clausewitz’s own analysis was that war is “a true political instrument, a con-
tinuation of political intercourse, carried on with other means. What remains
peculiar to war is simply the peculiar nature of its means.”62 Clausewitz under-
stood war to be “different from anything else,” and thus worthy of intense study,
but also nothing more than a subset of a larger category—​the core politics be-
tween international actors.63 This was his single most insistent point—​that war
had to be studied and practiced as the subjugated instrument of high politics.
It was not war for war’s sake that motivated Clausewitz’s inquiry, but rather the
36 Cyber Persistence Theory

desire to understand how war is used to acquire and advance power relative to
your opponents of the day.64
The logic of cyber persistence theory suggests that it is best to reorient our
thinking about national security as it relates to cyberspace to the point of con-
sidering that a third strategic environment exists in which States pursue relative
power to secure—​an environment that does not follow the logic of coercion
and war that Clausewitz and so many others that followed have illuminated. As
we address in the remainder of this book, cyber persistence both in theory and
in practice resonates through a different logic captured by a different lexicon.
Explanatory power will be gained in academic research if we recognize that the
cyber strategic environment rests on interconnectedness, not segmentation; that
constant contact is a condition, not a choice; that cyber activity of consequence
should be understood primarily as campaigns, not incidents, intrusions, or
hacks; that the inter-​State dynamic is primarily one of competitive interaction,
not escalation; and that initiative rather than restraint is necessitated.
Policy prescription will strengthen if we reorient thinking toward rules of en-
gagement, not contingency planning options; seizing targets of opportunity rather
than holding targets at risk; being active and anticipatory not as aggressive or
offensive inherently but as primarily defensive in orientation; that we must ex-
ecute continuous operations, not episodic ones; that costs and benefits are cumu-
lative, not event/​episode-​based; that cost imposition can be considered an effect
of changing the cyberspace environment, not as a strategy to influence adversary de-
cision cost-​benefit analysis or decision-​making; that effective cyber operations
and campaigns are primarily exploitative, not coercive; and that competition below
the level of armed conflict is just as consequential strategically as war and territorial
aggression.
Cyber persistence theory assumes that while the conventional and nuclear
strategic environments remain essential to State politics, the “peculiar nature”
of the cyber strategic environment may support a different logic and, thus, re-
quire a different approach to competing over relative power. Whereas security
requires one to win war in the conventional environment and avoid war in the
nuclear environment, States in the cyber strategic environment may have a true
alternative through which to achieve strategically relevant outcomes. In the next
chapter we turn toward developing this theoretical reframing further.
 3

Cyber Behavior and Dynamics

In Chapter 2, we argued that States face a structural imperative to persist in

seizing and maintaining the initiative to set the conditions of security in and
through cyberspace by exploiting adversary vulnerabilities and reducing the po-
tential for exploitation of their own. We now turn our attention to the strategic
choices States face and their behavior in an environment of initiative persistence.
Due to the features discussed in Chapter 2, States are presented with a fluid
opportunity-​laden environment in and through which they can experiment,
test, plan, and achieve gains that cumulatively shift the overall distribution of
power without seizing territory or directly destroying an opponent’s sources of
power. Within the cyber strategic environment, States, therefore, can choose to
advance interests through alternative mechanisms to war. Furthermore, they are
strategically incentivized to operate in and through cyberspace at scale to accu-
mulate strategic gains without causing armed-​attack equivalent effects.
We posit that the structural imperative and strategic incentive in tandem re-
ward certain State cyber behaviors, create a specific inter-​State phenomenon,
and produce a particular dynamic. The observed interactions, engagements, and
exchanges do not follow the patterns associated with escalation dynamics, which
are central to managing security in the nuclear strategic environment and are a
recurring concern of policymakers. Finally, we consider the potential impact of
advances in artificial intelligence (AI) on behaviors and dynamics.

State Behaviors
How a State responds to the cyber strategic environment’s structural imperative
reflects its approach to setting the conditions of security in and through cyber-
space by either seeking to avoid or engaging in exploitation.1 All theories of in-
ternational politics presume that States engage in some degree of internal-​facing
security activity, such as arming or “internal balancing.”2 What is novel about

Cyber Persistence Theory. Michael P. Fischerkeller, Emily O. Goldman, and Richard J. Harknett, Oxford University Press.
© Oxford University Press 2022. DOI: 10.1093/​oso/​9780197638255.003.0003
38 Cyber Persistence Theory

cyber persistence theory is its argument that a State’s external-​facing measures

will leverage cyber capabilities for unilateral exploitation, not brute force or
coercion.3
Exploitation, thus, is the dominant State behavior in cyberspace. An exploit
is generally understood as computer “code that takes advantage of a software
vulnerability or security flaw.”4 Herb Lin defined cyber exploitation in espionage
terms as a “cyber offensive action conducted for the purpose of obtaining infor-
mation.”5 Exploitation is described similarly in the US Department of Defense’s
cyber doctrine as “actions [that] include military intelligence activities, ma-
neuver, information collection, and other enabling actions required to prepare
for future military operations.”6
Both of these definitions are overly narrow, treating State exploitative
behaviors in and through cyberspace merely as an intelligence contest. Instead,
cyber persistence theory argues that cyber exploitation represents a strategic
competition and therefore should be understood as one State gaining advantage
by making use of another’s cyberspace vulnerabilities.
We expect status quo and revisionist States alike to respond similarly to
cyberspace’s structural imperative, albeit with different objectives. Both should
seek to reduce the potential for exploitation of their own vulnerabilities through
internal-​facing measures like patching, firewalls, and intrusion detection systems
highlighting anomalous behaviors. Both may also pursue external-​facing meas-
ures, chiefly, exploitation of adversary vulnerabilities to discern intentions and
capabilities, gain a foothold to preclude or constrain adversaries’ opportunities
to operate in and through cyberspace, or expand their own opportunities to sup-
port their objectives.7
This chapter focuses on States’ use of cyber capabilities at the operational
and tactical levels, thereby generating effects that are cumulatively strategic in
their impact on the international distribution of power.8 It is at the operational
and tactical levels that cyber capabilities provide unique strategic value.9 At the
grand strategic level, initiative persistent behavior should be coordinated with
operational and tactical exploitation efforts. For example, China’s digital Silk
Road Initiative aims to control the global digital backbone to (as some argue)
enable operational and tactical exploitation on a massive scale. Several States
decided to exclude Huawei equipment from their 5G networks to preclude that
opportunity from China’s.10 And, in 2020, US actions that might be classified as
a cyber industrial strategy included a “Clean Network” policy to safeguard sen-
sitive public and private sector information from aggressive intrusions and their
exploitation by malign actors.11
Cyber operational and tactical exploitation targets vulnerabilities in one or
more of cyberspace’s three layers: the physical, logical, and cyber persona.12
 Cyber B ehav ior and D y nami c s 39

Exploitation of the physical and logical layers generally occurs through direct
hacking by seeking out open ports or other external network or system access
points to exploit known vulnerabilities in software and hardware. Exploiting the
cyber persona layer relies instead on the unwitting complicity of users. Examples
include (1) social engineering and credential or spear phishing to gain access
to passwords and login information and/​or to facilitate malware downloads
granting unauthorized access to a network; and (2) “water holing” or drive-​by
download techniques in which attackers estimate (or note) websites visited by
organizations or individuals and implant malware that is downloaded when the
sites are visited.13
Rather than create from whole cloth new concepts embodying the primary
manifestation of exploitative inter-​State cyber behavior in cyberspace, we lev-
erage those developed for conventional and nuclear strategic environments—​
the fait accompli and agreed battle—​but adapt them to the distinctive features
of the cyberspace environment. Both concepts in their academic heyday were
largely empirically derived, perhaps viewed as describing anomalous, less-​con-
sequential, or lesser-​included cases. As a result, they received far less theoretical
attention. It seems that the worm has turned, as the cyberspace environment
has elevated the importance of those concepts for describing State behavior
and, consequently, has diminished the centrality of theories like coercion and
its related concepts, which were developed for the nuclear and conventional
environments.

The Terrestrial Fait Accompli

In his research on the fait accompli in terrestrial disputes, Dan Altman noted how
James D. Fearon, when reviewing the literature on strategic interaction during
crises, drew a basic distinction between crises as competitions in risk-​taking
and crises as competitions in tactical cleverness (i.e., as attempts to outma-
neuver the adversary).14 Fearon argued for the importance of both but focused
on the former.15 International relations theorists leveraged Fearon’s insights
on competitions in risk-​taking to develop a strategic bargaining paradigm that
places central emphasis on the concepts of coercion, signaling resolve, brink-
manship, and escalation.16
With the advent of cyberspace, perhaps it was natural to adopt these concepts
to describe and explain State cyber behaviors.17 However, as we show later in this
chapter, those concepts fail to explain most State cyber strategic behavior short
of militarized crises and armed conflict. Fearon’s less-​explored alternative better
describes this behavior; its premise is captured in the strategic bargaining con-
cept of the fait accompli.
40 Cyber Persistence Theory

The fait accompli is described with little variance in international relations

strategic bargaining literature. Altman says the “fait accompli imposes a limited
unilateral gain at an adversary’s expense in an attempt to get away with that
gain when the adversary chooses to relent rather than escalate in retaliation.”18
Alexander George describes it as altering the status quo in one’s favor through
a “quick decisive transformation” of the situation that avoids unwanted retalia-
tory escalation.19 A recent illustrative example is Russia wresting the Crimean
Peninsula from Ukraine in February 2014. Altman uncomfortably categorizes
faits accomplis under coercive bargaining, but only because they are considered
to represent the failures of deterrence in the conventional strategic environment
(i.e., the terrestrial frame).20
The strategic logic behind the fait accompli in terrestrial disputes hinges on
finding vulnerabilities in “red lines.” Altman defines red lines as the part of a
coercive demand that distinguishes compliance from violation.21 When red
lines are viewed as arbitrary, imprecise, incomplete, or unverifiable, States are
incentivized to act unilaterally to achieve their limited desired gain.22 In terres-
trial disputes, red lines are usually anchored on a disputed border. India and
Pakistan, for example, have clashed over Kashmir’s status and border several
times, with both making claims to the whole of Kashmir; today, they control
only parts of it—​territories recognized internationally as “Indian-​administered
Kashmir” and “Pakistan-​ administered Kashmir.” Altman concludes that,
when States do act, “faits accomplis are more likely to succeed at making a gain
without provoking war when they take that gain without crossing use-​of-​force
red lines.”23
Finally, although the fait accompli may fail to achieve the desired outcome for
several reasons—​for example, the defender chooses not to relent and marshals
superior forces to take back the gain made—​it fails in execution for only one
reason: the defender anticipates the unilateral action and takes steps in advance
to set the conditions of security in its favor. This contrasts with the multiple ways
that coercive strategies can fail: lack of commitment, ambiguity of demands, or
non-​credible capability.

The Cyber Fait Accompli

We define the fait accompli in the cyber strategic environment as a limited uni-
lateral gain at a target’s expense where that gain is retained when the target is
unaware of the loss or is unable or unwilling to respond.24 The immediate “gain”
in or through cyberspace is the setting of security conditions in one’s favor, es-
sentially a reconfiguration of cyberspace technically, tactically, operationally,
or strategically that has an immediate impact in advancing an interest and/​or
positioning a State for further advancement of other interests.
 Cyber B ehav ior and D y nami c s 41

The United States’ military Cyber Command’s (USCYBERCOM) reported

effort to secure the 2018 US midterm elections can be understood in this way.
USCYBERCOM reportedly took the initiative to exploit vulnerabilities in the
cyber infrastructure of Russia’s Internet Research Agency (IRA) to constrain
their ability to act against the US 2018 elections through that infrastructure.25
This campaign resulted in an initial benefit gained for the United States. It also
created sufficient organizational friction in Russian system since time, talent,
and treasure had to be redirected toward figuring out whether the obvious
American exploitation was the only exploitation underway, thereby changing
the conditions of security in its favor within that space in which the initiative
Russia might have had in electoral interference was now lost.26
What emerged in early 2021 as the “SolarWinds” campaign can be under-
stood similarly as a cyber fait accompli in which the initial exploitation of tech-
nical update functionality managed through clever tactics and sophisticated
operational planning provided Russia with an initial benefit gained of wide-​
ranging real-​time access to government and private sector networks at a scale
that positioned Russia to realize strategic effects. The initiative seized through
this initial exploitation, however, and importantly, was not lost upon discovery
of the intrusion. In fact, its discovery put the US government on its heels as it
could no longer trust the confidentiality and integrity of data and communica-
tion flowing across its unclassified networks in a number of agencies. Therefore,
while seeking to mitigate the intrusion, the United States also had to readjust
its thinking, planning, and policies toward what Russia could do with the infor-
mation it had required, for example, internal communications on sanctions and
other policies.27
Cyber faits accomplis often occur in series. An initial gain is often followed
by the pursuit of subsequent gains, further expanding the scope and/​or scale of
the condition of security or acquiring a “good” (such as intellectual property)
that is perceived to be of value by the attacker for maintaining or altering the
international distribution of power.28 For example, Russia’s security service re-
portedly leveraged the technical gain from its SolarWinds campaign to exfiltrate
sensitive tools that FireEye, Inc. uses to find vulnerabilities in clients’ computer
networks.29 Similarly, the United States leveraged its initial technical gain against
the IRA in 2018 to further enhance the condition of security in its favor by sub-
sequently revealing its presence on IRA networks. This reportedly resulted in
IRA organizational friction and Russia shifting its focus and efforts toward de-
fense, both of which served a US strategic objective of taking Russia’s focus away
from cyber-​enabled information operations directed at US elections.30
In 2014, Chinese cyber operators obtained login credentials for the US Office
of Personnel Management (OPM) networks by first breaching the networks of
KeyPoint Government Solutions, an OPM contractor. This initial gain set the
42 Cyber Persistence Theory

conditions of security in their favor vis-​à-​vis OPM. These credentials were sub-
sequently used to log into OPM networks and install malware that exfiltrated
sensitive data on approximately 22 million key US personnel, data China could
conceivably leverage in a strategic effort to maintain or alter the international
distribution of power.31 Additionally, beginning around 2014 Chinese cyber
operators initiated a campaign (“Cloud Hopper”) premised on compromising
managed service providers (MSPs)—​companies that remotely manage their
clients’ information technology infrastructure—​as a way to establish footholds
for follow-​on exploitations of the MSPs’ clients.32 After compromising a MSP,
the operators mapped out the network topology to find the credentials of the
system administrator who controlled the company “jump servers,” which act as
a bridge to client networks. With that information, they then “jumped” to client
networks, mapped those topologies, and exfiltrated information that served
their strategic interests.33
With these examples in mind, we eschew George’s “quick” adverb in our cyber
fait accompli definition because, although initial gains can be realized quickly
through cyber exploitation, subsequent efforts to realize follow-​on gains can ex-
tend to minutes, hours, days, months, or even years. To wit, analyses indicate
that the time from an attacker’s first action in an event chain to the initial com-
promise of an asset is typically measured in minutes.34 Crowdstrike reported
that after an initial beachhead has been established, the average “breakout time”
for the most competent State cyber actors ranges from 19 minutes to around
10 hours.35 Mandiant noted that Chinese cyber operators engaged in significant
exfiltrations of intellectual property by maintaining a persistent presence on
targeted networks for an average of 356 days.36
Within the definition of the cyber fait accompli, “unilateral” means that
the exploitative action is pursued independently of any decision made by the
targeted entity. Thus, the fait accompli is distinct in principle from coercion,
which depends on demands, commitments, and signaling expressly for the pur-
pose of influencing the target’s decisions.37 Moreover, making gains at the ex-
pense of an adversary is not the same as threatening to impose costs or actually
doing so in an effort to change an adversary’s decision calculus. It can, however,
be equally strategically consequential for international politics—​an important point
we expand on later in this chapter and in Chapter 4.38 Once a benefit or gain
is realized, it may subsequently serve as a foothold for future coercive strategic
bargaining, depending on the target’s political value; however, the cyber fait ac-
compli is first and foremost about seeking unilateral operational and/​or tactical
gains through exploitation.
As in the terrestrial frame, States pursuing cyber faits accomplis have a strategic
incentive to pursue their desired gains in and through cyberspace in ways that
do not invite escalatory retaliation. That said, cyber persistence theory argues
 Cyber B ehav ior and D y nami c s 43

that the opportunity for reward, not fear of retaliation, is the primary incentive
driving States to engage in cyber operations short of armed-​attack equivalence.
States recognize that strategic opportunities flow from cyberspace’s abun-
dant vulnerabilities and resilience to persistent, exploitative cyber operations/​
campaigns with effects short of armed-​attack equivalence. Given opportunities,
States are taking them.
The strategic logic behind the fait accompli in cyberspace also hinges on finding
vulnerabilities. However, unlike the terrestrial frame, those vulnerabilities do
not lie in the ambiguity of a coercive demand, but rather in the very fabric of cyber-
space itself.39 Cyberspace has been described as a vulnerable yet resilient techno-
logical system,40 organically offering an “abundance of opportunities to exploit
user trust and design oversights.”41 When considered along with a condition of
constant contact, the prevalence of vulnerabilities provides a strategic incentive
for States to pursue unilateral gains in and through cyberspace, persistently.42
This incentive is further enhanced because of cyberspace’s resilience. The fait
accompli in physical space returns a marginal, episodic gain—​often a small piece
of territory. Cyberspace, by contrast, encourages the accumulation of gains to
levels of strategic significance through series and/​or campaigns of faits accomplis
at scale because its resilience mitigates concerns that such campaigns might put
at risk the digital environment’s systemic functionality.43
There is a second notable way in which the cyber fait accompli diverges from
its counterpart in the conventional strategic environment. George describes the
fait accompli as a strategic bargaining concept that States use to change the status
quo in the international system. Although cyber fait accompli campaigns could
conceivably change the status quo in the international system, they are unilateral,
independent actions and thus are not indicative of strategic bargaining.44 For ex-
ample, North Korea has unilaterally pursued an aggressive campaign of cyber-​
enabled theft from financial institutions and cryptocurrency exchanges and has
used the proceeds to expand its nuclear weapons program and develop intercon-
tinental ballistic missiles.45 The $2 billion Pyongyang reportedly accumulated
from 2016 to 2019 to support those programs while evading sanctions is more
than three times the amount of currency it was able to generate through coun-
terfeit activity over the four decades prior.46 Thus, pursuit of cyber faits accomplis
is more accurately described as a unilateral, independent strategic choice in the
cyberspace environment rather than as a mechanism for strategic bargaining.47
As noted earlier, an important distinction between coercion theory and cyber
persistence theory lies in the recognition that while all strategic bargaining is com-
petition, not all strategic competition is bargaining.
The cyber fait accompli is a useful concept for describing and explaining
States’ primary operational and tactical cyber behaviors—​how they persist in
seizing and maintaining the initiative to set the conditions of security in and
 Another Random Document on
Scribd Without Any Related Topics
 28. A hét holló.
Hun vót, hun nem vót, vót a világonn ëgy asszony.
Annak az asszonnak vót hét fia.
Ëcczër csak lëbetegëdëtt, gyönyörű szép lyánygyerëkët hozott a
világra.
A gyerëkágy után, mint a hogy szokás, ő is elmënt a templomba
az avatóba. Mikor má ott elvégezte, gyövet látta, hogy a hét fia ép
akkor gyön ki a kocsmábú, mikor ő a templombú. Annyira
mëhharagudott rájok, hogy mëgátkozta őköt: »vállyatok hollóé, ha
még a kocsmába jártatok inkább, mint a templomba!«
Allyig hogy ezt kimonta, a hét holló ott szát el a feji fëlëtt, az ő
hét fija.
Ő mëg mënt hazafele.
Má a kis lyány nagyocskára nyőtt, szép lëtt, annyányi, látta, hogy
az annya mindér rí. »Mé rísz, të anyám?« kérdezte az annyát. »Në
kérdëzzé engëm, hogy mé ríjok? csak ríjok. Ússë tuccz të engëm
mëvvigasztalnyi!« »Dehonnem, écsanyám! hátha tunnék valamit én
is! Mongya csak mëg, maj mëllássa, hogy jobb lëssz!«
»Mëmmondom, fijam! ha olyan nagyon erősködöl, de tudom, hogy
hasztalan. Hát tudod-ë, mikor tégëd születtelek, oszt utánna
mëntem az avatóba, hát vót nekëd hét bátyád, a ki épenn akkor is,
mikor én a templomba vótam, a kocsmábú gyött ki. Én őköt
mëgátkoztam, hogy »vállyatok hollóé!« ők azé vátoztak, elszátak,
azóta úgy odavannak, hogy së hírik, së nyomok, nem tudok rúllok
sëmmit!«
Ezt monta az asszony, de nagyon keserves rívásba fogott.
Vigasztalta vóna azt a kis lyány, de már rosszabb bót. Anná jobban
rítt.
Egy nap rëggel, aszongya a lyány az annyának: »écsanyám!
süssék nekëm bogácsát. Én elmënëk, fëlkeresëm a bátyájajimot!«
»Hova mënné të, te! isz’ as së tudod, hun, mére keresd!«
De a lyány kötte magát, az annya së áhatott elejbe, hogy në
mënnyék. Sütött neki bogácsát, avval útnak eresztëtte.
Mënt a lyány, mëndëgét hetedhét ország ellen.
Úttyába tanákozott ëgy farkassal. A farkas mëgállott előtte az
útonn. A lyány mëg nagyon mëgihett. »Sosë iheggy mëg tüllem, jó
lyány! nem bántolak én! aggyá inkabb ëgy falat ënnyivalót, mer má
olyan ëhetném, hogy majd elveszëk!« A lyány is oszt mëbbátorodott,
kivëtt a tarisznyábú ëgy bogácsát, odatta neki. Az mëg ëgy sípot
adott neki érte, hogy ha akarmi baja lëssz is, csak fújja mëg, ő
azonnal segíccségire mëgyën.
Avval elvátak ëgymástú.
Mënt a lyány tovább. Útközben most mëg ëgy rókával tanákozik.
»Hallod-ë, jó lyány! fordí mëg engëm a másik ódalamra, má hét
esztendeji nyomorgok a fé ódalomonn. Jótét helyibe jót vársz!« A
lyány mëssajnáta azt is, adott neki ëgy bogácsát, a mé a róka
lëszakított magárú ëgy szál szőrt, azt odatta, hogyha szükségi lëssz
valamire, azt csak szakíjja ketté, ő rögtön ott terëm. Jó van, a lyány
azt is eltëtte.
Harmacczor mëg – a hogy mëgyën, ëgy galyrú szó lë neki ëgy kis
madár. Az is bogácsát kért. Adott ő annak is. A kis madár mëg hála
fejibe olyant mondott, hogy »ha a vërës tengërhë érsz, ott ëgy szép
alma esik elejbed; të azt vëdd fël, ëdd mëg, a csutáját mëg tördeld
el, oszt hajingádd a vízbe!«
A lyány megköszönte a madár jóakarattyát, oszt indút. De a kis
madár attú a përcztű fogva mindég vele mënt.
 Sokszor fëlgyött a nap meg sokszor lëmënt, még ëcczërcsak
nagysokára a Dunáho ér a lyány. Próbáná, próbáná, de nem tud
rajta átjutynyi.
Benyút a zsebibe, elévëtte a sípot, oszt mëgfútta.
Rögtön ott termëtt a farkas. »Mit parancsolsz, itt vagyok!« monta
a farkas. A lyány oszt elmonta a baját. Akkor a farkas elvëtte tűle a
sípot, mëffútta ő is, hát csak úgy rezsgëtt a sok farkas, annyi gyűt
oda. Mëntek ëgënyest a Dunának. A lyány ezt nem tutta mire vélnyi.
Látta oszt, mikor má mind belemënt, hogy azé van e, hogy ő át
tudhassék mënnyi! Neki is mënt a Dunának, átsétát a sok farkas
hátán úgy, hogy még a czipéji szélyi së lëtt vizes.
Má a Dunán átment vóna, de még csak ezután gyön a sok nehez
út! Mëgy, mëndëgé, má el is fáratt, mikor a fekete tengërhë ért.
Hogy mënnyék ő most azonn át? mindënféliképenn törte a fejit rajta.
Eszibe jutott a szőrszál. Szétszakajtotta. Rögtön ott termëtt az róka.
»Mit parancsolsz, kedves gazdám!?« »Vigyé át a fekete tengërënn,
mer nagy utam van nekëm, a kinek mén nagyon soká gyöhet el a
végi!«
A róka csak neki fartolt a tengërnek, a farkát rávette a tengërre,
úgy hogy félyig átérte, akkor oszt monta a lyánnak, hogy »ereggy
no!« Mikor a tengër közepinn vót a lyány, a róka mëffordút a tengër
másik partya fele, úgy, hogy a lyány minden baj nékű átmëhetëtt a
róka farkánn. De a kis madár mindég mënt vele!
Ëcczër a vërës tengërhë ér a lyány. A partyán mingyár elejibe hút
ëgy alma. Ënnyi kezte, a csutájajit mëg a vízbe hajingáta ëgy
csëppig. A csutábú gyönyörű szép hajók lëttek. Ëgyre fëlült, a ki őt
elvitte túnat a vërës tengërënn.
Ott a parton vót ëgy nagy hëgy, annak a tetejibe mëg ëgy kis
ház.
A kis madár, a ki hűségesenn kisirtëtte, aszongya a lyánnak: »të
ideszámitol ebbe a kis házba, de të oda nem tuccz fëljutynyi
sëhossë, hacsak oda nem mégy, amott a hëgy tövibe van ëgy
hattyú, annak ülly a hátára, kapaszkoggy a farkába, në fé maj fëlvisz
a!«
Úgy is vót. A lyány ráült, a hattyú mëg fëlvitte.
Bemënt a kis házba, szétnézëtt. Elévëtte az asztalterítőt,
mëgterítëtt, kirakott rája hét bogácsát. Azután elbújt az ágy alá.
Este hazagyönnek a hollók, szétnéznek a házba, kérdezőskönnek,
tanágatózkonnak, hogy ki járt itt? de nem tutták kisütynyi. Avval
lëfeküttek, rëggel mëg mëntek hazúrú.
Másnap is igy törtint a dolog. A lyány mëgterítëtt, oszt elbújt az
ágy alá. A hollók tanágatták most is, de nem mëntek sëmmire.
Harmannap a hollók javába eszik a bogácsát, a kit ő – a lyány –
kirakott, ő mëg csak elébujik az ágy aló, aszongya nekik: »ösmertëk-
ë még engëm?« – aszongyák a hollók: »hát honnë ösmernénk mán
no! iszën të a testvérünk vagy! de tudod-ë, mit? në maragy të itt
köztünkbe, mer ha a hollók királya hazagyön, széttép! ereggy, míg
szépenn vagy!« De a lyány mëkkötte magát, hogy bizon nem gyön ő
aggyig, mig ököt ki nem szabadittya! Aszongyák a hollók, hogy »nem
lëssz abbú sëmmi së, mer ahho hét esztendőt, hét félórát mëg hét
minutát këll éhëznyi mëg az alatt az idő alatt ëgy árva szót së szónyi.
Të mëg azt nem birod ki!« »Dehonnem!« – monta a lyány, – »maj
mëppróbálom!«
Avval elbúcsúzott a hollóktú, oszt mënt, a mére látott.
Úttya ëgy nagy uradalomba vezetëtt, a hun egy nagy
szalmakazalba elbújt. Ott vót ő magányosan, së nem ëtt, së nem
szót sënkihë. Hiába hozta a kirá agara az ételt, rá së nézëtt, mécs
csak hozzá së nyút.
De ëcczërcsak a lovász eszrevëszi, hogy az agár a mi ételt kap,
mind a kazalho viszi. Rálesëtt. Mëllátta, hogy a kazalba ëgy lyukba
valami szép lyány van elrejtëzkëdve. Jelëntyi is a kirának mingyá,
hogy mit látott!
 A kirá odamënt, kihítta, nem törődött avval, hogy néma, mer
annak gondolta, hogy nem szól, mëszszerette, elvëtte feleségű.
Nemsokára lëtt ëgy szép gyerëkik.
De vót az udvarba ëgy kutyaírígy vasórú bába is, az haragudott a
kiránéra szörnyenn. Mindënáron el akarta vesztenyi.
Mikor a kis gyerëkët elvëtte tűlle, azt ëgy vesszőkosárba fektette,
betëtte ëgy folyóba, az mëg vitte, vitte lëfele. A vasórú bába azután
lëölt ëgy csirkét, a kést az asszony – mán mint a kiráné – mellé
fektette, a száját mëg a kézit bekente vérrel, hogy azt higyék, hogy
ő maga ëtte mëg a gyerekit.
Akkor a vasórú bába bemënt a kiráho, aszongya neki: »mit
érdemël az az asszony, a ki a saját tulajdon gyerëkit mëgëszi?« A
kirá tutta, hogy az ő feleségire kék most szónyi valamit, de nem
szót, csak aszonta: »még várok, az igazság maj kisül!«
De születëtt ám a kiránénak másogyik, harmagyik gyerëki is,
azokot is mind elvesztëtte a vasórú bába a vízënn, mész szërëncse
vót, hogy ëgy mónár kifogta őköt, a kinek ëgy csëpp gyerëki së vót.
A gyerëkëk születésit azonba látták a hollók, mëg azt is, hogy a
mónár kifogta őköt.
A kirának mëg mit vót mit tënnyi, most má elhitte, hogy a
feleségi csakugyan maga emísztyi el a gyerëkëkët, kilenczvenkilencz
kocsi fát hordatott máglyába, hogyha az majd tiszta parázstűz lëssz,
rátëszik az asszont.
Fël is gyútották, má vinnyi akarták az asszont, ép mikor a
zsarátnakra akarták tënnyi, lëtelt a hét esztendő, a hét félóra, mëg a
hét minuta, a hét holló is, a ki ott vót az igazlátásná, csak
mërrázkódott, oszt valamënnyibű szép fiatal embër lëtt.
Azok elmonták az esetët, hogy a kiráné az ő testvérik, idáig azé
nem szóhatott, mer őköt akarta mëszszabadítanyi, a gyerëkei pegyig
ëgy mónárná van, a ki kifogta a vizbű, a kinn a vasórú bába
eleresztëtte, azóta nevelyi is szépenn.
A kiráné mësszabadút, a gyerëkeit a mónártú visszaszërzették, ő
az anyját magáho vëtte, a hét testvéri pegyig elmënt haza. Még
most is boldogann ének, ha mën nem haltak.
Besenyőtelek, Heves vármegye. Dankó Anna szakácsnőtől.
Lejegyzési idő: 1903. decz.
 29. A hét daru.
Hol volt, hol nem volt, volt egyszer a világon egy özvegy asszony.
Az özvegy asszonynak volt hét fia, meg egy bölcsőben fekvő,
csecsemő kis lánya. Szegény volt az asszony, napszámra, hova járt,
míg nem volt otthon, a kis lánynak a hét gyerek viselte gondját.
Étették, itatták, s hogy elaludjék, ők is ringázták. Egyszer hogy-hogy
nem? valahogy kidőtötték a bölcsőből a kis lányt, az ríni kezdett, az
anyja meg épen akkor jött haza. Kérdezte a fiaitól:
– Mi lelte ezt a kis lányt, hogy így rí?
Azok mondtak valamit, de nem az igazat. Az asszony a hogy ölibe
vette a kis gyereket, mindjárt meglátta, hogy a feje fel van kelve,38)
ezt biztosan kidőtötték a czudarok, mikor játszottak! megátkozta
mind a hetüket, hogy váljanak darúé.39)
Nem kellett kétszer mondani, a hét fiú abban a szentben daru
lett, szép hét hamvas daru. Fel is kerekedtek mindjárt és mentek
Isten tudja: hová? – messzire.
A kis lány otthon maradt. Az anyja nevelte, gondozta, de a kis
lány mindig nagyon szomorú volt. Már lehetett vagy tizenkét
esztendős.
– Mért szomorkodol te, kis lányom – mondta neki az anyja, –
tejbe’-vajba’ fürösztelek, van mit enned-innod, gondodat is viselem,
nem tudom, mi lehet az oka szomorúságodnak?
– Hej! édes anyám! volt nekem hét testvérem, azok egyszer
engem a bölcsőből kidőtöttek, te megátkoztad őket, s most mind a
heten daru képében élnek valahol, ha élnek. Ha én csak egyszer is
megláthatnám őket, sokért nem adnám, mindjárt olyan víg volnék,
mint a fán csiperkedő kis madár.
 – Sohse búsúlj azért, kis lányom! mondta neki az anyja, ha ők
olyan gonoszok tudtak lenni, hogy kidőtöttek a bölcsőből,
megérdemlik, hogy most daru képében legyenek. De azért ha
akarod, keresd fel őket, de te úgy sem tudsz a sorsukon fordítani
semmit, legfeljebb még te is odaveszel s nekem vót lányom és nem
lesz lányom.
Beszélt volna az anyja a kis lánynak, ha az hallgatta volna, de
szedelőzködött, a mi kis holmija volt, batuba kötötte, oszt ment a
világnak.
Ment, mendegélt hetedhét ország ellen. Ki tudja, hova ért volna,
ha a Széllel nem találkozik.
– Ugyan, Szél uram! legyen olyan jó, mondja meg, hol van az én
hét testvérem? az anyám megátkozta őket és most daru képében
élnek valahol!
– Nem tudom én, – mondta a Szél, – de ha nyomra akarsz jutni,
csak eredj egyenesen, a hogy elindúltál, majd találkozol a Hold
testvéremmel, az majd tud valamit mondani!
Ment a kis lány, ment, már olyan sokáig, azt hitte, hogy soha sem
ér oda. Mikor odaért, ott sem tudtak semmit a hét bátyja felől, a
Naphoz igazították, az mindent tud, hátha ezt is tudja!
Csupa vér volt már a kis lány lába, éhes is, szomjas is volt, míg
egyszer a Naphoz ért. Eléadta, hogy a hét bátyját keresi, a kik daru
képében élnek, mert az anyja megátkozta őket. Akkor a Nap fogott
egy fekete tyúkot, megkoppasztotta, megfőzte a kis lánynak és azt
mondta neki:
– No! itt van ez a fekete tyúk! edd meg, a csontjáról is jól
lerágjad a húst, de a csontot el ne hajítsd, még jó hasznát veheted!
Oszt ha megetted, eredj egyenesen, a hogy jöttél, találsz egy nagy
hegyet, szúrd a csontot az oldalába, oszt mászsz fel a tetejébe, ott
találsz egy kastélyt, abban él a te hét testvéred!
 A kis lány megköszönte a Napnak jó’akaratját, a csontokat a
zsebibe tette, oszt elindúlt.
A hegy már messziről látszott, a kis lány egyenesen tartott neki.
Mikor a lábához ért, kivette a csontot, beleszúrta a hegy oldalába és
úgy ment fel-fel a tetejébe. Már majdnem odafennt volt, elkezdett
fáradni. Hát már ott is maradt volna, ha egy vándorfelleg meg nem
szánja, oszt fel nem löki a hegy tetejére. Úgy jutott el a kis lány, a
hová akart. A kastély csak pár lépésre volt már, nem hímezett-
hámozott a kis lány semmit, kapta magát, bement, leült a lóczára.
Ott volt a hét testvérének a lakása.
Azok épen nem voltak otthon, oda voltak valahol. Mindennap hét
betyáremberrel viaskodtak, tiszta vér volt minden tetemök, mikor
hazaértek. Most is viadalban voltak, azért nem talált a kis lány
otthon senkit. Mindjárt otthon érezte magát, szétnézett itt is, ott is, a
kamrában talált egy csomó véres ruhát. Fogta magát, kimosta. Mire
este lett, a hét daru hazajött, megrázkódott, szép hét legény lett
belőlük. Asztalhoz ültek és vacsoráltak. Vacsora után mentek a
kamrába, hogy majd a véres ruhát levetik, hát – uramfia! mit látnak,
a sok véres, szennyes ruha mind olyan fehér, mint a hó, mind ki van
mosva.
– No! itt valakinek kell járni! mondták egymásnak.
S addig keresgéltek, kutattak, míg a kis lányt meg nem találták.
– Hol veszed itt magad, a hol még a szálló madár sem jár? nem
féltél az úton, hogy valami bajod kerűl?
Örültek a kis lánynak nagyon, nem tudták hova tenni, egyik is
fogta volna meg, a másik is, már majd összevesztek rajta. De
egyszercsak azt mondják neki:
– Úgy ám! kis testvérünk! de itt nem sokáig maradhatsz, mert
mink hét betyáremberrel viaskodunk minden nap, ha azok minket
megölnek, idejönnek és neked is végedre járnak!
 – Pedig én meg azért jöttem, – mondta a kis lány, – hogy titeket
megszabadítsalak, a hogy tudlak!
– Jaj! kis testvérünk, de nagy fába vágtad a fejszédet! nem te
való vagy ahhoz!
A kis lány erősködött, hogy akárhogy-akármint, de ő megmenti a
bátyjait.
– Jól van, ha épen annyira elhatároztad magadban, megteheted,
de hét esztendeig meg hét perczig egy szót sem szabad szólnod
senkihez. Ha csak egy kukkot is ejtenél ki a szádon, má minket nem
tudnál megszabadítani soha, míg a világ!
A kis lány felfogadta, hogy nem szól semmit. Még az estét ott
bevárta, másnap reggel indúlt hazafelé. A hogy az erdőben ballagott,
találkozott egy szép királyfival, az megszerette, hazavitte, el is vette
feleségűl. Csak az nem tudott a fejébe menni, hogy mért nem szól
ez a lány? Kuka-e,40) mi-e? de az nagyon furcsa vót előtte,
különösen eleintén. Később aztán inkább hozzászokott.
Egyszer a királyfinak háborúba kellett mennie, a feleségét boldog
állapotban hagyta otthon s rábízta egy vén asszonyra, viselje
gondját, míg ő odajár.
Alig ment el a királyfi, a felesége két gyönyörű fiút szűlt, az
egyiknek a nap, másiknak a hold volt a homlokán. A vén aszony
amúgy is ellensége volt a királyfi feleségének, most meg még jobban
ette a fene, hogy azt a szép két gyereket meglátta, rögtön levelet írt
a királyfinak, hogy jőjjön haza, mert a felesége bíbályos,41) olyan két
gyereket szűlt, a minőt rendes asszony soha nem szokott. A
királyfinak mit volt mit tenni? hazament.
Az ágyba ott feküdt a felesége, mellette a két gyönyörű gyerek.
– Hisz ezek nagyon szépek! gondolta magában, mért öljem én
meg a feleségemet?
 De a vén asszony az országban is annyira áskálódott, hogy a
néma asszonyt meg a két szép kis fiát lóbőrbe varrták, kivitték a
város végire, ott meg épen már várakozott a hóhér, hogy
összetrancsírozza őket. De a hogy emelte volna a kardját, ott termett
hét daru, az asszonynak a hét bátyja, már akkorra letelt a hét
esztendő meg a hét perc, megrázkódtak, gyönyörű szép két legény
lett belőlük. Azt mondják a hóhérnak:
– Hallod-e, hóhér! ne bántsd azt az asszonyt! mert az ártatlan!
idáig is a mit tett, mi értünk tette, hogy az átoktól megválthasson.
A hóhér letette a kardját, kivette az asszonyt a bőrből, meg a két
kis gyereket, azoknak csakúgy ragyogott a homlokán a nap meg a
hold! hazavitte őket a királyfihoz.
Igen ám! má otthon azt várták, hogy meghal az asszony, oszt itt
van ni! él! a vén asszony majd megette magát mérgiben. Odament a
királyhoz, hogy ez már mégsem igazság, így-amúgy, ez meg az!…
míg azt mondták, hogy az asszonyt csakugyan el kell veszíteni, mert
csakugyan bíbályos, a kinek még a halála óráján is hét daru jön a
segítségére! Fogták, elvitték egy nagy hegyre, ott egy rettentő setét
mélységbe behajították a két kis fiával együtt. Odament a királyfi is a
meredek széléhez, hogy majd megnézi, hova hajították a feleségét?
hát látta, hogy a két gyerek homlokán kialudt a nap meg a hold, de
az asszony úgy világított, mint a fényes nap. Szaladt be mindjárt a
városba, a feleségét meg a két kis fiát kivetette onnan, a feleségével
még egyszer megesküdött, a vén asszonyt meg eltették láb alól, volt
olyan lagzi, hogy mióta élek, még olyant magam sem láttam. A hét
legény herczegséget kapott, a királyfiból király lett s oly boldogan élt
a feleségével ezután, mint egy pár gerlicze. Még most is élnek, ha
meg nem haltak.
Eger, Heves vármegye. Kaló János, mezőkövesdi legénytől. 1905.
január.
 30. A libapásztorbul lëtt királyné.
Hun vót, hun nem vót, vót ëcczër a világon ëgy pár cseléd, annak
a pár cselédnek vót három lyánya.
Az apjok ëcczër vásárra készűt, a lyányainak vásárfiát akart
hoznyi, eléhivatta hát a három lyánt, oszt megkérdëzte tűllök sorba,
hogy hogy szeretyik őtet? Az első aszonta: »Úgy szeretlek, édës
apám, mint a letësletszëbb ruhát, a minőt csak a vásáron árolnak!«
A másogyik mëg úgy felelt: »Úgy szeretlek, édës apám! mint a hogy
a gyémántos ruhát. Úgy-e vëszël nekëm olyant?« Odafordút a
harmagyikho is. »Hát të hogy szeretsz, legkisebb lyányom?«
»Kedves apám! – felelte a legkisebb lyány, – én úgy szeretlek, mint a
levesbe a sót!«
»Hennye azt a kutya mindënëdët! hát hogy mersz të nekëm
ilyenëkët mondanyi? Hát mire tartasz te engëm? Ilyen keveset érëk
én të előtted? Eregy most má, a mére látsz, nekem nem këllesz!
Takarodj a házamtú!« Szörnyen mérges vót az apja, a mé a lyánya
olyan kevesre becsűte őt.
No! a kis lyány is hova fordúllyék most má? el van csappa azé az
ëgy szóé. Szëgény lyánnak mit vót mit tënnyi, összeszëtte, a mi kis
hómija vót, azzal elindút a világnak.
Mëgy, mëndëgél, maga së tuggya, mére, nagysokára végre egy
nagy uradalomra tanál, a kit azt së tutta, hogy kié. Kérdezősködött
itt is, ott is, úgy hallotta meg, hogy egy nagyon gazdag királyé.
Akkor eléatta, hogy mi járatba van? kiféli? miféli? bíz ő szógálatot
gyött vóna keresnyi, ha tanána! nem bánnya ő, akárminő dógot
annak neki, csak szánják mëg! Nagyon megsajnáták a szőrruhába
őtözött rongyos lyánt, minő foglalkozást aggyanak neki? Fëlfogatták
libapásztornak.
 Ott szëgénkëdëtt, nyomorkodott sokáig.
Az ételyié mindég a konyhába járt fël. Hát ëcczër is ott
süntörgött, ott forgolódott az ő rongyos szőrruhájában, nagyot kiát
rá a szakács: »Nem mégy má ki innen te, rihe-rongy! te! mindég láb
alatt vagy të! Még ëcczër a ruhájárú beleesik valami az ételbe! oszt
akkor lesz kapsz, még fël is akaszthatnak végette! Takarogy ki
mingyá!«
A szëgény lyány kimënt. A hogy kiért a pitarbú, a kiráfinak az
ablakja mëg épën nyitva vót. »Hová készű a kiráfi?« kérdëzte a
szëgény lyány, látva, hogy a kiráfi odbe őtözkögyik. »Hát mit keresëd
të azt, te szőrlyány? a hova mënëk, oda mënëk, elmënëk estére a
bálba. Sipircz az ablakomtú!«
A libapásztor fogta magát, mënt a libaólba, az ő rendës fekő
helyire. Ott kivëtte a zsebibű, a mit a konyhán kapott, oszt keserves
rívás közt hozzáfogott a vacsorájáho. A hogy ottang vacsorál,
vacsorál, hallja, hogy mellette ëgy kis eger czinczog. Odanéz, hát
csakugyan av vót. Mëgsajnáta, adott neki ëgy kis darab kenyeret.
Mikor azt az eger mëgëtte, hozott magával ëgy gyióhajat, azt lëtëtte
a libapásztor mellé, oszt visszaszalatt a lyukába.
Megnézi a szegény lyány a gyióhajat, ugyann mi lëhet abba? hát
ahogy belenéz, ëgy gyönyörű szép aranyruhát látott. Nagyon
megörűt neki. Még tapsolt is örömibe! »Mëgá, kiráfi! mëgá!
hamarabb ott lëszëk má én a báldba!« El is határozta magát, hogy
elmëgy, kimulatja magát, van má neki hozzá szép ruhája is! Avval
készűt sebësenn, mëgsimakodott, megmosdott, fëlvëtte az
aranyruhát. Akkor »köd előttem, köd utánnam! hogy sënki së
lásson!«, el a bálba.
Mikor odaért, tánczba fogott mingyá, nem árolt ő pëtrëzselymet
ëgy csëppet së. A kiráfi mindég vele vót, nem hagyott vele senkit së
tánczolnyi. Megbámúta nagyon, mulattatta is, de nem jó kedvibű,
mer má mëgszerette.
 Kérdëzősködött azután tűlle, hogy kiski ő? azután hogy
honnanvaló? A szép lyány csak annyit szót, hogy
»Törűközőütővárra!« Akkor épen új nótát húztak, elmëntek mëgin
tánczolnyi, egész rëggelyig mindég aj járta.
A kiráfi karonfogta a szép aranyruhás lyánt, engedelmet kért
tűlle, hogy hazakísírhetyi-ë vagy nem? De a lyány csak hímëlt-
hámolt, hogy így mëg úgy, ëcczër csak usgyi! elszökött. A kiráfi má
csak a hűt helyit tanáta.
A lyány visszament a libaólba, az aranyruhát visszatëtte a
gyióhajba, elévëtte a szőrruhát, felőtözködött, oszt mëgint csak a
szëgény libapásztor lëtt. Aznap délyig a libákkal bajolt, azokot
hajkurászta az árokparton, de ő neki eszibe së vót, hogy ő érte most
nagyon, hej! de nagyon búsúl valaki!
Elgyött a dél, a libák is az óba vótak, a lyány megint ott
sodormánkogyik a konyhába. A szakács csak piszkollya, csak dúj-fúj.
»Ereggy má innen, te széhozta! te vízhajtotta! még ëcczër valamit
csakugyan belekavarsz az ételbe, oszt akkor jaj nekem! Ne má ë!
oszt sipirc!« Adott neki valami kis harapnyivalót, oszt kikergette.
A lyány csak odamëgyën a kiráfi ablakára. Ott benéz, láttya, hogy
a kiráfi ugyancsak fésűkögyik, készű valahova! »Hová készű, kiráfi!
hogy olyan nagyon fésűkögyik!?« kérdëzte a lyány. »Mi közöd hozzá,
akarhova mënëk, csakhogy mënëk. Elmënëk a bálba! Takaroggy az
ablakomrú!«
A lyány kiment az óba, ott ëgy szögletbe várta be az estét. Mikor
má gondolta, hogy lëhetne indúnyi, kivëtte a gyióhajbú az
ezüstruhát, fëltisztákodott, »köd előttem, köd utánnam! hogy sënki
së lásson!« ment a bálba.
Má át a báld. A kiráfi nem mulatott, csak ëgy helyën az asztalná
szomorkodott. Mikor az ezüstruhás lyánt megpillantotta, mintha
elvágták vóna, úgy mëvvátozott. Tánczoltatta, sürgette, mulattatta,
olyan jó kedvi vót, hogy csak! Megint faggatta, hogy kiski ő? mérű
való? A lyány most csak annyit mondott: »Fésűütővárra!«
Gondolkozott a kiráfi, hogy mére lëhet a, de nem tutta kitanányi
sëhossë. Avval felkérte oszt a lyánt, hogy hazakísírhesse, de a lyány
csak szabódott, csak húzódott, még ëcczër csak megint úgy eltűnt,
mint azelőtt való este.
A lyány mëgint csak hazament, az ezüstruhát szépen
összehajtogatva visszatëtte a gyióhajba, felőtözködött a
szőrruhájába, mire kivilágosodott, má a tallón vót a libával.
Défele mëgint csak fëlmënt a konyhába. De má nem
pësztërkëdëtt ott soká, mëvvárta, még adnak neki valamit, avval
mënt. De a kiráfi ablakáná újfënt mëgát. »Tán mëgint a báldba
készű a kiráfi?« »Oda hát! De hát të má mindég olyan szemtelen
vagy, hogy mindég belesekëdël az ablakomon, má mégis
csudálatos!« Avval a tyűkört hozzá vágta a lyánho. »Jó van no«,
gondolta magába a lyány, »majd hamarabb ott lëszëk én, mint të, në
fé!42)« Bevárta az estét mëgin csak úgy, fëlvëtte a gyémántruhát,
»köd előttem, köd utánnam! hogy sënki së lásson!«, ment a bálba,
de hamarabb is ott vót, mint a kiráfi. Mán ő akkor javába tánczolt,
mikor a kiráfi odaért.
A kiráfi nem tutta néznyi, hogy az, a kit ő úgy szeret, mással
tánczol, odament, mérgesen elkapta annak a legénynek a kezibű,
oszt ő tánczoltatta.
Most még jobban mulattak, mint a két azelőtt való estén. A kiráfi
má nagyon szerelmes vót, má csak a lyán vót mindën gondolattya.
Mëgint mëgkérdëzte, hogy mongya má meg, de lélekre! hogy
honnan való, mer a hogy eggyig monta, hogy hovavaló, azoknak
még a hírit së hallotta. A lyány azt felelte: »Tyűkörütővárra!« »Hun
lëhet a? nem tudhatom! A szomszédunkba van ëgy öreg embër, a ki
má sok országot bejárt, kérdëztem attú, de ezëkët a helyekët még ő
së ösmeri!« De a lyány nem világosította fël.
A kiráfi má nem tudott magának së parancsolnyi, lëhúzta az
újjárú a gyűrőt, odatta a lyánnak, hogy őrözze mëg, oszt gondollyon
rá, mer ő el akarja vënnyi! A lyány mëg is igirte, de má nem várta
mëg, hogy mëgint szóllyék a kiráfi a hazakísírtésrű, elillant, mint a
lipe, szaladt mint a firjóka haza, ëgënyest az óba. Ott lëvette ar
ruháját, fëlvëtte a hétköznapló rongyosat.
A kiráfi mëg odavót nagyon. Mindën szívi-szándéka a lyán fele
vót má fordúva. Hogy az mëg elszökött, a báldba is csak tört-vágott,
kërësztű akart mënnyi mindënkin; mikor hazamënt mëg csak a
búnak atta magát, szavát së lëhetëtt vënnyi, olyan szomorú vót.
Odamënt az anyja, apja, vigasztalta vóna, de a kiráfi csak búsút,
búsút, nem hajtott as sënkire së. Úgy fájt a szivi, hogy maj mëghalt
bele.
A hogy elgyött a dél, a lyány is behajtott má, a konyhába is
susorgott má a sok étel.
A libapásztor is bemëgyën a konyhába, ott sűdörög a szakács
körű, akarmére lëpëtt, mindég láb alatt vót. »Mit keresël të itt, te!
tisztú’ innen mingyá!« De a szakács kerűt-fordút, a lyány is aggyig
süntörgött, aggyig süntörgött, hogy valahogy a gyűrőt mégis betëtte
a tába, a mit a kiráfitú kapott.
Avval oszt kiszalatt.
Mikor beviszik az ételt, merítënek a tábú, hát csak mëgcsördű a
kanál valamibe. Kivëszik, mëgnézik, hát mi vót? a gyűrő.
Hivatták oszt a szakácsot, ki járt a konyhába?! Mëgijett a
szakács, ëgy krajczár së maratt a zsebibe. Most van má baj! Nem
merte mëgmondanyi, hogy az a szőrruhás, mer akkor őt biztosan
felakasztyák. Hát csak tagatta, hogy »senki«. »Szakács! mondd mëg,
ki járt ott, mer akkor csakugyan fëlakasztatlak! de így nem lësz
sëmmi bajod, ha bevallod!«
A szakács is, mit vót mit tënnyi! bevallotta, hogy ott más nem
járt, mint az a szőrruhás libapásztor.
»Hidd be mingyá! tiszticcsa ki magát szépen, oszt győjjön be!«
 A libapásztor is mëgmosakodott, mëgfésüködött, fëlvëtte a
gyémántruhát. Bemënt.
A kiráfinak a szivi maj mëghasatt örömibe, hogy mëglátta, hogy
iszën ez az, a kivel ő tánczolt, ennek atta ő a gyűrőt! Mëgölelte,
mëgcsókolta, mëg is monta mingyá, hogy elvëszi feleségű.
Készűtek a lagzira. Tanakodtak, ugyan kit hijjonak má mëg?
mérű? hogy-mint? mi ëgymás, hát a többek közt mëghítták a lyány
apját is.
A konyhába mëg a lyány mëghagyta, hogy az apjának külöm
csinállyonak mindënt, de só nékű.
Gyön a lagzi. Az apja is ott van, jó kedvi van mindënkinek, csak a
lyány apja nem ëszik, olyan, mintha szomorú vóna.
Kérdëzik oszt, hogy mi lelte? mé nem ëszik? tán nem jó az étel?
De az embër csak himëlt-hámolt, nem akart szónyi.
Oda mëgyën a lyánya is, kérdezi az is, hogy »hát mé nem ëszik
édsapám? Në szomorkoggyék, ha má a lagziba van!«
Az apja mongya oszt, hogy »jó itt mindën, nagyon fájínú el van
készítve, csak az a baj, hogy só nincs benne!«
Akkor oszt odafordú a lyánya is. »Lássa-ë, édës apám, maga
engëm azé az ëgy szóé csapott el, a mé asz montam, hogy úgy
szeretëm magát, mint a sót az ételbe. Lássa-ë, hogy a nékű mëg
nem ér sëmmit az étel!«
Mikor ezt a lyány elmongya, az apjának csakúgy csurgott a
szëmibű a könyű. Akkor oszt összeölelkëztek, lëtt olyan vigasság,
hogy hetedhét országon së vót párja. A lyány a kiráfinak feleségi
lëtt, boldogan éltek nagyon sokáig, tán még most is élnek, hogyha
mëg nem haltak.
Besenyőtelek, Heves vármegye. Szabó Julcsa asszony szájából.
Lejegyzési idő: 1903. nov.
 31. Nem akart az apja felesége
lënni.
Hun vót, hun nem vót, még a Krakónn is túnann vót, de még
azonn is túnann, vót ëgy királyi pár.
A kirának ëcczër mëhhalt a feleségi, de még halála előtt
mëghatta az urának, hogy ha ő mëhhal, aggyig në házasoggyék
mëg, míg olyant, mint ő mëg a lyánya – mer egyforma szépek vótak
– nem taná. Úgy is vót. Elindút a kirá, országot-világot bebarangolt,
de olyant, mint a feleségi, nem tanát, csak a lyányát, pegyig sok
fődet bejárt má.
A hogy hazamëgy, bántotta a gond nagyon, hogy a világon az ő
feleségihë több hasolló nincs, csak a lyánya. De fëlhagyott oszt a
gongyával, kapta magát, mëgkérette a saját tulajdon lyányát.
Az aszonta, hogy elmëgy, de csak úgy, ha az apja ëgy napszín
ruhát csinátat neki. A napszín ruha mëglëtt, »mos má gyere hozzám,
lyányom!« De a lyány nem mënt mém most së. »Csinátassék nekem
ëgy hódvilágszín ruhát, ha am mëglësz, akkor nem bánom!« Kis idő
múva kész lëtt az is. A lyány mos má ëgy csillagszín ruhät követëlt.
Az apja – kintelen-këlletlen – mëgadta neki azt is. A lyány – hot
tovább húzza-halaszsza a dolgot – mos mëm má azt kötte ki, hogy
csak úgy mëgy el az apjáho, ha ëgy tetyűbőrködmönt csinátat. »Má
csak azt nem csinállya mën neki senki!« gondolta magába. De bizon
allyig múlyik el valami kis idő, hozzák a tetyűbőrködmönt. A lyány is
micsinállyék má, a nëgyegyik kivánságát is betőtötték, mindég csak
azonn forgatta az eszit, hogy szabadúhasson mëg ő ettű az útállatos
apjátú? Ki is tanáta.
Másnap rëggel a lyány, mikor őtözkönnyi kezdëtt, hármat köpött
az asztalra. Az apja mëm má a pitarba várakozott rá. Mikor mëgúnta
várnyi, beszól: »gyere má, feleségëm!« mëszszólal az első köpés:
»mingyá, csak bóhászkodok!« De hogy a lyán nem mënt, mëgint
beszól neki. Akkor kiszól a másogyik köpés: »mingyá, csak a lámpát
fújom el!« Türelmetlenkëdëtt a kirá, harmacczor is híjja, de má
keményebben beszét. Akkor felelt a harmagyik köpés: »mingyá, csak
becsukom az ajtót!«
No, az apja mos má csakugyan azt hitte, hogy maj csak gyön,
bemënt a másik házba.
De bíz a lyány összeszëdelőczködött, oszt a kis öcscsivel
elszökött, útnak indút.
Mënnek, mënnek, mëndëgének, nagysokára beérnek ëgy nagy
erdőbe. Ott a kis gyerëk mán nagyon szomjann vót, az útonn tanát
ëgy ökörnyomot, innya akart belülle.
Mëgszólíttya a nénnyi: »në igyá belűlle, kis öcsém! mer ököré
vász!« A kis gyerëk engedëtt.
A hogy mënnek, tanának ëgy farkasnyomat, de a nénnyi abbú së
hatta innya, késübb mëgint ëgy szamárnyomat, de má a kis gyerëk
majd elveszëtt szomjann, mésse ihatott. Nëgyecczërre ëgy őznyomat
tanának, abbú hörpentëtt ëgy kicsit, a mënnyivel a szomjúságát
csillapíthatta, de abba az Istenbe ëcczërre őzecskéjé vát.
Kurholta oszt a nénnyi: »ládd-ë, mé nem hallgattá az én
szavamra, mos má őzecskének kell lënnëd, még élsz.«
Hát errű má hiába vót mindën szó, em mëgtörtint.
Mënnek tovább, árkonn-berkënn, beérnek ëgy királyi udvarba.
Ott a kérdezősködésre eléaggyák, hogy szógálatot gyöttek vóna
keresnyi. »Jó van, hát fëlfogadunk, épen pulykapásztorunk nincs!«
De a lyány aszongya: »fëlségës kirá, gráczia fejemnek, én csak úgy
állok el, ha a fëlségës kirá mëgígíri, hogy a testvérëmnek, ennek az
őzecskének sëmmi baja së lësz!« Elmonta oszt, hogy hoj járt az ő kis
öcscsi.
 A kirá mëgigérte, hoj jó van, nem lësz sëmmi baja së.
A lyány pëgyig azonnal beállott a szógálatba.
Másnap mëttutta a lyány, hogy a városba valami czéczó lësz,
olyan báldfurma, a kin a kirá is ott lësz, bemënt a szakácsného
elkéreczkënnyi. Az hallanyi së akart rulla. »Micsináná të ott, abba a
tetyűbőrruhádba! nem szégyëllëd magad? takaroccz ki mingyá?« De
a lyány csak, hogy eressze el. Aggyig rimánkodott, aggyig
istenkedëtt neki, hogy eleresztëtte. »Isz úgyis csak a csáváshordó
mellett lësz a të helyed!« gondolta magába a szakácsné.
Elgyött az este, a lyány lëvette a tetyűbőrködmönt, fëlvëtte a
napszín ruhát, abba mënt el a báldba.
Hű! nem a csáváshordó mellé kerűt ám, hanem a kiráfi ëgënyest
maga mellé ültette, mulattatta, nem is eresztëtt hozzá sënkit közel
së. Örűt a lyány, hogy minő jó mulat most ő!
Másnap rëggel hazamentek, ő is fëlvëtte a tetyűruhát, oszt délyig
őrzötte a pulykát.
Débe bemëgy a szakácsného, kéreczkënnyi mëgínt. A szakácsné
csak nevette a lyánt, hogy »minő bohó e, ilyen rongyléttyire is a
báldba kivánkozik! No jó, elmëheccz, de mën në tuggyam, hogy
valami csint tëszël ott, mer akkor jaj az életëd! tudod-ë?«
Este fëlkötözkögyik a lyány a hódvilágszín ruhába. Mëgy a
báldba. Mikor belépëtt, csak őt nézte mindënki, olyan szép pót. A
kiráfi is odaugrik, karonnfogja, viszi magával, még tánczolnyi is csak
keveset tánczoltak ëgyütt, egész rëggelyig mindég beszégettek.
Hogy mit tuttak aggyig ëgymásnak rógyikányi, én nem tudom, nem
vótam ott! de biztosan jó tanáhatták magokot.
A harmagyik este is szintazonszerint folyt lë a báld. A lyány
csillagszín ruhába vót, a ki ránézëtt, majd elvëtte a szëmi
fényességit, olyan gyönyörüen át rajta a ruha.
 A kiráfi má ekkor szerette a lyánt nagyon, kérdëzte is, hogy
hovavalósi? mëg hogy elkísírthetyi-ë hazáig? de a lyány nem árolta el
magát. A kiráfi akkor adott neki ëgy arangyűrőt, hogy ha valamikor
is még tanákoznának, errű ösmerjék mëg ëgymást.
Rëggel, mikor végi lëtt a báldnak, bánkódott a kiráfi nagyon,
hogy ő má bajosann láttya még ëcczër az ő szívi választottját.
Débe a lyány bemëgyën a konyhába, láttya, hogy a szakácsné
kemémmagoslevest főzött, má épen a kënyeret akarja
beleszegdelnyi, aszongya a szakácsnénak, hagy szegdellye ő a
kënyeret! De a szakácsné jó tarkón vágta, hogy »majd adok én
neked szegdelést, te tetyves! nécs csak! mit nem kiván még! ë!«
A lyány aggyig sürgött-forgott, rimánkodott, még mëg nem
engették. Lëvette a tetyűbőrködmönt, oszt hozzáfogott a
szegdeléshë. Mikor javába szegdelyi, ak közbe beleeresztyi a gyűrőt
a tába.
Viszik be a kemémmagos levest, szëd a kiráfi. Kavargattya,
kavargattya a kanával, hát csak hall benne valami zörgést. Kiveszi a
kanát, hát az a gyűrő van benne, a kit ő adott még a báldban annak
a szép lyánnak. Szól ki rögtön: »szakácsné! győjjék csak be!« Am
mëg mëgijett szörnyenn, hogy no most van má végi! Bemëgy, azt
kérdëzi a kiráfi, ki vót a konyhánn rajta kívël? A szakácsné
beösmerte, hogy az a tetyves pulykapásztorlyány! »Küggye be!«
monta a kiráfi.
Gyön a lyány, rajta mind a három őtözet ruha.
A kiráfi mëgösmerte. »Te vagy az, szívem szép szerelme? Ásó,
kapa választ el ëgymástú!« Nemsokára mëg is esküttek.
Esküvő után a kiráfi, má a kirá, hamarosan elmënt a háborúba.
Míg ő odajárt, mëg a kiráné, a feleségi mëszszaporodott.
De vót az udvarba ëgy mindënës asszony, a kinek nagyon
csesznye lyánya vót. Irigylëtte a kiráné sorát, a ki azelőtt csak
tetyűbőrruhába járt, oszt most mëg hogy fëlvitte Isten a dógát.
 Bemëgy ez a mindënës asszony ëcczër a kiráného, oszt hitta
kifele jó időre, ő mëg maj néz a fejibe. A ház előtt mëg folyt ëgy
szép tiszta vizű folyóka, annak a partjára ültek. Mikor a kiránénak
javába néz a fejibe az asszony, ëcczër csak zu! be a folyókába a
kiráné! Belökte az a kutya vénasszony!
Akkor beviszi a kiráné helyire a maga retves lyányát, lëfektetyi az
ágyba, oszt laskát süttet rá, hogy ha haza gyön a kirá, hát
csörögjön, mintha a csontya csörögne, annyira lesoványodott. Az
őzecskét mëg këszűtek kivégeznyi.
Gyön is haza a kirá, oda mëgy, láttya, hogy mëgcsunyut, hallya a
csörgést is. Szomorkodott nagyon.
Aznap este az őzecske fëlfogja a kis gyerëkët, viszi a folyókáho.
Abba mëg gyönyörű szép arankacsák úszkátak. Aszongya az
őzecske: »kacsák, kacsák, arankacsák! hun van kirá kis Miklósnak az
annya? rí a kirá kis Miklós! nincs meddőné tejecske!« Aszonták a
kacsák, hogy csak várjék, ott gyön a harmagyik csapatba!
Mikor a harmagyik csapat odaért, kivát közülök ëgy arankacsa,
asszonyé vátozott, elvëtte az őzecskétű a kis gyerëkët, oszt
mëgszoptatta.
Mikor avval végezëtt, aszongya neki az őzecske: »nénikém!
nénikém! torkomnak kést fenyik, vérëmnek aranyvërënczét
mossák!« Aszonta rá az asszony: »në fé, në fé! kis öcsém, nem lësz
sëmmi bajod! kiráfinak fogadása tartya!«
Avval az asszony visszaatta a gyerëkët, az őzecske pegyig bevitte
a szobába, lëtëtte a bőcsőbe.
Látta mán a kocsis ezt vagy kécczër. Bemëgy a kirának,
mëjjelëntyi, hogy mismit látott ő. A kirá aszonta: »maj
mëvvigyázuk!«
Úgy is vót. Este kimënnek a folyóka partjára, ott valahun
elbújnak. Hát láttyák, hogy hozza az őzecske a kis gyerëkët, gyön az
arankacsa is, asszonyé vátozik, szoptat, beszégetnek. Mikor a
szoptatás mëgvót, odaugrik a kirá, mëgkapja a feleségit, össze-
vissza csókolja, oszt viszi be a házba.
A vénasszont mëg a csesznye lyányát pegyig szétdiribolták, úsz
szórták szét a határba őköt.
A kirá mëg a feleségi azután olyan boldogok lëttek, hogy mém
most is ének, ha azóta mën nem haltak.
Besenyőtelek, Heves vármegye. Szabó Julcsa (Hörcsikné)
parasztasszonytól. 1904. jan.
Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.

More than just a book-buying platform, we strive to be a bridge

connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.

Join us on a journey of knowledge exploration, passion nurturing, and

personal growth every day!

ebookbell.com