in ,

Cyber Conflict and the Westphalian System

Strategic Cybersecurity, Module 7

Strategic Cybersecurity, Module 7: Cyber Conflict and the Westphalian System.

The Treaty of Westphalia, signed in 1648, focused on the principle that “whoever rules the territory determines the religion.” This lecture explains this treaty and how it connects with cybersecurity. Though this course is not an international relations course, this topic is pertinent to the idea of sovereignty and the free flow of information.

The Objectives

Once you have completed the readings, lecture, activity, and assessment, you will be able to

  • Articulate how democratic and authoritarian governments generally differ in their interpretation of Internet freedom
  • Articulate how the Internet has created tensions within the Westphalian system.

In this module, we will focus on cyber conflict and the Westphalian system. If you have not yet completed the readings for this module, please do so before listening to this module.

Rosenzweig noted in the readings for this module that “non-state actors in cyberspace have begun a challenge “to the hegemony of nation-states “that have been the foundation for international relations since the Peace of Westphalia.” Though this course does not focus on international relations theory, understanding Rosenzweig's point helps to clarify how the Internet affects international relations.

Treaty of Westphalia

The Treaty of Westphalia, signed in 1648, marked the end of the 30 Years War, which has been estimated to have killed nearly 30 percent of the German population. One of the chief causes of the war was the issue of religious autonomy within European principalities, and many consider this war to be the last major European war of religion.

To prevent another such devastating war in Europe, the treaty's signatories agreed to a principle that whoever rules the territory determines the religion. The treaty was a turning point, as it helped to create our modern system of state sovereignty.

It effectively cemented the territorial integrity and legal equality of all nation-states and prohibited the interference of one state into the internal affairs of another.

You may be wondering how the Treaty of Westphalia connects with the topic of this course, cybersecurity. Consider this: the Internet was designed for information to be free-flowing, that is, to cross national boundaries, without any consideration to ideology or political organization of a state.

John Perry Barlow, a founder of the Electronic Frontier Foundation, captured this idea in the 1996 paper “A Declaration of the Independence of Cyberspace.” He states, in part, “Governments of the Industrial World … “You have no sovereignty where we gather. … Cyberspace does not lie within your borders.”

The Open Design

As Internet technology spread around the globe, authoritarian countries like China and Russia grudgingly accepted this concept but quickly realized that the free flow of information could have negative consequences for their governments' survival.

Eventually, many authoritarian governments protested the Internet's open design, citing their right to sovereignty that the Treaty of Westphalia had established. They argued that they had a right to control and filter information crossing their borders.

New Domain of Warfare

Many governments have also discovered a military domain to cyberspace and are devoting enormous resources to leverage it offensively. Katherine Maher, of the Truman Project, noted in an article in the magazine “Foreign Policy,” “Cyberspace is no longer the independent space “of the cyber-libertarians. “It is now a military domain. And when a free-wheeling place “like the internet militarizes, “the internet's laissez-faire culture of privacy, “anonymity, and free expression inevitably “come into conflict with military priorities of security and protocol.”

In other words, the Internet has given us incredible access to information around the world, but it has also created a new domain of warfare.

Returning to Rosenzweig's point, in addition to potential problems posed to the sovereignty of certain authoritarian governments, the Internet has given substate actors, such as criminal or terrorist groups, an outsize capability to affect legitimate nation-states operating within the Westphalian system of sovereignty.

Sub-state Actors

How should the United States respond if a group like al-Qaeda or ISIS attacks portions of the U.S. electrical grid? Rosenzweig's point is that, previously, the Westphalian system has treated warfare as something that takes place between two sovereign states. It is not designed to deal with sub-state actors like al-Qaeda.

As sub-state groups continue to acquire offensive cyber capabilities that enable them to influence state actors, the international community must evolve and create policies and doctrines to mitigate their threats.


Quiz Question 1: True or false: The Westphalian system of state sovereignty provides clear guidelines for which countries should operate in the Information Age.

The answer is False.

Quiz Question 2: True or false: Democratic and authoritarian governments essentially interpret the concept of “Internet freedom” in the same way.

The answer is False.


The activity for this module asks that you consider how authoritarian governments use the digital footprints left by their own citizens to gather information about their political activities. Reflect on your own concerns of your digital footprint.

How pervasive on the Internet is your personal information? Use two or three search engines to search your name, phone number, and past addresses. Are you surprised how much personal information you found on the Internet? How did this information get there? If you are uncomfortable with the amount of information you found, check your privacy settings on your social media accounts, and research ways to minimize your Internet presence.

Go to: Module 8: Cyber Conflict and the Law

Strategic Cybersecurity” by Augusta University is licensed under CC BY 4.0 / Original video transcribed and re-structured.

What do you think?

15 points
Upvote Downvote
Adversaries and APTs

Adversaries and Advanced Persistent Threats (APTs)

Cyber Conflict and the Law

Cyber Conflict and the Law