Components of defence strategies in society’s information environment: a case study based on the grounded theory
More details
Hide details
Faculty of Information Technology, University of Jyväskylä, Finland
Department of Future Technologies, University of Turku, Finland
Erja Birgitta Mustonen-Ollila   

Faculty of Information Technology, University of Jyväskylä, Limonadikuja 3 B 20, 00390, Helsinki, Finland
Submission date: 2019-12-02
Final revision date: 2020-02-07
Acceptance date: 2020-02-13
Online publication date: 2020-03-17
Publication date: 2020-03-26
Security and Defence Quarterly 2020;28(1):19–43
The goal of this study is to explore the components of defence strategies faced by society in its information environment, and how these strategies are inter-related. This qualitative in-depth case study applied past research and empirical evidence to identify the components of defence strategies in a society’s information environment. The data collected was analysed using the Grounded Theory approach and a conceptual framework with the components of defence strategies and the relationships between these components was developed using the Grounded Theory. This study shows that the goal of politically and militarily hostile actors is to weaken society’s information environment, and that their operations are coordinated and carried out over a long time period. The data validates past studies and reveals relationships between the components of defence strategies. These relationships increase confidence in the validity of these components and their relationships, and expand the emerging theory. First, the data and findings showed 16 inter-connected components of defence strategies. Second, they showed that the political, military, societal, power, and personal goals of the hostile actors carrying out cyber operations and cyber attacks are to weaken society’s information environment. Third, they revealed that cyber operations and cyber attacks against networks, information and infrastructures are coordinated operations, carried out over a long time period. Finally, it was revealed that the actors defending society’s information environment must rapidly change their own components of defence strategies and use the newest tools and methods for these components in networks, infrastructures and social media.
Armistead, E. L. and United States and Joint Forces Staff College (2004) Information Operations: Warfare and the Hard Reality of Soft Power. Washington, D.C.: Potomac Books Inc.
Benbasat, I., Goldstein, D. K. and Mead, M. (1987) ‘The Case Study Research Strategy in Studies of Information Systems’, MIS Quarterly, 11(1), pp. 369–386.
Clark, R. M. (2013) Perspectives on Intelligence Collection. The Intelligencer: Journal U.S. Intelligence Studies, 20(2), pp. 47–53.
Cline, G. (1993) A Recognition Primed Decision (RPD) Model of Rapid Decision Making. Available at: (Accessed: 10 September 2019).
Conley, H. A., Mina, J., Stefanov, R. and Vladimirov, M. (2016) The Kremlin Playbook. Understanding the Russian Influence in Central and Eastern Europe. A Report of the Center for Strategic International Studies Europe Program and the CSD Economics Program. New York: Rowman & Littelefield.
Geers, K. (2011) Strategic Cyber Security. NATO Cooperative Cyber Defence Centre of Excellence, Tallin, Estonia: CCD COE Publication.
Creswell, J. W. (2007) Qualitative Inquiry and Research Design: Choosing Among Five Approaches. California, U.S.: Sage Publications.
Dunn, M. (2005) The socio-political dimensions of critical information infrastructure protection (CIIP). International Journal of Critical Infrastructures, 1(2/3), pp. 258–268.
Eisenhardt, K. M. (1989) Building Theories from Case Study Research. Academy of Management Review, 14(4), pp. 532–550. Glaser, B. and Strauss, A. L. (1967) The Discovery of the Grounded Theory: Strategies for Qualitative Research. Chicago, IL: Aldine.
Hausken, K. (2019) Defence and attack of complex interdependent systems. Journal of the Operational Research Society, 70(3), pp. 364–376. doi: 10.1080/01605682.2018.1438763.
Hollis, D. (2011) Cyberwar Case Study: Georgia 2008. Small Wars Journal. Available at: (Accessed: 30 January 2017).
Jackson, L. (2015) ‘Revisions of Reality: The Three Warfares- China’s New Way of War’, in Beyond Propaganda. Information at War: From China’s Three Warfares to NATO’s Narratives. London: Legatum Institute: Transitions Forum, pp. 5–15.
Jantunen, S. (2013) Strategic Communication: practice, ideology and dissonance. National Defence University, Helsinki. Tampere: Juvenes Print.
Joint Chiefs of Staff (2013) Joint Intelligence. Joint Publication 2-0. Available at: (Accessed: 20 November 2015).
Joint Publication 1–02 (2010) Department of Defense Dictionary of Military and Associated Terms. Available at: (Accessed: 5 September 2019).
Krippendorff, K. (1985) Content analysis. An Introduction to its Methodology. California, CA: Sage Publications.
Lehto, M. (2014) Ilmavoimien johtamisjärjestelmän tulevaisuuskuva (’The future image of air forces’ management system’). Research report. National Defence University, 1(12). Juvenes Print: Tampere.
Lehto, M. (2015) Phenomena in the Cyber World. In: M. Lehto and P. Neittaanmäki, (eds.) Cyber Security: Analytics, Technology and Automation, Intelligent Systems, Control and Automation: Science and Engineering. Springer- Verlag, pp. 3–30.
Lehto, M. (2016) Theoretical Examination of the Cyber Warfare Environment. 11th International Conference on Cyber Warfare and Security 2016, Sonning Common, UK: Academic Conferences and Publishing International Ltd., pp. 223–230.
Lehto, M., Limnéll, J., Innola, E., Pöyhönen, J., Rusi, T. and Salminen, M. (2017) Finland’s cyber security: the present state, vision and the actions needed to achieve the vision, Publications of the Government ́s analysis, assessment and research activities, Series 30, Helsinki: Prime Minister’s Office.
Luoma-aho, V. (2015) Understanding Stakeholder Engagement: Faith-holders, Hateholders & Fakeholders. Research Journal of the Institute for Public Relations, 2(1), pp. 1–27.
Markus, K.L. and Robey, D. (1988) Information technology and organizational change: Causal structure in theory and research. Management Science, 34(5), pp. 583–589.
Ministry of Defence. (2006) Turvallisesti tulevaisuuteen (’Safely to the future’). Puolustusministeriön strategia 2025. Vantaa: Kirjapaino Keili Oy.
Ministry of Defence. (2016) Puolustusministeriön strateginen suunnitelma 2030 (’The Strategy of Ministry of Defence’). Helsinki: Ministry of Defence. Available at: (Accessed: 16 January 2017).
Mustonen-Ollila, E. and Heikkonen, J. (2009) ’Historical research in information system field: from data collection to theory creation’, in Cater-Steel, A. and Al-Hakim, L. (eds.) Information Systems Research Methods, Epistemology, and Applications. Hersey, New York: Information Science reference (an imprint of IGI Global), pp. 140–160.
Myers, M. D. and Avison, D. E. (eds.) (2002) Qualitative Research in Information Systems: Review. London: Sage Publications.
Mäntylä, J. (2014) Kyberaseiden vaikutus kriittisen infrastruktuurin tietojärjestelmiin (’Cyber weapons› impact on critical infrastructure information systems’). Thesis. Helsinki: National Defence University.
NATO (2012) NATO military policy on information operations. Available at: https://info.publicintelligenc... (Accessed: 24 January 2017).
Nato StratCom COE. (2015) Mapping on StratCom Practices in NATO countries. Results of the Study. Riga: NATO StratCom COE.
Nato StratCom COE. (2016) The Moldovan Information Environment: Hostile Narratives, and their Ramifications. Executive Summary. Riga: NATO StratCom COE.
Nimmo, B. (2015) ‘The Case for Information Defence: A Pre-Emptive Strategy for Dealing with the New Disinformation Wars’, in Beyond Propaganda. Information at War: From China’s Three Warfares to NATO’s Narratives. Legatum Istitute: Transitions Forum. Available at: ; (Accessed: 6 June 2017), pp. 2–4.
Ottis, R. (2013) ‘Theoretical Offensive Cyber Militia Models’, in Rantapelkonen, J. and Salminen, M. (eds.) The Fog of Cyber Defence. National Defence University. Tampere: Juvenes Print Oy, pp. 190–199.
Pawluch, D., and Neiterman, E. (2010) ‘What is Grounded Theory and Where Does it Come from’, in Bourgeault, A., Dingwall, R. and De Vries, R. (eds.) The Sage Handbook of Qualitative Methods in Health Research. London: Sage Publications, pp. 174–192. Pomerantsev, P. (2015) ‘Introduction’, in Beyond Propaganda. Information at War: From China’s Three Warfares to NATO’s Narratives. Legatum Istitute: Transitions Forum. Available at: ; (Accessed: 30 May 2017). pp. 29–36.
Quijano, E. G., Rios Insua, D. and Cano, J. (2016) Critical networked infrastructure protection from adversaries. Reliability Engineering and System Safety. doi: 10.1016/j.ress.2016.10.015. Available at: (Accessed: 20 January 2020).
Raggad, Bel G. (2010) Information security management: Concepts and practice. CRC Press.
Schechtman, G. M. (1996) Manipulating the OODA loop: The overlooked role of information resource management in Information Warware. Thesis. U.S. Air Force Institute of Technology.
Secretariat of Security Committee (2018) The Vocabulary of Cyber Security. Helsinki: The National Emergency Supply Agency.
Sigholm, J. (2013) ‘Non-State Actors in Cyberspace Operations’, in Vankka, J. (ed.) Cyber warfare. National Defence University, Tampere: Juvenes Print, pp. 47–76.
Sillanpää, A., Roivainen, H. and Lehto, M. (2015) ‘Finnish Cyber Security Strategy and Implementation’, in Lehto, M. and Neittaanmäki, P. (eds.) Cyber Security: Analytics, Technology and Automation. Springer-Verlag, pp. 3–30.
Society (2020) Merriam-Webster [online] Springfield: Merriam-Webster Inc. Available at: https://linkpro-tect.cudasvc.c... (Accessed: 17 March 2020).
Strauss, A. and Corbin. J. (1990) Basic of Qualitative Research: Grounded Theory Procedures and Techniques, Newbury Park: Sage Publications.
The Security and Defence Committee (2006) The Strategy for Securing the Functions Vital to Society. Government Resolution 23.11.2006. Available at: (Accessed: 21 November 2019).
U.S. Department of Defence (2008) Principles of Strategic Communication. Available at: (Accessed: 6 September 2019).
Von Clausewitz, C. (1988) Vom Crieg. Helsinki: Art House.
Wei, J., Zhang, R., Liu, J. Niu, X., and Yang, Y. (2015) Defense Strategy of Network Security based on Dynamic Classification. KSII Transactions on Internet and Information Systems (TIIS), Dec, 9(12), 5116–5134. doi:
Wihersaari, K. (2015) Intelligence Acquisition Methods in Cyber Domain. Examining the Circumstantial Applicability of Cyber Intelligence Acquisition Methods Using a Hierarchical Model. Thesis. Helsinki: National Defence University.
Wolfswinkel, J. F., Furtmueller, E. and Wilderom, C. P. M. (2013) Using Grounded Theory as a Method for Rigorously Reviewing Literature. European Journal of Information Systems, 22(1), pp. 45–55.
Yaghlane, A. B., and Azaiez, M. N. (2016) Systems under attack-survivability rather than reliability: Concept, results, and applications. European Journal of Operational Research, 258(3), pp. 1156–1164. doi: 10.1016/j. ejor.2016.09.041.
Yin, R. K. (2003) Case study research: design and methods. California: Sage Publications.