In the past decade, a pattern of cyber operations and espionage between the United States and its allies has emerged, complicating relationships traditionally built on trust. Recent trade conflicts – especially President Trump’s sweeping 2025 tariffs on friend and foe alike – are bleeding into cyberspace, prompting allied nations to reassess their cyber defences and intelligence practices.
Below is an in-depth review and timeline of known past incidents, emerging trends, and arguments on both sides of the debate about escalating cyber operations among allies.
Allied cyber warfare remains unlikely due to shared values, institutions (e.g. NATO, Five Eyes), and common adversaries like China and Russia.
That said, however, espionage among allies is rising quietly, often triggered by trade tensions, diplomatic disputes, and diverging national interests.
Alliances are cooperative but cautious – partners collaborate on defense while discreetly monitoring each other’s cyber activities.
Cyber escalation is constrained: destructive attacks are deterred, but quiet competition in espionage and defensive hardening continues.
Trust among allies is fraying at the edges, prompting more zero-trust policies, discreet implant discoveries, and closed-door cyber diplomacy.
Cyber norms and guardrails are needed among allies to prevent misunderstandings and set boundaries for acceptable behavior.
Despite long-standing alliances and shared security interests, the United States has not hesitated to direct its formidable cyber espionage capabilities at its closest partners. While collaboration through frameworks such as NATO and intelligence-sharing agreements like Five Eyes suggests a foundation of trust, a series of high-profile leaks over the past decade have revealed a more complex reality. Since 2013, multiple disclosures have shown that even “friendly” nations are not exempt from American surveillance efforts, particularly when strategic or economic interests are involved.
One of the earliest and most controversial revelations came in 2013 when documents leaked by Edward Snowden confirmed that the National Security Agency (NSA) had intercepted communications from German Chancellor Angela Merkel and her inner circle. The incident severely strained German-American relations, prompting Foreign Minister Guido Westerwelle to remark, “You don’t do that among friends.” The breach was not just a diplomatic affront – it signaled to other allies that their privileged status did not shield them from U.S. monitoring.
Subsequent disclosures reinforced this view. In 2015, WikiLeaks published the “Target Tokyo” files, revealing that the NSA had conducted surveillance on Japanese government entities, including the Cabinet Office, central bank, and Trade Ministry, as well as major corporations such as Mitsubishi and Mitsui. These operations coincided with critical trade negotiations, suggesting that economic intelligence was a primary objective.
That same year, WikiLeaks also released documents under the title “Espionnage Élysée”, which confirmed NSA surveillance of the French President and top French officials. The revelations echoed long-held suspicions in Paris and exposed the prevalence of ally-on-ally espionage. U.S. officials later acknowledged that such activities were not one-sided, pointing to instances of French intelligence targeting American diplomats and companies in return.
The pattern extended beyond Europe and East Asia: between 2013 and 2016, broader leaks revealed NSA operations targeting EU institutions, as well as strategic leaders and industries in Brazil and Mexico. In response to the exposure of U.S. hacking of her communications and Brazil’s state oil company, President Dilma Rousseff canceled a planned state visit to Washington, a diplomatic rupture that underscored the seriousness of the offense.
Even more revealing was a 2021 investigation that uncovered Danish intelligence collaboration with the NSA. Between 2012 and 2014, Danish services secretly assisted in the surveillance of leaders from Germany, France, Sweden, and Norway, which not only embarrassed the Danish government but also rekindled calls across Europe for formalized “no-spy” agreements among allies.
These cases collectively highlight a critical point: U.S. cyber operations do not recognize diplomatic comfort zones when national security or economic leverage is at stake. Even among partners with decades of strategic alignment, espionage remains a persistent undercurrent. For allied officials, these incidents have changed the operational assumption – many now believe that U.S. intelligence may be “in the room” during sensitive conversations, especially those involving trade, technology policy, or defense cooperation. As a result, the digital trust underpinning many of these alliances is fraying, giving way to increased caution, hardened cyber defenses, and growing calls for clearer norms in allied cyber conduct.
While the United States has frequently been the instigator of cyber espionage targeting its allies, it is by no means the only player in this quiet contest of digital surveillance, and many allied nations have engaged in cyber and signals intelligence operations against American interests. These actions are often driven by a blend of strategic calculation, economic competition, and national security concerns, despite the existence of public partnerships and diplomatic goodwill.
One of the most prominent examples is Israel – a nation with deep strategic ties to the United States, yet a repeated actor in intelligence activities that cross the boundaries of friendly cooperation – actively monitored the confidential negotiations between the U.S. and Iran over Tehran’s nuclear program (2012-2015). Israeli officials also reportedly shared intercepted information with sympathetic members of the U.S. Congress in an attempt to derail the emerging agreement, espionage which angered officials in the Obama White House, and that continued into the Trump era: in 2017 and 2018. Surveillance devices known as IMSI catchers were discovered near the White House, believed to be of Israeli origin and intended to monitor Trump and his inner circle. Notably, the Trump administration opted not to publicly confront Israel over the matter, reflecting the political delicacy involved in challenging a key regional ally.
France, a fellow NATO member and frequent collaborator on global security matters, has also been implicated in repeated acts of economic espionage against the United States. Operating under the principle that economic competition transcends alliance politics, French intelligence has targeted American companies for years. Tactics have included bugging Air France flights to gain intelligence from U.S. business travellers and stealing proprietary corporate information. One particularly striking case involved French agents gathering confidential bid proposals from American defence contractors competing against French firms for a major jet fighter contract in India. While official relations between the two countries remain cooperative, these actions expose a layer of underlying distrust and opportunism that persists despite shared strategic goals.
Other U.S. allies have also been active in the cyber domain. In 2014, Germany’s Bundesnachrichtendienst (BND) intelligence service was found to have inadvertently enabled NSA spying on European firms through information-sharing arrangements. This episode highlighted the inherent risks of collaborative intelligence frameworks, especially when national and alliance-level priorities diverge. Meanwhile, countries such as Turkey, India, and South Korea maintain cyber programs that have, at times, been directed at U.S. military, diplomatic, and commercial interests. (Turkish intelligence, for example, allegedly monitored American operations at Incirlik Air Base during periods of political tension between Ankara and Washington.)
According to U.S. counterintelligence assessments, France, Israel, and South Korea are among the most aggressive allied nations in pursuing economic and technological intelligence from American sources. These activities are often rationalized as necessary measures to protect national interests or gain a competitive edge, particularly in high-stakes industries like aerospace, semiconductors, and defence.
These incidents reinforce a sobering reality: cyber espionage is not confined to adversarial relationships and instead exists within a continuum of strategic behaviour where even friendly nations conduct covert operations against one another. While the U.S. publicly disapproves of such actions, its responses vary – ranging from diplomatic protests to quiet tolerance, depending on the geopolitical stakes and the actors involved.
This persistent pattern of mutual surveillance creates a baseline of mistrust in allied relations. As Washington knows that some of its closest allies may be monitoring its internal deliberations, those same allies are aware that the U.S. likely reciprocates. This “spy-versus-spy” dynamic – unspoken but widely assumed – complicates alliance management, especially during moments of economic or diplomatic strain. Trade disputes, policy disagreements, and concerns over strategic alignment can all trigger or intensify espionage efforts, even as allies publicly profess unity.
In the modern geopolitical landscape, where cyber capabilities are integral to national power, espionage among friends has become an accepted, if uncomfortable, norm. The challenge lies not in eliminating it entirely, but in managing its consequences to preserve the broader fabric of alliance cooperation.
In recent years, the fusion of trade policy and cyber strategy has reshaped the dynamics of allied relations in cyberspace. Under President Donald Trump’s leadership – first during his initial term from 2017 to 2021 and now again with his return to office in 2025 – the United States has embraced a hardline, protectionist trade agenda under the banner of “America First.” This approach has blurred traditional distinctions between allies and adversaries, often treating both as potential economic threats subject to sweeping tariffs.
While this strategy has strained diplomatic ties, it has also introduced new tensions in the cyber domain. Two core trends have emerged from this evolving landscape: the first is that the U.S. increasingly views cyber tools as instruments of economic leverage, and traditional allies – disillusioned by their treatment- have begun to fortify their networks and, in some cases, engage in retaliatory espionage to understand American intentions.
Trump’s trade policies have been at the centre of this shift. His 2018 tariffs on steel and aluminium – affecting key allies such as the European Union, Canada, Japan, and South Korea – set the tone for a confrontational economic posture. By 2025, the reintroduction and expansion of tariffs, including rates as high as 27.5% on automobiles imported from Japan and the EU, deepened resentment.
Alongside these economic actions, the United States has signalled a willingness to use cyber capabilities to gain leverage during trade disputes. President Trump has publicly accused allied nations of engaging in “cyber theft,” hinting at the possibility of U.S. cyber retaliation or espionage as part of its negotiating toolkit. These hints are not without precedent: During the early 2010s, American intelligence agencies were known to have monitored Japanese officials during sensitive Trans-Pacific Partnership (TPP) negotiations. History has raised concerns among allies that similar tactics may now be in play, especially in high-stakes sectors such as automotive trade, semiconductors, and digital services.
In response, America’s closest partners have grown increasingly wary. European and Asian governments have adopted more robust cybersecurity measures, operating under the assumption that even friendly trade discussions may be subject to surveillance. The European Union has revived debates around “digital sovereignty”, including proposals to reduce dependency on U.S.-based cloud services. Meanwhile, Japan and South Korea have intensified internal reviews and security audits, seeking to detect and remove potential American cyber implants from government and corporate networks.
This climate of suspicion has raised the specter of tit-for-tat cyber operations. For smaller or economically constrained allies, direct retaliation through tariffs is often unfeasible. Cyber espionage, however, offers an asymmetric means of response – potentially allowing these states to monitor U.S. policy deliberations or extract commercial intelligence to level the playing field. While there have been no confirmed cases of destructive cyberattacks originating from allies, the risk remains present and acknowledged by U.S. officials. Observers point to the sharp increase in cyber activity during the U.S.-China trade conflict as a model that may be emulated by other states under similar pressure.
The 2024–2025 period has been particularly notable for intensified cyber activity linked to trade tensions. Intelligence agencies on both sides of the Atlantic have reportedly escalated efforts to intercept communications and gain insights into policy shifts. Allies are increasingly attempting to predict U.S. moves on tariffs, investment restrictions, and strategic partnerships, and the U.S. has simultaneously ramped up surveillance of its allies, seeking to detect any diplomatic realignments, particularly with China and other economic competitors.
These developments have not gone unnoticed within multilateral institutions. NATO’s Cyber Defence arm has privately expressed concerns that growing internal mistrust and surveillance among allies could undermine collective readiness against genuine adversarial threats. The fear is that strategic focus may be diverted inward at a time when unified defence is more crucial than ever.
Ultimately, the ongoing trade wars under the Trump administration have exposed a new layer of vulnerability in international relations: the fusion of economic policy with cybersecurity. What was once a relatively distinct sphere – cyber cooperation among allies – is now increasingly intertwined with national economic strategy and political posturing. Allies that once assumed immunity from American surveillance now approach digital engagement with caution, recalibrating their cyber policies to account for potential threats not just from rivals, but from friends.
In this emerging reality, cybersecurity is no longer just a matter of technical defence – it is also a diplomatic posture, a tool of leverage, and, at times, a retaliatory option. The 2025 trade conflict has made this plain: economic competition has spilled into cyberspace, transforming allies into wary digital competitors.
Against the backdrop of rising economic nationalism, fraying diplomatic ties, and intensified strategic competition, experts and policy strategists increasingly warn that cyber operations among allied nations may not just continue—but grow in scale and sophistication. The traditional norms and mutual restraint that once governed relations among like-minded states are being challenged by a convergence of global trends that favour covert digital action over diplomatic patience.
One of the primary drivers of potential escalation is the erosion of trust within alliances. Trade conflicts, such as those stemming from the United States’ 2025 tariff regime, have weakened the confidence that once underpinned intelligence sharing. As transparency diminishes, allied nations are turning inward, relying on their own cyber intelligence capabilities to independently verify the intentions of partners. In a climate of suspicion, the “need to know” often overrides previously accepted norms of discretion – especially when the economic stakes are high.
Economic and technological competition further accelerates this trend. Although allied in principle, nations often find themselves pitted against one another in critical sectors like aerospace, energy, artificial intelligence, and telecommunications. Industrial espionage – long considered the domain of adversaries – is increasingly seen as a strategic necessity among allies seeking a commercial edge. As protectionist policies multiply and supply chains fragment, mutual suspicions are amplified, encouraging espionage under the banner of economic security.
The nature of cyberspace itself also incentivizes escalation. Unlike traditional espionage or military operations, cyber intrusions benefit from plausible deniability. Attribution is often ambiguous, and attackers can mask their involvement through the use of foreign servers, proxy groups, or deliberately misleading malware signatures. This cloak of anonymity reduces the diplomatic risk of exposure, emboldening states to pursue increasingly aggressive operations without fear of major consequences. In many cases, the potential intelligence gain outweighs the reputational risk.
Historical precedent also shapes strategic thinking. Past episodes of espionage – such as Israeli operations against U.S. negotiations or American surveillance of European leaders – have often resulted in limited diplomatic fallout. These incidents have reinforced the perception that cyber espionage is an accepted, if impolite, feature of international politics among allies. The minimal penalties for being caught have established a norm of tolerance, encouraging continued behaviour.
Another key factor is the desire to close intelligence gaps. In a volatile geopolitical environment, states seek real-time insight into their partners’ policies, alliances, and defence postures. Cyber intrusions serve as a tool for pre-empting surprises – whether in the form of new tariffs, regional military agreements, or strategic realignments. By obtaining internal documents or intercepting communications, states aim to stay ahead of potentially disruptive developments.
Finally, domestic political dynamics can spur cyber escalation. In some cases, intelligence agencies or political factions within a government may pursue cyber operations to assert national strength or respond to perceived slights from allied partners. The pressure to “do something” in the face of diplomatic humiliation or economic loss may lead to covert actions outside the bounds of public policy. Once these operations begin, they can take on a momentum of their own, increasing the risk of sustained cyber friction even in the absence of high-level political endorsement.
Taken together, these factors form a compelling argument that allied cyber espionage is not merely a temporary response to current tensions, but a structural feature of modern international relations. While open cyber conflict between allied nations remains unlikely, experts foresee a steady rise in behind-the-scenes intrusions, data theft, and strategic surveillance. In an increasingly complex and uncertain global environment, states are turning to cyberspace not just for defence – but for advantage. And in this quiet competition, even friends may become targets.
While there are growing concerns about increasing cyber espionage among allied nations, there remains a strong counter-narrative grounded in pragmatism, shared interests, and institutional guardrails. Many analysts argue that the forces discouraging cyber conflict within allied networks are more powerful and enduring than those driving escalation. Despite recent tensions, the fundamental logic of cooperation continues to exert a moderating influence on state behaviour in cyberspace.
First and foremost is the imperative of unity in the face of shared strategic threats. Allies such as the United States, Europe, Japan, and Australia remain collectively focused on common adversaries including Russia, China, North Korea, and Iran. The strength of alliances like NATO and the Five Eyes intelligence-sharing group depends on cohesion and trust. Open cyber hostility among members would fracture these structures and, in doing so, benefit their adversaries. As a result, even when tensions flare, most allied states avoid actions that could jeopardize broader strategic alignment.
Additionally, democratic allies are bound by a growing framework of cyber norms, informal agreements, and shared values that discourage reckless or destructive cyber behaviour. Public commitments to refrain from attacks on critical infrastructure – reaffirmed in various multilateral forums – serve as ethical and political constraints. Although not always legally binding, these norms reflect a consensus that certain types of cyber aggression should remain off-limits. The informal “no-spy” understanding within the Five Eyes, while not always perfectly observed, reinforces the principle of mutual restraint in intelligence operations among the closest partners.
A further deterrent to cyber escalation is the high risk of detection and the diplomatic fallout that can follow. Advances in attribution capabilities, particularly by the NSA and other allied intelligence services, make it increasingly difficult to conduct cyber operations with full deniability. The exposure of a covert operation against an ally can trigger public scandals, diplomatic crises, and a loss of access to shared intelligence. These risks weigh heavily on policymakers, often outweighing any potential intelligence gain.
Mutual interdependence in economic and technological domains also tempers the appetite for cyber aggression. Allied nations are deeply connected through global supply chains, digital infrastructure, and trade relationships. A cyberattack on a partner’s systems could easily result in unintended collateral damage, including disruptions to the attacker’s own interests. This reality has led many analysts to liken allied cyber relations to a form of “mutually assured disruption,” in which restraint is the rational path forward.
Institutional and legal mechanisms further reinforce this restraint. In democratic societies, cyber operations – especially those targeting friendly nations – are subject to oversight from legislative bodies, independent auditors, and judicial authorities. Within multilateral organizations such as NATO and the European Union, diplomatic protocols and accountability structures serve as additional barriers to aggressive cyber postures. These frameworks help ensure that strategic decisions about cyber operations are subject to scrutiny, reducing the likelihood of unilateral or impulsive actions.
Lastly, decision-makers must consider the long-term value of alliance relationships. Intelligence sharing, economic cooperation, and diplomatic support are all critical elements of sustained partnerships. The short-term benefits of a successful cyber operation must be weighed against the potential damage to these enduring ties. The fallout from the 2013 Snowden revelations, which exposed U.S. surveillance of allied leaders, serves as a cautionary tale. While alliances survived, they did not emerge unscathed – and the memory of that diplomatic rupture continues to influence cyber behaviour today.
Taken together, these factors make a compelling case for why allies are likely to avoid full-blown cyber conflict. Although espionage is an enduring feature of international relations – even among friends – its scale and nature remain limited by practical and political realities. Most cyber incidents between allies are discreet, deniable, and carefully managed to avoid escalation. In an era of rising trade frictions and shifting geopolitical alignments, the stakes of cyber betrayal remain too high for most governments to risk open digital hostilities.
Ultimately, while allied cyberspace is not immune to friction, it is buffered by a robust system of deterrents, values, and institutional mechanisms that continue to favour restraint over rivalry.
While much of the focus in cyber conflict among allies centres on state-sponsored operations, an often-overlooked but increasingly significant factor is the role of non-state actors. Cybercriminals and hacktivist groups, many of which operate within or originate from allied countries, introduce volatility into an already complex landscape. Their activities can blur the lines between criminality and geopolitics, complicating attribution and, at times, inadvertently escalating diplomatic tensions.
One of the more opaque dynamics in this space is the use – or tacit tolerance – of proxy actors by states. In some cases, allied governments may covertly encourage or overlook the actions of independent hackers conducting espionage or economic sabotage on their behalf. This form of proxy warfare leverages the anonymity of cyberspace to maintain plausible deniability. For instance, during periods of economic conflict, such as trade disputes, a state might discreetly support cyber intrusions into U.S. companies under the guise of criminal activity. From the outside, these operations may appear to be the work of freelance hackers, but in reality, they can serve strategic state interests.
Beyond proxies, purely criminal groups have also contributed to rising cyber tensions. Ransomware gangs operating from allied or semi-allied states – including Eastern Europe, Israel, and Brazil – have targeted U.S. infrastructure, financial systems, and private sector networks. These attacks, driven by profit rather than policy, still risk being misattributed as acts of state aggression. The rise of “false-flag” operations, in which advanced cyber actors deliberately mimic the tools and tactics of other nations to sow confusion, only deepens the attribution challenge.
Hacktivists and politically motivated cyber actors further complicate matters. These groups, driven by ideology rather than monetary gain, often pursue agendas aligned with environmental causes, nationalism, or anti-globalism. In recent years, environmental activists in Europe and nationalist groups in Turkey and India have launched attacks on U.S. digital infrastructure, protest websites, and corporate entities. While these actions are typically unsanctioned, they can nonetheless spark diplomatic discomfort, particularly when they coincide with existing political tensions. In some cases, the U.S. has accused host nations of either implicitly condoning such behaviour or failing to exert adequate control over extremist digital movements.
The unpredictable actions of these non-state actors pose serious challenges to allied coordination on cybersecurity. Political frictions can hinder joint investigations into cybercrime, delay responses to active threats, and strain mechanisms of information sharing. More troubling is the growing suspicion among some allies that criminal or activist attacks may serve as a cover for state-sanctioned espionage. This suspicion, whether accurate or not, can undermine trust, reduce transparency, and weaken collective resilience against genuine threats.
Nevertheless, there is also a silver lining. While cybercriminals and hacktivists often act as spoilers, their disruptive activities have created a rare area of convergence for allied states. The fight against ransomware, in particular, has galvanized cooperation between the U.S. and its partners in Europe and Asia. Joint operations to dismantle cybercrime networks, seize illicit cryptocurrency, and disrupt infrastructure used by threat actors demonstrate that even amid policy disputes, allies can find common cause in neutralizing shared cyber threats.
In sum, non-state actors are wild cards in the evolving cyber landscape. They complicate attribution, obscure intent, and can catalyze overreactions if misinterpreted. In a politically charged environment – such as one defined by trade disputes or shifting alliances – a malware incident or ransomware attack can easily be perceived through a geopolitical lens. Was it merely a criminal enterprise? Or was it covert espionage cloaked in plausible deniability?
To avoid dangerous miscalculations, it is essential that allies maintain open communication channels and robust incident response protocols. Timely intelligence sharing, joint attribution efforts, and ongoing diplomatic engagement are critical to distinguishing between rogue actors and state-sanctioned operations. As adversaries continue to exploit divisions and as the digital threat surface expands, preserving clarity and coordination among allies will remain a cornerstone of effective cyber defence.
The intersection of cyber operations and alliance politics is more fraught – and more consequential – than ever before. As digital tools become central to statecraft, even longstanding alliances are not immune to friction, surveillance, and strategic hedging. Yet despite the growing complexity, the cyber relationship between the United States and its allies remains one of guarded cooperation rather than open confrontation.
On one hand, decades of joint operations, intelligence collaboration, and institutional integration serve as powerful stabilizers. Multilateral frameworks like NATO and the Five Eyes alliance create deep-rooted mechanisms for cyber defence and information sharing, underpinned by shared democratic values and common recognition of adversaries such as China, Russia, North Korea, and Iran. These foundational elements operate like an immune system within allied cyber relations – mitigating escalatory impulses and encouraging collective resilience. For these reasons, a full-scale cyber war between the U.S. and its allies remains highly unlikely. The strategic logic still overwhelmingly favours cooperation, and allies continue to publicly demonstrate unity in attributing adversary attacks and advancing defensive initiatives.
On the other hand, cracks in political and economic trust have quietly spilled into the cyber domain. The reimposition of U.S. tariffs on allied nations, coupled with policy decisions that treat partners as economic competitors, has prompted a shift in behaviour behind the scenes. Privileged access to U.S. intelligence is increasingly viewed as conditional, and some allies have responded by developing greater cyber autonomy. Where once there was assumed transparency, there is now a measure of caution. Allies have begun to act less like deferential partners and more like self-interested actors – occasionally tasking their cyber agencies with gathering intelligence on U.S. intentions, particularly in sensitive areas like trade negotiations and technology policy.
These dynamics reflect a larger transformation: allied cyber relations today can best be described as cooperative but cautious. Nations continue to align in public forums and collaborate on cybersecurity threats from adversaries, but in private, they monitor one another with growing frequency. In this shadow zone, espionage persists – not out of hostility, but out of strategic necessity.
If trade tensions and political divisions persist in the years ahead, a slow intensification of behind-the-scenes cyber activity is likely. This does not mean open digital warfare between allies, but rather a continued expansion of surveillance, information gathering, and quiet countermeasures. The ceiling for direct cyber aggression remains low, thanks to strong disincentives – mutual economic interdependence, diplomatic norms, high attribution risk, and the fear of backlash. However, the baseline level of cyber competition among allies is clearly rising.
We should expect continued developments along several fronts: increased adoption of zero-trust architectures, even among partners; periodic discovery of surveillance implants in allied networks, discreetly resolved; and more frequent but confidential “cyber diplomacy” sessions to negotiate the rules of engagement. Some analysts suggest that it may be time for allies to establish clearer norms among themselves – a kind of informal code of conduct that delineates red lines, such as election systems or critical infrastructure, while tacitly accepting limited espionage in less sensitive domains. Such confidence-building measures could help mitigate risk and preserve the integrity of long-standing alliances in a rapidly evolving cyber landscape.
In short, cyberspace among allies in 2025 is a domain defined not by hostility, but by a blend of partnership and quiet competition. The digital environment reflects broader geopolitical tensions, with trust slightly diminished, scrutiny increased, and defences elevated – even against familiar actors. Still, the underlying bonds of alliance remain intact, and the presence of mutual threats continues to bind these nations together in cyberspace.
For cybersecurity professionals and policymakers alike, the key challenge is to remain attuned to this nuanced environment. They must recognize that in the fluid continuum between war and peace, today’s ally may become tomorrow’s intelligence rival – and vice versa. Strategic patience, clear communication, and the continual reinforcement of norms will be essential to prevent espionage from escalating into a crisis. The hope, ultimately, is that cooler heads prevail and cyber sparring remains contained and allies stay focused on the far greater dangers posed by true adversaries.
