Cyber-bombing ISIS: Why disclose what is better kept secret?

It has become a conventional wisdom in strategic studies that the development and use of cyber weapons should be kept secret, as the effectiveness of these tools is dependent on opponents being unaware of a particular cyber weapon’s characteristics. Why, then, has the US military repeatedly publicized its cyber operations against ISIS in Syria and Iraq? Why reveal what is supposedly better conducted in the dark? In this essay, we provide four answers to this puzzle. We argue that the Pentagon aims to (1) legitimize major investments in the cyber domain to a domestic audience, (2) undermine the enemy’s trust in his own IT-infrastructure, and command and control systems, (3) signal “cyber strength” to third parties, and (4) establish norms regarding how to use cyber weapons in accordance with International Humanitarian Law.