Cyber Sovereignty and State Power in the 21st Century: A Theoretical-Methodological Proposal For Understanding Sovereignty In Cyberspace

Introduction

The intensification of global dependence on digital infrastructures has elevated cyberspace to the status of a strategic domain for contemporary states. The digital transformation of political, economic, military, and social structures has exponentially increased the relevance of information and communication technologies in the dynamics of international power. In this context, state sovereignty, traditionally associated with territorial control and political authority over defined geographical boundaries, has begun to face challenges arising from the fluidity, transversality, and deterritorialization of the digital environment.

Since Jean Bodin's classic formulation of sovereignty, later consolidated by Westphalian logic, the concept has been associated with the idea of ​​supreme state authority over a delimited territory. However, the rise of cyberspace has introduced a new dimension of the exercise of state power, characterized by the existence of global information flows, distributed infrastructures, and digital interactions that transcend physical borders.

The increasing use of offensive cyber operations, disinformation campaigns, digital espionage, algorithmic manipulation, and attacks against critical infrastructure proves that cyberspace is not just a technical environment but a space of geopolitical dispute and power projection. Consequently, the need arises to understand how states exercise authority, control, and autonomy in this new domain.

Despite the growing relevance of the topic, the concept of cyber sovereignty remains fragmented in the academic literature, often confused with digital sovereignty. A considerable number of studies concentrate on data regulation, privacy, and internet governance, overlooking the strategic, security, and multifaceted aspects of state actions in cyberspace.

In light of this gap, this article seeks to answer the following research question: how can cyber sovereignty be conceptualized as a strategic extension of state sovereignty in the context of contemporary cyberspace?

The overall objective is to propose a theoretical-methodological definition of cyber sovereignty capable of integrating the physical, logical, and cognitive dimensions of cyberspace with the classic projections of state sovereignty.

As specific objectives, this article seeks to:

- Analyze the limits of the classical conception of sovereignty in the face of cyberspace;

- Structure a conceptual model of cyber sovereignty based on its constituent layers;

- Demonstrate the transversality of cyberspace in relation to other domains of state sovereignty; and

- Conceptually differentiate cyber sovereignty and digital sovereignty.

The central hypothesis argues that cyber sovereignty constitutes a functional and strategic extension of classical sovereignty, projecting itself transversally over the terrestrial, maritime, aerial, and sidereal domains, through the control of the physical, logical, and cognitive layers of cyberspace.

The article is structured in five main sections. After this introduction, the theoretical framework on sovereignty, cyberspace, and digital governance is presented. Next, the methodology employed is described. The fourth section develops the conceptual proposal of cyber sovereignty and its analytical modeling. Subsequently, the distinction between cyber sovereignty and digital sovereignty is discussed. Finally, the final considerations are presented.

1. Theoretical Framework

1.1 State Sovereignty and Transformations of Power

Sovereignty represents one of the central concepts of modern political theory. In its classic formulation, Bodin understood sovereignty as the absolute and perpetual power of the state. Subsequently, the Treaty of Westphalia consolidated the association between sovereignty, territoriality, and non-intervention.

However, as Krasner (1999) argues, sovereignty has always operated in a pragmatic and adaptive manner, undergoing reconfigurations due to transformations in the international system. Globalization, economic interdependence, and technological advances have contributed to relativizing the rigidity of traditional state power boundaries.

In this context, the emergence of cyberspace has significantly amplified the tensions between territoriality and transnational information flows. Castells (2001) argues that the network society inaugurated a new spatiality based on flows, reducing the centrality of physical borders in the organization of power.

Joseph Nye (2010) adds that cyberspace has modified the way of projecting power by allowing state and non-state actors to produce strategic effects with low operational costs and high global reach.

1.2 Cyberspace as a Strategic Domain

Cyberspace can be understood as an environment integrated by physical, logical, and cognitive components responsible for the processing, storage, and circulation of information in digital networks.

Kuehl (2009) proposes that cyberspace be structured in three layers:

- Physical layer: composed of submarine cables, satellites, servers, data centers, and devices;

- Logical layer: formed by protocols, operating systems, software, algorithms, and addressing systems; and

- Cognitive layer: related to perceptions, narratives, behaviors, and informational disputes.

The interaction between these layers transforms cyberspace into a multidimensional environment in which security, economy, politics, and culture become deeply interdependent.

According to DeNardis (2020), internet governance has ceased to be merely a technical issue and has become a mechanism for exercising global power.

1.3 Cyber ​​Sovereignty and Digital Governance

The literature on cyber sovereignty presents distinct and often conflicting approaches. The Chinese perspective, represented by Fang Binxing, emphasizes the state's right to fully control the national cyber domain. In contrast, Western models tend to favor multi-stakeholder governance structures.

Deibert (2013) argues that control of digital infrastructures and information flows has become a central element of contemporary sovereignty. Mueller (2017) highlights that the physical location of servers and infrastructures determines jurisdiction and regulatory scope.

In parallel, digital sovereignty emerges as a concept associated with data protection, technological autonomy, and regulation of digital platforms. However, some of the literature treats the concepts of digital sovereignty and cyber sovereignty as equivalent, producing analytical ambiguities.

This article argues that digital sovereignty represents only one specific dimension of cyber sovereignty, focused primarily on the regulatory, economic, and informational aspects of the digital environment.

2. Methodology

This research is characterized as an integrative literature review of a qualitative, exploratory, and theoretical-conceptual nature, guided by the deductive method and an interdisciplinary approach. The choice of an integrative review stems from the need to articulate different theoretical traditions, International Relations, Strategic Studies, Law, Digital Governance, and Cybersecurity, aiming at the construction of an analytical model capable of explaining cyber sovereignty as a functional extension of contemporary state sovereignty.

Unlike a strictly systematic review, predominantly focused on measuring empirical evidence and statistical synthesis of results, the integrative review allows the combination of conceptual, normative, and analytical frameworks from different fields of knowledge, favoring the formulation of theoretical categories applicable to complex and multidimensional phenomena, such as cyberspace.

2.1 Methodological Design

The research was structured in four complementary analytical stages:

- Bibliographic survey and selection;

- Thematic categorization and conceptual analysis;

- Construction of the theoretical-analytical model; and

- Logical and comparative validation of the proposed model.

The bibliographic survey was carried out through exploratory and analytical searches in national and international academic databases, including Scopus, Web of Science, Google Scholar, JSTOR, SciELO, and institutional documents from international organizations related to digital governance and cybersecurity.

The following descriptors in Portuguese and English were used, both individually and in combination:

- cyber sovereignty;

- digital sovereignty;

- cyberspace;

- internet governance;

- cyber power;

- cybersecurity;

- state sovereignty; and

- digital governance.

The data collection focused on publications produced between 1999 and 2024, a period that encompasses the consolidation of cyberspace as a strategic domain of contemporary international relations.

2.2 Inclusion and Exclusion Criteria

Explicit criteria were adopted for the selection of the bibliographic corpus, seeking to confer greater methodological consistency and analytical validity to the study.

Works that presented at least one of the following elements were included:

- Conceptual discussion on state sovereignty and its contemporary transformations;

- Analysis of cyberspace as a strategic domain;

- Approach to digital governance, cybersecurity, or informational power;

- Relevant theoretical contributions to understanding the physical, logical, or cognitive dimensions of cyberspace; and

- Recognized academic, institutional, or geopolitical relevance in the international debate on sovereignty and cyberpower.

Authors widely referenced in the specialized literature, such as Krasner, Nye, Castells, DeNardis, Deibert, Mueller, Kuehl, and Kello, were also prioritized due to their theoretical centrality to debates on sovereignty, networks, governance, and cyberpower.

The following were excluded:

- Merely descriptive works without relevant conceptual contribution;

- Publications not peer-reviewed without institutional recognition;

- Redundant texts or texts with low adherence to the central research problem; and

- Studies focused exclusively on data privacy without relation to the strategic projection of state power.

2.3 Epistemological Justification of the Analytical Approach

The research adopts a constructivist-analytical epistemological perspective, understanding cyber sovereignty as a multidimensional and relational phenomenon, whose understanding requires instruments capable of representing interdependencies between material structures, informational flows, and projections of state power.

In this context, the use of set theory does not have a strictly mathematical-formal purpose but a heuristic and analytical function. Its adoption aims to represent, in a systematized way, the transversal and intersectional relationships between the classic domains of state sovereignty and the constituent layers of cyberspace.

Set theory was chosen because it allows the following:

- Representing multidimensional relationships between sovereign domains;

- To avoid territorial reductionisms applied to cyberspace;

- To logically demonstrate the interdependence between physical infrastructure, logical architecture, and cognitive dimension; and

- To structure a visually coherent and epistemologically integrative analytical model.

Thus, the model does not intend to produce positivist mathematical formalization but to offer an analytical tool aimed at the systemic understanding of cyber sovereignty.

2.4 Analytical Procedures

After the bibliographic selection, the material was submitted to qualitative thematic and categorical content analysis, focusing on five central axes:

- Classical sovereignty;

- Deterritorialization of power;

- Digital governance;

- Layers of cyberspace; and

- Strategic projection of state power.

Based on these categories, an interpretative synthesis process was carried out aimed at formulating the concept of cyber sovereignty and its constituent dimensions.

Subsequently, an analytical model was developed based on intersectional relationships between:

- Terrestrial sovereignty;

- Maritime sovereignty;

- Air sovereignty;

- Sidereal sovereignty; and

- Cyber ​​sovereignty.

The model seeks to demonstrate that cyberspace does not constitute an isolated domain but a transversal dimension integrated with other projections of state power.

2.5 Analytical Model and Theoretical-Mathematical Structuring

The proposed analytical model is based on a systemic approach inspired by set theory and the intersectional relationships between sovereign domains. The use of this structure has a heuristic, organizational, and interpretative purpose, seeking to logically represent the transversality of cyberspace in relation to the classical forms of exercising state power.

The adoption of set theory does not aim to mathematize the political phenomenon fully but to construct an analytical instrument capable of the following:

- Organizing complex categories of sovereignty;

- Representing multidimensional relationships between strategic domains;

- Identifying points of functional convergence between physical and digital structures; and

- Allowing comparative analysis of state sovereign capacities in the cyber environment.

In this sense, the model assumes an analytical-relational character, allowing us to visualize how cyberspace is articulated simultaneously with the territorial, maritime, aerial, and sidereal dimensions of state power.

2.5.1 Formal Structure of the Model

State sovereignty is represented as a multidimensional set:

S = ST ∪ SM ∪ SA ∪ SS ∪ SC

Where:

S: represents total state sovereignty;

ST: corresponds to land sovereignty;

SM: represents maritime sovereignty;

SA: refers to air sovereignty;

SS: corresponds to sidereal sovereignty; and

SC: represents cyber sovereignty.

The union operator (U) indicates that the domains do not act in isolation but compose an integrated system for projecting state power.

Cyber ​​sovereignty, in turn, is modeled as a subset composed of three structural layers:

SC = Cf ∪ Cl ∪ Cc

Where:

Cf: represents the physical layer of cyber sovereignty;

Cl: corresponds to the logical layer; and

Cc: refers to the cognitive layer.

The physical layer comprises material infrastructures, such as submarine cables, data centers, satellites, and energy networks. The logical layer involves protocols, software, algorithms, and communication systems. The cognitive layer corresponds to informational disputes, digital narratives, social perception, and strategic influence.

2.5.2 The Intersection Function (I)

The operational core of the model lies in the intersection function:

I: S x SC → R

Where:

I: represents the analytical intersection function;

S: corresponds to the classic domains of state sovereignty;

SC: represents cyber sovereignty; and

R: corresponds to the set of strategic relationships identified.

The function serves a specific methodological purpose: to identify the points of dependence, influence, and reciprocal vulnerability between the cyber domain and other sovereign domains.

In this way, the model allows us to observe that no cyber activity occurs in a way that is completely dissociated from state material or institutional structures.

For example:

- Cyberattacks against military satellites constitute an intersection between SC and SS;

- Digital sabotage in port systems represents an intersection between SC and SM;

- Information warfare operations targeting the civilian population produce an intersection between SC, territorial sovereignty, and the cognitive dimension of the state;

- Attacks against national energy systems demonstrate a simultaneous intersection between terrestrial infrastructure and the logical layer of cyberspace.

Thus, f(I) has not only illustrative value but also an operational analytical function, allowing the categorization of cyber events according to:

- Affected domain;

- Predominant cyber layer;

- Type of vulnerability produced;

- Resulting strategic impact; and

- Degree of dependence between physical and digital infrastructures.

2.5.3 Analytical Intersection Criteria

To avoid interpretative arbitrariness, the model adopts four criteria for identifying intersections:

- Infrastructural Criterion: Verifies whether cyber activity directly depends on material structures located in each sovereign domain.

- Functional Criterion: Analyzes whether the digital operation compromises strategic functions of the state, such as defense, communications, logistics, finance, or energy.

- Jurisdictional Criterion: Identifies the existence of normative, regulatory, or territorial competence exercised by the state over the affected infrastructure.

- Cognitive-Informational Criterion: Evaluates impacts on social perception, institutional stability, political narrative, or national decision-making autonomy.

The following analytical matrix represents the intersection between the layers of cyber sovereignty and the classic domains of state sovereignty:

Source: Moreno, Wanderlino Junior. Cyber ​​Sovereignty. 2026.

These criteria allow the modeling to be transformed into a comparative analysis tool applicable to case studies, cybersecurity, and public policy formulation.

2.5.4 Methodological Applicability of the Model

The model can be used as an analytical tool in different contexts:

- Identification of national strategic vulnerabilities;

- Analysis of hybrid attacks and cyber operations;

- Assessment of state technological dependence;

- Formulation of national cybersecurity strategies;

- Classification of cyber incidents by affected sovereign domain; and

- Comparative analysis between models of digital sovereignty and cyber sovereignty.

The main methodological contribution of the modeling consists in allowing a systemic reading of cyberspace, overcoming exclusively technical or territorial approaches.

In this way, cyber sovereignty ceases to be understood only as an abstract concept and begins to be analyzed as a relational structure integrated with other contemporary projections of state power.

2.6 Research Limitations

The research is predominantly theoretical in nature and does not involve quantitative empirical validation. Thus, the proposed model should be understood as an analytical-conceptual instrument subject to future improvements through comparative studies, empirical application, and testing in concrete cases of cyber governance and conflict.

Furthermore, it is recognized that the rapid technological transformation of cyberspace imposes constant conceptual updating, especially in light of the evolution of artificial intelligence, quantum computing, information warfare, and global digital infrastructures.

It is acknowledged that the proposed model has limitations inherent to the theoretical-conceptual nature of the research, and it is not possible to empirically generalize the results without comparative application in concrete case studies. Thus, it is recommended that future research carry out empirical validation of the model in contexts related to hybrid warfare, protection of critical infrastructures, and state cyber governance.

3. Results

3.1 Cyber ​​Sovereignty as an Extension of State Sovereignty

The investigation's results reveal that one cannot simply apply traditional forms of sovereignty to the digital environment. This is a multidimensional strategic projection of state power over the physical, logical, and cognitive structures that underpin cyberspace.

The analysis demonstrates that cyberspace is transversal to the terrestrial, maritime, aerial, and sidereal domains, producing structural interdependence between physical and digital environments.

This transversality demonstrates that no cyber activity operates entirely independently of material infrastructures. Submarine cables, satellites, servers, power grids, and data processing centers constitute the indispensable materiality for the functioning of cyberspace.

Consequently, cyber sovereignty emerges as a mechanism for integrating the classic domains of sovereignty and the new forms of exercising digital power.

3.2 The Physical Layer of Cyber ​​Sovereignty

The physical layer represents the most tangible dimension of cyber sovereignty, involving the control and protection of critical infrastructures that underpin the digital environment.

Mueller (2017) argues that the physical location of digital assets determines jurisdiction, regulatory capacity, and the reach of state authority.

In this context, infrastructures such as submarine cables; Satellites; data centers; telecommunications systems; and energy networks.

They assume strategic relevance equivalent to traditional national defense infrastructures.

The vulnerability of these structures increases the risks of sabotage, espionage, and disruption of essential services.

3.3 The Logical Layer of Cyber ​​Sovereignty

The logical layer comprises protocols, software, operating systems, algorithms, cryptography, and addressing systems responsible for network interoperability.

Brousseau, Marzouki, and Méadel (2012) observe that technological dependence on foreign platforms significantly reduces state autonomy.

Logical sovereignty is therefore manifested in the state's ability to:

- Develop its own technologies;

- Establish technical standards;

- Protect critical systems; and

- Reduce external strategic dependencies.

Attacks against the logical layer have a high destabilizing potential and can compromise financial, military, energy, and administrative systems.

3.4 The Cognitive Layer of Cyber ​​Sovereignty

The cognitive layer represents the most sensitive and complex dimension of cyber sovereignty, as it involves disputes related to social perception, narrative formation, political influence, and informational control. Unlike the physical and logical layers, whose materiality and operability can be more easily delimited, the cognitive dimension acts directly on the processes of interpreting reality, building consensus, and collective behaviour.

Contemporary literature on informational warfare and cognitive warfare suggests that cyberspace has ceased to be merely a technical environment for data circulation and has become a strategic space for the struggle for attention, trust, and the capacity to influence individuals and societies. In this context, digital platforms, recommendation algorithms, and automated information dissemination systems have come to play a central role in the contemporary projection of power.

Singer and Brooking (2018) argue that social networks have become instruments of "weaponization of information," allowing coordinated disinformation campaigns to produce large-scale political, social, and strategic effects. The speed of content circulation and the algorithmic capacity for behavioural segmentation significantly expand the potential to manipulate public opinion and interfere in democratic processes.

From another perspective, Zuboff (2019) argues that so-called surveillance capitalism has introduced a new logic of power based on the massive collection of behavioural data and the predictive capacity of algorithms. In this model, digital platforms not only control the flow of information, but they also change how people act, what they buy, and how they see politics. The cyber sovereignty of the state thus faces direct competition from transnational technology corporations capable of exercising private forms of cognitive power.

The problem becomes even more complex given the increasing use of artificial intelligence, algorithmic microtargeting, and digital psychological operations in contemporary geopolitical disputes. Recent NATO reports on cognitive warfare indicate that the objective of these operations is not limited to traditional disinformation but seeks to directly interfere in the cognitive processes of the population, influencing emotions, institutional trust, and collective decision-making capacity (NATO, 2021). In this context, cyber sovereignty is not limited to the technical control of digital networks and infrastructures but also involves the state's ability to protect the informational integrity of its population in the face of coordinated campaigns of external influence, algorithmic manipulation, and hybrid operations of a psychological nature.

Cognitive warfare differs from classic forms of propaganda because it operates in a decentralized, continuous, and highly personalized manner. Digital platforms use algorithmic mechanisms capable of amplifying polarizations, reinforcing cognitive biases, and producing fragmented informational environments. Crawford (2021) observes that artificial intelligence systems are not neutral but reflect political, economic, and ideological structures embedded in the technological architectures that support them.

Thus, the cognitive layer of cyber sovereignty can be understood as a space of dispute over the state's decisional autonomy and the preservation of social cohesion in digital environments marked by hyperconnectivity, the massive circulation of data, and the growing influence of state and non-state actors.

At the same time, some literature warns that expanding state capabilities for informational control can produce tensions between sovereignty, security, and fundamental rights. Deibert (2013) argues that digital surveillance mechanisms often expand governmental capacities for social monitoring, creating dilemmas related to privacy, freedom of expression, and democratic governance.

The analysis developed in this study suggests, therefore, that the cognitive dimension of cyber sovereignty should be interpreted as a hybrid field of power in which national security, geopolitical dispute, digital platforms, algorithmic architecture, and informational control are articulated. More than a simple communicational extension of the state, this layer represents one of the main contemporary arenas for the strategic projection of power in cyberspace.

3.5 The Intersection Function Between Domains of Sovereignty

The application of the intersection function (I) demonstrated that cyberspace is not an isolated domain but an environment integrated with other projections of state sovereignty.

The function (f): S × SC → I, makes it possible to identify the points of contact between cyber sovereignty and the terrestrial, maritime, aerial, and sidereal domains.

This intersection is a theoretical-methodological tool aimed at elucidating how cyberspace integrates with conventional formats of state power.

The function f(I) demonstrates that there is no completely autonomous cyberactivity. Any action in cyberspace inevitably intersects with a physical domain that is governed by legal and political norms.

By using a mathematical function to illustrate these relationships, it is noted that cyber sovereignty is not isolated, but rather intimately connected to traditional forms of sovereignty.

The results indicate three central analytical effects:

- Identification of critical vulnerabilities;

- Formulation of integrated public policies; and

- Consolidation of a unified governance model.

The intersection, which is mathematically modeled, therefore expresses the need for the state to reconcile a hybrid sovereignty, in which the cyber domain enhances or diminishes its capacity to exercise power over the terrestrial, aerial, maritime, and space domains.

This approach integrates a concept that transcends a simple mathematical framework and evolves into an analytical tool for understanding the interconnections between cyberspace and the traditional domains of sovereignty.

It emphasizes that state power in the information age must be understood as a simultaneously multidimensional and interconnected phenomenon.

The exclusion of overlaps between cyberspace and the terrestrial, maritime, aerial, and sidereal domains would result in an entirely abstract and independent sphere, formed mainly by its logical and cognitive dimensions.

In this context, it would be reduced to protocols, programming languages, algorithms, and network architectures, which can be designed and tested without the need for direct territorial support, resulting from interactions at the logical layer. Furthermore, the cognitive layer would preserve an abstract dimension that structures information and human experience. Under this condition, cyberspace would be a "dematerialized" space, sustained solely by mathematical abstraction, systems logic, and the construction of meaning.

Without points of contact with physical domains (terrestrial, maritime, aerial, and sidereal), cyberspace could not exist in effective communication networks. Furthermore, it could not guarantee the energy and technological infrastructure that enables it; only an abstract field of possibilities would remain: a perfect architecture for communication and data exchange but lacking the physical body necessary for its realization.

A cyberspace that had no intersection whatsoever, therefore, would not be a functional ecosystem. It would become a potential virtuality, a system of logical and cognitive models that become functional only when connected to the material aspects of the world.

In this way, cyber sovereignty is the extension of classical sovereignty to the digital environment, in line with land, sea, air, and space sovereignty, but maintaining peculiarities that arise from the globalized character and the impossibility of establishing rigid limits.

Aligned with the thinking of Ronald Deibert, in his work Black Code: Surveillance, Privacy, and the Dark Side of the Internet, it is assumed that cyber sovereignty is the ability to govern infrastructure and information, not just territory.

Cyber ​​sovereignty thus reveals itself as a strategic continuation of traditional sovereignty in a digitized environment.

3.6 Cyber ​​Sovereignty versus Digital Sovereignty

Comparative analysis shows that cyber sovereignty and digital sovereignty have points of convergence, but they are not equivalent concepts.

Digital sovereignty focuses predominantly on data protection; regulation of digital platforms; privacy; technological autonomy; and governance of the digital economy.

Cyber ​​sovereignty, on the other hand, has a broader scope, incorporating the following:

- National security;

- Cyber ​​defense;

- Protection of critical infrastructures;

- Information control;

- Strategic projection of power; and

- Decision-making autonomy of the state.

In the view of Miguel Reale, the father of the pentadimensional theory, cyber sovereignty is a phenomenon that must be analyzed in its complexity to arrive at a more adequate understanding from a dynamic integrative perspective.

This theory establishes that the legal phenomenon is fully comprehensible only through the dynamic interaction between fact, value, norm, time, and space. According to the author, "law is born from a dialectical process between fact, value, and norm" (Reale, 1968) and is then reinterpreted and restructured within the temporal and spatial dimensions that influence its effectiveness. It thus provides a valuable conceptual basis for understanding both the legal challenges of the digital environment and the pillars of cyber sovereignty.

The factual dimension of law pertains to social events that challenge the law and necessitate a normative response. In the digital context, such facts consist of ransomware attacks, cyber espionage, global traffic of personal data, artificial intelligence, algorithms, and global platforms with social influence. The legal fact is not an isolated event but an element of social life that provokes the need for normativity (Reale, 1976). In other words, in cyberspace, cyber sovereignty emerges as a response to technological innovations that surpass conventional limits.

Value is the aspect that gives meaning to the fact and guides the creation of norms. In the digital realm, the main values ​​at stake are national protection, defense of privacy, freedom of expression, network impartiality, independent technology, economic growth, and innovation. Cyberspace has become a field of axiological dispute, in which different governance models reflect different priorities of each State (Morigi, 2019). Cyber ​​sovereignty is, therefore, deeply value-laden. states that exalt security generally favour more restrictive models; those that value digital freedom tend to support multilateral or multi-sectoral governance that is more open.

From the relationships between fact and value, norms are born, which, for Reale, constitute "the objectification of what ought to be." In the domain of cyber sovereignty, norms can emerge as data protection legislation, cybersecurity legislation, national cybersecurity strategies, regulations for digital services and platforms, digital certification, and policies for critical infrastructure. Both states and private actors exercise power in cyberspace through the technical architecture and the norms that shape it (DeNardis, 2020). In this way, cyber sovereignty is legally established through laws that are a response to the risks and priorities of each nation.

Time is essential to understanding the legal phenomenon. In the digital environment, rules quickly lose validity, and disruptive technologies require constant regulatory review. Kuner (2020) points out that regulation faces "the paradox of legal slowness in the face of technological speed." This directly impacts cyber sovereignty, as a country's failure to update its legislation prevents it from safeguarding its infrastructure or ensuring fundamental rights in cyberspace.

The spatial dimension concerns the territorial and jurisdictional limits of law. However, in cyberspace, the state faces an environment: distributed, without a defined territory, with servers around the world and with data traveling between countries in milliseconds. According to Castells (2001), "cyberspace forms a new spatiality, that of flows, which transcends the space of places." When it comes to cyber sovereignty, the term means claiming jurisdiction over information stored outside the country, managing online traffic paths, imposing security requirements on foreign companies operating in the country, and protecting national infrastructures interconnected with the world. The theory shows that the current legal space goes beyond terrestrial geography, also encompassing digital, symbolic, informational, and technological territories.

The application of the Five-Dimensional Theory to the concept of cyber sovereignty shows us that:

- Technological development generates the urgency of cyber protection;

- Values ​​define which governance model

- The norms must be adopted;

- The norms afford cyber sovereignty its legal status;

- Time requires that policies be constantly updated; and

- Space redefines the limitations of the state in the digital world.

In this sense, it is concluded that digital sovereignty constitutes a specific dimension inserted in the broader concept of cyber sovereignty.

3.7 State Capacity and the DOAMEPI Model

The research results also demonstrate that cyber sovereignty depends directly on the state's capacity to develop integrated structural competencies.

The application of the DOAMEPI model is proposed, composed of the following:

Doctrine: The existence of legal foundations that establish procedures that regulate the state's cyber ecosystem is understood.

Organization: Governance must be established, in terms of institutional structures, that allows the state entity to fully develop its role as central regulator of activities carried out, whether in its cyberspace or in that of its interest.

Training: Indicates the readiness required by state structures geared towards cyber governance, which can be acquired through constant practice, simulated or not, with feedback as a vector for improvement.

Resources: Symbolize the material investments that the country must make to allow human resources focused on maintaining state autonomy and independence to develop and expand their skills.

Education: Is the basis for building an understanding of the potential necessary for operating in cyberspace. It is through education that personnel destined for the noble task of maintaining cyber sovereignty can evolve and contribute to strengthening the country in this complex, ambiguous, insecure, and volatile domain.

Personnel: This role represents the essence of the link between cyber sovereignty and the sense of patriotic duty, being fundamental in the development of the sovereign capacity of the state entity by representing the human component of the institutional structures geared towards cyber sovereignty.

Infrastructure: Encompasses all structural elements (physical facilities, equipment, and necessary services) that support the preparation and use of state elements, according to the specificity of each one and the fulfilment of the requirements for functional performance.

This model shows that cyber sovereignty does not only stem from the formal existence of legal norms but from the integration of human, technological, institutional, and strategic resources.

3.8 Case Study: The 2007 Cyberattacks on Estonia

The cyberattacks against Estonia in 2007 constitute one of the main historical milestones of contemporary cybersecurity and represent a relevant example for the analytical application of the theoretical model proposed in this study. The episode demonstrated, in a concrete way, how cyberspace has become integrated into geopolitical disputes and mechanisms for projecting state power, highlighting the interdependence between the physical, logical, and cognitive layers of cyber sovereignty.

The political context of the attacks was related to the Estonian government's decision to remove the Soviet monument known as the "Bronze Soldier," located in Tallinn. The measure generated strong diplomatic tension with the Russian Federation and triggered internal protests, accompanied by intense digital mobilization and disinformation campaigns in virtual environments.

In this scenario, government institutions, banks, communication systems, media outlets, and strategic digital infrastructures in Estonia began to suffer successive waves of distributed denial-of-service (DDoS) attacks, temporarily compromising the availability of essential public and private services. According to Ottis (2008), the attacks represented one of the first situations in which a highly digitized state faced a large-scale coordinated cyber offensive.

The application of the analytical model developed in this article allows us to understand that the attacks were not limited to the logical layer of cyberspace. Although operationalized through the overloading of servers and communication systems, the effects produced simultaneously affected different dimensions of state sovereignty.

Critical telecommunications infrastructures, government servers, and financial systems connected to the internet experienced a direct impact at the physical layer. Estonia's structural dependence on digital networks highlighted the centrality of technological infrastructures for maintaining the functional capacity of the contemporary state.

At the logical layer, the attacks exploited vulnerabilities related to network architecture, communication protocols, and digital management systems, demonstrating that cyber sovereignty also depends on the state's ability to protect its logical infrastructure against coordinated acts of digital sabotage.

However, it was at the cognitive layer that the strategic effects proved most significant. Alongside the technical attacks, there was intense circulation of narrative campaigns, social polarization, and dissemination of content aimed at increasing internal political instability. The crisis highlighted that contemporary cyber operations frequently combine technical attacks with mechanisms of informational influence and psychological pressure.

Based on the intersection function proposed in this study—I: S × SC → R—it is simultaneously possible to identify multiple points of intersection between cyber sovereignty and state territorial sovereignty. The attacks resulted in a simultaneous intersection between territorial sovereignty, economic freedom, and the impacts on the banking and financial system:

- Territorial sovereignty, due to the partial paralysis of national public services;

- Economic freedom, due to the impacts on the banking and financial system;

- Informational autonomy, in the face of disinformation campaigns and narrative manipulation; and

- Political authority, considering the effects on institutional stability and public trust.

The Estonian case demonstrates that cyberspace does not operate as an isolated domain but as a transversal environment integrated into the classic structures of state power projection. The offensive revealed that digital vulnerabilities can produce strategic effects equivalent to those observed in conventional diplomatic, economic, or military crises.

Furthermore, the events of 2007 contributed to redefining the international understanding of cyber defense. After the attacks, Estonia significantly expanded its digital security capabilities and began to play a central role in the formulation of international cybersecurity policies, later hosting NATO's Cooperative Cyber ​​Defense Centre of Excellence (CCDCOE).

From an analytical perspective, the case reinforces the central hypothesis of this article: cyber sovereignty constitutes a functional and strategic extension of contemporary state sovereignty. The Estonian experience shows that the ability to protect digital infrastructures, guarantee informational stability, and preserve decisional autonomy has become an indispensable element for maintaining state power in the 21st century.

Therefore, the cyberattacks on Estonia provide empirical evidence that cyber sovereignty extends beyond the mere technical governance of digital networks. It is a strategic dimension integrated into the dynamics of national security, state defense, and contemporary geopolitical competition.

4. Final Considerations

The growing centrality of cyberspace in contemporary political, economic, military, and informational dynamics poses new challenges to the classical understanding of state sovereignty. In this context, the present study sought to develop a theoretical-conceptual proposition aimed at understanding cyber sovereignty as a strategic dimension articulated with the transformations of power in the 21st century.

Based on an integrative literature review and the construction of an analytical model grounded in set theory and the intersectional relationships between sovereign domains, it was proposed to interpret cyber sovereignty as a functional extension of classical sovereignty, projected onto the physical, logical, and cognitive layers of cyberspace.

The analysis developed suggests that cyberspace should not be understood as an isolated or exclusively virtual domain but as a transversal and relational environment, permanently connected to the material infrastructures, informational flows, and institutional structures of the contemporary state. In this sense, the proposed modelling allows us to visualize how cyber capabilities interact with the terrestrial, maritime, aerial, and outer domains, producing new forms of dependence, vulnerability, and strategic projection of power.

The study also suggests that digital sovereignty, while relevant, represents only a specific dimension of cyber sovereignty, focusing predominantly on the regulatory, economic, and informational aspects of digital governance. Cyber ​​sovereignty, in turn, has a broader scope, involving national security, protection of critical infrastructures, technological autonomy, informational control, and strategic state capacity in the digital environment.

The use of set theory and the analytical intersection function was not intended to produce a strict mathematical formalization of the political phenomenon but to offer a heuristic tool capable of organizing complex relationships between sovereignty, technology, and power. Thus, the main contribution of the work lies in the proposition of an interpretative model aimed at the conceptual systematization of the interactions between cyberspace and the traditional domains of state sovereignty.

From a methodological perspective, the research sought to contribute to the advancement of discussions on cyber sovereignty by incorporating an interdisciplinary approach that articulates international relations, strategic studies, digital governance and cybersecurity. At the same time, it is recognized that the proposed model is predominantly theoretical in nature, not constituting a definitive empirical validation of the hypotheses presented.

Thus, the results should be understood as analytical propositions subject to future deepening, especially through empirical application in case studies, comparative analysis between national cybersecurity strategies, and investigation of contemporary cyber operations.

Finally, it is considered that the rapid technological evolution of cyberspace—especially considering advances in artificial intelligence, quantum computing, algorithmic automation, and global informational disputes— will continue to produce reconfigurations in the ways in which state power is exercised. In this context, cyber sovereignty tends to consolidate itself as an increasingly relevant analytical category for understanding the relationships between the state, technology, and governance in the contemporary international system.