Cyber Analysis Workshop - Cyber Deterrence Page
Our nation including forces contributing to natioal security rely on cyber. What can we do to deter attacks? How can we analyze those efforts? Note: some of this discussion may be on the SPIRNET MORS Cyber site.
M. Elain Bunn wrote "Can Deterrence Be Tailored?" in Strategic Forum (No. 225, January 2007), available at http://stinet.dtic.mil/cgi-bin/GetTRDoc?AD=ADA463735&Location=U2&doc=GetTRDoc.pdf. This article outlines many of the challenges of deterrence.
–Background Discussion
Here are some interesting background articles:
–
counter_cyberwar[1].pdf cronin_parameters[1].pdf
cyberweapons-controls.doc SF225.pdf
Insert background and discussion here:
In James Mulvenon's article "Toward a Cyberconflict Studies Research Agenda" (available at http://www.cyberconflict.org/pdf/IEEEarticlefinal.pdf) he raises many fine questions that apply to the different aspects of our cyberanalysis working group that we must be cognizant of when looking at the challenges we face. Several of the questions apply specifically to the prospects of cyberspace deterrence.
- What factors will govern the capacity of a state or organization to deter a cyber attack?
- What characteristics of cyberwarfare capabilities will constitute the most effective deterrent against certain types of adversaries?
- What thresholds for response can we establish?
- How could coercive and deterrent uses of cyberwarfare forces likely fail or fall short?
- Will threats of decapitation or paralyzing communications substantially change crisis dynamics, and if so, in what types of situations?
Issues
–
What must be remembered in deterrence is that for the deterrent threat to be perceived as credible, the one who is seeking to deter must show it has the capabilities and intentions to follow through with its actions; this is the basis of a valid deterrent. The problem here lies within the need to overtly show that an actor possesses some offensive and defensive cyber capabilities without showing its full hand. Since many cyber capabilities might possibly be used in a single shot capacity before being rendered ineffective, actors may use their tools solely in a covert or clandestine fashion. Without making its intentions and a few of its capabilities known to the aggressors, the aggressor may not accurately perceive the message and cyber deterrence would fail.
In this domain in which equal damage can be inflicted by individuals or nation states with an almost infinite variety of motives, incentives, and notions of rationality, and in which attribution is an unsolved problem, traditional notions of deterrence action may need rethinking. For example, taking a demonstrative action that shuts down or damages computers or network links through which an attack is routed, may or may not reach the source attacking party in any topological or timely way- but could cause enormous collateral damage to non-adversaries or to one's own economy, society, or security.
At the least, until a deterring party can focus tightly on setting priorities about the assets it desires to protect, and exposing noticeableactions to both protect and respond, it seems likely to be in a permanent defensive posture, learning from successful attacks only that it is vulnerable.
Current Analysis Approaches
Insert current analytical framework or approaches here:
–
Potential Enhancements or Alternative Analytical Approaches
Insert proposals here:
–
Recommendations to Improve Analytical Approaches
Insert proposed recommendations here:
Comments (0)
You don't have permission to comment on this page.