What is the Future of Cyber Deterrence?

Scholars and practitioners alike have debated the feasibility of applying deterrence models to cyberspace. Advocates of "cyber persistence theory," for instance, posit that deterrence strategies are unlikely to succeed in the cyber domain. In contrast, the Cyberspace Solarium Commission's March 2020 report advocates for updating traditional deterrence concepts to account for the implications of emerging technologies, calling for the United States to implement a strategy of "layered cyber deterrence" In this article, we unpack the concept of cyber deterrence from three perspectives: definitional differences; distinguishing between general and specific deterrence; and the role of thresholds. Based on our analysis, we demonstrate why cyber strategies anchored in persistent engagement and near-constant offensive maneuver are insufficient to address the range of threat actor behavior in cyberspace. Instead, we offer a theoretical framework that articulates the conditions under which deterrence is possible in cyberspace. Finally, we conclude by providing policy recommendations for the United States.