In lieu of an abstract, here is a brief excerpt of the content:

C H A P T E R 7 A New Framework for Cyber Deterrence Jeffrey R. Cooper Introduction: ‘‘Si vis pacem, para bellum’’ INFORMATION HAS ALWAYS BEEN a key element of national power and influence. Enabled by modern digital technologies, worldwide communications and information networks have fundamentally reshaped patterns of international trade, finance, and global intercourse in general. These patterns affect not only economic relationships but also political and social relationships. Due to interdependencies created by these new patterns, even authoritarian regimes cannot maintain the closed autarchic economies of the past. New actors, many of them entities other than states, now interact in novel ways and play important roles in the international system. As a consequence, with the collapse of the Cold War’s bipolar structure, forces enabled by digital technologies significantly refashioned international relations and created new national security challenges. Importantly, digital information and the infrastructure that processes and carries it—what we commonly call ‘‘cyber systems’’—have their own special characteristics and possess particular strengths and weaknesses. Cyber capabilities—with novel intrinsic properties—provide both powerful tools and weapons but also represent sources of great potential vulnerability. These conditions have created a powerful interest in better protecting our information and the cyber infrastructures through which it is processed and transmitted. As part of an effective and comprehensive security strategy to secure our cyber environment, deterrence merits attention as potentially one important component. Understanding Deterrence Deterrence was never an end in itself but rather a mechanism to forestall the Soviet Union from initiating destabilizing acts of aggression. The United States employed 105 106 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A New Framework for Cyber Deterrence deterrence to support an overarching strategy of containment with the objective of allowing internal pressures to modify, over the long term, the dynamics of that regime. We can similarly employ deterrence as an element in implementing an overall national strategy for cyber; but without strategy, there is no effective way to assess the benefits and the costs of such an approach, other than by immediate consequences of the actions an actor takes. Deterring cyber threats requires moving beyond the common proposition that deterrence rests solely upon the threat of punitive retaliation. Not only is that incorrect but it too tightly binds deterrence to solving the twin problems of attribution and identity—both of which may be very difficult for cyber attacks. Where direct retaliation can be effective, deterrence by threats of punishment can still be credible. But they may be less attractive to decision makers because the effects of retaliatory cyber attacks are likely to be less predictable and create more unintended consequences than other response options. Moreover, since credible attribution and identi fication may not be feasible for many cyber threats, this chapter proposes concepts for deterrence less reliant on direct retaliation. The specific concepts of nuclear deterrence practiced during the Cold War were developed to suit the particular conditions of the contest between the United States and the Soviet Union—a Manichean struggle between nuclear-armed super powers within a bipolar structure that disappeared in 1991.1 The new logic for deterrence flows from the realization that Cold War deterrence was formulated for conditions that no longer exist; disentangling the general principles of deterrence from those tied to that particular environment is essential. For application to the emerging range of cyber threats, deterrence must now be rethought and adapted for the conditions of a distinctive cyber domain within a different geostrategic environment, including a far broader set of actors whose motivations and behaviors are much different than assumed for previous opponents. The logic of a new deterrence must address three important factors: (1) an international system with a wide range of actors who exist within complicated new contexts created by multiple relationships and roles; (2) a cyber environment with special characteristics ; and (3) an understanding that networks, both physical and virtual, possess different properties than other forms of relationships and these can significantly impact the decision calculus.2 This chapter introduces two new concepts that can serve as a basis for improving deterrence of threats to critical cyber capabilities: (1) the cooperation, competition, and conflict (3Cs) framework; and (2) networked deterrence. Cyber Deterrence: Changing Logics There are obvious inconsistencies between the foundational bases of traditional deterrence and the current conditions of the international system. Traditional US nuclear deterrence doctrine rested upon an intellectual foundation of an international system built on four Enlightenment-era pillars.3 First, that international system was based...

Share