The national security of the United States depends on a secure, reliable and resilient cyberspace. The inclusion of digital systems into every aspect of US national security has been underway since World War II and has increased with the proliferation of Internet-enabled devices. There is an increasing need to develop a robust deterrence framework within which the United States and its allies can dissuade would-be adversaries from engaging in various cyber activities. Yet despite a desire to deter adversaries, the problems associated with dissuasion remain complex, multifaceted, poorly understood and imprecisely specified. Challenges, including credibility, attribution, escalation and conflict management, remain ever-present and challenge the United States in its efforts to foster security in cyberspace. These challenges need to be addressed in a deliberate and multidisciplinary approach that combines political and technical realities to provide a robust set of policy options to decision makers. The Cyber Deterrence Problem brings together a multidisciplinary team of scholars with expertise in computer science, deterrence theory, cognitive psychology, intelligence studies and conflict management to analyze and develop a robust assessment of the necessary requirements and attributes for achieving deterrence in cyberspace. Beyond simply addressing the base challenges associated with deterrence, many of the chapters also propose strategies and tactics to enhance deterrence in cyberspace and emphasize conceptualizing how the United States deters adversaries.

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. The first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. The second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. Although the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed.

Cyberspace, where information--and hence serious value--is stored and manipulated, is a tempting target. An attacker could be a person, group, or state and may disrupt or corrupt the systems from which cyberspace is built. When states are involved, it is tempting to compare fights to warfare, but there are important differences. The author addresses these differences and ways the United States protect itself in the face of attack.

This book creates a framework for understanding and using cyberpower in support of national security. Cyberspace and cyberpower are now critical elements of international security. United States needs a national policy which employs cyberpower to support its national security interests.

While the deterrence of cyber attacks is one of the most important issues facing the United States and other nations, the application of deterrence theory to the cyber realm is problematic. This study introduces cyber warfare and reviews the challenges associated with deterring cyber attacks, offering key recommendations to aid the deterrence of major cyber attacks.

“We are dropping cyber bombs. We have never done that before.”—U.S. Defense Department official A new era of war fighting is emerging for the U.S. military. Hi-tech weapons have given way to hi tech in a number of instances recently: A computer virus is unleashed that destroys centrifuges in Iran, slowing that country’s attempt to build a nuclear weapon. ISIS, which has made the internet the backbone of its terror operations, finds its network-based command and control systems are overwhelmed in a cyber attack. A number of North Korean ballistic missiles fail on launch, reportedly because their systems were compromised by a cyber campaign. Offensive cyber operations like these have become important components of U.S. defense strategy and their role will grow larger. But just what offensive cyber weapons are and how they could be used remains clouded by secrecy. This new volume by Amy Zegart and Herb Lin is a groundbreaking discussion and exploration of cyber weapons with a focus on their strategic dimensions. It brings together many of the leading specialists in the field to provide new and incisive analysis of what former CIA director Michael Hayden has called “digital combat power” and how the United States should incorporate that power into its national security strategy.

A fresh and refined appraisal of today's top cyber threats

Cyber attacks are difficult to attribute. As a result, they pose specific problems for a potential cyber-deterrence doctrine. This paper examines five cases of cyber attacks to illustrate the problems of attribution, which informs a discussion of the feasibility of a classical deterrence framework in attempting to deter cyber attacks.

This open access volume surveys the state of the field to examine whether a fifth wave of deterrence theory is emerging. Bringing together insights from world-leading experts from three continents, the volume identifies the most pressing strategic challenges, frames theoretical concepts, and describes new strategies. The use and utility of deterrence in today’s strategic environment is a topic of paramount concern to scholars, strategists and policymakers. Ours is a period of considerable strategic turbulence, which in recent years has featured a renewed emphasis on nuclear weapons used in defence postures across different theatres; a dramatic growth in the scale of military cyber capabilities and the frequency with which these are used; and rapid technological progress including the proliferation of long-range strike and unmanned systems. These military-strategic developments occur in a polarized international system, where cooperation between leading powers on arms control regimes is breaking down, states widely make use of hybrid conflict strategies, and the number of internationalized intrastate proxy conflicts has quintupled over the past two decades. Contemporary conflict actors exploit a wider gamut of coercive instruments, which they apply across a wider range of domains. The prevalence of multi-domain coercion across but also beyond traditional dimensions of armed conflict raises an important question: what does effective deterrence look like in the 21st century? Answering that question requires a re-appraisal of key theoretical concepts and dominant strategies of Western and non-Western actors in order to assess how they hold up in today’s world. Air Commodore Professor Dr. Frans Osinga is the Chair of the War Studies Department of the Netherlands Defence Academy and the Special Chair in War Studies at the University Leiden. Dr. Tim Sweijs is the Director of Research at The Hague Centre for Strategic Studies and a Research Fellow at the Faculty of Military Sciences of the Netherlands Defence Academy in Breda.

In recent years, the importance of operating in and protecting the cyber domain has gained much attention. As long as our nation relies on computer networks as a foundation for military and economic power, our national and economic security are at risk through the cyber domain. Cyber attacks on US industry and government systems severely impact our economy and ability to execute modern network-centric warfare. Our reliance on networked systems and the high costs associated with cyber attacks have led many leaders in the US government and Department of Defense to focus resources toward developing a strategy for deterring adversaries from attacking our networks in the first place. This effort has led to much debate about the question, is cyber deterrence possible? Deterrence in the cyber domain is drastically different and far more complicated than in other military domains (air, land, sea, and space). Cyber weapons and offensive cyber techniques are relatively inexpensive and easily obtained or developed. The number of adversary groups capable of attacking US networks is large, and our ability to deter each group will vary based on its motives and levels of risk tolerance. An effective cyber deterrence strategy must be multilayered and use all instruments of US national power. This paper discusses the difficulties of deterring unwanted cyber activities, provides some realistic expectations for a deterrence strategy, and offers proposals to help mitigate the problems.