MIT Logo

Cyber Deterrence

URL:
https://law.emory.edu/eilr/content/volume-26/issue-2/symposium%20/cyber-deterrence.html
Abstract:

The importance of cyber deterrence is increasing as cyber attacks are increasing from both state and non-state actors. While cyber deterrence can be paralleled to traditional Cold War deterrence in the sense that they both do include the retaliation component, cyber security differs in the sense that it is much more flexible due to the defensive strategies it employs. Specifically, using invulnerability, invisibility, interdependence, and resiliency are new, effective strategies to cyber deterrence. Also, it must be noted that with the rise of new cyber deterrence strategies also comes the rise of legal issues that must be addressed.
Another way of thinking of invulnerability is “even if you try, you can’t catch me.” The power of invulnerability is that attacks by actors would essentially be futile, discouraging lots of cyber attacks and increasing the security of a system. However, creating a system that is so protected that actors are dissuaded to even try to attack is incredibly difficult, especially on the scale of the U.S. cyberspace. Also, it leads to many legal issues, such as the requirements that would need to be put in place to ensure such a secure system.
Resiliency is the idea that a country’s cyber networks are so strong that an attack wouldn’t hurt them. However, it should be noted that this will not stop attackers who are after specific information that resides on one computer. Resiliency has two components: redundancy and reconstitution. Redundancy is when a system’s required capabilities are run from multiple different computers, so that shutting down one computer will not be detrimental to the system. Reconstitution is when a nation (or other organization) can restore their system after an attack so quickly that even though the attack still took place, its effects were minimal.
Invisibility is what it sounds like: if an adversary simply cannot find the systems or computers it intends to attack, it will be discouraged from conducting the attack. The attacker will allocate their time and weapons elsewhere. One potential legal issue with invisibility is that hiding a system effectively may cause problems as the true attributes of the system are hidden from the public, which may violate cybersecurity laws.
Interdependence is the idea of becoming digitally interconnected with other nations, so much so that an attack by a foreign actor on a U.S. computer or system will directly affect them as well, since the U.S. cyberspace is interwoven with that of the country of the attacker. Attackers would be deterred due to the fact that they are either causing harm to their own country, or causing harm to another country whom they do not intend to hurt. However, interdependence could easily lead to issues of foreign policy.
Clearly, deterrence did not stop after the Cold War. Although the need for deterrence is shifting from the physical sphere to the digital, it is still ever important and must be talked about considering its nuances and potential consequences. While invulnerability, resiliency, invisibility, and interdependence are respectable solutions to the issue of cyber deterrence, they all have their own associated legal issues.

Author:
Eric Talbot Jensen
Domain: ,
Dimension: , ,
Region:
Data Type: , ,
Keywords: , , , , , ,
MIT Political Science
MIT Political Science
ECIR
GSS