This blogpost argues that the thinking behind cyber deterrence used to follow a similar line of thought as standard deterrence, in the tangible, non-cyber world, but this is no longer the case. The idea of standard deterrence dates back to the Cold War, for example, where nuclear deterrence prevented either side from waging a war because the risks and costs of the war outweighed the advantages. A figure that highlights this central idea of traditional deterrence “going out of style” is the number of journals, books, and reports written on cyber deterrence over the years. This number peaks at around 2016 and have been on the decline ever since, begging the question, why is traditional deterrence not good enough and what are some alternate methods of deterrence that can be used as a country?
The author discusses that with attacks being cheap and easy for anyone to launch, the standard form of deterrence is less and less effective. Instead, they observe that research on cyber deterrence is going in two directions: one, using a “strategy of persistent engagement”, where state actors take a preemptive and preventive approach to fending off cyberattacks, and two, a “cross-domain deterrence” strategy, where actors combine their capabilities in different fields to make more “coercive threats” and make other actors’ perceive this state actor to be more powerful.
