Retaliatory Deterrence in Cyberspace

The view that deterrence is of little value in securing the nation’s information infrastructure is based on a Cold War model of strategic nuclear deterrence. If one examines other approaches to preventing attack, however, deterrence may make significant contributions to US security in cyberspace. Success, however, will require a new mind-set and changed expectations. Deterrence is ingrained in US national security posture. It dominated Cold War debates and thinking about preventing Soviet aggression againstvital US national interests. The lack of a direct US–Soviet war seemed to confirm its utility. Indeed, with the collapse of Soviet communism, deterrence advocates continued to proclaim its primary value in preventing aggression by lesser threats. In 1996, then-secretary of defense William Perry asserted, “And if these powers [rogue states] should ever pose a threat, our ability to retaliate with an overwhelming nuclear response will serve as a deterrent. Deterrence has protected us from the established nuclear arsenals for decades, and it will continue to protect us.”

Yet, more than two decades into the information age, US policymakers are still working through its applicability in cyberspace. This article first examines cyber vulnerabilities then moves to cyberdeterrence alternatives. Finally it proposes a cyberdeterrent posture and policy.

Partner & Fellow Blogs