Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assessing Deterrence Options for Cyberweapons

Published byYulia Hartanto Modified over 6 years ago

Similar presentations

Presentation on theme: "Assessing Deterrence Options for Cyberweapons"— Presentation transcript:

1 Assessing Deterrence Options for Cyberweapons
Elizabeth E. Wanic and Neil C. Rowe (presenter) U.S. Naval Postgraduate School Monterey, California, USA

2 Motivation Deterrence doesn’t seem to be working in cyberspace.
The U.S. is being attacked repeatedly in cyberspace by Russia, China, Iran, and North Korea. However, some forms of cyber-deterrence seem to be working: No countries have launched a cyberwar even when they have capability to do so. Cyber operations today deliberately fall short of “armed attack”. Can we still deter them if we cannot threaten major retaliation?

3 Defining deterrence “Discouraging adversaries against taking an action against your interests.” Two forms: Deterrence by punishment: Threaten that an attack will be met by a worse counterattack in response. Threat needs to be credible. It is hard to be credible in cyberspace without giving away at least some secrets. Deterrence by punishment doesn’t work well in deterring crime since criminals aren’t very rational. Deterrence by denial: Make adversary think they will waste resources attacking you. Also requires a credible reason they will waste their time, but this is hard to prove. Requires a cost-benefit analysis by the adversary.

4 Traditional deterrence
Deterrence works well with conventional weapons. If you have a large army, it deters another army from invading you. How do you demonstrate capabilities? Do a military exercise. Do a weapons test. How do you show the will to use weapons? Make clear the weapons are easy to use, as by showing many ways to deliver them. Make clear you have plenty of weapons. Affirm your determination to resist aggression in public statements.

5 Credibility of cyberweapons as a deterrent
The U.S. is being repeatedly attacked in cyberspace by China. Why doesn’t the big U.S. arsenal of cyberweapons deter China? Possible reasons: Chinese cyberattacks do not rise to the level of an “armed attack” in international law which would justify counterattack. Cyberattacks on U.S. businesses are often easy, and victims can blame their cybersecurity as inadequate rather than China. Deterrence is not credible because the U.S. has rarely used cyberweapons. Retaliation risks escalation, and the U.S. is more vulnerable in cyberspace than China. China does not believe the U.S. will risk escalation.

6 Key problems with cyber-deterrence
Cyber weapons are highly varied compared to conventional military weapons. Thus it is hard to assess their threat. Cyberweapons usually exploit flaws in software, and flaws can get fixed unexpectedly, making the weapon useless. Adversaries may not act rationally according to a reasonable cost-benefit analysis. It could be hard to attribute cyber attacks to a country, though the technology for doing so is getting better. Damage assessment of a cyber attack is difficult. Victim may not know they have been attacked, so attack may have little effect. Attacker may do overkill in an attack to be sure of success. Cyberattacks may have unexpected consequences since everything is connected in cyberspace.

7 Country specifics Russia has signed agreements regarding cyberattacks, but has not stopped them. Deterrence is not working. China has been stealing intellectual property for some time, and deterrence is not working against them. Iran has been deterred to some extent from cyber attacks on major powers even though they have the capability. North Korea has not been deterred on cyber attacks, but most of their attacks are symbolic or for monetary gain. It is hard to reason with a dictatorship. The U.S. has been successfully deterred from attacks against Russia and China.

8 Tactics for cyber deterrence (1)
Stockpiling cyber weapons It’s hard to convince people you have cyber weapons because revealing anything hurts their effectiveness. Fake demonstrations are easy to arrange for cyber weapons. Cyber weapons become obsolete quickly since software flaws can get fixed unexpectedly. Criminal investigation of cyberattacks Most cyberattacks violate national cybercrime laws, so they can be prosecuted. Indictments can serve notice of potential retaliation as well as ability to attribute a cyberattack. However, it’s hard to extradite criminals whose governments want to protect them.

9 Tactics for cyber deterrence (2)
Sanctions Economic sanctions have worked in the past against a wide range of countries. They require substantial international agreement. Most cyberattacking nations are already under sanctions for other reasons, so more sanctions won’t do much. International agreements The Tallinn Manuals represents a good attempt at norms for cyber operations as well as cyber war. However, they are not law. Getting laws for cyberspace has been difficult. Nonetheless, de facto standards are emerging. This has already happened with ideas in the Tallinn Manuals.

10 Tactics for cyber deterrence (3)
Improving cyber defenses If an adversary is sure they won’t succeed with a cyber attack (as against the U.S. military), they likely won’t try. Cyber defense can be demonstrated without giving away too many secrets. Active defenses like planting deceptive “bait” files can discourage adversaries from using stolen data. Demonstrations of capabilities A potential victim can stage a demonstration of its defense or offense. Such demonstrations can be faked in a controlled environment. Alternatively, a real counterattack on a real target can indicate capabilities.

11 Tactics for cyber deterrence (4)
Counterattack Can be automated so adversary is sure they will suffer. Can be non-automated but staged to have a major effect. Counterattacks to cyber attacks need not be cyber attacks, especially if the original attack was serious. Counterattacks are justified in international law, unlike first attacks.

12 Conclusions Cyber deterrence is hard, but it is becoming more possible, as capabilities become better understood. Stockpiling does not seem useful. This is different from conventional weapons. International agreements are a good idea, even partial ones. Cyber operations cover a broad spectrum, so a range of activities can have a deterrent effect.

Download ppt "Assessing Deterrence Options for Cyberweapons"

Similar presentations

FREEDOM OF SPEECH. The Harm Principle and Free Speech Another difficult case is hate speech. Most European liberal democracies have limitations on hate.

FREEDOM OF SPEECH. The Harm Principle and Free Speech Another difficult case is hate speech. Most European liberal democracies have limitations on hate.
Challenge of Nuclear Weapons

Challenge of Nuclear Weapons
PAGE 1 | Gradient colors 14 149 115 0 121 91 13 137 105 RGBRGB Diagrams 142 230 0 127 205 0 137 222 0 RGBRGB 242 174 107 255 131 0 240 161 82 RGBRGB 166.

PAGE 1 | Gradient colors RGBRGB Diagrams RGBRGB RGBRGB 166.
The best US foreign policy is one based on contemporary understandings of realism. Such a policy would be more successful, particularly in avoiding wars,

The best US foreign policy is one based on contemporary understandings of realism. Such a policy would be more successful, particularly in avoiding wars,
Internet Vulnerabilities & Criminal Activity Cyber Terrorism and Cyber Warfare November 14, 2011 Cyber Terrorism and Cyber Warfare November 14, 2011.

Internet Vulnerabilities & Criminal Activity Cyber Terrorism and Cyber Warfare November 14, 2011 Cyber Terrorism and Cyber Warfare November 14, 2011.
Cyber Capabilities Example IT 298 / Bohman January 6 th, 2014.

Cyber Capabilities Example IT 298 / Bohman January 6 th, 2014.
Article: The Cyberweapon that could take down the Internet By Jacob Aron February 11, 2011 Presentation by Jacob Russell CSCE390 April 18 th, 2011.

Article: The Cyberweapon that could take down the Internet By Jacob Aron February 11, 2011 Presentation by Jacob Russell CSCE390 April 18 th, 2011.
Copyright Myths. If it doesn't have a copyright notice, it's not copyrighted. This was true in the past, but today almost all major nations follow the.

Copyright Myths. "If it doesn't have a copyright notice, it's not copyrighted." This was true in the past, but today almost all major nations follow the.
The Philosophy of Exotischism Ignorance Is No Excuse 1 Most of us have heard the old expression ignorance is no excuse for breaking the law. If courts.

The Philosophy of Exotischism Ignorance Is No Excuse 1 Most of us have heard the old expression "ignorance is no excuse for breaking the law". If courts.
Article Summaries - Affirmative Offshore Wind. Article 1 Offshore Wind has: the capability of powering 1/3 of the U.S, especially the East Coast's larger.

Article Summaries - Affirmative Offshore Wind. Article 1 Offshore Wind has: the capability of powering 1/3 of the U.S, especially the East Coast's larger.
17th WATCH: Cyberwar -- Without the Magical Thinking Stewart A. Baker Steptoe & Johnson THURSDAY July 18 th, Noon, Room 110 W ashington A rea T rustworthy.

17th WATCH: Cyberwar -- Without the Magical Thinking Stewart A. Baker Steptoe & Johnson THURSDAY July 18 th, Noon, Room 110 W ashington A rea T rustworthy.
Understanding and distinguishing among cyber activities Dave Piscitello VP Security and ICT Coordination, ICANN.

Understanding and distinguishing among cyber activities Dave Piscitello VP Security and ICT Coordination, ICANN.
THE THREAT LANDSCAPE FROM CYBERCRIME TO CYBER-WAR David Emm Global Research and Analysis Team.

THE THREAT LANDSCAPE FROM CYBERCRIME TO CYBER-WAR David Emm Global Research and Analysis Team.
Crime & Punishment The Aims of Punishment Deterrence.

Crime & Punishment The Aims of Punishment Deterrence.
The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.
Copyright © 2015 Scott Borg/U.S. Cyber Consequences Unit. All rights reserved. Making Economics a Cyber-Security Weapon Scott Borg Director (CEO) and Chief.

Copyright © 2015 Scott Borg/U.S. Cyber Consequences Unit. All rights reserved. Making Economics a Cyber-Security Weapon Scott Borg Director (CEO) and Chief.
Can North Korea Build More Nuclear Weapons?. A North Korean People’s Army naval unit tests a new type of anti-ship cruise missile in this undated photo.

Can North Korea Build More Nuclear Weapons?. A North Korean People’s Army naval unit tests a new type of anti-ship cruise missile in this undated photo.
Defense Policy Making You may not be interested in war, but war is interested in you.

Defense Policy Making You may not be interested in war, but war is interested in you.
April 27 th  Learning Target  I can understand the threat of nuclear proliferation.  Opener  Name all the countries you can think of that have nuclear.

April 27 th  Learning Target  I can understand the threat of nuclear proliferation.  Opener  Name all the countries you can think of that have nuclear.
DO WE REALLY NEED TO WORRY ABOUT WMDS? What is a “weapon of mass destruction”? Why are they “different”? Is the classification WMD an example of hegemony?

DO WE REALLY NEED TO WORRY ABOUT WMDS? What is a “weapon of mass destruction”? Why are they “different”? Is the classification WMD an example of hegemony?

Similar presentations

Ads by Google