Cyberdeterrence and Cyberwar

Cyberdeterrence and Cyberwar

MARTIN C. LIBICKI
Copyright Date: 2009
Published by: RAND Corporation
Pages: 238
https://www.jstor.org/stable/10.7249/mg877af
  • Cite this Item
  • Book Info
    Cyberdeterrence and Cyberwar
    Book Description:

    Cyberspace, where information--and hence serious value--is stored and manipulated, is a tempting target. An attacker could be a person, group, or state and may disrupt or corrupt the systems from which cyberspace is built. When states are involved, it is tempting to compare fights to warfare, but there are important differences. The author addresses these differences and ways the United States protect itself in the face of attack.

    eISBN: 978-0-8330-4875-2
    Subjects: Technology, Political Science

Table of Contents

  1. Front Matter
    (pp. i-ii)
  2. Preface
    (pp. iii-iv)
  3. Table of Contents
    (pp. v-viii)
  4. Figures
    (pp. ix-x)
  5. Tables
    (pp. xi-xii)
  6. Summary
    (pp. xiii-xx)
  7. Acknowledgements
    (pp. xxi-xxii)
  8. Abbreviations
    (pp. xxiii-xxiv)
  9. CHAPTER ONE Introduction
    (pp. 1-10)

    In late April 2007, Estonia moved a Russian war memorial from central Tallinn to a military cemetery, outraging its Russian-speaking population and thereby leading to two days of riots. While this was going on, the country’s key Web sites (notably government and bank sites) were flooded by a distributed denial-of-service (DDOS) attack carried out by thousands of hijacked computers (also known as bots).¹

    Although Estonia is small, it is well wired (Skype was launched there), and the country had accustomed itself to being able to conduct business in cyberspace. Furthermore, several hundred thousand Estonians work overseas, and their ability to...

  10. CHAPTER TWO A Conceptual Framework
    (pp. 11-38)

    Cyberspace is a thing of contrasts: It is a space and is thus similar to such other media of contention as the land and sea. It is also a space unlike any other, making it dissimilar. Cyberspace has to be appreciated on its own merits; it is a man-made construct.² Only after coming to such an appreciation is it possible to pick through what we believe we know about deterrence, physical warfare, and warfare in other media to figure out which elements apply in cyberspace and to what extent.

    Cyberspace is a virtual medium, one far less tangible than ground,...

  11. CHAPTER THREE Why Cyberdeterrence Is Different
    (pp. 39-74)

    Cyberdeterrence seems like it would be a good idea. Game theory supports the belief that it might work. The nuclear standoff between the United States and the Soviet Union during the Cold War—which never went hot—provides the historical basis for believing cyberdeterrence should work.

    It may well work. This chapter, however, lays out nine questions—three critical and six ancillary—that would differentiate cyberdeterrence from nuclear deterrence or general military deterrence. Such differences all work to the detriment of cyberdeterrence as a policy, and they illustrate why and how cyberdeterrence may be quite problematic. Expressed in terms of...

  12. CHAPTER FOUR Why the Purpose of the Original Cyberattack Matters
    (pp. 75-90)

    The first question a potential retaliator must ask is what the attacker was trying to achieve with its (presumably unprovoked) attack. Answers may indicate how legitimate and wise retaliation is and whether other strategies need to be pursued. From a strategic perspective, having a good idea of why a state carried out a cyberattack offers some insight into its decisionmaking calculus. Understanding what it stands to gain or lose through an attack helps immensely in figuring out what kind and level of retaliation—if any—can tip the attacker’s thinking away from initiating or continuing cyberattacks. Its motivation will also...

  13. CHAPTER FIVE A Strategy of Response
    (pp. 91-116)

    A state that has announced an unambiguous deterrence policy leaves itself little maneuvering room once another state has attacked it in cyberspace. States, however, may not necessarily want to find themselves boxed in and may thus want to explore less-risky or less-harmful options to achieve a relative degree of peace in cyberspace.

    Those who decide on retaliation, if their decisions are not prepackaged, need to ponder certain choices. How public or private should the confrontation be? When should it happen? What should the state do about hackers that might enjoy the sanction of other states? To what extent should it...

  14. CHAPTER SIX Strategic Cyberwar
    (pp. 117-138)

    A campaign of cyberattacks launched by one entity against a state and its society, primarily but not exclusively for the purpose of affecting the target state’s behavior, would bestrategic cyberwar

    The attacking entity can be a state or a nonstate actor. To echo the distinction made in Chapter Two, if the attacker is a nonstate entity, it is unlikely to present much of a target for the defending state to hit back against, although states that support or tolerate them may be subject to countercoercion. For this reason, this discussion will focus on state-on-state contests, which present a richer...

  15. CHAPTER SEVEN Operational Cyberwar
    (pp. 139-158)

    Operational cyberwar consists of wartime cyberattacks against military targets and military-related civilian targets.¹ Even if this does not constitute raw power, it can be a decisive force multiplier if employed carefully, discriminately, and at precisely the right time.

    For this discussion, the context is a conflict between the United States and an opponent that also relies heavily on computer networks to conduct military operations (a growing candidate list as digitization becomes the norm). Because operational cyberwar against military targets is not an escalation of physical warfare, it does not raise broader questions about the depth of the war. Those who...

  16. CHAPTER EIGHT Cyberdefense
    (pp. 159-174)

    This monograph has strongly implied the importance of defending cyberspace thus far, largely because deterrence appears to be too problematic to offer much surcease from cyberattacks. Even DoD, which does have an offensive cyberwar mission, will likely spendand need to spendfar more on defense than on offense—of which the ability to retaliate, hence deter, can only be part. A similar tilt is likely to characterize the U.S. Air Force as well, despite its global strike role.¹

    This chapter examines cyberdefense from the top down—first at the architecture, policy, and strategy level and only then at the...

  17. CHAPTER NINE Tricky Terrain
    (pp. 175-178)

    When facing a threat that cannot be denied, a potential target can attempt to defend, disarm, or deter. As Figure 9.1 illustrates, the best mix of the three may depend on what mode of warfare is at issue.

    In traditional land combat, for instance, the emphasis was on disarming the enemy in combat. Relying on defense generally did not work very well (the Maginot line being a prime example), and deterrence by threat of punishment generally required a disarmed or poorly armed enemy (Sherman’s march through Georgia, for example). In late medieval times, when castles were strong and artillery had...

  18. APPENDIXES

    • APPENDIX A What Constitutes an Act of War in Cyberspace?
      (pp. 179-182)
    • APPENDIX B The Calculus of Explicit Versus Implicit Deterrence
      (pp. 183-198)
    • APPENDIX C The Dim Prospects for Cyber Arms Control
      (pp. 199-202)
  19. References
    (pp. 203-214)