Skip to Main Content
Have library access? Log in through your library
Research Report

CYBER AND DETERRENCE: The Military-Civil Nexus in High-End Conflict

Franklin D. Kramer
Robert J. Butler
Catherine Lotrionte
Copyright Date: Jan. 1, 2017
Published by: Atlantic Council
Pages: 26
  • Cite this Item

Table of Contents

  1. (pp. 1-3)

    This paper analyzes cyber’s role in deterrence and defense—and specifically the military-civil nexus and the relationship between the Department of Defense (DoD), the civil agencies, and the key private operational cyber entities, in particular the Internet Service Providers (ISPs) and electric grid operators. The focus of the paper is on high-end conflict including actions by an advanced cyber adversary, whether state or nonstate, and not on the “day-to-day” intrusions and attacks as regularly occur and are generally dealt with by governmental agencies and the private sector without military involvement. High-end conflict can be expected to include attacks within the...

  2. (pp. 3-6)

    A starting point for analysis is to recognize that in conflict or prior to conflict, and focusing on deterrence and readiness, cyber is only a part of the overall picture. As Secretary of Defense Ashton Carter has stated the United States and its allies and partners face five key military or potential military challenges: 1) Russia, particularly facing NATO in the east; 2) North Korea, with the US deterrent encompassing its treaty allies of both the Republic of Korea and Japan; 3) the Gulf, where the Gulf Cooperation Council countries are subject to Iranian threat; 4) the continuous violent activities...

  3. (pp. 6-11)

    Civil-military coordination is critical to the protection and resilience of both the telecom and electric grid networks. There are ongoing substantial efforts by the US government (USG) and the private sector to generate such results. These efforts include the administration’s recent Presidential Policy Directive 41 (PPD-41),29 the Cybersecurity National Action Plan,30 and the Cybersecurity Information Sharing Act.31 Sector-specific programs such as the Cybersecurity Risk Information Sharing Program (CRISP)32 and the Electricity Subsector Cybersecurity Capability Maturity Model (C2M2)33 focused on the electric grid are steps in the right direction in facilitating public-private partnerships, but they currently do not include DoD. Rather,...

  4. (pp. 11-11)

    The 2015 DoD Cyber Strategy provides the foundation for a DoD role in a cyberattack against the US power grid and ISPs, but it does not provide explicit direction as to how DoD would help grid operators or ISPs operators in conducting such operations. Rather, the strategy provides a framework to develop the plans for possible DoD support while leaving key issues unresolved.

    It is imperative to tackle these unresolved issues related to DoD’s possible roles. A first step is to recognize that such activity by the DoD is fully in keeping with the long-standing Department of Defense function to...

  5. (pp. 12-18)

    In a high-end conflict, the military will rely heavily on the availability of the telecommunication and electric grid networks, and those networks likewise will likely need the assistance of the military to remain operationally effective, especially as an adversary in a high-end conflict can be expected to attack on a repeated basis. Understanding cross-sectoral dependencies and potential cascading effects from attacks will be crucial. Accordingly, for mission assurance and to achieve deterrence and/or successful defense with respect to such a conflict or potential conflict situation, particularly against high-end cyber adversaries, the military, civil authorities, and the ISPs and grid operators...

  6. (pp. 18-21)

    In a conflict, cyber security will be as or more important in forward theaters as it will be in the United States. Most US allies and partners do not have the same cyber capabilities as DoD, yet it will be their infrastructures and national capabilities that US forces will be relying upon for numerous tasks. Accordingly, the concept of “extended cyber deterrence” will be an important role for the DoD in connection with each of the theaters noted above. The concepts are set forth in the issue brief “Cyber, Extended Deterrence, and NATO,”90 but their application goes beyond NATO to...

  7. (pp. 21-21)
    Franklin D. Kramer, Robert J. Butler and Catherine Lotrionte

    High-end conflict will create challenging requirements for cyber, far beyond those that are already faced on an ongoing basis. The DoD needs to work with civil authorities and the ISPs and grid operators in the United States and forward theaters to create the prospects for deterrence and, if necessary, to defend and prevail in conflict....