By James Van De Velde
Deterrence is based on the elements of denial (denying an adversary’s attempt to attack our interests) and punishment (inflicting unacceptable costs to the attacker in reply for having conducted the attack). At present, most U.S. cyber deterrence efforts have been defensive. And, so far, the United States has yet to reply to a cyber-intrusion with punishment via a cyber operation. Although a state could pursue deterrence via defense alone, without both elements – denial and punishment – deterrence will be weak or fail. To date, cyberspace operations worldwide have been dominated by the offense of malicious actors and the absence of retaliatory punishment by the United States.
Deterrence via denial alone is hard and without an enormously increased commitment, likely impossible. The cyber victim is always in the hopeless position of trying to discern what adversary accesses exist in one’s networks and how to stop such malicious intrusions. Adversary capabilities are written specifically to enter these networks surreptitiously and conduct malicious operations in secret.READ MORE