Deterrence of Cyber Attacks and U.S. National Security

This paper draws on deterrence theory to analyze the challenges that the United States faces in deterring cyber attacks. We begin by briefly reviewing the basic logic of deterrence theory and relating it to the challenge posed by cyber attacks. The following section explores what is commonly viewed as the key problem in deterring cyber attacks—the “attribution problem” arises when a state cannot determine who has attacked it and therefore cannot credibly threaten to respond. We suggest that this barrier to deterrence has been exaggerated, while acknowledging that it does create a number of dangers. The following two sections discuss deterrence of different types of cyber attacks—those designed to damage the U.S. economy and society, and those designed to weaken U.S. conventional military forces. The final section highlights a few points, including the need for the United States to design a clear declaratory policy that explains its cyber deterrence strategy and the importance of integrating deterrence into a multilayer policy designed to protect the United States from cyber attacks. Work supported by the Office of the Vice President for Academic Affairs and the School of Engineering and Applied Science of the George Washington University