Cyber Brief: Cybersecurity and Deterrence
35+ YEARS OF FREEDOM OF INFORMATION ACTION
The January 2018 publication of a draft of the Trump administration’s Nuclear Posture Review (NPR) has raised questions about modern concepts of deterrence and the potential link between cyber and nuclear weapons. Today’s posting provides both the draft and final versions of the NPR, and for context adds a number of related studies on deterrence in the current cyber environment. The draft suggests that a cyberattack specifically on U.S. nuclear command, control, and communications (NC3) could warrant a nuclear retaliation – a notion not as plainly expressed in the final document.
New to the Cyber Vault
Document 01
Source
This document examines the state of US nuclear forces and deterrence policy in an era of increased aggression and uncertainty in outer space and cyber space. The document also examines how the principle strategic rivals to the US use strategic assets, to include cyber capabilities, to asymmetrically counter US nuclear and non-nuclear conventional power. This pre-decisional draft includes on page 12 language explaining how flexible nuclear forces could be used to deter attacks on nuclear communications, command, and control (NC3).
Document 02
Source
This document examines the state of US nuclear forces and deterrence policy in an era of increased aggression and uncertainty in outer space and cyber space. The document also examines how the principle strategic rivals to the US use strategic assets, to include cyber capabilities, to asymmetrically counter US nuclear and non-nuclear conventional power.
Document 03
Source
This paper places questions of cyber deterrence within the wider context of escalation and deterrence occurring simultaneously in multiple domains and a reliance on weapons systems depending on more than one domain to function.
Document 04
Source
This journal article examines the similarities and differences between cyberspace and the more conventionally considered domains of land, air, and sea, and explores how this affects how conventional deterrence theory translates to cyberspace.
Document 05
Source
This paper examines the concept of cyber deterrence by exploring difficulties, outlining reasonable expectations, and providing proposals for deterring potentially harmful cyber activities.
From the Cyber Vault
This paper, prepared for a British think tank, examines the nature of the cyber challenge to nuclear weapons, the specific actions hackers might take against nuclear systems (including espionage, sabotage, or 'spoofing'), and the implications for strategic stability, crisis management, and nuclear strategy.
This report specified, and elaborated on, four guiding principles that the task force believed the Defense Department and other elements of the U.S. government should take account of in working to enhance the U.S. cyber deterrence posture. Principles include developing a cyber deterrence posture which has deterrence by denial and by cost imposition components, understanding the values of key adversary decision makers, development of credible response options at different levels of conflict, and ensuring that the issues in the event of an attack are how and when to respond as well as how to connect the response to the attack.
In this testimony, Dr. Libicki discusses four prerequisites for an effective cyberdeterrence posture: the ability to attribute attacks, the communication of thresholds (what actions will lead to reprisals), the credibility of threats to retaliate, and the capability to carry out reprisals.
This testimony notes the studies conducted by the Defense Science Board on cyber issues, identifies fundamental principles of cyber deterrence, and discusses three cyber deterrence challenges (plan and conduct tailored deterrence campaigns, create a cyber-resilient "thin line" of key U.S. strike systems, and pursue foundational capabilities)