Strategic Deterrence in Cyberspace

This research outlines practical steps that the United States can take to improve strategic deterrence in cyberspace. The unique character of cyberspace requires tailoring of traditional deterrence strategies to fit the domain. This research uses the Deterrence Operations Joint Operating Concept (DO JOC) and the New Triad as models for organizing deterrence operations. The DO JOC focuses on tailoring deterrence operations based on the actor; but deterrence operations must be also be tailored to the uniqueness of cyberspace. The effective tailoring of deterrence operations for cyberspace will require both the application of new ways and means and the tailoring of traditional deterrence concepts to fit this new domain. Practical application of cyber strategic deterrence involves: issuance of US declaratory cyber deterrence policy; removing sanctuaries for cyber adversaries; changing US and adversary mindsets and expectations for what is permitted in cyberspace; changes to military planning in order to conduct operations in consideration of adversary cyber capability; and appreciation of the key policy tradeoffs with respect to cyber deterrence implementation. Cyberspace deterrence should include all three ways of implementing a deterrence strategy: imposing costs, denying benefits, and inducing adversary restraint. Influencing the "Consequences of Restraint" fulcrum through attribution, identity management, and incentivizing trust holds great promise for cyberspace deterrence.