Report: Cyberdeterrence may be unwise military strategy

Share this article:
The United States shouldn't place too much optimism in its ability to stop cyberattacks by threatening to launch them against its enemy.

That was one of the key findings of a report, “Cyberdetterance and Cyberwar," released Thursday. The report was prepared by nonprofit research group RAND Corp. and commissioned by the U.S. Air Force.

The 203-page report evaluates the merits of cyberdeterrence, a tactic defined by the study as having the capability to "do unto others what others may do unto us." In other words, the report examines whether the United States should threaten to retaliate to cyberattacks as a means of deterring them.

"Cyberdeterrence seems like it would be a good idea,” Martin Libicki, senior management scientist with Rand and the report's author, wrote. "Game theory supports the belief that it might work. The nuclear standoff between the United States and the Soviet Union during the Cold War — which never went hot — provides the historical basis for believing cyberdeterrence should work.”

But Libicki argues that cyberwar presents unique challenges that hinder cyberdeterrence, such as the difficulty of knowing who attackers are, what damages they caused, and if they can repeat the attack.

“Hitting the wrong person back not only weakens the logic of deterrence…but makes a new enemy,” Libicki wrote. “Instead of facing one potential cyberwar, the defender may now face two.”

While deterrence may not be a viable strategy, the U.S. military still must protect its networks and systems, which it uses to function, Libicki told on Thursday.

“The military has no choice but to assess the threats against it and protect its networks as well as it can,” he said. “They do have to be continually prepared.”

In the report, he suggested focusing on diplomatic, economic and prosecutorial efforts.

Cybersecurity has received considerable attention by the military this year.

In June, Defense Secretary Robert Gates ordered the establishment of the U.S. Cyber Command to protect military networks and organize digital security efforts underway at the Pentagon.

The command is not yet operational but is expected to be soon, Department of Defense (DoD) spokesman Lt. Col. Eric Butterbaugh told in an email on Thursday.

The Navy last week announced it will merge its information technology, intelligence and communications operations into one organization to improve cybersecurity efforts. The reorganization is planned to be completed by the end of the year.

In addition, during August the 24th Air Force Command, intended to defend the Air Force from cyber intrusions, was activated.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.