Incident Response, TDR, Threat Management

Report: Cyberdeterrence may be unwise military strategy

The United States shouldn't place too much optimism in its ability to stop cyberattacks by threatening to launch them against its enemy.

That was one of the key findings of a report, “Cyberdetterance and Cyberwar," released Thursday. The report was prepared by nonprofit research group RAND Corp. and commissioned by the U.S. Air Force.

The 203-page report evaluates the merits of cyberdeterrence, a tactic defined by the study as having the capability to "do unto others what others may do unto us." In other words, the report examines whether the United States should threaten to retaliate to cyberattacks as a means of deterring them.

"Cyberdeterrence seems like it would be a good idea,” Martin Libicki, senior management scientist with Rand and the report's author, wrote. "Game theory supports the belief that it might work. The nuclear standoff between the United States and the Soviet Union during the Cold War — which never went hot — provides the historical basis for believing cyberdeterrence should work.”

But Libicki argues that cyberwar presents unique challenges that hinder cyberdeterrence, such as the difficulty of knowing who attackers are, what damages they caused, and if they can repeat the attack.

“Hitting the wrong person back not only weakens the logic of deterrence…but makes a new enemy,” Libicki wrote. “Instead of facing one potential cyberwar, the defender may now face two.”

While deterrence may not be a viable strategy, the U.S. military still must protect its networks and systems, which it uses to function, Libicki told on Thursday.

“The military has no choice but to assess the threats against it and protect its networks as well as it can,” he said. “They do have to be continually prepared.”

In the report, he suggested focusing on diplomatic, economic and prosecutorial efforts.

Cybersecurity has received considerable attention by the military this year.

In June, Defense Secretary Robert Gates ordered the establishment of the U.S. Cyber Command to protect military networks and organize digital security efforts underway at the Pentagon.

The command is not yet operational but is expected to be soon, Department of Defense (DoD) spokesman Lt. Col. Eric Butterbaugh told in an email on Thursday.

The Navy last week announced it will merge its information technology, intelligence and communications operations into one organization to improve cybersecurity efforts. The reorganization is planned to be completed by the end of the year.

In addition, during August the 24th Air Force Command, intended to defend the Air Force from cyber intrusions, was activated.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.