Cyber-Deterrence

"To counteract the threat of potentially catastrophic cyber-attacks against critical infrastructure, policy makers are increasingly contemplating the use of deterrence strategies to supplement cyber-defense. Deterrence has traditionally focused primarily on threatening a potential attacker with a punishing response in order to deter attacks from occurring. However, because of the particular characteristics of cyberspace a general deterrence policy based on threatened retaliation may not be sufficient to deter, and, in some circumstances, may be counter-productive. Thus, this chapter examines an expanded framework for cyber-deterrence policy that includes four factors: (1) penalty (the familiar notion of increasing the cost of attack through punishment), (2) futility (the notion of frustrating attack through resilience or recovery capabilities), (3) dependency (the notion of interdependence as a moderating influence), and (4) counter-productivity (the notion that collateral backlash can check behavior). " (Direct Quote)