Home > Information technology essays > Deterrence in cyberspace

Essay: Deterrence in cyberspace

by

Essay details and download:

  • Subject area(s): Information technology essays
  • Reading time: 11 minutes
  • Price: Free download
  • Published: 15 September 2019*
  • Last Modified: 22 July 2024
  • File format: Text
  • Words: 3,019 (approx)
  • Number of pages: 13 (approx)

Text preview of this essay:

This page of the essay has 3,019 words.

The concept of deterrence

Deterrence is a strategy that is  intended to discourage actions taken by an adversary (a state,  a non-state, an organization, a person) in order to prevent serious consequences.  The concept of deterrence was defined by Paul Huth as “the use of threats by one party to convince another party to refrain from initiating some course of action ”.

Deterrence is a notion that suggests that A has the interest, capability and determination to retaliate and that should be the reason why B should refrain from actions in fear of consequences.  Deterrence is a form of coercion, but less challenging. The cost of deterrence is low in comparison with the benefit obtained. The deterrent wants to impose the idea that he possesses the tools to respond (military, partners, money, specialists), that will involve unbearable costs and that will respond in case of an attack.

In order to make deterrence effective, decision makers have to correctly identify threats and create deterrence strategies that discourage these threats. If these two, threat and deterrence don’t meet in the middle the purpose of deterrence may not be achieved. If A created a deterrence strategy for a false threat, this one may not be effective because you can’t really deter somebody that isn’t threatening youor doesn’t feel threatened by your deterrence actions. On the other part, if A doesn’t take measures to identify and deter a serious threat, it may face an attack that could have greater consequences.  The example presented before refers only to a little part of the international relations. In this case, certainty is rare, but uncertainty and unknown facts are more frequent. Uncertainty in the case of deterring means that it could leave something to the destiny. If B believes that attacking A will escalate with greater consequences for both parties, the uncertainty in this case will deter him from attacking.

Deterrence seeks to maintain the “status quo” and refrains to take actions that would change the “status quo”. In order to achieve and maintain a peaceful environment, it is easier to turn to deterrence then to coercion.  Deterrence has many advantages as low costs, passive actions and no harm.

The concept of cyberspace

Deterrence in cyberspace is a need for present times. The evolution of technology had an impact also on warfare. Cyberspace is “the notional environment in which communication over computer network occurs ”.  Better definitions of cyberspace state that it is the “nervous system- the control system of our country…composed of hundreds of thousands of interconnected computers, servers, routers, switches, and fiber optic cables that allow our critical infrastructures to work. ” “Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures ”.  A more comprehensive definition states that “cyberspace means the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. ”

Deterrence in Cyberspace

Deterrence is an old tool that was used by leaders. In the Cold War period, deterrence was a military strategy that was applied to discourage the use of nuclear weapons. These weapons had the potential to destroy the enemy, but also the aggressor. The power of destruction of these weapons was so high that it put at risk not just the two actors, but also the world. The evolution of weapons and technology made a change on the way and space to be at war.

In order to prevent these consequences, most superpowers refrained from attacking each other because they had nuclear arsenal and that would mean mutual assured destruction. In order to win a war, you must survive and in these conditions that would not be possible. The evolution of conventional weapons made a step forward even in this area by creating three different delivery systems in order to make sure a second strike was capable to respond and cause massive destruction to the attacker.

In case of an attack, with all these capabilities, mutual assured destruction is not only achievable but also sure. On order to prevent it, the actions of arms race determined a mutual deterrence. In the present times, the international arm control tries to find a solution to minimize the level of mutual assured destruction. Deterrence has more advantages than an attack if analysed in a cost-benefit.

Deterrence is characterized by:

  • Discouragement to attack
  • Passive action
  • Undetermined period
  • Keep status quo or improve it
  • Define threats
  • Costs are low
  • Multiple benefits.

The disadvantages/ shortages of deterrence:

  • The success cannot be proved to be a result of it
  • The deterrence strategy may not address the threat
  • The result is not permanent
  • Uncertainty
  • Uncertain about the capabilities of the attacker
  • Need of constant adaptability to realities.

Deterrence in cyberspace is very different from the deterrence against nuclear weapons, but it achieves the same goal, to make the opponent to change his will to attack. The deterrence in cyberspace has many uncertainty factors, while the one against nuclear weapons was based on real, concrete facts.

1. First of all, in cyberspace the attacker is unknown (attribution). In the past, when the threat was a nuclear war, and “you’re attacked by a missile, you can follow its trajectory back to where it was launched from. When you’re attacked in cyberspace, figuring out who did it is much harder. The reality of international aggression in cyberspace will change how we approach defense. ” The case of attribution comes into discussion because the cyberspace is a place that allows and gives liberty to individuals, organizations, state and non-state actors to act.

Their actions could be made without leaving traces or clues about the place they act, who they are or to who they respond. Knowing this, there are put into discussion multiple aspects as:

a) Who is responsible for the attack

b) Is this the action of a hacker or a state

c) What is the purpose of the attack

d) Is the attack a single action or will be followed by a reply

e) What is the reason behind the attack

f) Are there any victims

Taking into consideration that the attacker is unknown, the victim of the attack cannot respond or defend itself. In the past, when a conventional war took place, a response was easier, not only because there were military capacities to respond, but because the attacker was known. That is why deterrence in cyberspace should have a very important role. Deterrence is at the moment the only weapon any cyberspace victim has at its hand, no matter if we speak about a state, a company or a person. An attack can come to any of that and from any state, company or person.

Attribution is the most important problem that is being faced in an attack in cyberspace. In order to achieve this there is a need to find an attacker to an attack. In the past that was an easy task, but in the present times, when the attacker wants to remain anonymous it is a harder task to identify it. There are also attackers that make their actions public in order to show their power over the victim.

The attribution debate evolves slowly and the solution proposed is to redesign the internet or to create a legal framework that could deter and in case of violation, to punish the perpetrator. These are short term solutions because in the case of redesigning the internet this process is made by those that also have the knowledge to be able to attack. So this could mean that you put the knife in the hands of the killer. Also, this solution is not valid on a long term because of the evolution of technology and the hackers or proxy actors will always find a solution to achieve their goals without being punished.

Having all this said, the attribution is an open debate also in respect of retaliation. The victim has to be certain of who is the attacker in order not to leave space for interpretation, hesitation or to respond to the wrong person. The importance of correct attribution is essential in order to maintain peace and stability.

In the case of a wrong attribution and a response to an innocent state, actor, company or person, the consequences can be worse and the event can escalade from a cyberattack to a military attack. Also, in case of hesitation and wrong attribution, the actor that retaliates could lose its credibility.

To avoid this, states should collaborate between them and elaborate rules of actions, create organizations that imply mutual respect and lack of attacks, and deterrence strategies that discourage any attack in a real way. Also, deterrence in cyberspace is vital and should be a process that improves and adapts day by day, hour by hour. Technology improves every day and so does the threats so a day-by-day review of the deterrence strategy is needed.

2. Second of all, the intention(purpose and reason) for the attack is unknown. This fact could show multiple aspects about the attacker or the victim. The attacker, a state or a non-state actor might want to show how powerful he is, how vulnerable the victim is, maybe it wanted to destabilize the victim or just send a message. The attacker has all the cards because it proved that the victim is weak, vulnerable while it can remain unknown, unpunished and free to continue with the attacks.

Deterrence in this case is essential. The first step to deter is to convince the perpetrator not to attack. This could be achieved by a cost benefit presentation, by imposing drastic sanctions or a military response in case of a known perpetrator.

The cost benefit analysis on deterrence could refer to aspects as:

  • Deterrence by denial (denial of benefits for the attacker)
  • Deterrence by punishment ( punishments so big that they make attackers reconsider their intentions)
  • Deterrence concentrated on retaliation (the future victims deter attackers using a strategy that promotes retaliation by all means: cyber, military, sanctions).

An instrument that could also deter future attackers is a  collaboration between states. If states or victims could reach consensus on how to approach an attack in cyberspace, how to prevent it and how to punish it, the attacker could feel threatened by the united forces and would give up his intentions.

This will not only deter attackers, but will also minimize the costs of deterrence and the costs that are involved in the process of recovery or identification of perpetrator. It is a proven fact that deterrence is lower in cost than a response to an attack. Taking this into consideration, a collaboration between states is not only beneficial in costs, but also may deter from the start an actor that in the case of not being included had the capabilities to become an attacker. Involving as many states as possible decrease the number of possible attacks, reach a consensus about a legal framework that could punish attacks and achieve peace, security and stability.

In order to achieve international peace, superpowers should help developing countries to protect themselves against an attack. Weak countries don’t have the means, capabilities and could become vulnerable and sure victims for attackers. Another arguments in support of this idea is that an attack against a weak and vulnerable country could destabilize in international environment and have effects on all countries.

An attack against a hospital could be very harmful and could create major problems in a country. The attacks on states should not induce the idea that attacks on individual are less important. Any attack is a problem and a vulnerability.

Another important part of the reason refers to the purpose and type of information attacked or stolen. There are 3 types of targets: Confidentiality, Integrity and Availability.

  • Confidentiality attacks “are nothing more than traditional espionage achieved through high tech means. Most of the sophisticated cyber attacks that are seen launched by either nation states or criminal groups fall into this category. History has shown us that espionage, known as the second oldest profession, has been around for nearly as long as there has been a human civilization and is an act that, while considered to be a sign of unfriendly relations, has become an internationally accepted norm that typically does not trigger more than a diplomatic retaliatory response ”.
  • Integrity attacks “are much more insidious as they are designed to achieve a tactical or strategic advantage over an adversary by sabotaging the operation of their critical civilian or military information systems. The sabotage can involve manipulation of data inside information systems that can degrade or distort the situational awareness capability of the adversary by spreading misinformation inside their intelligence systems with either a tactical objective to obscure specific activities that may be under surveillance or to achieve a strategic surprise in preparation for an attack. It can also involve subversion of physical devices and processes that are guided or operated by information systems, such as manipulation of weapons guidance systems to cause them to fire off-target. Targets can also include civilian critical infrastructure resources, such as electric grid, stock market and other financial databases, water filtration plans and others. ”
  • Availability attacks “are those that attempt to bring information systems offline in order to shutdown or destroy critical physical or virtual processes or prevent access to information. Long-lasting attacks can cause devastating damage to the economy, such as those that cause prolonged electricity or communication network blackouts. Short duration attacks that are surgically targeted at intelligence collection and analysis capability can blind a nation’s ability to see an immediate strategic conventional or broader cyber threat by denying defenders access to vital situational awareness data or intelligence resources. Thus, just as with integrity attacks, availability threats can, under certain circumstances, present a serious national security danger and must be deterrable in a broader deterrence strategy .

Solutions to be taken into consideration to prevent and counter attacks in cyberspace

In order to achieve peace and security and the deterrence to be effective, there is a need to :

  • Build a credible threat detection capability. This means that a procedure should be created to identify threats in order to create deterrence mechanisms for it. Also there is a need to make public this threats and “ shame” them and this is also a deterrence factor. Another instrument that comes in hand is to adapt the threats on a regular and frequent basis in be able to deter and take measures.
  • Attribution. This solution should be analysed in depth because if there are mechanisms to identify the attacker, the attacks would decrease because they would be afraid of retaliation, consequences, costs and punishment. I believe that the attribution is a key factor to achieve security. Even though punishment and retaliation could be made without attribution, that would not be as fair in the eyes of the people. They don’t have the same information as the state and wouldn’t be so convinced that the attacker is the one indicated by the leaders. In order to achieve attribution, transparency and conquer the trust of the people there is a need to create a tool that will help to identify the attacker in a secure and real way.
  • Learning from history and deterrence against nuclear weapons. The history is the best advisor, even though cyberspace is a totally different space then the conventional battlefield. The most important thing that should be taken into considerations is that it can cause the same or even far worse consequences.
  • Intention of the attack. This fact should be taken into consideration when applying the punishment. Also, the attacker should be put into question, if it is a state, a company or a lone hacker. The intention of destabilizing the state is a serios one and should be taken into consideration.

Conclusions

In conclusion, deterrence in cyberspace is the use of threats that are intended to discourage actions taken by an adversary in order to prevent serious consequences. This measure should make the opponent to reevaluate its capabilities and to be afraid that in case of retaliation he will suffer consequences larger than the benefits he obtained.

Deterrence in cyberspace is very different from the deterrence against nuclear weapons, but it achieves the same goal, to make the opponent to change his will to attack. The deterrence in cyberspace has many uncertainty factors, while the one against nuclear weapons was based on real, concrete facts.

Attribution is the most important problem that is being faced in an attack in cyberspace. In order to achieve this there is a need to find an attacker to an attack. Their actions could be made without leaving traces or clues about the place they act, who they are or to who they respond to. The solution proposed is to redesign the internet or to create a legal framework that could deter and in case of violation, to punish the perpetrator.  The attribution is an open debate also in respect of retaliation. In the case of a wrong attribution and a response to an innocent state, actor, company or person, the consequences can be worse and the event can escalade from a cyberattack to a military attack. Also, in case of hesitation and wrong attribution, the actor that retaliates could lose its credibility.

To avoid this, states should collaborate between them and elaborate rules of actions, create organizations that imply mutual respect and lack of attacks, and deterrence strategies that discourage any attack in a real way. Also, deterrence in cyberspace is vital and should be a process that improves and adapts day by day, hour by hour. Technology improves every day and so does the threats so a day-by-day review of the deterrence strategy is needed.

To conclude, the solutions to an effective deterrence are to build a credible threat detection capability, to find ways to solve attribution, to learn from history and deterrence against nuclear weapons and to identify and try to counter the intention to attack.

About this essay:

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, Deterrence in cyberspace. Available from:<https://www.essaysauce.com/information-technology-essays/2016-6-12-1465767840/> [Accessed 09-04-26].

These Information technology essays have been submitted to us by students in order to help you with your studies.

* This essay may have been previously published on EssaySauce.com and/or Essay.uk.com at an earlier date than indicated.