What are the US options if cyber deterrence is an intractable idea? Jake Bebber has a few ideas.
Estimated time to read: 2 minutes
By Marcus McNabb
Much has been written about American adversary use of cyberspace as a way to threaten American interests and degrade American credibility and freedom of action. These discussions typically revolve around cyber deterrence, with an analysis of why the US is ineffective at deterring adversarial cyber actions and perhaps some ideas on how to improve. But this approach makes the unstated assumption that cyber deterrence is a plausible ideal. Given the low cost of entry, widespread applicability, reach, speed, and other advantages of operating in the cyber domain, perhaps deterring action is not a feasible approach in this environment.
Jake Bebber argues that the “blended, interrelated nature” of cyberspace makes it difficult to establish concrete rules and roles, which ultimately complicates target discrimination and “makes calculating proportional responses problematic.” Instead, Bebber proposes an alternative to deterrence in cyberspace. He claims that a more effective approach is to embrace constant contact, move from trade-off models to synergy models, and transition from coordination to integration. Ultimately, he says “security is achieved not through imposed norms but through retaining the ‘cyber initiative’ — the operational outcome of effectively anticipating the exploitation of cyber-related vulnerabilities.”
This article is an excellent start to the conversation of the evolution of US cyber policy and strategy, but it does leave much of the details unexplored. The ambiguity of the dividing lines between civilian and government structures in cyberspace makes fratricide nearly unavoidable, particularly if one is to be offensively prolific. Stuxnet provides a perfect warning bell in this area as the code from this attack vector spread to over 10,000 computers worldwide. From a military perspective, domain overlap of cyberspace with the traditional domains owned by the services makes operating rules difficult to implement. The DoD is grappling with this very question now as US Cyber Command works to establish command and control relationships within the broader service and combatant command construct. But the existence of these challenges does not take away from Bebber’s excellent ideas of moving away from the intractable idea of cyber deterrence to a more realistic offensive-based approach. OTH would recommend taking a few moments to read his article in its entirety.
Marcus McNabb is an Air Force officer with over 13 years of academic and operational experience as an operations research analyst. He holds a PhD in Operations Research from the Air Force Institute of Technology and has worked in a variety of jobs including test and evaluation, staff of US Air Forces in Europe, the Air Force Nuclear Weapons Center, and the 609th Air and Space Operations Center.
The views expressed are those of the author and do not necessarily reflect the official policy or position of the Department of the Air Force or the U.S. Government.