The Limits of Deterrence Theory in Cyberspace

Philosophy & Technology, Oct 2017

In this article, I analyse deterrence theory and argue that its applicability to cyberspace is limited and that these limits are not trivial. They are the consequence of fundamental differences between deterrence theory and the nature of cyber conflicts and cyberspace. The goals of this analysis are to identify the limits of deterrence theory in cyberspace, clear the ground of inadequate approaches to cyber deterrence, and define the conceptual space for a domain-specific theory of cyber deterrence, still to be developed.

A PDF file should load here. If you do not see its contents the file may be temporarily unavailable at the journal website or you do not have a PDF plug-in installed and enabled in your browser.

Alternatively, you can download the file locally and open with any standalone PDF reader:

https://link.springer.com/content/pdf/10.1007/s13347-017-0290-2.pdf

The Limits of Deterrence Theory in Cyberspace

Philos. Technol. The Limits of Deterrence Theory in Cyberspace Mariarosaria Taddeo 0 1 2 0 Mariarosaria Taddeo 1 The Alan Turing Institute , 96 Euston Road, London NW1 2DB , UK 2 Oxford Internet Institute, University of Oxford , 1, St Giles, Oxford OX1 3JS , UK In this article, I analyse deterrence theory and argue that its applicability to cyberspace is limited and that these limits are not trivial. They are the consequence of fundamental differences between deterrence theory and the nature of cyber conflicts and cyberspace. The goals of this analysis are to identify the limits of deterrence theory in cyberspace, clear the ground of inadequate approaches to cyber deterrence, and define the conceptual space for a domain-specific theory of cyber deterrence, still to be developed. This article is part of a project on "Landscaping Cyber Detterrence" funded bythe John Fell OUP Research Grant, University of Oxford (grant number 151/063) Cyberspace; Cyber conflicts; Defence; Deterrence; Retaliation; State; Stability; International Relations 1 Introduction Historically, the design and deployment of new and more effective weapons (from bombs and aircraft to chemical and nuclear weapons) have often posed the need to define new strategies to deter their use. This is also the case when considering cyber weapons. Their relatively low entry cost and the high chances of success make cyber weapons an elective means for state and non-state actors to assert their authority, show their power, and prove their capabilities in cyberspace. This poses serious risks of escalation, for the increasing use of cyber weapons invites frictions and tensions that may lead to the sparking of new cyber conflicts, which could intensify and jeopardise international stability and the security of our societies. For this reason, state and non-state actors, scholars, military strategists, and policy makers have increasingly stressed the need to develop cyber deterrence as a crucial step in any plan for international stability (European Union 2014; International Security Advisory Board 2014; UN Institute for Disarmament Research 2014; UK Government 2014; European Union 2015) . Nonetheless, applying traditional1 deterrence theory (henceforth simply deterrence theory) to cyberspace proves to be problematic, when not ineffective. Cyber conflicts differ radically from violent (kinetic) conflicts and define a scenario that is actually the opposite of the one for which deterrence theory was developed. Consider Morgan’s six elements of deterrence (Morgan 2003) . Deterrence works in a scenario characterised by (1) a prevailing, kinetic military conflict; (2) the applicability of rational choice models to identify strategies for the involved parties; (3) positive attribution, as not problematic; (4) singular retaliation (more on this presently), as sufficient to inflict severe punishment to the opponent; (5) the possibility of a clear demonstration of the defender’s capabilities; and (6) full control over retaliation. To this scenario, cyber conflicts oppose one characterised by (1) several state-run, non-kinetic cyber operations; (2) multiple (state and non-state) actors; whose (3) cost–benefit analyses vary depending on their nature; (4) non-symmetrical, multilateral interactions; (5) ever-changing dynamics; and where (6) ambiguity (rather than certainty) shapes strategies (Sterner 2011) (Haggard and Simmons 1987; Jervis 1988; Libicki 2011) . The differences between the kinetic and cyber scenario yield serious problems when applying deterrence theory in cyberspace. While there is a general consensus on what these problems are (for example, problems of attribution and proportionality), there is much less agreement on whether and how they can be solved (Kugler 2009; Tanji 2017) . Some suggest that these problems are unsolvable and that the nature of cyberspace is such that deterrence will ultimately be ineffective in this domain. In this vein, Lan and colleagues stress that: the anonymity, the global reach, the scattered nature, and the interconnectedness of information networks greatly reduce the efficacy of cyber deterrence and can even render it completely useless (Lan et al. 2010, 1). The opposite view holds that deterrence could play a crucial role in averting cyber conflicts and their escalation. The question is whether deterrence theory provides the right framework for cyber deterrence or a new theory of deterrence—‘a new mind-set and changed expectations’ (Sterner 2011, 62) —should be developed to address the specificity of cyber conflicts and cyberspace. I agree with this view and address this question in the rest of this article. In the next sections, I will analyse the core elements of deterrence theory—attribution, defence and retaliation, and signalling—and the extent to which each of them would be effective in cyberspace. I will argue that the limits of deterrence theory in cyberspace are not trivial and indicate fundame (...truncated)


This is a preview of a remote PDF: https://link.springer.com/content/pdf/10.1007/s13347-017-0290-2.pdf

Mariarosaria Taddeo. The Limits of Deterrence Theory in Cyberspace, Philosophy & Technology, 2017, pp. 339-355, Volume 31, Issue 3, DOI: 10.1007/s13347-017-0290-2