Building a Comprehensive Strategy of Cyber Defense, Deterrence, and Resilience
Interest in deterrence for the cyberspace domain is high in the United States. The increasing incidence and severity of a variety of malicious cyber activities, primarily over the Internet, highlights the need for more comprehensive strategies for deterring various forms of cyber conflict. To this end, this article .discusses concepts, terms, and situations to facilitate strategic dialogue, and also offers a set of guiding principles for cyber strategy itself. The technical specifics and complexity of the cyberspace domain make strategic discussions particularly difficult, and mental frameworks tend to be oriented toward analogies from nuclear deterrence concepts. Although a lexicon for cyberspace is emerging, gaps and conceptual confusion remain. Vague references to data security, cyber weapons, and cyber warheads do not illustrate conflict dynamics in cyberspace particularly well. At the same time, a set of common terms and concepts are valuable for effective communication among the political, legal, engineering, business, law enforcement, and military communities, as well as the general public.
Cyber resilience has not been given much treatment in the international security literature, and the concept has not reached the mystical status that deterrence enjoys
Different imperatives drive and inform the terminologies of the communities above, shaping their problem-solving approach. Law enforcement is driven by the need to gather sufficient evidence for successful prosecutions in the court system, highlighting questions of probable cause and evidence-gathering methods. Engineers necessarily focus on precise measurement of physical realities, analytically subdividing the world into trillions of unique pieces. Political and military communities tend to focus on big-picture and strategic questions, keeping their attention on top-level effects and outcomes, since their analyses must account for complex national, international, and global social dynamics. Lawyers tend to have a level of precision to their thinking that makes them similar to engineers; given that language and law are inextricably linked, linguistic precision is as important to lawyers as physical precision is to engineers. For the business community, efficiency, innovation, and profitability are foremost in their minds, meaning that they are driven to constantly improve and seek new opportunities; they tend to be concerned about questions of predictability, liability, and cost. For these different professional communities and the general public to truly be able to communicate, they have to engage with each other and learn a common lexicon. Mutually understood vocabularies are essential in order to debate conflict scenarios and possible responses to them with an eye toward weighing costs and tradeoffs, unintended consequences, legality, potential for escalation, and likelihood of success...
Read the full journal article outlining some of the key elements of cyber strategy and explaining the rationale behind them, below.