Situational awareness is the immediate knowledge of friendly, adversary and other relevant information regarding activities in and through cyberspace. It is gained from a combination of intelligence and operational activities in cyberspace and other domains. Situational awareness enables informed decision-making.
Discussions of deterrence refer to successful examples such as the Mutually Assured Destruction (MAD) deterrence strategy that is credited with deterring the use of nuclear weapons through the threat of a nuclear retaliation that would destroy the attacker's civilization. In considering each of these successful deterrence scenarios, there are some common elements.
Defining an effective deterrent to a cyber threat is a challenge for all of the reasons listed above. A cyber counter-attack capability that is concealed, not believable, lacking precedent, or has never been demonstrated, may not be taken seriously by an adversary. Other constraints impacting the feasibility of a cyber counter-attack include source attribution and asset-ownership.
Attribution. A pre-requisite to any counter-attack is a reliable attribution of the source of the attacks. The ease to which cyber attacks can be proxied through multiple third parties complicates attribution, since it creates uncertainty about who to retaliate against.
Asset-at-Risk. In today's cloud-based Internet, many servers are hosted at third-party data centers. When an attacker uses these resources as a launching point for attacks, they will have little concern about counter-attacks since they have no assets at risk.
Different types of cyber threats have their own objectives and deterrents. While it is tempting to devise cyber responses to cyber attacks, this may not result in an effective deterrence strategy, since many of the threats have no reason to fear cyber attacks themselves. This does not mean that it isn't possible to structure an effective deterrent to discourage cyber attacks. The table below gives some example based on an integrated solution in which we threaten something that the attacker holds dear.
|The typical hacker attacks targets for reasons such as the challenge or the prestige of succeeding against a stronger target. They generally lack anything of value that could be targeted in retaliation. They may use other people's assets such as Cyber Cafes or compromised third party assets.||Arrest and criminal prosecution|
|Criminals||Criminal elements have been engaged in unlawful activities on the Internet. Their objectives are the theft of money or other valuable property. They may use other people's assets such as Cyber Cafes or compromised third party assets.||Arrest and criminal prosecution|
|Terrorists||Terrorists also lack fear of cyber retaliation. They are willing to die for their causes and may have nothing of value to protect. They may use other people's assets such as Cyber Cafes or compromised third party assets.||Arrest and criminal prosecution|
|Nation-State||The brazen Internet activities of some national governments have been well known for years. While their techniques are fairly basic, the scale on which they are being conducted indicates their lack of fear of any consequences. Some national governments have better cyber capabilities including the ability to create custom cyber attacks, (e.g., exploits against critical infrastructures) integrating cyber and physical attacks.||Diplomatic actions|
From this comparison, we see that the need for a cyber attack deterrent is effective only to a nation-state possessing sophisticated cyber infrastructures, where the US has no other way to influence behavior.