Cyber deterrence and critical-infrastructure protection: Expectation, application, and limitation
Linking deterrence theory to cybersecurity policy and critical-infrastructure protection is easier said than done. Recent cybersecurity incidents involving the United States, China, Russia, and North Korea illustrate the yawning gap between cyber deterrence expectations, applications, and results. This article draws on classical deterrence theory to illustrate how the logic of deterrence applies to cybersecurity policy and strategy. By differentiating between physical and digital critical infrastructure protection, the article explores the promises and pitfalls of cyber deterrence in practice. Seven limitations are explored in detail, including: denying digital access, commanding cyber retaliation, observing deterrence failure, thwarting cyber misfits, addressing the cyber power of weakness, attributing cyber attacks, and solidifying red lines.
Wilner, A. S. (2017). Cyber deterrence and critical-infrastructure protection: Expectation, application, and limitation. Comparative Strategy, 36(4), 309–318. doi:10.1080/01495933.2017.1361202