Linking deterrence theory to cybersecurity policy and critical-infrastructure protection is easier said than done. Recent cybersecurity incidents involving the United States, China, Russia, and North Korea illustrate the yawning gap between cyber deterrence expectations, applications, and results. This article draws on classical deterrence theory to illustrate how the logic of deterrence applies to cybersecurity policy and strategy. By differentiating between physical and digital critical infrastructure protection, the article explores the promises and pitfalls of cyber deterrence in practice. Seven limitations are explored in detail, including: denying digital access, commanding cyber retaliation, observing deterrence failure, thwarting cyber misfits, addressing the cyber power of weakness, attributing cyber attacks, and solidifying red lines.

Additional Metadata
Persistent URL dx.doi.org/10.1080/01495933.2017.1361202
Journal Comparative Strategy
Citation
Wilner, A. S. (2017). Cyber deterrence and critical-infrastructure protection: Expectation, application, and limitation. Comparative Strategy, 36(4), 309–318. doi:10.1080/01495933.2017.1361202