Publication: The Military Balance 2016
09 February 2016
How to deter the actions of others in cyberspace, and indeed whether it is possible to do so, is a question of increasing importance for defence and security policymakers. The issue has become more pressing because of increasing awareness of the vulnerabilities, as well as the benefits, that stem from the degree to which information and communications technologies have become integral to all aspects of modern existence.
In particular, concern has grown about the potential disabling effect of attacks on areas of critical national infrastructure, such as financial systems, banking networks and power and transport infrastructure, not to mention the implications for military capabilities that are increasingly cyber dependent, such as code-reliant systems, or command, control and communications links. Indeed, the more networked a society becomes, the more vulnerable it is to damaging cyber attacks; the United States, in particular, seems powerless to prevent attacks on key government or private-sector networks. Furthermore, while most cyber exploits recorded to date have involved data theft, the number of attacks originating in the cyber domain that have caused real-world damage has grown. It may only be a matter of time before a cyber attack results in fatalities.
Cold War analogies?
Until recently, states have shown little interest in considering whether, in this increasingly contested environment, the kind of thinking about deterrence that developed in relation to nuclear confrontation during the Cold War might have any relevance. In many respects, the parallels are far from obvious. Cold War deterrence concepts were designed to reduce the risks associated with the deployment of very specific types of weaponry with the potential to wipe out humanity. Such weaponry was, initially, in the hands of just two states and involved capabilities that were relatively easy to identify and monitor, and which over time became broadly comparable in scope.