Can Cyber Warfare Be Deterred?
It is sometimes said that deterrence is not an effective strategy in cyberspace, because of the difficulties of attributing the source of an attack and because of the large and diverse number of state and non-state actors involved. Attribution, however, is a matter of degree, and there is often enough of it to enable deterrence.
CAMBRIDGE – Fear of a “cyber Pearl Harbor” first appeared in the 1990s, and for the past two decades, policymakers have worried that hackers could blow up oil pipelines, contaminate the water supply, open floodgates and send airplanes on collision courses by hacking air traffic control systems. In 2012, then-US Secretary of Defense Leon Panetta warned that hackers could “shut down the power grid across large parts of the country.”
None of these catastrophic scenarios has occurred, but they certainly cannot be ruled out. At a more modest level, hackers were able to destroy a blast furnace at a German steel mill last year. So the security question is straightforward: Can such destructive actions be deterred?
It is sometimes said that deterrence is not an effective strategy in cyberspace, because of the difficulties in attributing the source of an attack and because of the large and diverse number of state and non-state actors involved. We are often not sure whose assets we can hold at risk and for how long.
We hope you're enjoying Project Syndicate.
To continue reading, subscribe now.
Get unlimited access to PS premium content, including in-depth commentaries, book reviews, exclusive interviews, On Point, the Big Picture, the PS Archive, and our annual year-ahead magazine.
Already have an account or want to create one? Log in