Strategic Cyber Deterrence: The Active Cyber Defense Option

About the Book

According to the FBI, about 4000 ransomware attacks happen every day. In the United States alone, victims lost $209 million to ransomware in the first quarter of 2016. Even worse is the threat to critical infrastructure, as seen by the malware infections at electrical distribution companies in Ukraine that caused outages to 225,000 customers in late 2015. Further, recent reports on the Russian hacks into the Democratic National Committee and subsequent release of emails in a coercive campaign to apparently influence the U.S. Presidential Election have brought national attention to the inadequacy of cyber deterrence. The U.S. government seems incapable of creating an adequate strategy to alter the behavior of the wide variety of malicious actors seeking to inflict harm or damage through cyberspace. This book offers a systematic analysis of the various existing strategic cyber deterrence options and introduces the alternative strategy of active cyber defense. It examines the array of malicious actors operating in the domain, their methods of attack, and their motivations. It also provides answers on what is being done, and what could be done, by the government and industry to convince malicious actors that their attacks will not succeed and that risk of repercussions exists. Traditional deterrence strategies of retaliation, denial and entanglement appear to lack the necessary conditions of capability, credibly, and communications due to these malicious actors’ advantages in cyberspace. In response, the book offers the option of adopting a strategy of active cyber defense that combines internal systemic resilience to halt cyber attack progress with external disruption capacities to thwart malicious actors’ objectives. It shows how active cyber defense is technically capable and legally viable as an alternative strategy for the deterrence of cyber attacks.

Table of Contents:

I. Thinking About Deterrence
1. Strategic Landscape
2. Cyber Attacks
3. Theoretical Foundations

II. Traditional Deterrence Options
4. Deterrence by Retaliation
5. Deterrence by Denial
6. Deterrence by Entanglement

III. A Strategic Alternative
7. Active Cyber Defense
8. Alternative Strategy Selection
Appendix: National Strategy Agenda

About the Author :
Scott Jasper, CAPT, USN (ret) is a Lecturer in the National Security Affairs Department at Naval Postgraduate School, Monterey, CA.

Review :
Given the current news cycle, few books seem as relevant today as Jasper’s detailed and precise examination of the US cyber environment. Traditional methods of deterring an adversary (direct military action or the threat of direct action) are not viable in the age of cyber attacks, which can be carried out by both nations and individuals. How, then, do we deter attacks? What tools are at our disposal? What are legitimate retaliation methods? Jasper (Naval Postgraduate School) examines these questions in depth. He makes the case for the issue's relevance and urgency in the realm of international defense with numerous examples, such as the North Korean theft, via cyber warfare, of US wing designs for the US F-15 fighter. Other states have made similar attacks, compromising American defense, financial, and social systems. Jasper stresses that a national defense strategy to prevent, counter, and respond to cyber attacks requires automated and integrated capabilities employed outside traditional organizational boundaries. Without effective, coordinated strategies, international cyber attacks will continue to threaten federal agencies, commercial industry, and the fabric of our society. Appropriate for advanced students and professionals in the realm of defense and cyber technology policy. Summing Up: Recommended. Upper-division undergraduates through faculty and professionals In the development of American cybersecurity policy, deterrence has simultaneously grown more important and more controversial, leaving policymakers who confront mounting cyber threats tempted by deterrent strategies shrouded in doubts about their effectiveness. In Strategic Cyber Deterrence, Scott Jasper breaks down the theory and practice of deterrence within the realm of cyberspace and argues that the traditional approaches of deterrence by retaliation, denial, and entanglement fail as strategic options. Instead, Jasper advocates for achieving strategic deterrence by combining robust, resilient cyber defenses with capabilities to engage in aggressive but calibrated countermeasures. His engaging contribution carefully cuts through the prevailing “something must be done” approaches to deterrence in cybersecurity and offers a strategy tailored to the challenges and capabilities that define the cyber realm.