CYBER DETERRENCE BY PUNISHMENT: ROLE OF DIFFERENT PERCEPTIONS

Abstract

Nuclear deterrence based on mutual assured destruction seems to have successfully prevented a global nuclear war for decades. Can deterrence be effective for cyber-attacks between nation-states? The cyber environment is drastically different from the nuclear case. A major difference is the possibility of different perceptions by the states which may lead to a failure of cyber deterrence. In this paper, we compare differences between nuclear deterrence and cyber deterrence. We adapt a game theoretic model from the nuclear case to the cyber environment and show that differences in perceived payoffs can lead to attack strategies where deterrence fails in cyberspace. 

Keywords

• Cyber security,deterrence theory,cyber deterrence,game theory,cyber defense

References

1. [1] Rinaldi, Steven M., James P. Peerenboom, and Terrence K. Kelly, 2001. Identifying, understand- ing, and analyzing critical infrastructure interdependencies. IEEE Control Systems 21, no. 6, pp. 11-25. [2] Betz, D.J., 2017. Cyberspace and the State: Towards a Strategy for Cyber-power. Routledge. [3] Carter, W.A., Sofio, D.G. and Alperen, M.J., 2017. Cybersecurity Legislation and Critical In- frastructure Vulnerabilities. Foundations of Homeland Security: Law and Policy, pp. 233-249. [4] Hughes, J. and Cybenko, G., 2014, June. Three tenets for secure cyber-physical system design and assessment. In Cyber Sensing 2014 (Vol. 9097, p. 90970A). International Society for Optics and Photonics. [5] Stoneburner, G., Goguen, A. and Feringa, A., 2013. Risk management guide for information technology systems. NIST. [6] Sullivan, J.E. and Kamensky, D., 2017. How cyber-attacks in Ukraine show the vulnerability of the US power grid. The Electricity Journal, 30(3), pp. 30-35. [7] Foreman, P., 2009. Vulnerability Management. CRC Press. [8] Rid, T. and Buchanan, B., 2015. Attributing cyber attacks. Journal of Strategic Studies, 38(1-2), pp. 4-37. [9] Langlois, J.P.P., 1989. Modeling deterrence and international crises. Journal of conflict resolution, 33(1), pp. 67-83. [10] Morgan, P.M., 1983. Deterrence: A conceptual analysis (Vol. 40). Sage Publications. [11] Huth, P. and Russett, B., 1984. What makes deterrence work? Cases from 1900 to 1980. World Politics, 36(4), pp. 496-526. [12] Powell, R., 1990. Nuclear deterrence theory: The search for credibility. Cambridge University Press. [13] Morgan, P.M., 2003. Deterrence now (Vol. 89). Cambridge University Press. [14] Steff, R., 2016. Strategic Thinking, Deterrence and the US Ballistic Missile Defense Project: From Truman to Obama. Routledge. [15] Schelling, T.C., 2008. Arms and influence: With a new preface and afterworld. Yale University Press. [16] Paul, T.V., Morgan, P.M. and Wirtz, J.J. eds., 2009. Complex deterrence: Strategy in the global age. University of Chicago Press. [17] Elliott, D., 2011. Deterring strategic cyberattack. IEEE Security & Privacy, 9(5), pp. 36-40. [18] Kugler, Richard L., 2009. Deterrence of cyber attacks. Cyberpower and national security 320. [19] Quackenbush, Stephen L., 2011. Understanding general deterrence. In Understanding General Deterrence, pp. 1-20. Palgrave Macmillan. [20] Wei, Maj Lee Hsiang, 2015. The Challenges of Cyber Deterrence. Journal of the Singapore Armed Forces 41, no. 1. [21] Multari, N.J., Singhal, A. and Miller, E., 2017, October. SafeConfig’17: Applying the Scientific Method to Active Cyber Defense Research. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 2641-2642). ACM. [22] Farwell, J.P. and Rohozinski, R., 2011. Stuxnet and the future of cyber war. Survival, 53(1), pp. 23-40. [23] Zetter, K., 2016. Inside the cunning, unprecedented hack of Ukraine’s power grid. Wired. [24] Bendiek, Annegret, and Tobias Metzger, 2015. Deterrence theory in the cyber-century. INFOR- MATIK 2015. [25] Lowther, A. ed., 2012. Deterrence: rising powers, rogue regimes, and terrorism in the twenty-first century. Springer. [26] Wang, Yuan, Yongjun Wang, Jing Liu, Zhijian Huang, and Peidai Xie, 2016. A Survey of Game Theoretic Methods for Cyber Security. In IEEE International Conference on Data Science in Cyberspace (DSC), pp. 631-636. [27] Do, Cuong T., Nguyen H. Tran, Choongseon Hong, Charles A. Kamhoua, Kevin A. Kwiat, Erik Blasch, Shaolei Ren, Niki Pissinou, and Sundaraja Sitharama Iyengar, 2017. Game Theory for Cyber Security and Privacy. ACM Computing Surveys (CSUR) 50, no. 2: 30. [28] Brams, S.J. and Bramj, S.J., 1985. Superpower games: Applying game theory to superpower conflict (p. 1985). New Haven: Yale University Press. [29] Cimbala, S.J., 1998. The past and future of nuclear deterrence. Greenwood Publishing Group. [30] Shackelford, S.J., Sulmeyer, M., Deckard, A.N.C., Buchanan, B. and Micic, B., 2017. From Russia with Love: Understanding the Russian Cyber Threat to US Critical Infrastructure and What to Do about It. Neb. L. Rev., 96, p. 320. [31] Philbin, M.J., 2013. Cyber deterrence: An old concept in a new domain. Army War College, Carlisle Barracks PA. [32] Moteff, J., Copeland, C. and Fischer, J., 2003, January. Critical infrastructures: What makes an infrastructure critical?. Library of Congress Washington DC Congressional Research Service. [33] Moteff, J. and Parfomak, P., 2004, October. Critical infrastructure and key assets: definition and identification. Library of Congress Washington DC Congressional Research Service. [34] Libicki, Martin C. Cyberdeterrence and cyberwar. Rand Corporation, 2009.