CYBER DETERRENCE BY PUNISHMENT: ROLE OF DIFFERENT PERCEPTIONS
Year 2018,
Volume: 3 Issue: 5, 62 - 75, 31.07.2018
Nasser S. Alazwani
Thomas M Chen
Abstract
Nuclear deterrence based on mutual assured destruction seems to have successfully
prevented a global nuclear war for decades. Can deterrence be effective for cyber-attacks
between nation-states? The cyber environment is drastically different from the nuclear case.
A major difference is the possibility of different perceptions by the states which may lead to
a failure of cyber deterrence. In this paper, we compare differences between nuclear
deterrence and cyber deterrence. We adapt a game theoretic model from the nuclear
case to the cyber environment and show that differences in perceived payoffs can lead to
attack strategies where deterrence fails in cyberspace.
References
- [1] Rinaldi, Steven M., James P. Peerenboom, and Terrence K. Kelly, 2001. Identifying, understand- ing, and analyzing critical infrastructure interdependencies. IEEE Control Systems 21, no. 6, pp.
11-25.
[2] Betz, D.J., 2017. Cyberspace and the State: Towards a Strategy for Cyber-power. Routledge.
[3] Carter, W.A., Sofio, D.G. and Alperen, M.J., 2017. Cybersecurity Legislation and Critical In- frastructure Vulnerabilities. Foundations of Homeland Security: Law and Policy, pp. 233-249.
[4] Hughes, J. and Cybenko, G., 2014, June. Three tenets for secure cyber-physical system design and assessment. In Cyber Sensing 2014 (Vol. 9097, p. 90970A). International Society for Optics and Photonics.
[5] Stoneburner, G., Goguen, A. and Feringa, A., 2013. Risk management guide for information technology systems. NIST.
[6] Sullivan, J.E. and Kamensky, D., 2017. How cyber-attacks in Ukraine show the vulnerability of the US power grid. The Electricity Journal, 30(3), pp. 30-35.
[7] Foreman, P., 2009. Vulnerability Management. CRC Press.
[8] Rid, T. and Buchanan, B., 2015. Attributing cyber attacks. Journal of Strategic Studies, 38(1-2), pp. 4-37.
[9] Langlois, J.P.P., 1989. Modeling deterrence and international crises. Journal of conflict resolution,
33(1), pp. 67-83.
[10] Morgan, P.M., 1983. Deterrence: A conceptual analysis (Vol. 40). Sage Publications.
[11] Huth, P. and Russett, B., 1984. What makes deterrence work? Cases from 1900 to 1980. World
Politics, 36(4), pp. 496-526.
[12] Powell, R., 1990. Nuclear deterrence theory: The search for credibility. Cambridge University
Press.
[13] Morgan, P.M., 2003. Deterrence now (Vol. 89). Cambridge University Press.
[14] Steff, R., 2016. Strategic Thinking, Deterrence and the US Ballistic Missile Defense Project: From Truman to Obama. Routledge.
[15] Schelling, T.C., 2008. Arms and influence: With a new preface and afterworld. Yale University
Press.
[16] Paul, T.V., Morgan, P.M. and Wirtz, J.J. eds., 2009. Complex deterrence: Strategy in the global age. University of Chicago Press.
[17] Elliott, D., 2011. Deterring strategic cyberattack. IEEE Security & Privacy, 9(5), pp. 36-40. [18] Kugler, Richard L., 2009. Deterrence of cyber attacks. Cyberpower and national security 320. [19] Quackenbush, Stephen L., 2011. Understanding general deterrence. In Understanding General
Deterrence, pp. 1-20. Palgrave Macmillan.
[20] Wei, Maj Lee Hsiang, 2015. The Challenges of Cyber Deterrence. Journal of the Singapore Armed
Forces 41, no. 1.
[21] Multari, N.J., Singhal, A. and Miller, E., 2017, October. SafeConfig’17: Applying the Scientific Method to Active Cyber Defense Research. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 2641-2642). ACM.
[22] Farwell, J.P. and Rohozinski, R., 2011. Stuxnet and the future of cyber war. Survival, 53(1), pp.
23-40.
[23] Zetter, K., 2016. Inside the cunning, unprecedented hack of Ukraine’s power grid. Wired.
[24] Bendiek, Annegret, and Tobias Metzger, 2015. Deterrence theory in the cyber-century. INFOR- MATIK 2015.
[25] Lowther, A. ed., 2012. Deterrence: rising powers, rogue regimes, and terrorism in the twenty-first century. Springer.
[26] Wang, Yuan, Yongjun Wang, Jing Liu, Zhijian Huang, and Peidai Xie, 2016. A Survey of Game Theoretic Methods for Cyber Security. In IEEE International Conference on Data Science in Cyberspace (DSC), pp. 631-636.
[27] Do, Cuong T., Nguyen H. Tran, Choongseon Hong, Charles A. Kamhoua, Kevin A. Kwiat, Erik Blasch, Shaolei Ren, Niki Pissinou, and Sundaraja Sitharama Iyengar, 2017. Game Theory for Cyber Security and Privacy. ACM Computing Surveys (CSUR) 50, no. 2: 30.
[28] Brams, S.J. and Bramj, S.J., 1985. Superpower games: Applying game theory to superpower conflict (p. 1985). New Haven: Yale University Press.
[29] Cimbala, S.J., 1998. The past and future of nuclear deterrence. Greenwood Publishing Group. [30] Shackelford, S.J., Sulmeyer, M., Deckard, A.N.C., Buchanan, B. and Micic, B., 2017. From
Russia with Love: Understanding the Russian Cyber Threat to US Critical Infrastructure and
What to Do about It. Neb. L. Rev., 96, p. 320.
[31] Philbin, M.J., 2013. Cyber deterrence: An old concept in a new domain. Army War College, Carlisle Barracks PA.
[32] Moteff, J., Copeland, C. and Fischer, J., 2003, January. Critical infrastructures: What makes an infrastructure critical?. Library of Congress Washington DC Congressional Research Service.
[33] Moteff, J. and Parfomak, P., 2004, October. Critical infrastructure and key assets: definition and identification. Library of Congress Washington DC Congressional Research Service.
[34] Libicki, Martin C. Cyberdeterrence and cyberwar. Rand Corporation, 2009.
Year 2018,
Volume: 3 Issue: 5, 62 - 75, 31.07.2018
Nasser S. Alazwani
Thomas M Chen
References
- [1] Rinaldi, Steven M., James P. Peerenboom, and Terrence K. Kelly, 2001. Identifying, understand- ing, and analyzing critical infrastructure interdependencies. IEEE Control Systems 21, no. 6, pp.
11-25.
[2] Betz, D.J., 2017. Cyberspace and the State: Towards a Strategy for Cyber-power. Routledge.
[3] Carter, W.A., Sofio, D.G. and Alperen, M.J., 2017. Cybersecurity Legislation and Critical In- frastructure Vulnerabilities. Foundations of Homeland Security: Law and Policy, pp. 233-249.
[4] Hughes, J. and Cybenko, G., 2014, June. Three tenets for secure cyber-physical system design and assessment. In Cyber Sensing 2014 (Vol. 9097, p. 90970A). International Society for Optics and Photonics.
[5] Stoneburner, G., Goguen, A. and Feringa, A., 2013. Risk management guide for information technology systems. NIST.
[6] Sullivan, J.E. and Kamensky, D., 2017. How cyber-attacks in Ukraine show the vulnerability of the US power grid. The Electricity Journal, 30(3), pp. 30-35.
[7] Foreman, P., 2009. Vulnerability Management. CRC Press.
[8] Rid, T. and Buchanan, B., 2015. Attributing cyber attacks. Journal of Strategic Studies, 38(1-2), pp. 4-37.
[9] Langlois, J.P.P., 1989. Modeling deterrence and international crises. Journal of conflict resolution,
33(1), pp. 67-83.
[10] Morgan, P.M., 1983. Deterrence: A conceptual analysis (Vol. 40). Sage Publications.
[11] Huth, P. and Russett, B., 1984. What makes deterrence work? Cases from 1900 to 1980. World
Politics, 36(4), pp. 496-526.
[12] Powell, R., 1990. Nuclear deterrence theory: The search for credibility. Cambridge University
Press.
[13] Morgan, P.M., 2003. Deterrence now (Vol. 89). Cambridge University Press.
[14] Steff, R., 2016. Strategic Thinking, Deterrence and the US Ballistic Missile Defense Project: From Truman to Obama. Routledge.
[15] Schelling, T.C., 2008. Arms and influence: With a new preface and afterworld. Yale University
Press.
[16] Paul, T.V., Morgan, P.M. and Wirtz, J.J. eds., 2009. Complex deterrence: Strategy in the global age. University of Chicago Press.
[17] Elliott, D., 2011. Deterring strategic cyberattack. IEEE Security & Privacy, 9(5), pp. 36-40. [18] Kugler, Richard L., 2009. Deterrence of cyber attacks. Cyberpower and national security 320. [19] Quackenbush, Stephen L., 2011. Understanding general deterrence. In Understanding General
Deterrence, pp. 1-20. Palgrave Macmillan.
[20] Wei, Maj Lee Hsiang, 2015. The Challenges of Cyber Deterrence. Journal of the Singapore Armed
Forces 41, no. 1.
[21] Multari, N.J., Singhal, A. and Miller, E., 2017, October. SafeConfig’17: Applying the Scientific Method to Active Cyber Defense Research. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 2641-2642). ACM.
[22] Farwell, J.P. and Rohozinski, R., 2011. Stuxnet and the future of cyber war. Survival, 53(1), pp.
23-40.
[23] Zetter, K., 2016. Inside the cunning, unprecedented hack of Ukraine’s power grid. Wired.
[24] Bendiek, Annegret, and Tobias Metzger, 2015. Deterrence theory in the cyber-century. INFOR- MATIK 2015.
[25] Lowther, A. ed., 2012. Deterrence: rising powers, rogue regimes, and terrorism in the twenty-first century. Springer.
[26] Wang, Yuan, Yongjun Wang, Jing Liu, Zhijian Huang, and Peidai Xie, 2016. A Survey of Game Theoretic Methods for Cyber Security. In IEEE International Conference on Data Science in Cyberspace (DSC), pp. 631-636.
[27] Do, Cuong T., Nguyen H. Tran, Choongseon Hong, Charles A. Kamhoua, Kevin A. Kwiat, Erik Blasch, Shaolei Ren, Niki Pissinou, and Sundaraja Sitharama Iyengar, 2017. Game Theory for Cyber Security and Privacy. ACM Computing Surveys (CSUR) 50, no. 2: 30.
[28] Brams, S.J. and Bramj, S.J., 1985. Superpower games: Applying game theory to superpower conflict (p. 1985). New Haven: Yale University Press.
[29] Cimbala, S.J., 1998. The past and future of nuclear deterrence. Greenwood Publishing Group. [30] Shackelford, S.J., Sulmeyer, M., Deckard, A.N.C., Buchanan, B. and Micic, B., 2017. From
Russia with Love: Understanding the Russian Cyber Threat to US Critical Infrastructure and
What to Do about It. Neb. L. Rev., 96, p. 320.
[31] Philbin, M.J., 2013. Cyber deterrence: An old concept in a new domain. Army War College, Carlisle Barracks PA.
[32] Moteff, J., Copeland, C. and Fischer, J., 2003, January. Critical infrastructures: What makes an infrastructure critical?. Library of Congress Washington DC Congressional Research Service.
[33] Moteff, J. and Parfomak, P., 2004, October. Critical infrastructure and key assets: definition and identification. Library of Congress Washington DC Congressional Research Service.
[34] Libicki, Martin C. Cyberdeterrence and cyberwar. Rand Corporation, 2009.