Cyber as a deterrent: utilizing offensive cyber capabilities in NATO's deterrence posture
Date
2019
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Tartu Ülikool
Abstract
Due to the lack of attention on the strategic benefits offensive cyber capabilities hold and how they could be used as deterrents, the purpose of this paper is to contribute to the strategic thought on utilizing offensive cyber capabilities as means of cross-domain deterrence and more specifically how NATO could adopt that approach to bolster its deterrence posture. For this a case-study is conducted on NATO and its members who have offered their national cyber capabilities for NATO’s use.
It was discovered that NATO has the potential enhancing its deterrence posture through the utilization of offensive cyber capabilities as means of deterrence based on the conditions set by the mainstream deterrence theories. Therefore, NATO should start with acknowledging the offensive cyber capabilities as means of its cross-domain deterrence. Second, it and the Allies should share the same understanding and communicate a clear unified message to the adversary on which effects are they willing to relay and how thereby offensive cyber operations are perceived. However, the classical deterrence theories fall short on explaining how exactly means with clandestine nature can be presented as a deterrent to the enemy. Furthermore, how to create the deterrent cyber threat by holding the functionality of the enemy’s infrastructure – which should achieve strategic effects if targeted – at risk.
This confirmed the hypothesis that the classical deterrence theories neglect to explain how to develop offensive cyber capabilities into credible deterrents. Therefore, it was illuminated that the existing deterrence theory needs to be improved by acknowledging particularly two distinct features that offensive cyber capabilities hold: clandestine nature and that depending on the expected effect, the process of deploying the offensive cyber capability can be time consuming. Regarding the second feature, it requires to answer questions on how to hold the enemy at risk by threatening to harm with offensive cyber means its critical infrastructure – which should have greater strategic effect if targeted, but attacking it successfully may require long time to develop the tailored cyber weapon through - and if presence-based offensive approach is required, how to communicate that to the adversary without increasing instability between the actors.