 Cyber Conflict Module 8 – Cyber Deterrence Once you have completed the readings, lecture, activity, and assessment, you will be able to articulate the United States' three-pronged cyber deterrence strategy as noted by Segal. Describe how Joseph Nye conceptualizes the role of soft power in deterring cyber attacks. Welcome to Cyber Conflict Module 8. You'll remember from an earlier module that many military theorists marked the Stuxnet Computer Worm event as a turning point in warfare similar to the dawn of the nuclear age. Former CIA director Michael Hayden noted, quote, somebody just used a new type of weapon, and this weapon cannot be put back in the box, end quote. A Pandora's box had been opened and we had no way to determine future ramifications for humanity. This module focuses on the issues and difficulties in developing a system of cyber deterrence. During the Cold War, the United States and Russia reached a mutual understanding concerning the use of nuclear weapons, creating a system of deterrence called Mutually Assured Destruction, or MAD. Simply put, this understanding was that if one side initiated a nuclear attack, the defender nation with a second strike capability would launch its own nuclear arsenal to completely destroy the aggressor. As macabre as this technique may seem, the logic was successful, as the world made it through the Cold War without a nuclear weapon being fired. Still at the dawn of the cyber age, we lack any system of cyber deterrence similar to that of nuclear weapons use. Simply consider the Russian interference in the 2016 US presidential election. The US intelligence community's report, background to assessing Russian activities and intentions in recent US elections, noted that the purpose of Russian interference was to, quote, undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency, end quote. Among other things, Russia deliberately attacked the very fabric of American society in hopes of sowing chaos and ultimately weakening the geopolitical power of the United States. How does one deter this type of interference from a nation-state rival like Russia? We could use a tit-for-tat approach, similar to that used in the era of the Cold War espionage. Russian President Putin's primary objective is to remain in power. So, in return for his own information operations attacks during the 2016 election, we might wage an information operations campaign against his rule. This might include producing and disseminating Russian language video segments highlighting Putin's unscrupulous thefts from his own people to maintain an elaborate lifestyle and luxurious vacations. If the Russian people then rise against Putin in an effort to overthrow his regime, Putin may reconsider future interference in our elections. This deterrent scenario incorporates what Joseph Nye, a Harvard University professor, refers to as Cyber Soft Power. And one of this module's readings, Nye relates another example of how soft power has been used for deterrence. In this example, the Chinese government incited its citizens to disrupt Japanese-based websites in reaction to an unfavorable diplomatic stand taken by the Japanese government. Using soft power strategies for cyber deterrence contrasts with scenarios using cyber hard power, such as cyber-enabled kinetic attacks to destroy servers or computer-enabled critical infrastructure systems. This module's readings also introduced the notion of a three-pronged cyber deterrence strategy, which the United States has struggled to employ. The first prong includes developing such overwhelming cyber capabilities that no adversary would dare attack the country. A technique that works well for nuclear deterrence, perhaps, but not for cyber. One primary reason that this is unsuccessful is the ease with which cyber attackers can hide. Attribution is not always easy in the cyber world. The second prong involves developing a set of norms with international allies and organizations that all nations would agree to follow. This technique, too, is unlikely to succeed, since adversaries, especially those like Russia, may agree to such agreements but manage to attack and avoid attribution. The third prong involves building cyber defenses such that adversaries cannot attack in any meaningful way. This technique sounds good that technologies and programs are being developed at such a rate that the likelihood of our enemies being unable to identify exploits is very low. In addition, we must keep in mind that most malware used in cyber attacks enters systems through email phishing techniques. Even the strongest cyber defense strategy can be taken down by the weakest link of one human who is tired and inadvertently opens an email message. The road to developing a reliable method of cyber deterrence is likely to be a long one. The problem, though arguably not as dangerous as deterring the nuclear attacks during the Cold War, is, in many ways, much more complicated. Quiz question one, true or false. According to Nye's conceptualization of soft power, Nye would likely support a U.S. military bombing campaign in response to Russia's interference in the 2016 U.S. presidential election. The answer is false. Quiz question two, which of the following is not part of the United States three-pronged deterrence strategy highlighted by Segal? A, developing overwhelming cyber capabilities to intimidate potential adversaries. B, developing norms with international allies and organizations for all nations to follow. C, minimally supporting cyber capabilities in lieu of a stronger nuclear weapons force. D, developing strong cyber defenses to prevent cyber adversaries from meaningful attacks. Answer C is correct. Minimally supporting cyber capabilities in lieu of a stronger nuclear weapons force. The activity for this module asks that you consider the following. In February 2018, special counsel Robert Mueller released a 37-page indictment against several individuals involved in supporting the Russian influence campaign against the 2016 U.S. presidential election. Download and review the report. Do you think the three-pronged deterrence model would have deterred the individuals identified in Mueller's indictment? If so, why? If not, can you articulate a deterrence model that may be more effective in the future?