| Summary/Abstract |
Many scholars and practitioners are unconvinced that cyber deterrence is possible. This article aims to demonstrate why some of this skepticism is misplaced, as well as provide greater clarity and conceptual rigor to the proliferation of arguments within the United States about deterrence in cyberspace. Specifically, we argue that cyber deterrence frameworks that draw from the traditional nuclear deterrence literature and the logic of deterrence by punishment are mismatched to deterrence challenges in cyberspace. Instead, we advocate for a deterrence by denial approach, but one that is oriented around counter-cyber operations rather than simply improving defenses. While there has been some scholarship and work by practitioners that implicitly rests on a deterrence by denial logic, they suffer from a lack of systematic assessment of how traditional denial concepts, especially those developed in the conventional deterrence literature, could be extended to cyberspace. Therefore, in this article, we review different deterrence concepts in theory and practice, articulate a logic of cyber deterrence by denial, and provide policy recommendations for the United States.
|