When states confront a disruptive new technology that they cannot control on their own, they often seek arms control agreements. In the nuclear era, it took 18 years after the 1945 bombings of Hiroshima and Nagasaki before the first such agreement was reached. Today, cyber insecurity is at a similar point. Although the internet originated in the 1970s, only in the past two decades has it become an indispensable enabler for economic and military activity that benefits us all, but also leaves us vulnerable and insecure.
Now, with the advent of cloud computing and the “Internet of Things,” the attack surface is rapidly increasing. Part of the reason that we have not seen serious war yet is that deterrence works in cyberspace. There are four major means of deterring: punishment or reprisal for an attack; a strong defense that denies the attacker benefits at reasonable cost; entanglement so that an attacker hurts himself as well as the victim; and norms or taboos which impose costs on an attacker’s soft power.
To read the rest of this article, please subscribe to The Herald!
