Is Deterrence in Cyberspace Possible?

Anosh Samuel

Soon after the Internet was founded, half of the world’s population (16 million) in 1996 had been connected to Internet data traffic. Gradually, the Internet began to grow and with more users, it contributed to the 4 trillion global economies in 2016 (Nye, 2016). Today, high-speed Internet, cutting-edge technologies and gadgets, and increasing cross-border Internet data traffic are considered an element of globalization. Deterrence seems traditional and obsolete strategy, but the developed countries rely on cyberspace domains to remain in the global digitization. No matter how advanced they are, there still exist vulnerabilities. There are modern problems in the modern world. Such reliance on the Internet also threatens to blow up the dynamics of international insecurity. To understand and explore the topic it is a must for one to understand what cyberspace and deterrence are? According to Oxford dictionary;

 “Cyberspace is the internet considered as an imaginary space without a physical location in which communication over computer networks takes place (OXFORD University Press)”

For readers to understand the term ‘deterrence’; Collins dictionary has best explained it as;

“Deterrence is the prevention of something, especially war or crime, by having something such as weapons or punishment to use as a threat e.g. Nuclear Weapons (Deterrence Definition and Meaning | Collins English Dictionary).”

The purpose of referring to the definition is to make it easy to discern and distinguish between deterrence in International Relations (IR) and International Cyber Security (ICS). Deterrence in cyberspace is different and difficult than that of during the Cold War. The topic of deterrence was important during Cold Wat for both politicians and academia. The context in both dimensions (IR and ICS) is similar and aims to prevent from happening something. Cyberspace deterrence refers to preventing crime and I completely agree with the fact that deterrence is possible in Cyberspace. Fischer (2019) quotes the study of (Quinlan, 2004) that there is no state that can be undeterrable.

To begin with, cyber threats are looming in different sectors inclusive of espionage, disruption of the democratic process and sabotaging the political arena, and war. Whereas international law is still unclear about these sectors as to which category they fall in. I would validate my affirmation (that deterrence is possible in Cyberspace) with the given network attacks listed by Pentagon (Fung, 2013). Millions of cyber-attacks are reported on a daily basis. The Pentagon reported 10 million cyberspace intrusions, most of which are disruptive, costly, and annoying. The level of severity rises to such a critical level that it is considered a threat to national security, so professional strategic assistance is needed to deal with it[1]. The past events show a perpetual threat that has the ability to interrupt societies, economies, and government functioning.

The cyberspace attacks were administered and portrayal of deterrence had been publicized as follows (Fung, 2013);

1. The internet service was in a continuous disruption for several weeks after a dispute with Russia in 2007.
2. Georgian defense communications were interrupted in 2008 after the Russian invasion of Georgia.
3. More than 1000 centrifuges in Iran were destroyed via the STUXNET virus in 2010. The attacks were attributed to Israel and the United States of America.
4. In response to STUXNET virus attacks, Iran also launched a retaliatory attack on U.S financial institutions in 2012 and 2013.
5. Similarly in 2012, some 30,000 computers had been destroyed with a virus called SHAMOON in Saudi Aramco Corporation. Iran was held responsible for these attacks.
6. North Korea was accused of penetrating South Korean data and machines in 2014, thus interrupting their networks in 2014.
7. A hybrid war was reported between Russia and Ukraine in 2015 that left Ukraine without electricity for almost six hours.
8. Most critical scandal, which is still in the limelight call WikiLeaks released distressing and humiliating emails by Russian Intelligence at the time of the U.S presidential campaigns in 2016.

While such incidents may be considered a failure of deterrence, this does not mean that deterrence is impossible. Every system has some flaws that are exposed at some point. At this point, in some cases a relatively low level of deterrence was used to threaten national security, however, the attacks were quite minor in fulfilling the theme affecting national security. Nye (2016:51) in his study talks about the audience whose attribution could facilitate deterrence. (I). intelligence agencies should make sure highest safeguarding against escalation by third parties, and governments can also be certain and count on intelligence agencies’ sources. (II). the deterring party should not be taken easy, as I stated (above) about the lingering loopholes and flaws in the systems, hence, governments shall not perceive the intelligence forsaken.  (III). lastly, it is a political matter whether international and domestic audiences need to be persuaded or not, and what chunk of information should be disclosed.

The mechanisms which are used and helpful against cyberspace adversary actions are as follows (Fischer, 2019);

1. Deterrence by denial means, the actions by the adversary are denied that they failed to succeed in their goals and objectives. It is more like retaliating a cyberattack.
2. Threat of punishment offers severe outcomes in form of penalties and inflicting high costs on the attacker that would outweigh the anticipated benefits if the attack takes place.
3. Deterrence by Entanglement has the features and works on a principle of shared, interconnected, and dependent vulnerabilities. The purpose of entanglement is to embolden and reassure the behavior as a responsible state with mutual interests.
4. Normative taboos function with strong values and norms, wherein the reputation of an aggressor is at stake besides having a soft image in the eyes of the international community (this phenomenon includes rational factors because hard power is used against the weaker state). The deterrence of the international system works even without having any credible resilience.

Apparently, the mechanisms of deterrence are also effective in cyber realms. These realms are self-explaining the comprehensive understanding and the possibility of deterrence in cyberspace. The four mechanisms (denial, punishment, entanglement, and normative taboos) are also feasible to apply deterrence in the cyber world. Factually, of many security strategies, cyber deterrence by using four domains could be a versatile possibility. Conclusively, as far as the world is advancing in technological innovations, cyberspace intrusions would not stop alike the topic of deterrence in the digital world.

[1] An updated list of cyberspace intrusions from 2003 till 2021 is available at (Center for Strategic and International Studies, 2021).