{"id":27898,"date":"2016-07-27T14:30:27","date_gmt":"2016-07-27T04:30:27","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=27898"},"modified":"2016-07-26T13:51:05","modified_gmt":"2016-07-26T03:51:05","slug":"deterrence-cyberspace-different-domain-different-rules","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/","title":{"rendered":"Deterrence in cyberspace: different domain, different rules"},"content":{"rendered":"<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-27899 size-full\" title=\"Image courtesy of Flickr user The Official CTBTO Photostream\" src=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/07\/6476282811_ae13a8e8a0_z.jpg\" alt=\"Image courtesy of Flickr user The Official CTBTO Photostream\" width=\"640\" height=\"481\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/07\/6476282811_ae13a8e8a0_z.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/07\/6476282811_ae13a8e8a0_z-205x154.jpg 205w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Cyberspace pervades everyday life. Our growing reliance on networks has increased the vulnerability of Australia\u2019s national security, economy and society to malicious cyber actions. As a result, there\u2019s a need to build trust and confidence in cyberspace, and the infrastructure and institutions that it enables and supports.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Deterrence policies and capabilities are often invoked as a means to create this stability. Australia\u2019s recent<\/span><a href=\"https:\/\/cybersecuritystrategy.dpmc.gov.au\/\" target=\"_blank\"> <span style=\"font-weight: 400;\">Cyber Security Strategy<\/span><\/a><span style=\"font-weight: 400;\">, released in April 2016, stated that \u2018Australia\u2019s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack\u2019. In launching the Strategy, Prime Minister Malcolm Turnbull further<\/span><a href=\"https:\/\/www.pm.gov.au\/media\/2016-04-21\/launch-australias-cyber-security-strategy-sydney\" target=\"_blank\"> <span style=\"font-weight: 400;\">emphasised<\/span><\/a><span style=\"font-weight: 400;\"> that \u2018acknowledging this offensive capability, adds a level of deterrence\u2019. This rhetorical trend is also evident in other international cyber strategies including those of our major allies and partners.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, there are pit falls in that approach to cybersecurity. In our report, <\/span><i><span style=\"font-weight: 400;\">Deterrence in Cyberspace, <\/span><\/i><span style=\"font-weight: 400;\">released today<\/span><i><span style=\"font-weight: 400;\">, <\/span><\/i><span style=\"font-weight: 400;\">we explore those issues and provide recommendations for policymakers to address stability and security in cyberspace.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The use of deterrence to mitigate security threats is based on an assumption that states are rational, and make decisions based on cost-benefit assessments. On that assumption, one can deter a challenger by increasing the perceived costs of their action (deterrence by punishment) or decreasing the expected benefit (deterrence by denial).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, threatening punishment is unlikely to deter malicious behaviour in cyberspace, for several reasons:<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-weight: 400;\">Setting enforceable thresholds is difficult due to the spectrum of potential acts in cyberspace and the non-binary nature of many cyber capabilities. For that reason the difference between an \u2018attack\u2019 and below-the-threshold events, such as espionage and criminality, is often less obvious.<\/span><\/li>\n<li><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-weight: 400;\">Responding proportionately is also made difficult by the difficulty of controlling escalation in cyberspace and the lack of normative framework to guide a conventional response.<\/span><\/li>\n<li><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-weight: 400;\">It\u2019s often difficult to quickly and accurately identify the responsible actor. Attributing blame risks inadvertent escalation with a third party and can expose valuable national cyber capabilities.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Instead, such threats have the potential to heighten international insecurity by inducing what we\u2019ve dubbed the \u2018credibility-stability paradox\u2019. The reliability of a state\u2019s commitment to enforcing its own deterrence policy statements is a significant symbol of its political and military power. If a state doesn\u2019t follow through on a threat when its threshold is crossed, it directly reduces its credibility in the eyes of the international community, undermining its ability to both intimidate and negotiate in the future.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Conversely, making good on a threat in cyberspace can have drastic impacts on international stability. Retaliation, either inside or outside of cyber space, may spiral beyond the intended punishment, inflicting damage over and above what would be considered a proportionate response to the breach of a threshold. That risks a minor incident triggering a tit-for-tat escalation that devolves into a larger and more destructive conflict, further damaging international stability. So, as soon as a cyber deterrence threat is extended, a state faces the strategic dilemma of being forced to choose between maintaining its credibility or risking collateral damage.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That isn\u2019t to say that offensive cyber capability shouldn\u2019t be developed, but rather that it shouldn\u2019t be developed for the purpose of making threats. The use of offensive cyber capabilities, in accordance with international law, to enable and support conventional military forces contributes positively to broader deterrence capability by reinforcing the lethality and effectiveness of armed forces as a tool of state power.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The report recommends methods to alter an adversary\u2019s decision-making by withholding the perceived rewards of certain behaviour and building an international conflict reduction framework. Implementing a denial strategy in cyberspace requires strong, adaptive defences, resilient networks, and the use of other advanced techniques and technologies to reduce the perceived value of malicious behaviour. Denying enemies an advantage commensurate with the effort required to breach security should dissuade them from further attempts on the network. That supports cybersecurity generally and, if effectively conducted, can further enhance conventional deterrence postures and improve a state\u2019s overall national security.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">ICPC\u2019s new report explores the nature of cyberspace, reviews the challenges it poses to deterrence by punishment and offers alternative approaches for policymakers seeking to establish stability in cyberspace. In a context of increasing network dependence and growing cyber tensions, setting a precedent of restraint, trust and international cooperation is essential. This will ensure Australia can continue to reap the economic and social benefits of a stable cyberspace.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyberspace pervades everyday life. Our growing reliance on networks has increased the vulnerability of Australia\u2019s national security, economy and society to malicious cyber actions. As a result, there\u2019s a need to build trust and confidence &#8230;<\/p>\n","protected":false},"author":364,"featured_media":27899,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,95,1755],"class_list":["post-27898","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cyber-security","tag-deterrence"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Deterrence in cyberspace: different domain, different rules | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Deterrence in cyberspace: different domain, different rules | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Cyberspace pervades everyday life. Our growing reliance on networks has increased the vulnerability of Australia\u2019s national security, economy and society to malicious cyber actions. As a result, there\u2019s a need to build trust and confidence ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2016-07-27T04:30:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-07-26T03:51:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/07\/6476282811_ae13a8e8a0_z.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"481\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Liam Nevill\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Liam Nevill\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/07\/6476282811_ae13a8e8a0_z.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/07\/6476282811_ae13a8e8a0_z.jpg\",\"width\":640,\"height\":481,\"caption\":\"Image courtesy of Flickr user The Official CTBTO Photostream\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/\",\"name\":\"Deterrence in cyberspace: different domain, different rules | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/#primaryimage\"},\"datePublished\":\"2016-07-27T04:30:27+00:00\",\"dateModified\":\"2016-07-26T03:51:05+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Deterrence in cyberspace: different domain, different rules\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\",\"name\":\"Liam Nevill\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"caption\":\"Liam Nevill\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Deterrence in cyberspace: different domain, different rules | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/","og_locale":"en_US","og_type":"article","og_title":"Deterrence in cyberspace: different domain, different rules | The Strategist","og_description":"Cyberspace pervades everyday life. Our growing reliance on networks has increased the vulnerability of Australia\u2019s national security, economy and society to malicious cyber actions. As a result, there\u2019s a need to build trust and confidence ...","og_url":"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2016-07-27T04:30:27+00:00","article_modified_time":"2016-07-26T03:51:05+00:00","og_image":[{"width":640,"height":481,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/07\/6476282811_ae13a8e8a0_z.jpg","type":"image\/jpeg"}],"author":"Liam Nevill","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Liam Nevill","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/07\/6476282811_ae13a8e8a0_z.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/07\/6476282811_ae13a8e8a0_z.jpg","width":640,"height":481,"caption":"Image courtesy of Flickr user The Official CTBTO Photostream"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/","url":"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/","name":"Deterrence in cyberspace: different domain, different rules | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/#primaryimage"},"datePublished":"2016-07-27T04:30:27+00:00","dateModified":"2016-07-26T03:51:05+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/deterrence-cyberspace-different-domain-different-rules\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Deterrence in cyberspace: different domain, different rules"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936","name":"Liam Nevill","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","caption":"Liam Nevill"},"url":"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/27898"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/364"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=27898"}],"version-history":[{"count":1,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/27898\/revisions"}],"predecessor-version":[{"id":27900,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/27898\/revisions\/27900"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/27899"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=27898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=27898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=27898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}