Cyber Attacks, Attribution, and Deterrence: Three Case Studies

Abstract

The purpose of this monograph is to examine the role of a defender's ability to attribute a cyber attack and its effect on deterrence. Conflict in cyberspace is constantly evolving and deterrence might provide stability and understanding of these conflicts. Because of the speed at which cyber attacks can occur and the rate at which they can spread, it is important to understand how countries using cyber weapons frame the problem. The method used in this paper is controlled comparison of three different cyber attacks: the 2007 attacks on Estonia, the Stuxnet attack on Iran, and the LulzSec attacks multiple targets in 2011. These three events bore the similarity that defenders could not immediately attribute the attack to an actor. This attribution problem influenced how the defenders responded to the problem. Upon further research, however, it became apparent that attribution was not the defenders' biggest problem in two of the three cases. Attribution may not always be immediately available through technical means, but eventually defenders had enough information on which to act. At this point, other problems arose, like escalating a cyber conflict with a far more powerful neighbor or determining how to respond without a cyber capability of one's own. These cases demonstrate attribution is a necessary but not sufficient cause for responding to a cyber attack and that defenders have many response options available, from technical defense of their networks to escalation of the conflict to kinetic military strikes. Additionally, cyber deterrence does not require the high levels of attribution that some theorists argue. Instead, a counterattack can rely on a lower level of attribution because the target is typically a known adversary and because the results from a cyber attack are generally much lower than the effects from a kinetic attack.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 23, 2015
Accession Number
AD1001276

Entities

People

  • William R. Detlefsen

Organizations

  • United States Army Command and General Staff College

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Case Studies
  • Computer Crime
  • Computer Network Security
  • Computer Networks
  • Contingency Operations (Military)
  • Cyber Warfare
  • Cyberattacks
  • Cybersecurity
  • Cyberspace
  • Cyberspace Operations
  • Information Systems
  • International Law
  • Malware
  • Military Organizations
  • National Security
  • Network Protocols
  • Warfare

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Military History / Militaries and War Studies
  • Strategic Security Studies

Technology Areas

  • Cyber
  • Cyber - Legality in Cyberspace