Cyberspace is an extension of cyber domain a virtual
realm or environment where states can operate detect, launch or stopped
attacks. In other words, it a logical
layer, within the information environment consisting of the interdependent
networks of IT, infrastructures and database, telecommunication and computer systems.
As Andy Metcalf put it very well, for the problem here
with cyberspace and cyber domain a lot of policy makers and organizations uses
a lot connotation instead of denotations to bring a clear understanding to this
concept “Cyberspace is the digital sea sloshing over a terrain built on
top of communications devices. Similar to the relationships between the air,
land, and sea, actions in the physical world have definite impact in the cyber
world, and the impact is not always predictable Cyber warfare poses significant
problem to the U.S National Security. That means, the way one perceives cyber
threats will definitely affect how to address these threats.
the evolution of cyberspace will influence the outcome of a conflict, trying to
deter and undermine an enemy from obtaining a nuclear program could very much
trigger world war III. In this research paper will attempt to show the importance
of cyberspace and and how any careless or uncalculated attack could lead to
World War III.
Although cyberwarfare generally refers to cyberattacks
perpetrated by one state on another, it can also describe attacks by terrorist
groups or hacker groups aimed at furthering the goals of particular nations. It
can be difficult to definitively attribute cyberattacks to a nation-state when
those attacks are carried out by others actors, but such attacks can often
be linked to specific nations. This is where it becomes very crucial and even
dangerous. The fact that a terrorist organization like Isis can constantly use
the cyber space to try to hurt people and claim responsibility is scary.
Let’s imagine that terrorist organizations like Isis, could
manage to infiltrate somehow North Korea nuclear central command using intrusion
tactic that hackers use in a very substile manner and deactivate the intrusion
detection systems in place. Then launch an attack against the U.S or any of
their allied with nuclear-tipped ICBM heating a
measures city and causing a lot casualty, that will definitely be the recipe
for world war III. One can remember what happen a while ago with the Sony cyber-attack
where many experts and Federal agency like the FBI and NSA believe North Korea
government agent where behind the attack. The intrusion, conducted by a group
identified as the “Guardians of Peace,” exfiltrated terabytes of data from
Sony. Some of the data involved unreleased films; other data included
embarrassing internal e-mails and proprietary information.
Additionally, the hackers demanded that Sony
withhold from release The Interview, a movie depicting the
assassination of North Korean leader Kim Jong-Un. After delaying the release
for several days, Sony eventually made the movie available through several
alternate outlets. Though there are a many examples of suspicious
cyberwarfare attacks in recent history, there has been no official, no set
definition for a cyber “act of war,” which professionals mostly agree
would be a cyberattack that unswervingly leads to loss of life.
Supplementing efforts to defend against cyber-attacks, states will obviously
seek ways to prevent the proliferation of software like trojan malware that
could be particularly threatening to the maintenance of social stability.
Unfortunately, the dispersal of offensive cyber abilities is proving hard to
control or limit either by new arms control agreements or by the expansion of
export control regimes, especially the “Wassenaar Arrangement of 1996”. This is
partly because cyber tools are almost always inherently dual use, with their
civilian applications being quite valuable and widely supported.
of arms limitations, so relevant to the arms control agreements of the Cold War
era, is practically infeasible with cyber technology. Resiliency Because
defenses against cyber intrusion and attack are not perfect, and the spread of
offensive abilities cannot be blocked with confidence, states and major private
enterprises must invest in in tough defense. Resiliency mean and require
different things in different contexts that is, in the military, the financial
sector, the energy sector, and so on.
to more dynamic and tense methods to using cyber instruments to avoid or manage
conflict, deterrence carries major importance. It should be emphasized that
cyber instruments and operations could be used alone or in conjunction with
other capabilities to affect a wide range of adversarial behavior beyond cyber-attack,
espionage, and larceny.
choice of tools should depend on whom is to be influenced to abjure or desist
from doing what. In this broader context, potential cyber operations can serve
signaling purposes short of war. Indeed, such signaling is a feature of
deterrence and coercion. The purpose is to signal a threat of future action and
motivate the adversary to avoid or de- escalate violence or to otherwise change
considering what concepts, strategies, and tactics are most suitable to contest
cyber and other threats today, it is helpful to recognize that the modern
environment differs greatly from the Cold War period in which major states
developed their national security strategies and instruments. The nature and occurrence
of confrontation in the contemporary world, especially in cyberspace, are quite
different from the central challenge that deterrence addressed in the Cold War.
the Cold War, few said that illicit activities by mafias, terrorist acts by the
Red Brigades of Italy, propaganda campaigns by major power, or revolutionary
conflicts in Southeast Asia, Africa, and South America were failures of
deterrence. Expert today, however, say that the Sony Pictures Entertainment
attack, the hack of the US Democratic National Committee, and the takedown of
the Ukrainian power grid represent failures of deterrence.
also important to highlight that, there is no cyber deterrence outside the
cyber space. in fact, cyber space phagocyte the cyber argument whether one
wants to defend or prevent cyber-attacks. The classic argument against
deterrence in the cyber domain rely in the difficulty of attribution: An
adversary can conduct an attack in such a way that it’s very difficult and
often impossible to know who led it.
the attacker knows he can’t be identified, which makes him confident he can’t
be retaliated against. This makes it impossible to uncover him, since he knows that
one could not trace him easily.
threats that threaten loss of life via the disruption of critical
infrastructures and the essential services they provide; or that disrupt or
undermine the confidence in or trustworthiness of systems that support critical
functions, including military command and control and the orderly operation of
financial markets or that pose national-level threats to core values like
privacy and freedom of expression. However cyber deterrence starts with
defining cyber-attack. Cyber-attacks take many forms, including: Gaining, or
attempting to gain, unauthorized access to a computer system or its data.
disruption of service attacks, including
the take down of entire web sites. Cyber deterrence offers much more
flexibility and increased options from traditional deterrence methodologies
developed in the Cold War’s nuclear age. In addition to traditional
retaliation, cyber deterrence includes options such as taking legal action and
making networks invisible, resilient, and interdependent.
dubious assumptions operate here. One is that deterrence is the appropriate
lever to counter such a wide range of hostile actions. Another is that cyber
capabilities and policies should be the primary tool for deterring any and all
nefarious acts conducted by cyber means. As the eminent strategist Robert
Jervis recently noted, “There is no such thing as cyber deterrence.” While this
may well be an overstatement, the unique features of cyber capabilities
versatility, low cost, vast range, high speed, and difficulty of detection and
attribution can be used to support a wide range of national policies including
deterrence and, more broadly, coercion to influence an extensive array of
routine of cyber threats for deterrence and coercion of hostile cyber or other
activities presents several nearly unique challenges. For a threat to be
effective, the opponent needs to perceive it, but, as discussed previously, one
attraction of cyber capabilities to date has been their secrecy. On the one hand,
because cyber-attacks remain generally anathema to much of the world, states
perceive reputational risks in being exposed as active or potential attackers.
On the other hand, as cyber weapons spread and cyber warfare becomes
commonplace, actors may find secrecy unnecessary and unhelpful insofar as
deterrence could be augmented by making their offensive capabilities better
Additionally, if norms of behavior for the authentic
conduct of cyber conflict are developed, then states may become more transparent,
at least regarding the types of operations that could be justified under such
norms and be consistent with rules of armed conflict. Of course, operational
imperatives are another motivation for secrecy. States and other entities do
not want to alert potential targets of possible types and methods of operations
and thereby enable adversaries to take defensive measures that would erode
The Snowden disclosures are an example of both
motives for secrecy: The United States suffered reputational damage, and the
revelations helped competitors to defend against US techniques. Whether
effectiveness of deterrent threats requires an opponent to perceive in some
detail what harm can be inflicted on it or, instead, whether a vague sense of
possibilities is sufficient for deterrence remains speculative. Of course, it
is possible, and perhaps likely, that revelations such as Snowden’s of
capabilities and attacks that have already occurred give other states and
nonstate actors a sense of what can be done and thereby create a general basis
for future deterrence.
group contesting a state with demonstrable capabilities such as the Stuxnet
operation against Iran, the reported Israeli corruption of Syria’s air
defenses, the Chinese penetration of US government and health insurer files,
and the Russian hack into the US Democratic National Committee files should
anticipate that similar actions can be taken against it. Looking ahead, for
deterrence and coercion to be effective, the issuer of such threats needs to
have not only credible capabilities but also plans to win, or at least not to
lose, an escalatory process if the adversary does not relent. Yet, to date,
there is no consensus on the meaning of escalation with cyber instruments.
Uncertainties surround the potential effects of many possible cyber moves.
incapability to distinguish computer network exploitation from computer network
attack is fundamental in this regard. In crises or early stages of mobilization
toward armed conflict, states that detect adversarial penetrations of their
networks may find it difficult to assess whether the intentions are to gather
intelligence or to conduct an attack or both. They will prudentially assume the
worst. More broadly, as Robert Jervis notes, “one could not know the physical,
let alone the psychological and political impact, of exercising various cyber
options; the country that is the object of the attack would assume that any
effect was intended.” This situation can stimulate preemptive attack or other forms
will simultaneously seek to prepare for escalation and to minimize the risk.
There is great tension between the two imperatives. Preparing the “battlefield”
could advantage one or all parties to a potential conflict and could perhaps
augment deterrence by motivating the adversary to back down. Conversely, it
could lead to escalation, whether desired by one or both parties or not. The
tension between secrecy and deterrence exacerbates this conundrum.
that one has penetrated or can penetrate various networks and do discrete kinds
of harm can bolster deterrent threats. Such displays, however, weaken the
weapon. For military operational purposes, as distinct from deterrence, one
wants the adversary to underestimate its vulnerabilities and the threat one
poses to it. For these and other reasons, calculating whether and how
deterrence and coercion by threats of cyber punishment can work is difficult.
Steven E. Miller and others note, the number and types of actors and scenarios
that need to be deterred and compelled in the cyber domain are large. Moreover,
attributing who is responsible for acts that would warrant retaliatory attack
is fraught with technical, legal, and political difficulties, which would
obtain even if the conductor of deterrence threats was entirely certain of the
effects its potential attacks would have.
concerns likely would or should affect strategies to use offensive cyber-attacks
to limit the damage adversaries otherwise might threaten to inflict by cyber or
other means that is, deterrence by denial as distinct from deterrence by
retaliation. A number of these considerations are addressed in this volume.
additional issues deserve mention here. First, compellence is inherently more difficult
to achieve than deterrence is. States that have committed national prestige and
considerable resources to pursue fundamental objectives are highly resistant to
external pressures to desist. It is easier to deter actors from doing things
they are not already doing.
Stuxnet attack on Iran is perhaps the leading, if not only, example of a cyber
operation that appears to have helped motivate a determined state to halt a
threatening activity it was already conducting. Further research should be
devoted to seeking examples wherein cyber threats and actions have compelled
adversaries to abandon hostile behavior, whether such behavior is cyber related
or not. Second, the development of effective cyber defenses and hardening to cyber-attack
could significantly bolster cyber deterrence and resilience.
Finally, cyberspace today plays a key role in network
systems and military defense and the ability of states to prevent any attack or
to defend against any attack, flows through cyber space. That being said a
blend of robust offensive and defensive capabilities could make a state’s
deterrent and compelling threats against an adversary more credible by
lessening the adversary’s probability of retaliating effectively. It could also
mitigate risks of escalation. However, if one or more adversarial groups of
states achieved defensive capabilities that made their offensive threats more
credible, would this enhance stability or more likely fuel the equivalent of
arms racing and crisis instability? Third, it is an open question whether
offensive cyber capabilities are more or less strategically valuable for weaker
parties than they are for stronger ones. States with greater capabilities are
likely to be more vulnerable and sensitive to disruptions in cyberspace that
could affect them directly or could emerge as blowback from their own cyber
operations. Weaker actors, whose coercive capabilities, societies, and
economies are less digitally dependent, may feel they have relatively less to
lose in cyber conflict. The Pearl Harbor analogy suggests that weaker parties
may see comparatively less risk in conducting cyber-attacks, though in the end
the stronger party prevailed, while Lambert’s chapter on British economic