On Tuesday, a massive cyberattack hit Ukraine.
The very next day, professor Scott Jasper of the Naval Postgraduate School offered a systematic analysis of the United States’ existing strategic cyber deterrence options, of which active cyber defense will play the leading role in the years ahead.
Active cyber defense may be the answer to the ever-increasing cybersecurity threat, as it allows for greater maneuverability by the private sector and presents greater policy options to deter and defeat nefarious actors.
The number of cyberattacks is at an all-time high for both the United States and our allies around the world.
According to the Department of Justice, there are more than 4,000 ransomware attacks daily. Active cyber defense would allow the United States and private industries to deter attacks with three main capabilities: retaliation, denial, and entanglement.
Retaliation is a response to a cyberattack that could manifest any number of ways. Responses include a mix use of sanctions, cyber responses like a direct “hackback” on the offender, and even a conventional kinetic attack in extreme cases.
Cyber responses could include inserting beacons or intentional malware into files that hackers are attempting to steal in order to find and identify the perpetrator. However, retaliatory norms have yet to be established.
Denial is a form of active cyber defense in which an entity has such formidable cyber defenses that it removes the incentive of carrying out an attack, thus leaving little motive to carry out any further attacks.
Denial processes include a cyber kill chain, where a company receives notification of an attack at multiple stages and is thus able to stop it. According to Jasper, the effects of the Target breach—a large-scale malware attack in2013—could have been diminished through proper implementation of a cyber kill chain.
>>> For more information on active cyber defense, check out Scott Jasper’s book “Strategic Cyber Deterrence: The Active Cyber Defense Option.”
The third form of deterrence is entanglement, or norms created to regulate cyber behavior. Entanglement is a necessity for looking to prevent cyberattacks by state actors as it introduces accountability into their decision-making calculus.
Nations should be weary of using cyberattacks because the threat they pose to the common internet, the increasing interconnection of electronic devices, and critical infrastructure may lead to negative externalities.
For effective deterrence to be achieved, the actor committing an attack must feel that the cost of committing an attack is higher than the reward to be gained. Active cyber defense may leverage an actionable solution here.
Going forward, a credible strategic policy should include active cyber defense for the sake of U.S. network resiliency.