Article
The Myth of the Cyber Offense: The Case for Restraint
Cato Institute Policy Analysis
(2019)
Abstract
In the context of recent shifts in cybersecurity policy in the United States, this paper examines the character of cyber conflict through time. Data on cyber actions from 2000 to 2016 demonstrate evidence of a restrained domain with few aggressive attacks that seek a dramatic, decisive impact. Attacks do not beget attacks, nor do they deter them. But if few operations are effective in compelling the enemy and fewer still lead to responses in the domain, why would a policy of offensive operations to deter rival states be useful in cyberspace?
We demonstrate that, while cyber operations to date have not been escalatory or particularly effective in achieving decisive outcomes, recent policy changes and strategy pronouncements by the Trump administration increase the risk of escalation while doing nothing to make cyber operations more effective. These changes revolve around a dangerous myth: offense is an effective and easy way to stop rival states from hacking America. New policies for authorizing preemptive offensive cyber strategies risk crossing a threshold and changing the rules of the game.
Keywords
- cyber,
- defense,
- hacking,
- computer,
- security,
- cybersecurity
Disciplines
Publication Date
January 15, 2019
Citation Information
Brandon Valeriano and Ben Jenson. "The Myth of the Cyber Offense: The Case for Restraint" Cato Institute Policy Analysis (2019) ISSN: 1069-8124 Available at: http://works.bepress.com/brandon-valeriano/12/