Small players in a limitless domain: Cyber deterrence as small state strategy

Abstract

This article explores deterrence as an element in cybersecurity strategy from a small state perspective. The cyber domain presents novel challenges for strategy makers, and applying deterrence in the cyber domain requires an organized and multinational approach – since few states can leverage deterrence in this all-encompassing domain on their own. Deterrence has been an important factor in shaping global security for half a century, but when applied to the cyber domain there are certain inherent mechanisms that must be understood in order to generate the desired effects. Key issues discussed are the volume of agents capable of operating and creating effects in the domain, and the availability of tools and techniques. These issues concerning actors and vectors makes it difficult to survey threats and create targeted deterrence. Furthermore, the cyber milieu makes it difficult to connect action to motives, thereby further complicating any attempt to analyze the actual importance of observable effects. From a strategist’s point of view, these general characteristics are exacerbated by the fact that the international community does not have a common language or shared platform to uniformly approach these issues. Absent clarity on some fundamentals the core issues of attribution and proportionality becomes a hindrance to effective deterrence.