ABSTRACT
Cyberdeterrence seems like it would be a good idea. The nuclear standoff between the United States and the Soviet Union during the Cold War—which never went hot—provides the historical basis for believing cyberdeterrence should work. Yet the relevance of individual elements is somewhat broader. Issues related to holding assets at risk, repeated retaliation, third parties, and escalation apply to cyberretaliation in response to other kinds of attacks. Strict adherence to a no-threshold policy of response also implies a no-threshold policy of investigation of cyber-attacks, one that is untenable and, in any case, unaffordable. Nuclear deterrence strategists did not worry about escalation beyond the nuclear level. Accidental and inadvertent escalation exists in the real world. Attackers could threaten physical counterretaliation in hopes of reducing the credibility of the target to that of a bluff. Nuclear storage and delivery infrastructures can be disabled by nuclear attacks—which is precisely the role of counterforce targeting.
