Jim Lewis of CSIS speaks at Stimson on Cyber Deterrence
November 15, 2012
On Thursday, November 15, Jim Lewis spoke on the role of deterrence in the nuclear, cyber and space domains as a part of Stimson's programming on Space Security, supported by DTRA and the New-Land Foundation.
Lewis is Director and Senior Fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, where his recent work has focused on cybersecurity, space, and technological innovation. Prior to joining CSIS, he served at the Departments of State and Commerce as a Foreign Service officer, and as a member of the Senior Executive Service.
Deterrence of unwanted actions in space is linked to deterrence in the nuclear and cyber domains. Of the three, mechanisms for deterrence against nuclear attack are most highly developed. Space deterrence mechanisms are a work in progress. Of the three domains, restraints on cyber deterrence are weak. What are the ramifications of cyber attacks for space and nuclear deterrence?
Lewis argued that though the US has the most advanced cyber and space forces in the world, these forces fail to deter our opponents from malicious actions; the nuclear model of deterrence is not appropriate for the cyber and space domains. Asymmetric vulnerability to attack, new classes of opponents with very different tolerance of risk, and the difficulty of crafting a proportional and credible threat, all erode the ability to deter in the cyber and space domains.
In these domains, actors confront asymmetrical degrees of risk tolerance in their opponents. Unlike cold War deterrence, States may have difficulties in holding non-state actors "hostage," as these actors have minimal infrastructure or populations to defend from counter-attacks. The challenges of attribution in the cyber and space domains both emboldens attackers and restrains states seeking retaliation. Questions of proportionality also confound efforts to apply a model of deterrence to the space and cyber domains. Lewis stated that crime and espionage do not justify the use of force, just as nuclear deterrence failed to deter espionage, proxy wars and low-level conflict during the Cold War, cyber and space opponents seem to have calculated the threshold they cannot cross in peacetime, and know to operate below it.
Finally, Lewis argued that an essential aspect of deterrence is that it must threaten vital interests as understood by senior political figures - usually defined as territorial integrity and political independence. Lewis does not believe that this threat to vital interests is possible to achieve in space or cyber. In the case of cyber, he stated that the destructiveness of a cyber-attack is usually overstated. Cyber attacks can shape the battlefield and environment, but "they don't create existential harm." He concluded by stating that states should not seek to deter unwanted actions in the space and cyber domains, but should "acquire and maintain the ability to fight through an attack and win," sustaining continuity of operations and war fighting abilities should be the focus of strategy and not deterrence.