In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government.
The first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks.
The second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop.
Although the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed.
Table of Contents
|Group 1 - Attribution and Economics||1-2|
|Introducing the Economics of Cybersecurity: Principles and Policy Options--Tyler Moore||3-24|
|Untangling Attribution--David D. Clark and Susan Landau||25-40|
|A Survey of Challenges in Attribution--W. Earl Boebert||41-52|
|Group 2 - Strategy, Policy, and Doctrine||53-54|
|Applicability of Traditional Deterrence Concepts and Theory to the Cyber Realm--Patrick M. Morgan||55-76|
|Categorizing and Understanding Offensive Cyber Capabilities and Their Use--Gregory Rattray and Jason Healey||77-98|
|A Framework for Thinking About Cyber Conflict and Cyber Deterrence with Possible Declaratory Policies for These Domains--Stephen J. Lukasik||99-122|
|Pulling Punches in Cyberspace--Martin Libicki||123-148|
|Group 3 - Law and Regulation||149-150|
|Cyber Operations in International Law: The Use of Force, Collective Security, Self-Defense, and Armed Conflicts--Michael N. Schmitt||151-178|
|Cyber Security and International Agreements--Abraham D. Sofaer, David Clark, and Whitfield Diffie||179-206|
|The Council of Europe Convention on Cybercrime--Michael A. Vatis||207-224|
|Group 4 - Psychology||225-226|
|Decision Making Under Uncertainty--Rose McDermott||227-242|
|Group 5 - Organization of Government||243-244|
|The Organization of the United States Government and Private Sector for Achieving Cyber Deterrence--Paul Rosenzweig||245-270|
|Group 6 - Privacy and Civil Liberties||271-272|
|Civil Liberties and Privacy Implications of Policies to Prevent Cyberattacks--Robert Gellman||273-310|
|Group 7 - Contributed Papers||311-312|
|Targeting Third-Party Collaboration--Geoff A. Cohen||313-326|
|Thinking Through Active Defense in Cyberspace--Jay P. Kesan and Carol M. Hayes||327-342|
|Appendix A: Reprinted Letter Report from the Committee on Deterring Cyberattacks||345-374|
|Appendix B: Workshop Agenda||375-376|
|Appendix C: Biosketches of Authors||377-384|
|Appendix D: Biosketches of Committee and Staff||385-388|
The National Academies Press (NAP) has partnered with Copyright Clearance Center's Rightslink service to offer you a variety of options for reusing NAP content. Through Rightslink, you may request permission to reprint NAP content in another publication, course pack, secure website, or other media. Rightslink allows you to instantly obtain permission, pay related fees, and print a license directly from the NAP website. The complete terms and conditions of your reuse license can be found in the license agreement that will be made available to you during the online order process. To request permission through Rightslink you are required to create an account by filling out a simple online form. The following list describes license reuses offered by the National Academies Press (NAP) through Rightslink:
Click here to obtain permission for the above reuses. If you have questions or comments concerning the Rightslink service, please contact:
Rightslink Customer Care
Tel (toll free): 877/622-5543
To request permission to distribute a PDF, please contact our Customer Service Department at 800-624-6242 for pricing.
To request permission to translate a book published by the National Academies Press or its imprint, the Joseph Henry Press, please click here to view more information.