For major nation-states with significant capabilities for kinetic attack and cyberattack at their disposal, among the important issues regarding the dynamics of cyberconflict are the following:

• Crisis stability (preventing a serious cyberconflict from breaking out),

• Preventing a cyberconflict from escalating to physical space, and

• Knowing when a cyberconflict has been terminated.

Matters can be further complicated by the presence of non-state actors, such as cyberterrorists, patriotic hackers, and criminal groups. Perhaps the most important complication relates to identification of the appropriate party against which action might be taken and the related availability of cyber and/or kinetic targets whose destruction might cause pain or meaningful damage to the terrorist or criminal group.

Cyberattack is an important capability for the United States to maintain, but at the same time the acquisition and use of such capabilities raise many questions and issues, as described below.

1. The policy and organizational issues raised by U.S. acquisition and use of cyberattack are significant across a broad range of conflict scenarios, from small skirmishes with minor actors on the international stage to all-out conflicts with adversaries capable of employing weapons of mass destruction.

2. The availability of cyberattack technologies for national purposes greatly expands the range of options available to U.S. policy makers as well as to policy makers of other nations.

3. Today’s policy and legal framework for guiding and regulating the U.S. use of cyberattack is ill-formed, undeveloped, and highly uncertain.

4. Secrecy has impeded widespread understanding and debate about the nature and implications of U.S. cyberattack.

5. The consequences of a cyberattack may be both direct and indirect, and in some cases of interest, the indirect consequences of a cyberattack can far outweigh the direct consequences.

Front Matter (R1-R22)

Synopsis (1-8)

1 Overview, Findings, and Recommendations (9-76)

Part I: Framing and Basic Technology (77-78)

2 Technical and Operational Considerations in Cyberattack and Cyberexploitation (79-158)

Part II: Mission and Institutional Perspectives (159-160)

3 A Military Perspective on Cyberattack (161-187)

4 An Intelligence Community Perspective on Cyberattack and Cyberexploitation (188-199)

5 Perspectives on Cyberattack Outside National Security (200-213)

6 Decision Making and Oversight (214-236)

Part III: Intellectual Tools for Understanding and Thinking About Cyberattack (237-238)

7 Legal and Ethical Perspectives on Cyberattack (239-292)

8 Insights from Related Areas (293-301)

9 Speculations on the Dynamics of Cyberconflict (302-317)

10 Alternative Futures (318-334)

Appendixes (335-336)

Appendix A: Biographies of Committee Members and Staff (337-347)

Appendix B: Meeting Participants and Other Contributors (348-349)

Appendix C: Illustrative Criminal Cyberattacks (350-355)

Appendix D: Views on the Use of Force in Cyberspace (356-359)

Appendix E: Technical Vulnerabilities Targeted by Cyber Offensive Actions (360-368)