Cybersecurity as Attack-Defense
By Youri Cormier
September 12, 2018
What the French Election Taught Us About Fighting Back
It is common among strategists to analyze cybersecurity using metaphors that feel familiar, but we should do so with caution. Extended analogies, like one in an Atlantic Council text likening cyber deterrence to the nuclear concept of extended deterrence, often miss the underlying mechanics of cyber threats, which have little or nothing in common with weapons of mass destruction. Even though NATO recognizes cyber-attacks as grounds for invoking Article 5 (if critical military and civilian infrastructure were targeted), this threat remains abstract and limited. Retaliation in cyberspace is tricky: the origin of the attack is hard to prove, which generates plausible deniability, and those who are most likely to be deterred are not necessarily those conducting the attacks. Waging a physical war in response to a cyber-attack would also require a dodgy concept of proportionality. Simply put, deterrence works best where the weapons on both sides are apocalyptic in scope and their use is highly centralized in the hands of rational governments.
https://www.realcleardefense.com/articles/2018/09/12/cybersecurity_as_attack-defense_113796.html