Tipping the scales: the attribution problem and the feasibility of deterrence against cyberattack

摘要: Cyber attackers rely on deception to exploit vulnerabilities and obfuscate their identity, which makes many pessimistic about cyber deterrence. The attribution problem appears make retaliatory punishment, contrasted with defensive denial, particularly ineffective. Yet observable deterrence failures against targets of lower value tell us little the ability deter attacks higher targets, where defenders may be more willing able pay costs punishment. Counterintuitively, response decline scale. Reliance is a double-edged sword that provides some advantages attacker but undermines offensive coercion creates risks for ambitious intruders. Many properties cybersecurity assumed determined by technology, such as advantage offense over defense, difficulty attribution, inefficacy deterrence, are in fact consequences political factors like target scale-dependent exploitation retaliation. Assumptions can incorporated into traditional international relations concepts uncertainty credibility, even involves identity opponent, not just interests capabilities. This article uses formal model explain why there low-value anonymous few high-value ones, showing how different assumptions scaling retaliation lead degrees coverage effectiveness denial Deterrence works it needed most, yet usually fails everywhere else.