On 6 October, 2021 the Vienna Center for Disarmament and Non-Proliferation (VCDNP) held the second webinar in the Deterrence and Emerging Technologies (DET) series devoted to discussion of how developments in cyber domain affect deterrence. The panel of speakers included: Dr. Melissa K. Griffith, Senior Program Associate at the Wilson Center’s Science and Technology Innovation Program; Mr. Oleg Shakirov, Consultant of the PIR Center; and Dr. Beyza Unal, Deputy Director of the International Security Program at Chatham House. The webinar was moderated by Dr. Nikolai Sokov, Senior Fellow at the VCDNP.
The speakers shared the view that relationships in the cyber domain can be characterised as deterrence, but its principles are different from those that determined nuclear deterrence during the Cold War period. Dr. Griffith explained that nuclear deterrence was expected to deter all attempts at attack but these instances were rare and short. Cyber deterrence, by definition, cannot deter all attacks – some low-level ones will succeed but will not inflict much damage, and deterrence must be constant because attacks virtually never stop. Otherwise, standard deterrence modes, such as by punishment or denial, offensive or defensive, do apply to the cyber domain.
Mr. Shakirov posited that Russia uses a different set of terms from the West and noted that the cyber domain is described in the 2014 Russian Military Doctrine as information security, which represents a broader concept. Russian doctrinal documents emphasize deterrence by denial, i.e., efforts to make sure that cyber attacks cannot succeed. This single orientation might be changing - the new National Security Strategy adopted in 2020 talks about development of a capability for competition in the information space. Much emphasis is made on diplomacy and development of shared norms for behaviour in the cyberspace. Responding to a question about the status of US-Russian dialogue on cyber issues, Mr. Shakirov said that the dialogue apparently progresses quite well but there are still considerable differences with respect to the scope. Whereas the Untied States tends to concentrate on practical issues of cyberattacks (including ransomware and other similar crimes), Russia also wants to expand the scope of the dialogue to include development of common rules and norms of behaviour.
Dr. Unal shared Dr. Griffith’s views on the differences between nuclear and cyber deterrence and emphasized the role of attribution in the cyber domain. Attribution, she explained, can be technical and political. The latter is effectively the “shaming” of the attacker to generate political costs for adverse behaviour. She noted, however, that deterrence in cyber domain can be fraught with the risk of escalation and there is no simple prescription. Even political attribution can carry that risk, but even more so the tit-for-tat mode of responding to cyber attacks in kind. In response to a question about the risks to nuclear command and control systems, she explained that all such systems are well protected from cyberattacks including the legacy systems (those that were created decades ago) because these are patched and modernized.
The full recording of the webinar can be found here:
