The IT Law Wiki

This wiki's URL has been migrated to the primary domain.Read more here


The IT Law Wiki



[is] the historical cornerstone of defense, and attribution — the identification of the perpetrator as well as method of attack — forms the foundation upon which deterrence rests.[1]
consists of essentially two basic components: first, the expressed intention to defend a certain interest; secondly, the demonstrated capability actually to achieve the defense of the interest in question, or to inflict such a cost on the attacker that, even if he should be able to gain his end, it would not seem worth the effort to him.[2]
[is] dissuading someone from doing something by making them believe that the costs to them will exceed their expected benefit.[3]
[is d]esigning a system [s]o that an attack would be unprofitable, limited in scope and easily traceable.[4]
operates by affecting the calculations of an adversary, specifically by convincing the adversary that the expected costs of a potential act (a type of attack or costly cyber intrusion) outweigh the expected benefits.[5]


There are two types of deterrence:

deterrence by denial (the ability to frustrate the attacks) and deterrence by punishment (the threat of retaliation).[6]

"Deterrence relies on the idea that inducing a would-be intruder to refrain from acting in a hostile manner is as good as successfully defending against or recovering from a hostile cyber operation. Deterrence through the threat of retaliation is based on imposing negative consequences on adversaries for attempting a hostile operation."[7]

Deterrence is partially a function of perception. It works by convincing a potential adversary that it will suffer unacceptable costs if it conducts an attack on the United States, and by decreasing the likelihood that a potential adversary's attack will succeed. The United States must be able to declare or display effective response capabilities to deter an adversary from initiating an attack; develop effective defensive capabilities to deny a potential attack from succeeding; and strengthen the overall resilience of U.S. systems to withstand a potential attack if it penetrates the United States' defenses.[8]


See also[]