Brian M. Mazanec

Viral Warfare: The Security Implications of Cyber and Biological Weapons

Since the beginning of the twenty-first century, two new threats have received increased attention: biological warfare (BW) and cyber warfare. While it may appear that these two threats have little in common, they share several characteristics that have significant implications for international security. This article examines the two modalities side-by-side to review these common characteristics. In light of these commonalities and due to the extensive experience and rich history of dealing with BW threats, strategies for enhancing cyber security could advance more quickly by drawing meaningful insights from the biological warfare experience, such as the prospect of developing constraining international norms.

Stigmatizing cyber war: mission impossible?

This paper addresses the question of whether a stigma associated with cyber warfare could ever emerge. It examines whether there would be enough of a mass ‘reaction’ to the prospect of cyber warfare and would this then promote an international response and international consensus towards the control and proscription of cyber weapons? The authors unpack the norms associated with cyber warfare and relate these to research addressing the development of the stigmatization of WMD. Comparing the WMD threat with that of cyber warfare, we argue that at present while cyber warfare is characterized as unique, a stigma does not exist towards the threat of cyber warfare. This is because the cyber threat is secretive, diffuse and lacks a clear definition. Cyber threats range in scale, effect and lack an association with “mass destruction”. For these reasons it has been difficult to gather international consensus to constrain cyber threats. We argue that cyber norms do matter and greater attention needs to be paid to ways in which a stigma fostering these norms can develop. We offer some suggestions and stress that further knowledge and understanding of this subject can enhance academic and policy insight to address cyber warfare threats within the context of changing world politics.

Cultivating Beneficial Norms for Strategic Stability

We outline our non-material solution as part of a tailored approach to address the implications of the uncertainty associated with applying deterrence to cyber warfare. Specifically, we argue that the United States and its allies should seek to cultivate beneficial norms for cyber warfare, including norms that, first, constrain strategic cyber attacks, second, lower evidentiary standards for attributing cyber attacks, and, third, prohibit harboring ‘independent’ cyber attackers. We also review norm evolution theory and suggest specific actions that can be taken to cultivate these various norms that would bolster cyber deterrence.

Continuing Efforts to Improve Cyber Forensics and Bolster Defenses

This chapter recommends continuing efforts to improve cyber forensics and bolster defenses, which collectively contribute to a tailored approach to address the implications of the uncertainty associated with applying deterrence to cyber warfare. The United States and its allies can most directly address the unique uncertainty challenges associated with cyber warfare by improving cyber forensics, learning from the development of forensic capabilities for other types of unconventional instruments of war — nuclear and biological weapons. We also recommend continuing efforts to invest in deterrence by denial through robust cyber defenses, which reduce the benefit of hostile adversary action by mitigating the effectiveness of its cyber attacks.

Cyberspace and Cyber Warfare

This chapter introduces the core concepts of cyberspace and cyber warfare in detail and serves as a primer for later discussions of the application of deterrence theory to cyberspace and potential mitigating solutions. It defines cyberspace, cyberspace operations, Computer Network Exploitation (CNE), and Computer Network Attack (CNA). It also introduces a variety of characteristics that are unique or particularly pronounced when it comes to cyber weapons, as well as discussing some recent attacks.

Deterrence Theory and the Challenge of Applying It to Cyber Warfare

This chapter explains the core ideas of deterrence theory, specifically that it is largely associated with nuclear policy. During the Cold War, the United States and Soviet Union adopted a survivable nuclear force to present a ‘credible’ deterrent that maintained the ‘uncertainty’ inherent in strategic stability as understood through the accepted theories of major theorists like Bernard Brodie, Herman Kahn, and Thomas Schelling. This chapter evaluates the limits and challenges associated with the application of deterrence theory to cyber warfare and argues that while there are major insights from deterrence theory for cyber warfare, there are also major problems introduced by the unique aspect of cyber technology that causes significant problems for deterrence. These are, first, uncertainty associated with awareness and attribution of an attack; and second, the uncertain effects of such an attack.

Developing a Declaratory Policy and Offensive Cyber Weapons

This chapter deals with developing and communicating a clear declaratory policy and credible options for deterrence-in-kind so as to make escalation unavoidable and costly. Specifically, we discuss developing and communicating a clear declaratory policy and credible options for deterrence-in-kind so as to make escalation unavoidable and costly, which will further help enhance the deterrence of major cyber attacks.