Now any single device is easily connected to the global network of communication. This quick growth of cyberspace enhances global connectivity.

A new battleground

The revolution in the field of Information and Communication Technology took place in 1969 when the Advanced Research Project Agency (an arm of the US Defence Department) built the first communication network by using computers, known as ARPANet. The preliminary objective of this network was to communicate and share the information among the four universities involved, by using packet switching. Later on, the concept of Transmission Control Protocol/ Internet Protocol (TCP/IP) evolved, which was based on the principle of accuracy of communication and transmission among the different networks by using various layers.

Now in the contemporary hyper-tech world, any single device (computers, smartphones) is easily connected to the global network of communication. This expeditious proliferation of cyberspace enhances global connectivity. According to the World Internet Stats third-quarter report during 2020, about 63.2 percent of the world population is connected with one another through cyberspace. Predominantly, cyberspace consists of physical infrastructure (hardware), software logics and data layers. Unequivocally, this revolution creates convenience in communication, sharing, connectivity, access to a global workforce, and brings ease in every aspect of life.

On the other hand, as a result of the expansion of cyberspace and increased dependency (domestically and globally) on it, the possibilities of cyber-attacks are also imminent. A cyber-attack is “a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization by using malwares, phishing, Structured Query Language (SQL) injection and denial-of-service (DoS) attack.”

Usually, the attackers adopt such activities to seek some political or financial gain by attacking the victim’s network. These types of disruptions have the potential to extend quickly to affect not only individuals and society but also the critical infrastructure of the states (command and control systems). In 2007, Estonia faced a series of cyber-attacks that temporarily damaged its economy whereas Georgia endured the same type of cyber-attack in 2008. South Korea and the USA also experienced a series of cyber-attacks in 2009. In 2010, a cyber-worm (namely Stuxnet) attacked the nuclear facility of Iran.

After such conflicts and perpetual threats to national security, government and security analysts of the major powers started to think about “how to defend or prevent such attacks in the future.” They perceived that deterrence is a possible strategy to prevent such attacks. Cyber deterrence is the strategy of compellence, of discouraging or prohibit someone in cyberspace from taking unethical actions. The strategy of deterrence can be either active or passive in nature in cyberspace domain. Martin Libicki in his book “Cyber Deterrence and CyberWar” classified deterrence into two types; deterrence by denial or passive deterrence (the ability to counter the attack) and deterrence by punishment or active deterrence (threat of retaliation). In order to make deterrence effective in the cyber domain, following elements must be met. First, the threat of punishment must be credible. Second, both actors must have complete information about their capabilities. Third, the threat of consequences must be clearly communicated and understood.

The traditional deterrence theory is more difficult to implement in the cyber domain as compared to nuclear deterrence, as effective cyber deterrence has been facing some major challenges. Out of various challenges, the attribution dilemma is one of the major challenges. Attribution is the operational activity in cyberspace to identify and track the origin of the cyber-attack. In the cyber domain, attribution can be achievable, but sometimes due to the complex structure of the internet, it can be difficult and time-consuming. Furthermore, political and legal obstacles may make attribution more complex and take more time, mostly when the government is required to determine the source of an attack. Another challenge to cyber deterrence is to get the exact information about the hackers, their strategy and the motives behind these attacks. These attackers can be classified as criminal actors, violent non-state actors, and state-sponsored actors. On the other hand, it is quite difficult to deter non-state actors as compared to the criminal and state actors. In addition to this, the deterrence in cyberspace lacks the comprehensive illustration of principles of distinction and proportionality of International Humanitarian Law.

In short, deterrence in cyberspace can be made more constructive by enhancing cyber security, resilience and forming alliances with various countries to establish a joint forum to minimize the cyber security threats. In order to make cyber deterrence more effective there is a dire need to formulate cyber laws like Germany to draw red lines (thresholds) as no formal laws exist globally.

Originally published at Pakistan today