Page 77

DETERRENCE IN CYBERSECURITY

CYBER DETERRENCE AND THE OPM HACK: MAKING THREATS THAT LACK CREDIBILITY AND LEAVE NOTHING TO CHANCE? By David P. Fidler, James Louis Calamaras Professor of Law, Indiana University Maurer School of Law

T

he most prominent theme in U.S. cybersecurity policy in 2015 has been deterrence, reflecting that “finding a way to deter computer attacks is one of the most urgent and confounding problems� President Obama confronts during his remaining time in office.1 President Obama has threatened retaliation against China for conducting cyber espionage against U.S. companies2 and government agencies3 in order to deter certain types of Chinese cyber spying in the future. When the United States and China agreed in September that neither government would undertake or support economic espionage against the other,4 many experts concluded the U.S. threats to impose sanctions on Chinese companies played a role in this unexpected development, underscoring the potential value of deterrence in cybersecurity.

However, this U.S.-China agreement does not cover spying on government targets, and President Obama has, according to press reports, decided to retaliate against China for the cyber theft of information from the U.S. Office of Personnel Management (OPM) in order to deter similar actions in the future. What impact the agreement on economic cyber espionage will have on this decision is not clear, but, on its own terms, the decision to retaliate for the OPM hack is important in the U.S. policy trajectory towards cyber deterrence. For years, scholars, policy wonks, and government officials have debated whether deterrence can function in the context of cybersecurity. The decision to retaliate after the OPM hack will not settle this debate, but, in political terms, it demonstrates the United States is going to try to make deterrence work in cyberspace. cybersecurity-review.com

77

Cyber Security Review Autumn 2015 ebook  

The Cyber Security Review is a publication designed to draw on the combined knowledge, skills and expertise of the cyber security community...

Cyber Security Review Autumn 2015 ebook  

The Cyber Security Review is a publication designed to draw on the combined knowledge, skills and expertise of the cyber security community...

Advertisement