January 3, 2014
Cybersecurity and Tailored Deterrence
Specifically, this issue brief recommends that the United States take four critical actions designed to increase attacker costs, deny attackers the benefits of their attacks, mitigate key consequences, and extend the breadth of those efforts into the international arena:
- Cyber Sanctions: Authorize both governmentally imposed sanctions for cyber espionage and civil remedies in order to deter cyber threat actors by imposing costs, or the threat thereof.
- Certified Active Defense: Authorize a limited number of certified private entities to work with government to take active defense measures focused on attribution in order to deter adversaries by raising the costs and risks associated with cyber espionage.
- Focused Standards for Protection and Resilience—Electric Grid and Finance: Reduce critical infrastructure vulnerability and enhance resilience by developing differentiated mandatory standards, initially for the most critical electric power and financial companies.
- Agreement Among Like-Minded Nations: Expand protection against espionage and critical infrastructure vulnerability via agreement among like-minded nations. Common international approaches can extend and amplify deterrent effects.
To maximize their effectiveness, these recommendations must be implemented while maintaining the United States’ drive for an open Internet and its commitment both to preserve and enhance personal privacy and to protect civil liberties.