To create a more stable and secure cyber space, “Cybersecurity and Tailored Deterrence” by Franklin D. Kramer, distinguished fellow for the Brent Scowcroft Center, and Melanie J. Teplinsky, adjunct professorial lecturer at American University’s Washington College of Law, recommends that the United States utilize a hybrid model of cybersecurity with tailored deterrence as a key element, thereby shifting from the current defense-only cybersecurity paradigm. Tailored deterrence raises the costs of, and reduces the benefits from, cyber attacks, and can thereby serve as a key element of a cybersecurity strategy designed to reduce adversarial intrusion into US private, commercial, and governmental networks.
Specifically, this issue brief recommends that the United States take four critical actions designed to increase attacker costs, deny attackers the benefits of their attacks, mitigate key consequences, and extend the breadth of those efforts into the international arena:
- Cyber Sanctions: Authorize both governmentally imposed sanctions for cyber espionage and civil remedies in order to deter cyber threat actors by imposing costs, or the threat thereof.
- Certified Active Defense: Authorize a limited number of certified private entities to work with government to take active defense measures focused on attribution in order to deter adversaries by raising the costs and risks associated with cyber espionage.
- Focused Standards for Protection and Resilience—Electric Grid and Finance: Reduce critical infrastructure vulnerability and enhance resilience by developing differentiated mandatory standards, initially for the most critical electric power and financial companies.
- Agreement Among Like-Minded Nations: Expand protection against espionage and critical infrastructure vulnerability via agreement among like-minded nations. Common international approaches can extend and amplify deterrent effects.
To maximize their effectiveness, these recommendations must be implemented while maintaining the United States’ drive for an open Internet and its commitment both to preserve and enhance personal privacy and to protect civil liberties.