35+ Years of Freedom of Information Action

Cyber Brief: Cybersecurity and Deterrence

Published: Feb 7, 2018

Edited by Michael Martelle

The January 2018 publication of a draft of the Trump administration’s Nuclear Posture Review (NPR) has raised questions about modern concepts of deterrence and the potential link between cyber and nuclear weapons.  Today’s posting provides both the draft and final versions of the NPR, and for context adds a number of related studies on deterrence in the current cyber environment.  The draft suggests that a cyberattack specifically on U.S. nuclear command, control, and communications (NC3) could warrant a nuclear retaliation – a notion not as plainly expressed in the final document.


New to the Cyber Vault

From the Cyber Vault

Andrew Futter, Royal United Services Institute, Cyber Threats and Nuclear Weapons: New Questions for Command and Control, Security and Strategy, July 2016. Not Classified.

This paper, prepared for a British think tank, examines the nature of the cyber challenge to nuclear weapons, the specific actions hackers might take against nuclear systems (including espionage, sabotage, or 'spoofing'), and the implications for strategic stability, crisis management, and nuclear strategy.


Defense Science Task Board. “Final Report, Task Force on Cyber Deterrence.” February 2017. Unclassified.

This report specified, and elaborated on, four guiding principles that the task force believed the Defense Department and other elements of the U.S. government should take account of in working to enhance the U.S. cyber deterrence posture. Principles include developing a cyber deterrence posture which has deterrence by denial and by cost imposition components, understanding the values of key adversary decision makers, development of credible response options at different levels of conflict, and ensuring that the issues in the event of an attack are how and when to respond as well as how to connect the response to the attack.


Martin C. Libicki, U.S. Naval Academy and RAND Corporation, “It Takes More than Offensive Capability to Have an Effective Cyberdeterrence Posture,” Testimony before the House Committee on Armed Services, March 1, 2017. Unclassified.

In this testimony, Dr. Libicki discusses four prerequisites for an effective cyberdeterrence posture: the ability to attribute attacks, the communication of thresholds (what actions will lead to reprisals), the credibility of threats to retaliate, and the capability to carry out reprisals.


Dr. Craig Fields and Dr. Jim Miller, Defense Science Board, Statement before the Armed Services Committee, United States Senate, "Cyber Deterrence," March 2, 2017. Unclassified.

This testimony notes the studies conducted by the Defense Science Board on cyber issues, identifies fundamental principles of cyber deterrence, and discusses three cyber deterrence challenges (plan and conduct tailored deterrence campaigns, create a cyber-resilient "thin line" of key U.S. strike systems, and pursue foundational capabilities)