2016 49th Hawaii International Conference on System Sciences
Strategic Implications of Offense and Defense in Cyberwar
Wade L. Huntley
U.S. Naval Postgraduate School
[email protected]
grounded in concerns over military agenda-setting
rather than conceptual rigor [31] [4] [17].
The paper focuses its consideration of the
offense-defense
balance
in cyberspace
by
systematically bringing to bear the concepts, findings
and operational variables of “offense-defense theory”
as applied in other areas of international relations.
Assessing the particular qualities of cyber capabilities
through this theoretical framework can advance
thinking about the strategic roles of offensive and
defensive capabilities in cyberspace.
Abstract
This paper examines the relative balance of
offense and defense in international cyberspace
conflict. Unlike previous partial assessments, this
paper systematically applies “offense-defense
theory” as previously developed by international
relations theorists and historians. The preliminary
analysis of this brief paper identifies several key
distinct features of cyberspace relevant to the
judgment. While concluding that most current
factors point to offensive advantage in cyberspace,
the analysis also indicates the limitations of
evaluating only cyberspace factors. Within specified
conditions, the state of the offense-defense balance
can be critical to tactical and operational policymaking. But at the strategic level, the extensive
interactions of cyber capabilities and other coercive
means available to states necessitates evaluating how
the advent of cyber technologies may be shifting
balances of advantage between offense and defense
in the military postures of states holistically.
Note: The views expressed in this document are
those of the author and do not reflect the official
policy or position of the U.S. Department of Defense
or the U.S. Government.
2. Offense-Defense Theory
Offense-defense theory traces back to the
seminal postulates of Robert Jervis [13]. Jervis’ core
concern – the security dilemma – is simply stated: in
an anarchic world, actions states take to secure
themselves may be innately threatening to other
states, and so mutual fear and insecurity are endemic
even when no state manifests malicious intentions.
Jervis’ offense-defense theory begins with the
premise that the intensity of the security dilemma
states experience can vary, depending on the state of
development of military technology and certain
situational factors (such as geography).
When
military offense has the upper hand, cooperation is
hard and wars are more likely; when defense
predominates, wars are more easily avoided and
cooperative opportunities can be realized [42]. Two
variables shape this balance: “whether defensive
weapons and policies can be distinguished from
offensive ones, and whether the defense or the
offense has the advantage” in preparations and
outcomes [13].
Concerning distinguishability, Jervis asserts that
if “weapons and policies that protect the state” do not
“also provide the capability for attack,” then “it is
possible for a state to make itself more secure without
making others less secure.” Status quo powers can
reliably identify aggressors and recognize one
another.
A world consisting only of status quo
powers can be peaceful. Moreover, when weapons
are easily distinguished and procurement takes time,
“states will obtain advance warning when others plan
1. Introduction
The absence of good strategic thinking about the
implications of cyber technologies for international
security is often lamented [11] [38] [14] [33] [22].
This paper aims to contribute to the development of a
strategy of cyberspace by addressing the question of
whether the “offense” or the “defense” has the upper
hand in cyberspace.
The viewpoint that in
cyberspace offense dominates has for some time been
predominant; in some analyses the need for
significant emphasis on offensive cyber operations
has functioned as an asserted fact rather than an
operating assumption [35] [14] [39] [40]. More
recently, the question has become more contended, in
the context of skepticism that cyber threats in general
are being “over-hyped,” although some skepticism is
1530-1605 2016
U.S. Government Work Not Protected by U.S. Copyright
DOI 10.1109/HICSS.2016.691
5587
5588
aggression,” because acquisition of offensive
capabilities is unnecessary for defense and therefore
an early indicator of aggressive intentions. Under
such conditions, “the basic postulate of the security
dilemma no longer applies.” [13]
How feasible is it to differentiate offensive and
defensive capabilities? Debate over this question is
central to offense-defense theory. Many weapons
can be used either offensively or defensively, with
the distinction between these uses made only in the
circumstances of their application or, even more
obscurely, in the intentions of the possessor. The
interaction of weapons with one another creates
another layer of ambiguity. States may seek offensive
weapons to enable defense through deterrence – the
reason some observers consider the nuclear age to be
defense-dominant despite the indefensibility of
targets under circumstances of “mutually assured
destruction” (MAD) [26] [27] [13] [24]. Conversely,
defensive capabilities can be “enablers” of offensive
capabilities: the support of ballistic missile defense
to offensive conventional and nuclear forces is a
prominent recent example [13] [24].
These considerations suggest that differentiation
of offensive and defensive capabilities is multifaceted and variable, taking on changing
characteristics over time. Accordingly, offensedefense theory’s outcome expectations based on
differentiation will vary across specific case
conditions as well as over time, and may seldom
evoke a clear judgment.
The second key variable shaping the severity of
the security dilemma for states across varying
technological,
circumstantial
and
perceptual
conditions is the balance of advantage between
offensive and defensive capabilities. Jervis’ basic
definition of this balance is intuitive: offense has the
advantage when “it is easier to destroy the other’s
army and take its territory than it is to defend one’s
own;” defense has the advantage when “it is easier to
protect and to hold than it is to move forward, destroy
and take.” When offense has the advantage, even
status quo powers must behave aggressively.
Conversely, when defense has the advantage,
aggression is difficult and status quo states can feel
secure from one another. If the defensive advantage
is great enough, “aggression will be next to
impossible,” obviating the security dilemma [13].
Jervis specifies two “aspects” or measures of the
offense-defense balance. The first aspect is costs:
whether procuring a defensive capability costs more
or less than the offensive capability it is offsetting. If
offensive capabilities are relatively cheaper than
defensive, arms races ensue.
Conversely, if
defensive capabilities are relatively cheaper, security
equilibria at stable arms levels can emerge [13] [24].
The second aspect of the offense-defense balance
concerns operations and outcomes: whether it is
better in a conflict to be attacking or defending, and
in particular whether the advantage accrues to the
state that strikes the first damaging blow or the state
that allows the adversary to expend the first effort.
When offense dominates in this sense, fear of
surprise attack is palpable, periods of crisis
encourage states to act precipitously, and short-run
instability reigns [13]. Two common applications of
this reasoning are explanations of the onset of World
War I and analyses of the de-stabilizing function of
strategic nuclear forces that cannot survive first
strikes [34]. Conversely, when defense dominates,
these pressures evaporate. Confidence in defensive
capabilities allows states not to fear surprise attacks,
incentives for first strikes are greatly reduced, and
situations tend toward self-stabilization.
In anticipation of application of offense-defense
theory to cyberspace, the roles of two other elements
of the approach merit particular attention: geography
and perception.
Geography is important to offense-defense
theory for two reasons: it is the object of conflict, and
it influences how some weapons technologies offer
advantages over others. Most renditions of the
offense-defense balance hinge on the outcome of
territorial conquest, insofar as the theory derived
from efforts to explain fundamental features of major
wars that historically focused on territorial conquest.
Geography also can shape the nature of the offensedefense balance of weapons technologies.
Historically, geographic factors have offered both
natural defenses and natural vulnerabilities, and the
military technologies of a given period have
functioned to either enhance or obviate these features
[13] [42]. Both aspects of this role of geography in
offense-defense theory add a wrinkle to its
application to the cyber realm.
In offense-defense theory, how state decisionmakers perceive the offense-defense balance plays an
important role in determining state behavior, and a
contributing role in outcomes. At the level of state
behavior, perceptions at a given time of the
prevailing offense-defense balance better explain
how states behave than the actual conditions of the
balance at that time [24]. The reasons for this
disjuncture are straightforward: decision-makers act
on what they believe to be accurate, but are
sometimes wrong.
One specific source of misjudgment of the
offense-defense balance is the difficulty of intuiting
the implications of technological evolution before
5589
5588
conflict involving that technology has provided
sufficient experience. Hence, “understanding of the
implications of weapons technologies for the offensedefense balance may lag behind the pace of
technological innovation.” [24] The distorting role of
this factor will be larger in areas, such as cyber
security, where technological innovation is
proceeding rapidly.
The disjuncture between perceptions and reality
of offense-defense balance complicates the
explanatory function of offense-defense theory [7]
[10] [41]. Although the role of perceptions is
important in shaping state behavior, offense-defense
theory posits that the nature of extant military
technologies themselves principally drives the
outcomes of interstate conflicts. The advantages of
offense or defense will determine battles regardless
of what decision-makers believed about those
advantages before the battles began. World War I is
widely considered to classically exemplify both how
misperception of the offense-defense balance can
decisively influence state behavior and how the
material realities of the offense-defense balance can
decisively shape the outcomes of war despite
contrary beliefs [13] [21] [36] [20].
In sum, offense-defense theory presents a set of
expected outcomes depending on the interaction of
two key variables: offense-defense differentiation and
offense-defense balance. Figure 1 (below) presents
Jervis’ own tabular summary of these expectations.
Offense has the
advantage
Offensive
posture is not
distinguishable
from defensive
one
Doubly
dangerous.
Offensive
posture is distinguishable from
defensive one
No security
dilemma, but
aggression
possible.
Status quo states
can follow
different policy
than aggressors.
Warning given.
assertions. Systematic attention to this question, in
the framework of pre-existing offense-defense
theory, is wanting.
Among those addressing the question, most
strategists and decision-makers take the position that
offense is dominant [23] [12] [37] [25]. Sheldon, for
example, presents five reasons that offense dominates
in cyberspace: the vulnerability of network defenses;
the speed of cyber attacks; the absence of distance as
an inhibiting factor; the difficulty of attributing the
sources of attacks; and the “target-rich” environment
produced by society-wide reliance on cyberspace
[35].
Kello and Krepinevich, notably focusing on the
issue of costs, similarly find cyber offense
significantly advantaged. For Kello, multiple factors
produce “immense disadvantages of defense against
cyberattack.”[14] Similarly, Krepinevich concludes
that “if both the attacker and defender are given equal
resources, the attacker will prevail.” [15]
A smaller number of analysts are more
equivocal. Aucsmith focuses on the importance of
offensive novelty, defined for cyber weapons as the
use of “tactics, techniques, or procedures unknown to
the defender.” Unlike other domains of warfare,
successful attack depends on the nature of the
capability being a surprise to the defender. This
factor, then, levels the playing field: “The cost to
search for such unknown vulnerabilities is the same
whether done by the offense or the defense.” [2]
Gray goes further than Aucsmith in challenging
the view that offense dominates in cyberspace,
observing that offense faces certain unique costs. For
example: “Detailed up-to-date intelligence literally is
essential for successful cyber offense.” [11] [8] Gray
also finds defensive benefit of the unique nature of
cyberspace. He observes that, unlike land, sea, air
and space domains, cyberspace is humanly created.
The medium itself, not merely the tools to project
force within it, can be humanly modified. This
provides defense with a built-in meta-advantage: in
addition to means of defending specific targets, those
in possession of the networks and systems wanting
defense could if they so choose reconstitute the entire
domain to increase the advantage of defensive
capabilities. An example applying this observation
would be overhaul of basic computer design to entail
physically distinct memory locations for data and for
software instructions, which would eliminate forms
of malware attacks (such as “buffer overflows”) that
depend upon computers storing instructions and data
in the same memory locations.
Additionally, Gray points to the importance of
resilience as a defensive advantage. Comparing
prospects of cyber attack to the limited effectiveness
Defense has the
advantage
Security
dilemma, but
security
requirements
may be
compatible.
Doubly stable.
Figure 1. Expected outcomes of offense-defense theory [13]
3. Offense and Defense in Cyberspace
Does offense or defense have the advantage in
cyberspace? [18] [3] This question has been engaged
within broader analyses of the national security and
strategic implications of emerging cyber capabilities.
Most of these discussions, however, have made
claims based on reasoned but largely unsubstantiated
5590
5589
of strategic bombing of Britain in World War II, he
remarks: “Britain prepared to be able to accept
damage but to fight on. This is the approach that
appears most suitable to the challenge of damage
from cyberspace.” [11]
This present debate over the offense-defense
balance in cyberspace raises important perspectives
and offers intuitive insights. But these efforts do not
systematically draw on the frameworks and variables
of offense-defense theory as it has been developed
from much broader considerations of military history.
The following discussion sketches such an
application of offense-defense theory to cyberspace,
highlighting particularly relevant elements of the
approach.
capabilities for essentially defensive purposes include
use of software to deactivate the client computers of
an attacking botnet or to detect the parameters of a
potentially threatening malware in order to improve
network protections [8] [3]. Examples in which
defensive cyber capabilities can support offensive
postures are also numerous.
The second complication in distinguishing
offensive and defensive cyber capabilities, relatively
unique to cyberspace, stems from the ease with which
cyber capabilities can be kept hidden – and the
necessity of doing so [16]. In Jervis’ original
formulation of offense-defense theory, as noted
earlier, the length of time and transparency of the
development of offensive capabilities is a crucial
assumption. The development and deployment of
offensive cyber software, however, is virtually
invisible. Absent espionage or leaks, a state’s
acquisition of such capabilities can be completely
concealed. As a result, the benefits flowing from
offense-defense differentiation that Jervis identified
are undercut. If one state can conceal offensive cyber
acquisition, other states will have no advance
warning of such efforts. Concealment also prevents
status quo states from identifying other status quo
states on the basis of non-acquisition of offensive
capabilities. Aggressive states can conceal their
intentions.
The implications of these circumstances are
straightforward.
Regardless of whether or not
distinctions between offensive and defensive cyber
capabilities are apparent in principle, differentiation
may in practice be invisible to other states. The
result, in terms of offense-defense theory, is a
condition like that in which offensive and defensive
capabilities cannot be distinguished at all.
3.1. Offense-defense differentiation
Differentiating “offensive” and “defensive”
cyber weapons requires firstly associating key
concepts of cyberspace weapon, use of force and
power to broader usage in international relations
scholarship.
Joseph Nye provides an effective
framework. Nye defines cyber power as “the ability
to obtain preferred outcomes through use of the
electronically interconnected information resources
of the cyber domain.” Preferred outcomes may be
either within or beyond cyberspace [28]. As noted
earlier, offense-defense theory distinguishes preferred
outcomes in terms of either “taking” another’s
resources (territory) or “holding” one’s own. These
definitions yield a straightforward distinction
between offensive and defensive cyber capabilities:
x Offensive cyber capabilities enable one to
penetrate and affect (e.g. “take”) another’s
cyber and/or non-cyber resources.
x Defensive cyber capabilities enable one to
preserve and protect (e.g. “hold”) one’s own
cyber and/or non-cyber resources.
At first cut, many specific cyber capabilities
seem easily distinguishable as defensive.
For
example, installation of malware detection or
requirements of robust user passwords have little if
any offensive cyber applicability. Software designed
to infiltrate a target system and exfiltrate information
back out to a concealed recipient is scarcely
defensive. Digging deeper, though, two complications emerge. One is recognized in offense-defense
theory. The other is original to the application of this
framework in cyberspace.
The first complication is the general potential for
offensive capabilities to serve defensive functions,
and for defensive capabilities to serve offensive
functions. Within cyberspace, this issue emerges in a
number of areas. Examples of use of offensive
3.2. Offense-defense balance
The second foundational variable of offensedefense theory is the offense-defense balance – that
is, whether offense or defense has the advantage in
conflict, defined in terms of military costs and
operational effectiveness.
A number of analysts point to cost variations in
concluding that offense is advantaged in cyberspace.
In a particularly extensive 2009 snapshot, Libicki
cites U.S. government expenditures on military
network security as one reason for offensive
advantage at that time [19]. Although the metrics of
calculating costs for offensive and defensive
capabilities relevant to cyber conflict are complex
and debatable, Libicki’s general conclusions have
broad support.
On this basis, two further
observations based on this assessment are notable.
5591
5590
First, Libicki notes that future developments may
unfold nonlinearly from current experience. The
offense-defense balance of costs experienced thus far
may offer little indication of how the balance may
shift if/when costs at higher levels of intensity of
cyber conflict become more significant.
Second, the absence of global experience with
higher intensity cyber conflict that Libicki discusses
highlights the empirical absence of the kind of
operational experience constituting Jervis’ other key
measure of offense-defense balance. Warnings of a
“Cyber Pearl Harbor” suggest that the use of cyber
capabilities in international politics to date pales in
comparison to future prospects [29] [1] [6]. If so,
past experience may be an especially poor indicator
of potential outcomes of conflict featuring
significantly more intense and far-reaching use of
cyber weaponry, and faith in operational judgments
of the offense-defense balance should be limited.
becomes even more challenged. If cyberspace is
constituted by interaction networks, then boundaries
are spontaneously emerging and disintegrating at the
speed of human thought. Attaching meaning to the
notion of “taking” or “holding” such cyberspace
stretches the metaphorical imagination.
Thus, the concept of geography in cyberspace is
highly suggestive but ultimately indeterminate.
Constructed through analogy and metaphor, multiple
applications of the concept of “borders” in
cyberspace are plausible [8] [9].
Given this
indeterminacy, is there then any viable meaning to
the ideas of “taking” or “holding” territory in
cyberspace? The answer is affirmative in at least one
sense: the impossibility of perfect defense, a rampant
concern among cyber security strategists, is far from
uncommon in other forms of conflict.
Jervis
observes that, in any given conflict, defense may hold
the significant advantage even if boundaries are
permeable. Gray’s recollection of British resilience
against German bombing in World War II is one
example. Russia’s absorption and ultimate defeat of
Napoleon’s 1812 invasion offers a second. In the
cyber domain, if penetration is easy, it may yet matter
more how quickly such penetrations can be detected
and contained, and how effectively broader force
postures are sustained [8].
The basic point is simple. In cyberspace, as in
many other forms of conflict, the penetrability of
boundaries is not by itself an indication that offense
has the advantage. Offense-defense theory points to
the importance of grasping strategic consequences
holistically and looking to longer-term outcomes as
the primary indicators of success and failure in
conflict. This holds as a reasonable standard of
offensive and defensive efficacy in cyberspace.
3.3. The geography of cyberspace
What is the geography of cyberspace? Nye’s
definition of cyberspace as a “unique hybrid regime
of physical and virtual properties” makes this a
challenging question. Considering only cyberspace’s
physical attributes – computers, linkage equipment,
even people – presents some analogic geographic
mappings – national networks are home terrain,
military networks are perhaps “critical terrain,” and
malware intrusion is equivalent to invasion. But
considering the virtual attributes of cyberspace – such
as interaction networks, identity personas, and
information – makes clear that the concept of
geography can be applied only metaphorically. Like
any metaphor, the concept of geography in
cyberspace can be both illuminating and misleading.
For example, cyberspace is sometimes referred
to as a “borderless” realm. This image evokes the
ease and speed with which information can travel
from anywhere to anywhere on the globe, with
infinite pathways available to thwart gate-keeping.
In this sense the “geography” of cyberspace is almost
infinitely malleable; networks of association can
emerge or disintegrate in spans of minutes [28] [22]
[30].
An alternative image is cyberspace as a borderrich realm. In this perspective, the threshold between
the cyber capabilities one “owns” (either as an
individual, an organization or a nation-state) and
those capabilities one does not own defines the
boundaries. Even if only focusing on the physical
attributes of cyberspace, boundaries are everywhere.
Extending the border-rich conception to the virtual
aspect of cyberspace, the notion of geography
3.4. Perishability and obsolescence
Cyber weapons entail two closely related traits
that distinguish them from weapons in other domains.
Perishability refers to a weapon becoming ineffective
after a single use. Obsolescence refers to a weapon
becoming ineffective without being used at all. The
perishability and obsolescence of many cyber
weapons stem from their reliance on computer
system vulnerabilities that can be discovered and
fixed, blocking a weapon’s exploitation of those
vulnerabilities and thereby rendering it useless.
Cyber weapons are perishable whenever the
attack by the weapon is likely to reveal the existence
of the vulnerability to the attacked party. Use of a
particular cyber weapon that exposes its exploit may
render that particular weapon unusable in the future.
5592
5591
Due to the imperative of concealment, such
arsenal development would not be publicly evident.
Lack of publicity could help mute the kind of public
alarm that fuels arms races, but could also mute the
kind of public scrutiny that sometimes reins in
military spending.
Opacity is also likely to
exacerbate the kind of “worst case” thinking that also
fuels arms races. The result is likely to be a “silent
arms race” in which all states invest in both defensive
and offensive cyber capabilities as much in fear of
what they don’t know as in response to what they do
know about what other states are doing. This
condition captures the essence of the security
dilemma and approaches the “doubly dangerous”
outcome Jervis identified in a world of offensedefense indistinguishability and offensive advantage.
The perishability of cyber weapons has strategic
consequences.
Most importantly, perishability
induces conservation: a “one-and-done” weapon will
be saved for particularly needy moments.
Conservation has two specific caution-inducing
strategic effects. The first is to provide a measure of
crisis stability, because attackers will be inclined to
hold the weapon in reserve until the stakes have
climbed high enough to merit its use. The second
strategic effect of conservation is enlargement of the
prospect of strategic surprise for both sides. For two
states both possessing sufficiently sophisticated cyber
weapons, leaderships must reckon with two types of
potential strategic surprise: “theirs work” and “ours
don’t work.” Intelligence gathering can reduce but
not eliminate this prospect [11].
Cyber weapons can become obsolescent because,
even in the absence of their use, the vulnerability the
weapons are designed to exploit may be removed.
Given the efforts of software designers and system
managers to find and fix vulnerabilities, and also the
simple rapid evolution of information technologies,
all vulnerabilities have a life span.
At least two strategic effects flow from potential
cyber weapon obsolescence.
First, a state
discovering the impending elimination of a
vulnerability on which a cyber weapon depends will
have increased incentives to utilize that weapon
before it is rendered useless. When these conditions
emerge, this “use-it-or-lose-it” awareness will
undercut the strategic reticence induced by cyber
weapon perishability, because conservation premises
an extended time horizon that has now been cut short.
Secondly, states face the prospect that they will not
discover the impending elimination of adversaries’
vulnerabilities on which their own cyber weapons
depend. This effect broadens the sources of potential
strategic surprise associated with cyber weapon
perishability. Taking these two effects together, the
lurking prospect of cyber weapon obsolescence
undercuts perishability’s stabilizing tendencies.
Cyber weapon perishability and obsolescence
have several net effects on the offense-defense
balance in cyberspace. First, by increasing the
importance of secrecy, perishability and obsolescence
reinforce the difficulty of distinguishing the offensive
or defensive character of any state’s cyber force
structure, as discussed earlier. Second, perishability
and obsolescence strongly increase incentives for
states to discover new vulnerabilities and stockpile a
wide range of cyber weapons. Coupled with the
anticipation that potential adversaries face these same
incentives, the net effect is propulsion of the kind of
arms race dynamic also expected when offensive
technologies have cost advantages.
4. Conclusion: Cyber War and Real War
To this point, application of the basic framework
of offense-defense theory to cyberspace yields
indications that trend toward offensive advantage.
As discussed above, state incentives to cloak cyber
capabilities and the interactivity of different cyber
capabilities makes distinguishing offensive and
defensive cyber weapons difficult. Cost considerations – the first of the two measures of the offensedefense balance – may also favor the offense, and in
any event the principal impact of offensive cost
advantage – arms races – also emerges from the
unique perishability and obsolescence of cyber
weaponry. As to the second measure of the offensedefense balance – operational effectiveness in
shaping the outcomes of conflicts – the absence of
higher-intensity cyber conflict to date leaves a weak
empirical basis, widening the purview of “worst
case” anticipation that typically favors offenseoriented planning [32].
But judgment of the cyber offense-defense
balance on the basis of cyber conditions alone is
insufficient. Offense-defense theory treats military
force posture cumulatively and focuses on the overall
results of conflict. In this sense, the simple question
of whether offense or defense dominates in
cyberspace is secondary, because cyber capabilities
are more likely to be integrated components of wider
physical conflicts than the featured weapons of
dramatic “cyber wars.” If cyber weapons do not have
the same kind of war-deciding quality that nuclear
weapons and many forms of conventional weapons
do, then cyber capabilities have not bestowed upon
strategy the next “absolute weapon” [5] [17] [11].
Rather, tracing the potential impacts of the use of
cyber weapons on overall conflict outcomes is the
5593
5592
key factor in judging the cyber impact on the offensedefense balance in warfare today.
Thus, the simple question of whether offense or
defense dominates in cyberspace is misleading.
Under certain bounded conditions, the state of the
offense-defense balance in cyberspace itself may be
critical to tactical and operational policy-making.
But at the strategic level, the more useful and
analytically answerable question is whether and how
the advent of cyber capabilities has shifted the
offense-defense balance between states more broadly.
Appraisals of this question in turn depend complexly
on the extent and configuration of states’ other
military capabilities, and on the physical and
diplomatic circumstances of their interactions with
one another. This observation bounds much of the
preceding discussion of the implications of cyber
weapons and cyber defenses.
In this larger context, the initial indications of
offense dominance in cyberspace should be
interpreted carefully.
Motivated biases incline
judgments toward perceiving the insecurity that
others’ offensive capabilities pose, and reacting
accordingly. Over time, military organizations tend
to persistently favor offensive doctrines [32]. The
complexity, opacity and necessary secrecy particular
to the cyberspace domain magnify this tendency.
Reflecting a broader outlook, Van Evera comments:
“History suggests that offense dominance is at the
same time dangerous, quite rare, and widely
overstated. … States are seldom as insecure as they
think they are.” [42]
This historical generalization does not, of course,
mean that today’s estimations of the present and
growing cyber threats to the United States are
exaggerated, fostering excessively aggressive U.S.
behavior, or creating risks that emerging cyber
capabilities may grease skids to physical war.
Offense-defense theory also identifies historical
misjudgments of undue complacency.
But the historical tendency should be cautionary.
The speed and secrecy with which cyber capabilities
can be deployed and launched, combined with the
ever-present possibility of unanticipated and widelyimpacting collateral effects, highlight the importance
of getting it right. Under these conditions, claims
that offense dominates in cyberspace should probably
bear more than their share of the “burden of proof” in
evaluating the offense-defense balance and its policymaking implications.
5. References
[1] Arquilla, John, “Panetta's Wrong About a Cyber 'Pearl
Harbor' - The Internet doesn't work that way,” Foreign
Policy November 19, 2012
[2] Aucsmith, David, “War in Cyberspace: A Theory of
War in the Cyber Domain,” Cyberbelli.com, MayJune 2012
[3] Belk, Robert and Matthew Noyes, “On the Use of
Offensive Cyber Capabilities: A Policy Analysis on
Offensive US Cyber Policy,” Belfer Center for
Science and International Affairs, Harvard Kennedy
School, March 2012
[4] Brito, Jerry & Tate Watkins, “Loving the Cyber
Bomb? The Dangers of Threat Inflation in
Cybersecurity Policy,” Harvard National Security
Journal Vol. 3 (2011)
[5] Brodie, Bernard, editor. The Absolute Weapon: Atomic
Power and World Order. New York: Harcourt, Brace
and Co., 1946
[6] Clarke, Richard A. and Robert K. Knake, Cyber War
(New York: Harper Collins, 2010),
[7] Davis, James W., Jr., “Correspondence: Taking
Offense at Offense-Defense Theory,” International
Security 23:3 (Winter, 1998-1999), pp. 179-82
[8] Demchak, Chris C., “Resilience, Disruption, and a
'Cyber Westphalia': Options for National Security in a
Cybered Conflict World,” in Nicholas Burns and
Jonathon Price, eds., Securing Cyberspace: A New
Domain for National Security (Washington, DC: The
Aspen Institute, 2012).
[9] Demchak, Chris C. and Peter Dombrowski, “Rise of a
Cybered Westphalian Age,” Strategic Studies
Quarterly (Spring 2011), pp.32-61.
[10] Goddard, Stacie E., “Correspondence: Taking Offense
at Offense-Defense Theory,” International Security
23:3 (Winter, 1998-1999), pp. 189-95
[11] Gray, Colin S., “Making Strategic Sense Of Cyber
Power: Why The Sky Is Not Falling,” Strategic
Studies Institute and U.S. Army War College Press,
April 2013
[12] Harknett, Richard J., John P. Callaghan, and Rudi
Kauffman, “Leaving Deterrence Behind: WarFighting and National Cybersecurity,” Journal of
Homeland Security and Emergency Management, Vol.
7, No. 1, November 11, 2010; and
[13] Jervis, Robert, "Cooperation under the Security
Dilemma," World Politics 30:2 (January 1978),
pp.167-214.
[14] Kello, Lucas, “The Meaning of the Cyber Revolution:
Perils to Theory and Statecraft,” International
Security, 38: 2 (Fall 2013), pp. 7-40
5594
5593
[30] Rattray, Gregory J., “An Environmental Approach to
Understanding Cyberpower,” in Franklin D. Kramer,
Stuart Starr, and Larry K. Wentz, eds., Cyberpower
and National Security (National Defense University
Press, 2009)., 253-274, esp. 256.
[15] Krepinevich, Andrew, “Cyber Warfare: A ‘Nuclear
Option’?” Center for Strategic and Budgetary
Assessments (2012)
[16] Libicki, Martin C., “Brandishing Cyberattack
Capabilities,” RAND National Defense Research
Institute (2013)
[31] Rid, Thomas, “Cyber War Will Not Take Place,”
Journal of Strategic Studies, Vol. 35, No. 1 (February
2012), pp. 5–32.
[17] Libicki, Martin C., “Don't Buy the Cyberhype: How to
Prevent Cyberwars From Becoming Real Ones,”
Foreign Affairs, August 14, 2013
[32] Sagan, Scott D., “The Perils of Proliferation:
Organization Theory, Deterrence Theory, and the
Spread of Nuclear Weapons,” International Security,
Vol. 18, No. 4 (Spring, 1994), pp. 66-107
[18] Libicki, Martin C., “Cyberspace Is Not a Warfighting
Domain,” I/S: A Journal of Law and Policy for the
Information Society 8:2 (Fall 2012), p. 325-340
[19] Libicki, Martin C., Cyberdeterrence and Cyberwar,
Santa Monica, CA: RAND, 2009
[33] Samaan, Jean-Loup, “Beyond the Rift in Cyber
Strategy,” Strategic Insights 10:1 (Spring 2011), pp.414.
[20] Lieber, Keir A., “Correspondence: Defensive Realism
and the ‘New’ History of World War I,” International
Security 33:1 (Summer 2008), pp. 185-194
[34] Schelling, Thomas, Arms and
University Press, 1966(
Influence (Yale
[35] Sheldon, John B., “Deciphering Cyberpower Strategic
Purpose in Peace and War,” Strategic Studies
Quarterly, Summer 2011
[21] Lieber, Keir A., “The New History of World War I
and What It Means for International Relations
Theory,” International Security 32:2 (Fall 2007), pp.
155-191
[36] Snyder, Jack, “Correspondence: Defensive Realism
and the ‘New’ History of World War I,” International
Security 33:1 (Summer 2008), pp. 174-185
[22] Lonsdale, David J., “The Impact of Cyberspace on
Strategy,” High Frontier (2009)
[37] Sterner, Eric, “Stuxnet and the Pentagon’s Cyber
Strategy,” Arlington, Va.: George C. Marshall
Institute, October 13, 2010
[23] Lynn, William J., III, “Defending a New Domain,”
Foreign Affairs 89:5 (September 2010), pp. 97–108.
[24] Lynn-Jones, Sean M., “Offense-Defense Theory and
its Critics,” Security Studies 4:4 (Summer 1995), pp.
660-91.
[38] Stout, Mark, “5 Reasons We Don’t Have Good
Strategic Thought about Cyber,” War on the Rocks,
October
22,
2013,
http://warontherocks.com/2013/10/five-reasons-thatwe-dont-have-good-strategic-thought-about-cyber/
[25] Masters, Jonathan, “Confronting the Cyber Threat,”
New York: Council on Foreign Relations, May 23,
2011;
[39] U.S. Department of Defense, “Cyberspace Policy
Report: A Report to Congress Pursuant to the National
Defense Authorization Act for Fiscal Year 2011,
Section 934,” November 2011
[26] Morgan, Patrick M., “Applicability of Traditional
Deterrence Concepts and Theory to the Cyber Realm,”
Proceedings of a Workshop on Deterring
CyberAttacks: Informing Strategies and Developing
Options for U.S. Policy (National Research Council,
2010)
[40] U.S. Joint Chiefs of Staff, Joint Publication 3-13:
Information
Operations
(Washington,
D.C.:
Department of Defense, 2006)
[27] Morgan, Patrick M., , Deterrence Now (Cambridge
University Press, 2003)
[41] Van Evera, Stephen, “Correspondence: Taking
Offense at Offense-Defense Theory,” International
Security 23:3 (Winter, 1998-1999), pp. 195-200.
[28] Nye, Joseph S., Jr., “Cyber Power,” Belfer Center for
Science and International Affairs, May 2010
[42] Van Evera, Stephen, “Offense, Defense, and the
Causes of War,” International Security 22:4 (Spring,
1998), pp. 5-43
[29] Panetta, Leon E., Secretary of Defense, “Defending
the Nation from Cyber Attack,” Speech to Business
Executives for National Security, New York, New
York,
Thursday,
October
11,
2012,
http://www.defense.gov/Speeches/Speech.aspx?Speec
hID=1728
5595
5594