Does Deterrence Work Against Cyber Terrorism?

In February of 2017, Joseph Nye wrote the article Deterrence and Dissuasion in Cyberspace, in which he discusses the applicability of the concept of deterrence to the realm of cyber. Nye distinguishes the cyber realm from deterrence in the context of nuclear weapons, noting the inherent challenges that ambiguity and attribution pose in the cyber landscape. As a result, cyber actions often land in a “gray zone”, between war and peace, with the perpetrators hiding in the shadows of several remote servers. However, Nye argues that four key mechanisms, depending on the specific context of who and what, can be applied to help deter and dissuade: threats of punishment, denial, entanglement, and taboos/norms. In discussing these mechanisms, Nye argues that entanglement, such as economic interdependence, renders the threat of a surprise attack by a major state rather unlikely. Moreover, citing the example of biological and chemical weapons, Nye believes that international norms and taboos can be leveraged to increase the stigma around attacking certain types of targets in peacetime, raising the reputational costs of such an attack.

However, I remain relatively unconvinced of the ability to deter terrorists from conducting a cyber-attack. Nye admits, “As in the kinetic world, deterrence is always difficult for truly suicidal actors such as terrorists who seek religious martyrdom”, but asserts that, “thus far terrorists have used cyber more for recruitment and coordination than for destruction…At the same time, even terrorists and criminals are susceptible to deterrence by denial.” (CITE) However, the U.S. lacks much of the leverage that they wield over traditional states. That is to say, without the ability to strike back at an electrical grid, without the risk of threatening their economic dependence on the U.S. – can the U.S. credibly deter cyber-attacks from terrorist groups? Groups such as ISIS flagrantly disregard international norms, and display an affinity for utilizing the latest internet technologies.

I agree with Nye that, thus far, criminals and terrorists have opted to utilize cyber resources for coordination and recruitment, and likely at this point, ISIS lacks the technical expertise and operational capacity to execute a large-scale cyber attack. However, cyber defense has thus-far proved to be rather porous, and the number of targets is ever increasing with the Internet of Things. Moreover, similar to the rise of DIY biological engineering, a burgeoning wave of interest in the internet and computer science has emerged, diffusing knowledge across the globe. While right now, one might believe it rather unlikely that ISIS would be able to execute a cyber-attack, if they were to develop the capacity, do people believe that terrorists could be deterred from utilizing cyber-attacks? — Olivia