Skip to main content

Proceedings of a Workshop on Deterring Cyberattacks Informing Strategies and Developing Options for U.S. Policy (2010) / Chapter Skim
Currently Skimming:

Pulling Punches in Cyberspace--Martin Libicki
Pages 123-148

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 123...
... The argument in this paper falls into five parts. It starts with short parts on the various types of cyberwarfare and a few features that distinguish cyberwarfare from physical warfare.
Read the entire page →
From page 124...
... • Special: to achieve particular effects that are limited in time and place, largely outside the context of physical combat, and usually covertly. Examples may include attempts to hobble a state's nuclear weapons production, to target an individual, or to take down a hostile web site (or corrupt it with mal ware that others might download)
Read the entire page →
From page 125...
... In the physical world walls and roofs can mask what goes on inside a building -- thus indications on the outside can belie what does on inside. In cyberspace, visibility can go all the way through or at least penetrate here and there (e.g., some files are open; others are encrypted)
Read the entire page →
From page 126...
... , but the visible artifacts of power distribution afford a halfway reasonable guess. In cyberspace, neither physics nor economics yield particularly good clues as to which servers satisfy which clients (although sufficient detailed penetration of the server may offer hints of the sort unavailable in the physical world)
Read the entire page →
From page 127...
... In the physical world, belligerents ought not cross neutral countries on the way to attack one another. Correspondingly, neutral countries that allow attacks to cross their countries assume a degree of complicity in that act.
Read the entire page →
From page 128...
... attacks, some of these distinc tions disappear and the laws of armed conflict that apply in the physical world apply somewhat better in the cyber world. Deception is not as important when it is the volume rather than the contents of the packets that creates the problem.
Read the entire page →
From page 129...
... sabotage should rest on the accused, not the accuser. ..2 Reersibility One norm appropriate for cyberspace (with little counterpart in physical world)
Read the entire page →
From page 130...
... sub rosa responses to cyberattack, (3) responses that promote deescalation, and (4)
Read the entire page →
From page 131...
... What makes retaliation in cyberspace different is that it can rarely be justified by the need to disarm the other side for any length of time. The only justification is to change behaviors and thus harm to third parties such as civilians cannot be excused as instrumental to a tangible military goal.
Read the entire page →
From page 132...
... The retaliator will have to determine how strong a case it can make in public to justify retaliation, but that hardly guarantees that those in the attacking state or friends of the attacking state will necessarily believe it. Very few people understand cyberspace well enough to evaluate the evidence of attribution in an objective manner, even if it were all laid out.
Read the entire page →
From page 133...
... For the attacking state to call for systems owners to beef up their cyber defenses in advance of retaliation is to concede to many folks that some retaliation is coming even as it protests its innocence in the original attack. Third, if the two states are mutually hostile, the target may already have implanted malware into the attacking state's critical systems just in case.
Read the entire page →
From page 134...
... . Thus the issue of whether retaliation is met by escalation may have little to do with how damaging the retaliation was; the attacking state will match or, alternatively, exceed the retaliation based on an altogether different set of strategic and political criteria.
Read the entire page →
From page 135...
... or rally against its particular bête noire (one bureaucracy may want to take on country A; the other to take on country B) .11 In the physical world, the faction that gets caught may blow its case; in cyberspace it is far easier for a faction to avoid getting caught.
Read the entire page →
From page 136...
... The only states that will know about the attack are the attacker, the target, and those that either side chooses to reveal the attack to. Sub rosa options are generally unavailable to attackers in the physical world.
Read the entire page →
From page 137...
... Response is Puts the onus on the attacker Signals displeasure but also a Sub rosa cyberwar.  Signals Covert to reveal what happened and desire not to let things get out displeasure but also a desire not explain why. Retaliator may of hand.
Read the entire page →
From page 138...
... Even those who argue that members of our covert community are like the rest of us, only in different professions, the same may not hold for members of their covert community where rule-of-law is noticeably weaker. The second problem with sub rosa warfare is that each side's strategy is hostage to the exercise of discretion by the other side (not to mention the accidental revelation of covert attacks)
Read the entire page →
From page 139...
... Ironically, this leads to two observations. First, that the best targets of sub rosa cyberattacks are systems associated with the covert community.
Read the entire page →
From page 140...
... The target state may honestly be concerned that the supposed attacker should have been but was not been deterred from making an implantation. In today's world in which CNE is expected, the accusing state has to credibly argue that the implant could only have been meant for an attack.
Read the entire page →
From page 141...
... One test of intentions may come from putting pressure on the attacking state to sepa rate itself from the actual attacker; this is a test the attacker can pass (carrying out an open coercion campaign after conceding the rogue attacker seems illogical) , but not necessarily fail -- a lot depends
Read the entire page →
From page 142...
... . .. Self-Restraints for the Attacking State What should attackers, themselves, do to keep tensions in check?
Read the entire page →
From page 143...
... Asymmetries between opponents will complicate tacit agreements on what to leave intact in the cyber world, just as it does in the physical world. A local conflict between the United States and China over Taiwan will take place much closer to China: agreeing that homeland ports are off-limits favors them (they have no reasonable prospect of attacking debarking ports in California)
Read the entire page →
From page 144...
... This leaves a question as relevant in cyberspace as the physical world: if such gentlemen were so capable of negotiating such nuanced norms, why are they still resorting to fighting to settle their differences? 4.4 Proxy Wars Another situation in which cyberwarriors may have to pull their punches is when going after the systems of a state which is helping an active combatant.
Read the entire page →
From page 145...
... Instructions on what to avoid must be clear and the controls must be in place to ensure that such instructions are followed. In the physical world, both command and control are getting better thanks to ever-more-ubiqui tous surveillance and the proliferation of communications nets (e.g., cell phones)
Read the entire page →
From page 146...
... is problematic if collection becomes that much harder, afterwards. Such dilemmas have echoes in the physical world.
Read the entire page →
From page 147...
... In other contexts, cyberattacks may be said to be what happen if security engineering receives insufficient attention (just as accidents are what happen if safety engineering receives insufficient attention)
Read the entire page →

Key Terms

  • attacking state
  • physical world
  • sub rosa
  • original attack
  • covert response

  • third parties
  • armed conflict
  • covert community
  • collateral damage
  • physical war

  • rosa cyberattacks
  • attack code
  • third party
  • justify retaliation
  • supposed attacker

  • physical attacks
  • physical combat
  • physical space
  • offensive cyber
  • cyber world

  • obvious response
  • rogue warriors
  • corruption attacks
  • ddos attacks
  • disruption attacks

  • neutral countries
  • physical warfare
  • physical force
  • attacking government
  • obvious attack


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.