Alternatives To Cyber Warfare: Deterrence And Assurance

Deterrence as practiced during the ColdWar was largely defined in terms of capabilities to impose punishment in response to an attack; however, with growing concern over the proliferation of cyber technologies, deterrence has evolved to be understood more generally in terms of cost/benefit calculi, viewed from not only a national perspective, but also recognizing the importance of both friendly and adversary perspectives. With this approach, the primary instruments used for deterrence are those which encourage restraint on the part of all affected parties. The use of a multiple lever approach to deterrence offers a path to an integrated strategy that not only addresses the cost/benefit calculus of the primary attacker, but also provides opportunities to influence the calculus of mercenary cyber armies for hire, patriotic hackers, or other groups. For this multiple lever approach to be effective a capability to assess the effects of cyber attacks on operations is needed. Such a capability based on multi-formalism modeling to model, analyze, and evaluate the effect of cyber exploits on the coordination in decision making organizations is presented. The focus is on the effect that cyber exploits, such as availability and integrity attacks, have on information sharing and task synchronization. Colored Petri Nets are used to model the decision makers in the organization and computer network models to represent their interactions. Two new measures of performance are then introduced: information consistency and synchronization. The approach and the computation of the measures of performance are illustrated though a simple example based on a variation of the Pacifica scenario.