Cyber ​​deterrence: a strategy to limit the threat

(To Alexandra Javarone)

Europe is facing a great challenge. His response still appears weak, linked to logic of economic or political survival in the absence of leadership. New vulnerabilities emerge with great speed and the old continent, which wants to regain weight in its international destiny, is unable to give itself a unified voice, contaminated by partisan national egoisms.

The problem is not limited to Covid19 alone: smart working and digital shifting of work introduce risks and complications, capable of causing further and greater economic damage to a system that is already suffering. It is difficult to manage the complexity of the challenges following the classic risk control model. The profile of threats is not easy to identify and the spectrum of the latter is extraordinarily wide: underground economic wars, political interference, propaganda or psyops.

The Army Study Center, on the topic of cyber attacks, advocates a policy of prevention and deterrence. "Win a battle without having to fight it, thanks to the strategy, to the knowledge of the enemy, of one's own strengths and abilities"this is the concept of deterrence: indirect strategy and form of psychological struggle. Extensive use of this defensive practice was made during the cold war period, when the two superpowers of the United States and the Soviet Union fought for the dominance of the world in a contest that, by its nature, would produce neither winners nor losers. Thus is obtained the "cold peace" which had the merit of diverting the "mutual enemy" from any aggressive purpose.

The precondition for deterrence is of course to possess an equivalent weapon. The world, as we know, has changed since the end of the Cold War onwards, and the euphoria dictated by the belief that the end of the confrontation between superpowers would have nullified the state of tension has quickly vanished. New threats emerged on the horizon and new states measured themselves against the West, aiming for cultural, economic, technological and military hegemony. In the new system the different actors, who initially had no strength comparable to the American one, showed ambitions of global predominance. The comfortable bipolar contrast, which had also created a sort of balance, had then given way to a large multitude of antagonists. Once the logic of deterrence disappeared, the struggle was aimed at amplifying the spheres of influence or economic dependence, hoarding of raw materials and energy, all following a logical-asymmetrical pattern, made up of economic conquests and hidden aggressions.

Even today the fight against leadership moves on several underground fronts: economic dominance, a form of conquest of the markets in the global system, energy resources, the pursuit of armaments and the development of technology. And also the technological development has opened the way to innumerable new vulnerabilities and which also includes cyber threat. If the challenge to superiority is also played on the cybernetic level, a danger of more difficult perception, but harbinger of devastating consequences, the West will soon have to set up an effective defense system.

Cyber ​​attacks are perpetrated by organized groups, often sponsored by states: interference is directed at maneuvering electoral processes, launching psychological propaganda operations and theft of relevant strategic information (cyber espionage). The clash is latent and we measure ourselves between iron allies, satellites and wingmen, in a scenario where the poor perception of danger directly affects the system in discrepancy. However, even if it still appears remote and distant, the game has already been playing for some time.

Several scholars wonder about the actual possibility of using the cyber deterrence as an effective defense tool. The examination of the Cyber ​​Army Study Center, however, poses a series of reflections: for the architecture of deterrence to hold, it is necessary, as is known, "that the use of the weapons made available is recognized as a credible threat, enough to induce the enemy not to act".

The discussion that animates the assembly engaged in the study hypothesizes two different forms of deterrence: the cyber deterrence by denial which presupposes sufficient ability to protect oneself, such as to render any attempt to attack useless (very difficult if not assuming the use of quantum technology or artificial intelligence); and the cyber deterrence by punishment or the ability to hit the opponent. The cyber punishement however, it remains difficult to implement, since it is difficult to recognize the authorship of cybernetic actions without the adequate support of intelligence.

Of course, cyber capability alone cannot provide a deterrent tool, but it is essential to have a complex architecture of deterrence where defense and cyber attack will also play a fundamental role in responding more actively to the threat, forcing the more aggressive states to cost-benefit analysis. The establishment of a sort of active diplomacy of deterrence is foreseen, made of collaboration between intelligence and cybernetic command and control structure, capable of making the response credible, preparing a complex system of cyber intelligence, information sharing e threat modeling.

Photo: US Air Force