Title | Rough-and-Ready: A Policy Framework to Determine if Cyber Deterrence is Working or Failing |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Healey, Jason, Jenkins, Neil |
Conference Name | 2019 11th International Conference on Cyber Conflict (CyCon) |
Date Published | may |
Keywords | adversary activity, adversary cyber operations, Cyber Attacks, cyber conflict, cyber deterrence, Cyber Operations, cyber policy, deterrence, forward defense, Human Behavior, intercept-and-halt adversary cyber operations, Metrics, persistent engagement, policy framework, pubcrawl, resilience, rough-and-ready metrics, Scalability, security of data, standard methodology, threat intelligence, transparent framework, United States policy |
Abstract | This paper addresses the recent shift in the United States' policy that emphasizes forward defense and deterrence and to "intercept and halt" adversary cyber operations. Supporters believe these actions should significantly reduce attacks against the United States, while critics worry that they may incite more adversary activity. As there is no standard methodology to measure which is the case, this paper introduces a transparent framework to better assess whether the new U.S. policy and actions are suppressing or encouraging attacks1. Determining correlation and causation will be difficult due to the hidden nature of cyber attacks, the veiled motivations of differing actors, and other factors. However even if causation may never be clear, changes in the direction and magnitude of cyber attacks can be suggestive of the success or failure of these new policies, especially as their proponents suggest they should be especially effective. Rough-and-ready metrics can be helpful to assess the impacts of policymaking, can lay the groundwork for more comprehensive measurements, and may also provide insight into academic theories of persistent engagement and deterrence. |
DOI | 10.23919/CYCON.2019.8756890 |
Citation Key | healey_rough-and-ready:_2019 |