The United States is doubling down on a cyber deterrence philosophy that focuses on building coalitions and clearly communicates that malicious activity will lead to consequences.

The U.S. government is trying to craft an approach to thwart the daily barrage of cyber intrusions across a wide range of sectors and the recently released national cyber strategy describes a cyber deterrence initiative that will build a “coalition and develop tailored strategies to ensure adversaries understand the consequences of their malicious cyber behavior.”

“The United States will work with like-minded states to coordinate and support each other’s responses to significant malicious cyber incidents, including through intelligence sharing, buttressing of attribution claims, public statements of support for responsive actions taken, and joint imposition of consequences against malign actors,” the strategy states.

U.S. officials, including Jim Richberg, national intelligence manager for cyber, have said a bilateral approach, first described by Tom Bossert, who formerly served as White House homeland security adviser, is a smart philosophy.

Richberg, speaking to Fifth Domain in a September interview, said if the approach is building a like-minded coalition, that alliance can create a much stronger position for levying responses to an adversary’s hacking.

Aligning interests with like-minded nations as a means of creating a more united front against bad cyber behavior can help put pressure on other actors, officials say. However, some in the national security cyber community believe that moving the needle on international laws, norms and deterrence can be complicated by a few factors, most notably, a lack of transparency.

If states aren’t willing to talk about the actions they take in cyberspace or their capabilities, it is unreasonable to expect others to do so, a former U.S. government official said during the Cyber Beacon Conference hosted by National Defense University’s College of Information and Cyberspace Sept. 19-20. The conference was held under a non-attribution policy for speakers and Fifth Domain agreed to those conditions.

But transparency in cyber can be difficult, especially when trying to describe to adversaries how their cyber power might hold them at risk. For example, the access the United States uses to cause cyber effects may suddenly disappear if an adversary discovers the route forces used to get into their network. Then, transparency works opposite as to how it was intended.

“This focus on cyber-deterrence is understandable but misplaced. Deterrence aims to change the calculations of adversaries by persuading them that the risks of an attack outweigh the rewards or that they will be denied the benefits they seek,” Michael Sulmeyer, director of the Cyber Security Project at Harvard’s Belfer Center, wrote.

“But in seeking merely to deter enemies, the United States finds itself constantly on the back foot. Instead, the United States should be pursuing a more active cyberpolicy, one aimed not at deterring enemies but at disrupting their capabilities.”

One U.S. official at the conference noted that it’s not necessarily about deterrence in cyber, but acting in a domain, which is now inseparable of all facets of life that gives the opportunity to gain strategic advantage. The official added that the United States needs to position itself to achieve positive outcomes by leveraging cyber.

One critical example he pointed to was how the Chinese have been able to gain strategic consequence through a cumulative effect over time, in part by using cyber. Chinese gross domestic product in 1973 was roughly $60 billion compared to the $1.2 to $1.3 trillion today.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In