Deterring cyberthreats - The Baltic States and the search for a theory of cyberdeterrence

Abstract

This dissertation consists of three parts and has a twofold research interest. The research interest lies in finding a theory of cyberdeterrence as well as the pragmatic challenge of unconventional warfare at NATO's Eastern front and cyberattacks in general. The first part is a theoretical analysis considering the literature review on cyber, deterrence theory and their combination. The resulting identified crucial factors are incorporated in the game theory model of the second part of the thesis. The research question of the model is directed at the gap in the academic literature when a defender should retaliate after a cyberattack. The model predicts that conflict in cyber is dominated by offense not defence on the lower spectrum of intensity which is influenced by the factors impact and attribution. The higher the degree of impact and attribution of a cyberattack, the more useful becomes deterrence by punishment with a high retaliation. In the third part the model is tested against the case study of cyberattacks against Estonia in 2007. The test identifies adaptions and shortcomings of the theory of cyberdeterrence. Cyberattacks with lower impact are not deterrable with punishment because the defender is unable to portray credible threats of retaliation. This has implications for deterring...