Deterrence by itself is a fragile basis for strategic thinking. Thus, I start by placing deterrence within a broader framework of objectives and then discuss special features of the cyber attack challenge, distinguishing different classes and contexts of cyber threats. I then use a simple model to speculate about whether deterrence can be a significant part of dealing with those different threats. The model allows for very different degrees of "rationality" on the part of whoever is to be deterred. My discussion ends with suggestions for policymakers and scholars. My conclusion is that hoping for deterrence with today's reality would be like grasping for straws. Deterrent measures should definitely be part of a larger strategy, but the focus should be elsewhere.

       Access further information on this document at nyujilp.org This article was published outside of RAND. The full text of the article can be found at the link above.

       Research conducted by RAND National Security Research Division

       This report is part of the RAND Corporation external publication series. Many RAND studies are published in peer-reviewed scholarly journals, as chapters in commercial books, or as documents published by other organizations.

       The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.