A copy of the full analysis can be downloaded by clicking on the link at the bottom of this blog entry.
In Part 1: Game Theory Basics of War, I described the three potential options players may take in traditional war: don't arm, arm, or attack. I described the benefits and costs associated with arming for defense, as well as the benefits and costs associated with arming for offense or attacking. I indicated that there are ambiguities in interpretaions by players associated with the actions other players are taking: sometimes arming can increase a player’s security, while other times, arming can decrease a player’s security. I explained that there are two crucial variables that contribute to the ambiguity: (i) whether defensive weapons can be distinguished from offensive weapons, and (ii) whether defense or offense has the advantage.
In Part 2: Defining Cyberwar, I indicated that cyberattacks represent a new form of attack, and attempting to frame cyberattacks in terms analogous to those of traditional, real-world attacks has proven to be problematic, in part because cyberwar represents a new kind of war attempts to provide parallels between traditional war and cyberwar has proven to be problematic. I distinguished cyberattacks, cyberwar, and cyberterrorism from one another based on (i) whether the actor was government or civilian and (ii) whether the motivation was personal/commercial or political in nature.
In Part 3: Unique Properties of Cyberwar, I discussed some of the more significant unique properties of cyberwar that distinguish it from traditional war: (i) Cyberwar creates a security dilemma since (a) it's difficult to distinguish offensive from defensive actions in cyberspace, and (b) offense has the advantage over defense; (ii) in cyberspace it's difficult to know who the perpetrator of a cyberattack is; (iii) in cyberwar, there are generally no human injuries or death; and (iv) many cyberweapons are one-time-use in nature.
In this section, the last section of the analysis, I explore several defensive and offensive strategies for players engaged in cyberwar.
Defensive Strategies
Decrease Incentives to Attack
As I mentioned in the previous section, cyberwar has the potential to create a security dilemma, since (i) offensive weapons cannot be distinguished from defensive weapons and (ii) cyberwar tends to favor offense. One player might simply be trying to defensively arm itself against cyberattacks from other players. However, by doing so he may induce insecurity in other players that might lead them to arm themselves for cyberwar and possibly even attack the player preemptively.
To mitigate against the potential for a security dilemma – and particularly against the possibility of preemptive attacks by others – a player who wishes to arm himself to defend against cyberattacks can increase the transparency of his actions to better clarify (signal) his intentions to other players.