Strongpoint Cyber Deterrence: Lessons from Cold War Deterrence Theory & Ballistic Missile Defense Applied to Cyberspace

By James J. Torrence

This important U.S. strategic studies work seeks to develop a cyber deterrence strategy by drawing upon the hard-learned lessons of the past—specifically from Cold War deterrence theory and Cold War missile defense. Ultimately, a strongpoint defense is proposed along with a decentralized and further hardened critical infrastructure approach that continually exploits emergent innovation opportunities through investment in research.

Dave Dilegge
Editor-in-Chief
Small Wars Journal

• Language: English
• Publisher: Xlibris US
• Release date: Feb 10, 2020
• ISBN: 9781796084689

James J. Torrence

JAMES J. TORRENCE is an active duty U.S. Army Signal Corps officer. He is a graduate of the United States Military Academy. He has a Doctorate in Strategic Security and multiple graduate degrees including an M.S. in Strategic Design & Management, an M.S. in Cybersecurity, and a Master of Military Art & Science. He has deployed twice to Afghanistan as a battalion communications officer and has served in various military leadership positions in the United States, Germany, Belgium, and Korea. He was a recipient of the 2014 General Douglas MacArthur Leadership Award and was the 2013 Armed Forces Communications and Electronics Association Information Leadership Technology Awardee from the U.S. Army. He is happily married to Ñerelyn, the love of his life.

Book preview

Copyright © 2020 by James J. Torrence and Small Wars Foundation.

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the copyright owner.

The views expressed in this book are those of the author and do not necessarily reflect the official policy or position of the Department of the Army, the Department of Defense, or the U.S. Government, or any other U.S. armed service, intelligence or law enforcement agency, or local or state government.

Any people depicted in stock imagery provided by Getty Images are models, and such images are being used for illustrative purposes only.

Certain stock imagery © Getty Images.

Rev. date: 02/07/2020

Xlibris

1-888-795-4274

www.Xlibris.com

807528

ABOUT SMALL WARS JOURNAL

AND FOUNDATION

Small Wars Journal facilitates the exchange of information among practitioners, thought leaders, and students of Small Wars, in order to advance knowledge and capabilities in the field. We hope this, in turn, advances the practice and effectiveness of those forces prosecuting Small Wars in the interest of self-determination, freedom, and prosperity for the population in the area of operations.

We believe that Small Wars are an enduring feature of modern politics. We do not believe that true effectiveness in Small Wars is a ‘lesser included capability’ of a force tailored for major theater war. And we never believed that ‘bypass built-up areas’ was a tenable position warranting the doctrinal primacy it has held for too long—this site is an evolution of the MOUT Homepage, Urban Operations Journal, and urbanoperations.com, all formerly run by the Small Wars Journal’s Editor-in-Chief.

The characteristics of Small Wars have evolved since the Banana Wars and Gunboat Diplomacy. War is never purely military, but today’s Small Wars are even less pure with the greater inter-connectedness of the 21st century. Their conduct typically involves the projection and employment of the full spectrum of national and coalition power by a broad community of practitioners. The military is still generally the biggest part of the pack, but there are a lot of other wolves. The strength of the pack is the wolf, and the strength of the wolf is the pack.

The Small Wars Journal’s founders come from the Marine Corps. Like Marines deserve to be, we are very proud of this; we are also conscious and cautious of it. This site seeks to transcend any viewpoint that is single service, and any that is purely military or naively U.S.-centric. We pursue a comprehensive approach to Small Wars, integrating the full joint, allied, and coalition military with their governments’ federal or national agencies, non-governmental agencies, and private organizations. Small Wars are big undertakings, demanding a coordinated effort from a huge community of interest.

We thank our contributors for sharing their knowledge and experience, and hope you will continue to join us as we build a resource for our community of interest to engage in a professional dialog on this painfully relevant topic. Share your thoughts, ideas, successes, and mistakes; make us all stronger.

…I know it when I see it.

Small Wars is an imperfect term used to describe a broad spectrum of spirited continuation of politics by other means, falling somewhere in the middle bit of the continuum between feisty diplomatic words and global thermonuclear war. The Small Wars Journal embraces that imperfection.

Just as friendly fire isn’t, there isn’t necessarily anything small about a Small War.

The term Small War either encompasses or overlaps with a number of familiar terms such as counterinsurgency, foreign internal defense, support and stability operations, peacemaking, peacekeeping, and many flavors of intervention. Operations such as noncombatant evacuation, disaster relief, and humanitarian assistance will often either be a part of a Small War, or have a Small Wars feel to them. Small Wars involve a wide spectrum of specialized tactical, technical, social, and cultural skills and expertise, requiring great ingenuity from their practitioners. The Small Wars Manual (a wonderful resource, unfortunately more often referred to than read) notes that:

Small Wars demand the highest type of leadership directed by intelligence, resourcefulness, and ingenuity. Small Wars are conceived in uncertainty, are conducted often with precarious responsibility and doubtful authority, under indeterminate orders lacking specific instructions.

The three block war construct employed by General Krulak is exceptionally useful in describing the tactical and operational challenges of a Small War and of many urban operations. Its only shortcoming is that is so useful that it is often mistaken as a definition or as a type of operation.

We’d like to deploy a primer on Small Wars that provides more depth than this brief section.  Your suggestions and contributions of content are welcome.

Who Are Those Guys?

Small Wars Journal is NOT a government, official, or big corporate site. It is run by Small Wars Foundation, a non-profit corporation, for the benefit of the Small Wars community of interest. The site principals are Dave Dilegge (Editor-in-Chief) and Bill Nagle (Publisher), and it would not be possible without the support of myriad volunteers as well as authors who care about this field and contribute their original works to the community. We do this in our spare time, because we want to.  McDonald’s pays more.  But we’d rather work to advance our noble profession than watch TV, try to super-size your order, or interest you in a delicious hot apple pie.  If and when you’re not flipping burgers, please join us.

CONTENTS

About Small Wars Journal And Foundation

Author Biography

Acronyms

Abstract

Foreword

Chapter 1: INTRODUCTION

Background

Defining Cyberspace

Current Cyber Operating Environment

National Power Grid Compromise

Current National Cybersecurity Strategy

Deterrence Theory & The Cold War

Deterrence & Cyberspace

Summary

Organization of the Remaining Chapters

Chapter 2: DETERRENCE THEORY & CYBERSPACE

Cyber Deterrence

Origins of Deterrence Theory

Classical Deterrence Theory

Classical Deterrence Definitions

Threat-Based Deterrence

Deterrence Not Contingent Upon a Threat

Limitations of Deterrence

Communication

Rationality

State-on-State Deterrence Limitations

Attribution

Unique Deterrence Strategies

Defense-Focused Deterrence

Deterrence to Provide Options

Complex Deterrence Theory

Cyberspace and Complexity in Current International Structure

The Emergence of Complex Deterrence

Challenges of Contemporary Deterrence

Previous National Cyber Strategy

Arguments Against Cyber Deterrence

Summary

Chapter 3: THE UNITED STATES, SOVIET UNION, MISSILE DEFENSE, & CYBERSPACE

United States Missile Defense

Soviet Union Missile Defense

Arguments Against Missile Defense Systems

Summary

Chapter 4: CYBERSPACE & THE STRATEGIC DEFENSE INITIATIVE

Offensive Advantage in Cyberspace

President Reagan and the Strategic Defense Initiative

SDI Guidance

Weaknesses of SDI

Dividends of SDI

Summary

Chapter 5: TOWARDS STRONGPOINT CYBER DETERRENCE

Defining and Categorizing Cyber Deterrence

Encryption

Decentralization

Concealment

Conclusions

Postscript

References

AUTHOR BIOGRAPHY

JAMES J. TORRENCE is an active duty U.S. Army Signal Corps officer. He is a graduate of the United States Military Academy. He has a Doctorate in Strategic Security and multiple graduate degrees including an M.S. in Strategic Design & Management, an M.S. in Cybersecurity, and a Master of Military Art & Science. He has deployed twice to Afghanistan as a battalion communications officer and has served in various military leadership positions in the United States, Germany, Belgium, and Korea. He was a recipient of the 2014 General Douglas MacArthur Leadership Award and was the 2013 Armed Forces Communications and Electronics Association Information Leadership Technology Awardee from the U.S. Army. He is happily married to Ñerelyn, the love of his life.

ACRONYMS

ABSTRACT

Policymakers have little or no experience developing cybersecurity deterrence strategies. To develop an effective foundation for the creation of cybersecurity strategy, cyber policymakers must learn from Cold War deterrence theory and application. The Cold War dealt with a new type of warfare, rapidly evolving technology, and an environment dominated by the offense which mirrors the current challenges in cyberspace. To build a cyber deterrence strategy, policymakers can look to Cold War deterrence theory to identify principles applicable to defending in cyberspace. The principles of cyber deterrence derived from Cold War analysis are: 1) Cyber deterrence must focus on strongpoints because a perimeter defense will be costly for the defender, and not effective against potential initiators; 2) Critical infrastructure in cyberspace should be encrypted, decentralized, and concealed to increase the cost for the attacker, buy time for the defender, and increase the chance of attribution of the attacker; 3) Researching emerging and future capabilities will create innovation opportunities for long-term cyber defense.

FOREWORD

Sean N. Kalic

Fort Leavenworth, Kansas

January 2020

The U.S. Army’s reorientation to Large-scale Combat Operations (LSCO) is well outlined in FM 3-0 Operations, as published in October 2017. In the introduction of this seminal document, the Army highlights that potential adversaries have modernized their force structure and developed advanced capabilities that counter the United States across air, land, maritime, space, and cyber domains. The emphasis on multi-domain operations is a prevalent theme woven into the doctrine as necessary consideration for future wars. However, as one reads deeper into the doctrine, there is a lack of specificity as to exact requirements and demands of cyber-warfare across all levels of war. Major James Torrence in Strongpoint Cyber Deterrence: Lessons from Cold War Deterrence Theory & Ballistic Missile Defense Applied to Cyberspace however provides a critical piece of research that fills this necessary void in thinking about building a strategy of deterrence for the cyber domain.

Using Cold War deterrence models, MAJ Torrence provides an in depth analysis of how to apply and adjust these traditional tenets associated with the Cold War and nuclear deterrence to the domain of cyberspace. The result of his insightful and methodical research is that MAJ Torrence has produced a brilliant work that highlights how to build a deterrence strategy based on concepts of general strongpoint deterrence and specific strongpoint deterrence. While outlining the need to synchronize these two critical types of deterrence, MAJ Torrence advances his argument by detailing how the principles of encryption, decentralization, and concealment can work to build a robust specific strongpoint deterrence strategy.

In short, the research and analysis provided in this study by Major Torrence is a vital read to anyone preparing to fight in the multi-domain environment of the twenty-first century. Furthermore, this work is an important step in the development of a sound analysis from which the United States can begin to build a strong and enduring deterrent strategy, as the nation increasingly combats new cyber threats in the international security environment.

CHAPTER 1

Introduction

Hans J. Morgenthau predicted that increased proliferation of nuclear weapons leads to anarchy because attribution of an attack is not always possible thus resulting in an endless destructive loop with states either retaliating or pre-emptively striking to ensure their security (Morgenthau, 1964). Morgenthau’s theory was never put to the test with a state’s use of nuclear weapons, but it foreshadowed the anarchic environment that currently exists in cyberspace. With both state and non-state actors operating in cyberspace, the number of potential perpetrators following a cyberattack has increased exponentially. The borderless nature of cyberspace coupled with the number of actors makes complete attribution of a cyberattack nearly impossible. The resulting international situation is the same as the one predicted by Morgenthau. State and non-state actors are engaged in a seemingly endless loop of preventive and retaliatory actions in cyberspace. The type of environment where capabilities are equal and state and non-state actors are in an endless destructive loop makes developing a cybersecurity strategy very difficult. Developing a strategy that deters malicious state and non-state cyber activity against U.S. critical infrastructure is highly complex because of an infinite number of digital vulnerabilities coupled with the problem of attribution.

Background

Cyberspace is both a domain of warfare and a medium through which data relevant to individuals, organizations, and state actors is transmitted and received. The reliance the U.S., and the rest of the world, has on cyberspace creates a shared dependency and a shared vulnerability which continues to influence relationships in the current, multipolar international structure. Cyberspace is an inseparable component of America’s financial, social, government, and political life (Trump, 2018, p. 1). Furthermore, the potential costs of cyberattacks could far exceed the ongoing costs suffered by the U.S. economy (The Council of Economic Advisors, 2018, p. 37). With the world increasingly moving towards smart grid technology and other upgrades with inherent cyber vulnerability, correlative threats from malicious cyberattacks on the North American electric grid continue to grow in frequency and sophistication (Idaho National Laboratory, 2016, p. ii). The U.S. recognizes that cyber deterrence