Cyber Deterrence: Kick in the Knee Gets a Punch in the Face
Speaking at the May 4 Hack the Capitol conference, Rep. Rob Wittman, R-Va., discussed a range of ways for the U.S. to sanction nation-states that launch cyberattacks against U.S. assets, particularly the high-visibility assaults uncovered earlier this year that struck at thousands of private-sector and government networks.
Some sanctioning activities, he said, ought to be the kind that “don’t make the headlines,” and that also compel adversaries to expend resources to better protect their own systems from retaliation. On the whole, however, sanctions against adversaries should be emphatic in order to achieve deterrence, he said.
Adversaries, he said, need to “understand that if there’s an effort that they perpetrated against the United States, or companies in the United States, or for that matter, United States interests, that if we receive a kick in the knee, that they will receive a punch in the face,” Rep. Wittman said.
“I really believe that that’s [a] way that we can deter those sorts of actions,” he said. “Remember this is that round where everybody is probing … they’re looking and seeing what happens if we do this, what happens if we do that, and that behavior gets ramped up pretty precipitously.” If adversaries don’t receive a sufficient response, he said, they will not be deterred from further action and will conclude, “let’s do a little bit more.”
“I want to make sure that we look at all of the different aspects, not just protecting our systems, but also understanding what we can do to deter through our efforts to invoke a time and cost element on our adversaries,” Rep. Wittman said.