New approaches to cyber deterrence authcheckdam by Dr.No. nofunclub

UNCLASSIFIED NEW APPROACHES TO CYBER-DETERRENCE: INITIAL THOUGHTS ON A NEW FRAMEWORK JEFFREY R. COOPER SAIC 29 December 2009

I. EXECUTIVE SUMMARY/ INTRODUCTION: “Si vis pacem, para bellum.” Information has always been a key element of national power and influence. However, now enabled by modern digital technologies, worldwide communications and information networks have fundamentally reshaped patterns of international trade, finance, and global intercourse, affecting not only economic but also political and social relationships as well. Under these circumstances, few countries, even those with authoritarian systems, can or choose to retain the closed autarchic economies as they did in the past because of economic and financial interdependencies. Moreover, new actors, many of them entities other than states, now play important roles in the international system and interact in novel ways. As a consequence, these forces have helped to refashion international relations after the collapse of the bipolar structure and in the wake of the Cold War. Because they possess particular strengths and weaknesses, we now clearly recognize that modern digital information systems (what are commonly called “cyber systems”) are powerful tools and weapons on the one hand as well as sources of great potential vulnerability on the other, affecting not only our economic and social patterns, but also our national security. Digital information—and the cyber infrastructure that processes and carries it—has its own special characteristics; and these qualities are sufficiently different than those of analogue information that many consider “cyber” to be a distinct medium or domain. Considering both the benefits and vulnerabilities of our cyber dependency, together these factors have created a powerful interest in better securing our information and the cyber infrastructures through which it is processed and transmitted. As part of an overall strategy to protect our information resources and cyber capabilities, applying the lessons and tools of deterrence to the cyber domain merits attention as one important component of a comprehensive security strategy. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED This report presents an initial exploration of several new concepts that could serve as a basis for improving deterrence of threats to our critical cyber capabilities. However, one of the greatest challenges in seeking to apply deterrence to the challenge of a broad range of cyber threats is to move beyond the common proposition that deterrence now rests, and did so throughout the Cold War, solely upon the threat of punitive retaliation. First, that proposition is simply incorrect. Second, such an assumption too tightly binds deterrence to solving the twin problems of attribution and identity, both of which are far more difficult than with possible nuclear attacks during the Cold War period. Moreover, the effects of retaliatory attacks in the cyber domain are very likely to be less predictable and create more unintended consequences than did nuclear strikes. The objective of this present effort is not to suggest replacing deterrence by retaliatory punishment where it can be effective and implemented through threats of direct retaliation against the attackers; rather since credible attribution and identification may not be feasible against many cyber threats (and the effects more uncertain), the goal of this report is to provide alternative methods for deterrence not reliant on direct retaliation. Deterrence is often discussed as if it were purely abstract and a simple doctrine considered to be universally applicable.1 Basically deterrence concerns itself with behaviors, both by others and by ourselves, and the beliefs and propositions about perceptions, decision-making, and motivations that influence those behaviors. The application and implementation of deterrence is actually situationally dependent on specific factors and must be constructed upon the foundation of the particular conditions of the international system, the players involved, their motivations and objectives, and the relevant technical factors related to targets and mechanisms of influence. The calculus of possible gain versus loss by which the potential effectiveness of deterrence is assessed is a function of specific opportunities, particular consequences assessment of uncertainties, taken within the matrix of values and expectations that goes into the complicated metrics of the decision makers. Therefore, assessing the potential effectiveness of deterrence options rests on believing that we both understand

In some unfortunate aspects, the use of abstract, game-theoretic approaches for modeling deterrence mirrors some of the more unsettling aspects and mistakes in risk modeling leading to the recent financial catastrophes.

Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED the adversary and also appreciate the adversary’s understanding of our beliefs and our likely behaviors.2 The specific concept of deterrence that we have understood and recently practiced was developed to suit the particular conditions of the Cold War contest with the Soviet Union. Exactly because the deterrence concepts we have inherited were particularistic to those conditions, it is now essential to disentangle the general principles of deterrence from those aspects that were specifically attuned to that environment. In seeking to apply deterrence to the emerging range of cyber threats, the key postulates of deterrence must now be rethought and adapted to the conditions of a distinctive cyber domain, as well as to a new geostrategic environment that exhibits many different characteristics from the previous international system. The case for a new approach to cyber-deterrence thus rests on two distinct but interrelated lines of argument: the logic for a new deterrence and the logic of a new deterrence. The logic for a new deterrence flows from the realization that the deterrence we have known in the modern era was formulated during the Cold War for conditions resulting from a bipolar structure that no longer exists.3 In that Manichean struggle between nuclear-armed super-powers, we faced a determined adversary in a contest conducted within a particular bipolar structure of international relations. In addition to addressing novel characteristics of an international system (and our perceptions of it), an appropriate concept of deterrence must now also accommodate an understanding of crucial motivations and behaviors of a far broader set of actors that are much different than assumed for our previous opponents. This first part of the report, in Section II, is primarily descriptive, laying out in some detail the principles that underlay our Cold War approach to deterrence. The logic of a new deterrence, in turn, must address three important factors: 1) a cyber environment with its special characteristics; 2) the recognition that the international system now includes both old and new actors who exist within complicated new contexts created by multiple roles and relationships; and 3) the understanding that 2

In cognitive psychology, this ability to recognize and take into account the thoughts of the other is known as “theory of the mind” (TOM); it “allows one to attribute thoughts, desires, and intentions to others, to predict or explain their actions, and to posit their intentions.” See Simon Baron-Cohen, “Precursors to a theory of mind: Understanding attention in others,” in A. Whiten (Ed.), Natural theories of mind: Evolution, development and simulation of everyday mindreading, (pp. 233-251). (Oxford: Basil Blackwell, 1991). 3 Zagare, “Classical Deterrence Theory: A Critical Assessment,” International Interactions, Vol. 21, No. 4 (1996), p. 366. (subsequently cited as Zagare (1996)). Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED networks, both physical and virtual, possess different properties than other forms of relationships and these can significantly impact the decision calculus.4 This second part of the report, covering Sections III-V, is essentially analytical, identifying the crucial factors in the altered international environment, especially highlighting new characteristics of actors and their relationships, and exploring implications of these factors for cyber-deterrence. In order to provide the basis for selecting appropriate factors to be included in modeling the influence of networks on the decision calculus of deterrence, it discusses these issues in some depth. Finally, the last part of the report, covering Sections VI-VIII, is prescriptive, providing a framework and recommendations of measures for cyber-deterrence that are appropriate to these new conditions. In particular, this part draws from the key factors identified in the analytic section in order to better understand the range of factors and the ways that they may exert influence on the calculus of deterrence. This last part identifies potential approaches for modeling these aspects to allow assessing their influence on deterring cyber threats. Cooperation, Competition, and Conflict. Among the most important of the circumstances mandating a new logic is an international system that is no longer dominated by a bipolar structure, in which both non-state actors and networks of actors (among them “virtual communities”) have emerged as important factors in international relations. As part of reformulating deterrence for this new environment, this research effort introduces two concepts as key components for cyber-deterrence. The first is a new framework that we term the “Three Cs”—Cooperation, Competition, and Conflict. This framework explicitly recognizes that both we and our potential adversaries (as well as friends, allies, and other actors) now conduct multiple but distinct, relationships with each other across numerous and diverse channels of interaction; and as we participate in networks with a wide range of other parties, we perform different functions, can assume different personas, and often exhibit substantially different behaviors at the same time.5 An important corollary of this situation is that “role” can no longer be assumed to be bound tightly or uniquely to identity, but is rather a characteristic of a transaction or a particular set of relationships

Many networks, for example, exhibit power law distributions and show increasing returns to scale—for example, social networks, which obey Metcalfe’s Law. 5 These issues were topics for discussion at a number of Highlands Forum meetings during 2007–2008. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED in which an actor is involved.6 Importantly, actors can play different roles and have different relationships with each other at the same time. As a result, both attribution and identification are more complicated for cyber threats. Networked Deterrence. The second key concept in this approach—the “networked deterrence” concept—argues that networks themselves are increasingly the key underpinning of international power and influence and, therefore, represent the real source of value. As a senior State Department official recently wrote in a widely noticed article in Foreign Affairs, “We live in a networked world. War is networked… Diplomacy is networked… Business is networked… Media is networked… Society is networked… Even religion is networked.… In this world, the measure of power is connectedness.”7 As a result, participation in relationships also creates a fundamentally different context and calculus for decision-making than did an autarchic posture. Therefore, the “value“ by which the calculus of deterrence is measured should now be far more a function of these networked relationships in which actors are enmeshed than direct control of tangible resources or assets. Based on these two perspectives, there are three other implications, primarily affecting the calculus of deterrence, which must be taken into account as we formulate concepts appropriate for cyber-deterrence. First, the old calculus by which traditional deterrence was assessed had a number of critical assumptions deeply embedded about the context, the decision-makers, and the decision processes that no longer conform to present realities; among the most important, the old deterrence calculus presumed noncooperative behavior by “rational” decision-makers, whether these were individuals or groups.8 As a result, a significantly revised calculus is needed that reflects a better understanding of human cognition and judgment, by both individuals and collectives, in these more complicated situations.9

There is an extremely important corollary of this situation with multiple relationships of different characteristics: modeling must emphasize the links rather than the nodes in the network. This aspect is addressed in Section VII. 7 Anne-Marie Slaughter, “America’s Edge,” Foreign Affairs, January/February 2009. Slaughter, formerly Dean of The Woodrow Wilson School at Princeton, is now the Director for Policy Planning at the U.S. Department of State. 8 These assumptions include decision-makers as rational actors based on a “homo economicus” perspective; a game-theoretic framework and Nash equilibria based on non-cooperative actors; and the actors and decision-makers operate from an autarchic perspective. These issues will be addressed in Section II.B. 9 The corpus of JDM, including recent research on cognitive and neuro-psychological factors, needs to be better accounted for generally in national security decision-making, and in deterrence thinking in particular. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED The second of these involves the implications for decision-making from participation in social relationships or networks. This is not the issue of “group think” highlighted by Janis, but rather the more complex problems attendant on decisions where there are multiple roles and mixed motives in shared environments reflecting differing cooperative, competitive, and conflictual objectives within various social relationships.10 A heightened recognition of the “increased social aspects” of the international system suggests that we also begin to recognize that these social relationships create “social facts.”11 These social facts include laws, morals, beliefs, customs, fashions, and norms; and they create institutions through “beliefs and modes of behavior instituted by the collectivity” and reinforce these patterns of behavior. These patterns, in turn, over time help foster ties, some of which we now call “social capital”—trust, reciprocity, information, and cooperation—that flow from social networks and are often considered as important products of “civil society.” Social capital can help to ensure compliance with rules and keep down monitoring costs, provided networks are dense, with frequent communication and reciprocal arrangements, small group size, and lack of easy exit options for members.12 The effects of networks relate not only to members within the network, but they also have influence, for good or bad, on outsiders to the network; and an extensive academic literature on the influence of groups and social environments on decision-making, both by the groups themselves and by individuals within those groups, exists that can inform new thinking about cyber-deterrence. For example, there are also indications in the academic literature that the cyber domain itself induces or enables behaviors in the virtual environment that are different, and potentially inimical, that should be addressed in the context of cyber-security.13 It would be useful to better incorporate this knowledge into our national security considerations. As several commentators in early discussions noted, many of the issues implied by “networked deterrence” and concepts for its implementation are not themselves new, 10 The

research on cooperative decision-making in shared environments is the basis on which Ostrom and Williamson won the 2009 Nobel Prize in Economics, formally known as the Bank of Sweden Prize in Economic Science in Honor of Alfred Nobel. 11 D. Emile Durkheim, “which is general over the whole of a given society whilst having an existence of its own, independent of its individual manifestations.” Emile Durkheim, The Division of Labor in Society, translated by W.D. Halls (New York: Free Press, 1964), p. 49. 12 Jules Pretty, “Social Capital and the Collective Management of Resources,” Science, 12 December 2003, VOL 302, p. 1914. 13 Sherry Turkle, Life on the Screen: Identity in the Age of the Internet, (New York: Simon & Schuster, 1995). Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED especially those related to the nature and implications of social relationships and networks; they have been widely recognized in areas such as public health and criminology. Over the past several decades, the effect of social environment on behavior—such as the “broken windows” phenomenon, for example—has been recognized in law enforcement.14 However, integrating these elements into a coherent framework for cyber-deterrence and developing appropriate mechanisms for implementation for this new strategic environment are new challenges; they will require innovative adaptations of the fundamental concepts of deterrence. As importantly, taking the lead in developing a framework for deterrence appropriate for these geostrategic conditions could offer significant advantage by allowing us to discover “the physics of the system” and to define “rules of the game” for this new environment, thereby capturing the “normative high ground.” Finally, we must recognize the third set of implications arises from properties inherent in these first new conditions: these conditions create an environment that is a complex adaptive system, in the formal sense of that term. In an environment with multiple roles and sets of relationships involving non-zero-sum outcomes, phenomenologies such as indeterminacy and incalculable uncertainty are intrinsic features that must be reflected in the actors’ decision-making. Indeed, this aspect of complexity raises basic questions about what we can know and how we can know it in order to support decision-makers. Together these changes represent some sharp breaks from the past and are deeply unsettling for most people, requiring new ways of thinking about the world around us, and about how we pursue our national security interests. They create limits on what we know, what we can know, what we can predict, and what we can control; and there seems to be little appreciation of these limits within national security planning or operations. We should not expect that these changes will come more easily or more quickly than dealing with the advent of modern physics and its twin revolutions— quantum mechanics and relativity—demanded of scientists. Policy-makers would be wise to heed the injunction of an eminent physicist, “The discoveries of modern physics necessitated profound changes in concepts like space, time, matter, object, cause and effect, etc., and since these concepts are so basic to our way of experiencing the world it is not surprising that the physicists who were forced to change them felt something of a shock. Out of these changes emerged a new and radically 14 James

Q. Wilson and George L. Kelling, “Broken Windows,” The Atlantic, March 1982.

UNCLASSIFIED different world view, still in the process of formation by current scientific research.”15 The old models were, at best, very imperfect abstract representations of less complicated relationships, which were far more tractable and predictable than our new circumstances; in light of the changes, continuing to use them should raise serious concerns. In his 1974 address accepting the Nobel Prize in Economics, Friedrich Hayek made a similar plea “…against the use of the tools of the hard sciences in the social ones….” in an attempt to simplify complex human problems with algorithmic approaches.16 The challenges posed by cyber threats that this report addresses are truly difficult and complicated issues, especially to the extent that new perspectives and paradigms force us to think in new ways. In addition to building on previous work on deterrence and characteristics of the cyber environment,17 this report also draws on several disparate areas of recent academic research. That these areas have not generally been part of the central corpus of national security thinking only adds to the difficulty of incorporating them into the framework for cyber-deterrence. Complications encountered in trying to address similar problems with complex social-ecological systems (SESs) are worth noting. “… we call attention to perverse and extensive uses of policy panaceas in misguided efforts to make social–ecological systems (SESs), also called human–environment systems, sustainable over time. It is not enough, however, just to call attention to the inadequacy of the panaceas that are prescribed as simple solutions to complex SESs. Korten (1) long ago identified the danger of blueprint approaches to the governance of tough social–ecological problems and urged that policy makers adopt a learning process rather than imposing final solutions. Korten’s advice is similar to that of Walters and the emphasis on adaptive management in contemporary analyses of complex adaptive systems. Unfortunately, the

15 Fritjof

Capra, The Tao of Physics. (Boston: Shambala, 1991), p. 54. in Nassim Nicholas Taleb, The Black Swan: The Impact of the Highly Improbable, (New York: Random House, 2007), p. 180. 17 The present report also draws on several previous research efforts by the principal investigator for various government sponsors: The Emerging Infosphere: Some Thoughts on Implications of the “Information Revolution,” SAIC/CISP, for ASD/C3I, August 1997, (subsequently cited as “Infosphere”); Future Concepts for Escalation Management: Constructing A Context for Global Engagement V for USAF/CC (in conjunction with AF/XOS, AF/XON, and AF/XOC), April, 2002, (subsequently cited as “Escalation Management”); and Information Engagement: A Strategic Concept for Employing Information to Enhance National Security for ASD/C3I, January 2000, (subsequently cited as Information Engagement). 16 Quoted

UNCLASSIFIED preference for simple solutions to complex governance problems continues to be strong.”18 It is essential to remember that Containment was the overarching strategy and deterrence not as an end in itself. The U.S. employed deterrence in order to prevent the Soviet Union from gaining advantage from acts of aggression in the short-term, but the strategic objective behind Containment was to allow internal pressures to modify the dynamics (and objectives) of the regime in the long-term. We need to bring that same perspective to bear and define what are our long-term objectives. Without understanding those objectives or seeing deterrence as part of an appropriate strategy in pursuing those objectives, there is no effective way to assess the costs and advantages of decisions by other than their immediate consequences.

18 Elinor

Ostrom, “A diagnostic approach for going beyond panaceas,” Proceedings of the National Academies of Science (PNAS), vol. 104, no. 39, September 25, 2007, p. 15181. (Subsequently cited as Ostrom, “Panaceas”) Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED

II. REASSESSING THE LOGIC OF TRADITIONAL DETERRENCE (TASK 3) Deterrence is generally viewed as having been successful in overcoming the perils from a dangerous new technology and preventing major conflict between the two nuclear-armed adversaries during the Cold War. As a result, it appears to present powerful lessons from recent experience with which many decision-makers are familiar. Given that decision-makers frequently try to use historical analogy to help them understand difficult new problems;19 it is not surprising that there is now temptation to employ old deterrence concepts to address the difficult new security challenges in the cyber domain. However, as Neustadt and May cautioned with respect to applying historical analogies, “Background and context get skipped.”20 Simply attempting to apply “the lessons of deterrence” without regard to the characteristics of the current geostrategic circumstances or to the particular properties of the cyber environment is unlikely to prove successful unless done carefully. Furthermore, this may, in fact, be a dangerously misleading exercise since deterrence and its lessons have often been misunderstood. Attempting either to ignore the substantial differences in the strategic environments or to force fit the old concepts and methods of deterrence that were developed for a very different set of security challenges runs two very real risks. One risk is creating superficially attractive concepts and responses for decision-makers that disguise the lack of real applicability in our current circumstances (such as reliance on concepts totally dependent on attribution). The second risk arises from emphasizing salient differences that mask basic commonalities, thereby overlooking opportunities to exploit deterrence concepts that are fundamentally applicable; this could lead to undervaluing the potential contributions and utility of deterrence in the current circumstances. In order to minimize both these risks, a translation process that takes these serious problems into account is needed in order to apply deterrence to our cyber-security challenges; it would recognize the important structural differences, but adapt the concepts in order to exploit their capabilities to deter cyber security threats. As the Introduction suggested, building the case for a new approach in order to employ deterrence successfully against cyber threats requires two inter-related but 19 See

Richard E. Neustadt and Ernest R. May, Thinking in Time: The Uses of History for Decision Makers, (New York: The Free Press, 1986); this book is often treated as the senior official’s guidebook for how to use analogy in decision-making. 20 Neustadt and May, p. 4. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED distinct lines of argument: the logic for a new deterrence and the logic of a new deterrence. This logic for a new deterrence addresses the important changes in the conditions of the international system, the implications of our perceptions of those changes, and our understanding of the different behaviors of key actors who now populate the system. The growing inconsistencies between the foundational bases of traditional deterrence and the current set of conditions of the international system underscore the importance of clearly identifying the sources of those divergences and appreciating their implications for deterrence. Among the most important of these, several factors relate to the ability to recognize attacks, and then to attribute and identify the attacker.

A. SOME IMPORTANT CHARACTERISTICS OF TRADITIONAL DETERRENCE The common, if not dominant, view is that deterrence (especially nuclear deterrence) of acts of aggression rested largely, if not solely, upon the threat of large-scale ex post retaliation. Embedded in this view are numerous critical assumptions, among them: that we could identify the aggressor, that he had important assets that we could destroy, that we had the capacity and will to do so, and that such damage would outweigh any potential gains for the attacker. Although widespread, this view provides a very incomplete and misleading explanation for how deterrence was conceived and practiced during the Cold War—the basis for most attempts to apply deterrence to our new cyber challenges. In seeking to identify and understand the salient characteristics of traditional deterrence, it is useful to employ the three-question framework set out by Neustadt and May in Thinking in Time in order to make critical facets of the logic explicit:21 • Why do we believe that? • Why did we expect that? • What made us believe that they would do that? In many cases, the answers to these questions involve analogical reasoning about the context in which the original decisions were taken to the current circumstances. The answers to these questions can then be analyzed, again relying on the framework from Neustadt and May, to determine what factors are “known,” which are “unclear,” and which are “presumed.” Since we often tend unthinkingly to carry over unarticulated 21 Neustadt

and May, p. xvi.

UNCLASSIFIED assumptions from our analogical basis without subjecting them to rigorous testing in the new circumstances, such clarity is important. And context is often the dominant factor in whether an analogy is appropriate, especially as one crosses the cusp of fundamental shifts in the environment or how we perceive it. In this environment, moreover, the contextual reference frame through which benefits versus risks are perceived and the factors by which an already complicated deterrence calculus is assessed is now likely to be more complex than in the past. Deterrence has often been treated as an abstract game played by coolly calculating rational actors, but it is conducted by real human beings making decisions under pressure and stress, as well as with imperfect information. Moreover, these decisionmakers exhibit all of the well-characterized problems affecting human judgment, as well as the impacts of emotion (affect) on their perceptions and decisions. “…the psychological processes of people under pressure explain why the credibility of deterrent threats may be greatly overestimated by the state making them or greatly underestimated by the state being threatened. Deterrence involves not abstract decision makers but human beings whose ways of thinking and feeling strongly affect their behavior.”22 Despite recognizing the catalogue of cognitive impediments to decision-making, these were not well integrated into the deterrence calculus during the Cold War.

B. THE INTELLECTUAL FOUNDATIONS OF TRADITIONAL DETERRENCE The traditional U.S. doctrine of nuclear deterrence rested upon a construct of an international system built on a foundation of four Enlightenment Era pillars; and each of them contains multiple important corollaries that will be detailed in subsequent sections. The first pillar was political “Realism” which was the basis for the modern state-centered international system.23 The second was a Newtonian framework based on classical physics with respect to structures and forces: linear, deterministic, and predictable. The third aspect of traditional deterrence was a Clausewitzian understanding of the purposes of conflict in which war was seen as a continuation of politics or political struggle. Finally, the fourth pillar built on assumptions of classical economics (Ricardo, Smith, and Simon) for its understanding of behaviors by both 22 Robert Jervis,

The Meaning of the Nuclear Revolution: Statecraft and the Prospect of Armageddon, (Ithaca: Cornell University Press, 1989), p. 66 23 Zagare (1996), p. 365 Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED human and state actors: rational, value-maximizing actors employing a “cost-benefit” value calculus within a competitive game-theoretic construct—which, moreover, was often perceived to be zero-sum.24 That this was a world believed to be fundamentally knowable through rational thought was an important corollary of the underlying perspectives of universally applicable laws and observable phenomena. These aspects provide fertile ground for a fifth aspect of Enlightenment thought—Bacon’s “scientific method” with its reliance on reductionism—that does appear to condition how we still think about analyzing and understanding the world around us—by focusing on the pieces and their predictable interactions. As highlighted in a recent Foreign Affairs article by the senior State Department policy planning official, “The twentieth-century world was, at least in terms of geopolitics, a billiard-ball world, described by the political scientist Arnold Wolfers as a system of self-contained states colliding with one another. The results of those collisions were determined by [tangible] military and economic power.”25 Together these four elements helped to create a vision of a world in which relations among major actors was seen to be normally (and normatively) stable, but which could potentially be upset by disequilibrating forces such as acts of aggression, conflicts, and wars. What Morgenthau said about political realism actually applies to all four pillars; it is an extremely ordered, rational perspective on how the international system and its constituent elements work. “Political realism believes that politics, like society in general, is governed by objective laws that have their roots in human nature.”26

1. The Realist Perspective on the International System Realism is a post-Treaty of Westphalia perspective on international politics based on the modern nation-state, in which self-contained, unitary states acting in their own interests were the primary actors. These states possessed full internal authority and legitimacy—i.e., all citizens owed allegiance to the state, and the state held a monopoly on the large-scale use of force. This represented a sharp change from the previous feudal system, in which there were multiple allegiances based on religion, family, or 24 See Thomas J. Christensen, “Fostering Stability or Creating a Monster? The Rise of China and U.S. Policy toward East Asia,” International Security, Vol. 31, No. 1 (Summer 2006), pp. 81–126, for a discussion of other perspectives, including “positive-sum” (or “plus-sum”) objectives. 25 Slaughter, op. cit. 26 Hans J. Morgenthau, (revised by Kenneth W. Thomson), Politics Among Nations: The Struggle for Power and Peace, Brief Edition, (New York: McGraw-Hill, 1993), p. 4. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED reciprocal personal loyalties rather than nationality. Feudalism with agreed-upon mutual obligations, revolved around land-holding relationships based on the fief, a grant of land by the lord to the vassal; in return, the vassal was responsible to answer to calls to military service on behalf of the lord. Unlike feudalism in which weak monarchs tried to control their realms through these reciprocal agreements with regional rulers bound by ties of fidelity, homage, and fealty, the modern nation-state was instead bound by a collective consciousness of and allegiance to an abstract idea of “the state” or (“the nation”), as opposed to personal ties or linkages to more particularistic groups (family, clan, city, etc.).27 Neither internal domestic politics among factions, nor the personal interests of the ruler, were considered to be relevant to state actions, but rather pursuit of a collective interest. “It is not necessary to study the internal politics of nations or governments, since their interactions on the international scene can be understood in terms of the pressures they exercise upon each other, and the responses to those pressures.”28 In that post-Westphalian international environment, moreover, the currency of state influence was based on tangible elements of national power.29 Realism sees international politics as “a competition of units in the kind of state of nature that knows no restraints other than those which the changing necessities of the game and the shallow conveniences of the players impose.”30 It is amoral (in the neutral sense of the term), pursuing state interests above personal interests (such as dynastic succession) or common interests of “international society”—justice, altruism, ideology or ideals, or even simple humanitarian objectives. As Waltz subsequently noted, Realist states sought to maximize power while modern states might, more properly, be termed “Neorealist” since they seek to maximize security rather than power per se. Realism provided not just an anecdotal history, but also an overarching theory of international relations, including a coherent explanation of international politics and war, which exhibits order even in conflict, unlike the messier Hobbesian “state of nature.”31

27 Liah

Greenfield, Nationalism: Five Roads to Modernity, (Cambridge, Mass.: Harvard University Press, 1992). 28 Graham Evans and Jeffrey Newnham, The Dictionary of World Politics (Hemel Hempstead, 1990). 29 Kissinger, “The Three Revolutions,” Washington Post, April 7, 2008, p. A17 30 Stanley Hoffmann, The State of War: Essays on the Theory and Practice of International Politics (New York: Praeger, 1965), p. vii 31 Waltz, Theory of World Politics (Reading, Mass: Addison-Wesley, 1979). For convenience, we will subsequently use the term “Realist” to cover both perspectives. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED Interestingly, during the Cold War views on the nature of peace and conflict largely continued to mirror a post-Westphalian perspective that seems to draw more on Immanuel Kant than Thomas Hobbes. In this view, “peace” was (and should be) the natural state of relations among nations and war would be a profound disturbance of that natural condition (a mechanistic state of balance and equilibrium) of the international system.32 As highlighted by several leading scholars, “Deadly nuclear weapons and a carefully maintained strategic balance were the twin pillars upon which this global nirvana rested (Gaddis, 1986; Waltz, 1993).”33 “…Not only did Classical Deterrence Theory purport to explain the absence of a US-USSR was after 1945 but, if properly heeded, could all but eliminate the possibility of future superpower conflict.”34 While Jack Levy found that there were more years of conflict than peace during the Cold War, there were actually no open hostilities between the two superpowers themselves and the two superpowers ultimately found a common interest in preventing an apocalypse even while seeking advantage.35 Although there was no “Leviathan,” the awesome threat of nuclear conflict certainly dampened temptations for direct conflict between the superpowers. “Prior to 1945, the international system was decidedly multipolar as several great nations and a handful of lesser states vied for power and influence around the globe. But after the defeat of Germany and Japan in 1945, this was no longer the case. The multipolar Eurocentric world had suddenly been transformed into a system dominated by two superpowers from the periphery of the European state system. The bipolar nature of the post-war period would have to be considered by theorists trying to discern the new system’s inner workings.”36 An important corollary of a realist preference for stability is the notion of balance of power, achieved through the dynamic pursuit of power or security. As many scholars have noted, “In a system where every state must provide for its own security, most realists hold that a balance of power is the most efficient mechanism for maintaining order.”37 Balance of power was specifically mentioned in the Treaty of Utrecht (1717) 32 In

this view what is important is not the debate on “Democratic Peace Theory” but rather Kant’s position that peace is and should be the natural state of relations. 33 Zagare (1996), p. 366. 34 Zagare (1996), p. 366. 35 I want to express my appreciation to Joe Nye for highlighting in comments that even during the periods of heightened confrontation, there did exist a mutual interest between the U.S. and the Soviet Union in preventing a nuclear war. 36 Zagare (1996), p. 366. 37 Zagare (1996), p. 367 Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED and like Newton’s “clockwork universe” does not require an outside force to maintain its equilibrium. It was recognized, however, that the search for power by autarchic states could create a “security dilemma” in which one state’s increase in power was perceived to reduce the security of others; but it was exactly that interaction of selfinterests that brought balancing through coalitions (cooperation) into play, which was thought to increase overall stability. Indeed, the adoption of “Containment” as the overarching American strategy throughout most of the Cold War can be seen as a powerful ratification of this perspective on stability of the international system.

2. Newtonian Physics and Determinism The impact of Isaac Newton (1643–1727) on Enlightenment thought can hardly be overstated. Newton’s physics laid out universal laws that could provide understanding of causality of forces and reactions in concrete terms; and indeed they helped to create the concept of a “clockwork universe” whose working is explainable by rational, physical causes. Beyond the scientific importance of his work on mechanics, optics, and the laws of motion, he helped support the growing emphasis on rational as opposed to metaphysical explanations. “The revolution in scientific thought that culminated in Newton led to a vision of the universe as some gigantic mechanism, functioning ‘like clockwork,’ a phrase we still use – however inappropriate it is in an age of digital watches – to represent the ultimate in reliability and mechanical perfection. In such a vision, a machine is above all predictable.”38 This physics is grounded in determinism and linearity of cause and effect; and his worldview, like that of other Enlightenment figures, provided a rational framework for exquisite predictability and boundable uncertainty. The rapid development of mathematics and especially statistics of large numbers reinforced the sense of calculability and predictability. “Mechanics came to be regarded as the ultimate explanatory science: phenomena of any kind, it was believed, could and should be explained in terms of mechanical conceptions. Newtonian physics was used to support the deistic view that God had created the world as a perfect machine that then required no further interference from Him, the Newtonian world machine or Clockwork Universe. These ideals were typified in Laplace's view that a Supreme Intelligence, armed with a knowledge of Newtonian laws of nature and a knowledge of the positions and velocities of all 38 Ian

Stewart, Does God Play Dice? The Mathematics of Chaos. (Cambridge, Mass: Blackwell, 1989), p.9.

UNCLASSIFIED particles in the Universe at any moment, could deduce the state of the Universe at any time.”39 {Encyclopedia Britannica} Thus, it is not surprising that realism found Newton’s physics congenial to their understanding of the post-Westphalian international system. It was easy to view unitary state actors as Newtonian “billiard balls” within a predictable mechanical system and natural, from a Newtonian perspective with the universe as a model, to see the international system incorporating a self-regulating balance of power. The classic deterrence principles were consistent with all these elements.40

3. Clausewitzian Conflict As with Realism and Newtonian determinism, a Clausewitzian perspective provides a fundamentally rational approach to conflict: war is an extension of politics and political struggle. “War is to be regarded not as an independent thing, but as a political instrument.”41 It is intended to increase a state’s power, not waged for personal glory of leaders or in response to personal insult.42 These are wars fought for specific, usually limited political objectives, and prosecuted by conscripted mass militaries with professional leaders, and supported by the wealth of nation-states, not rulers’ purses. War “’is an act of violence intended to compel our opponent to fulfil our will’ (I, p. 2) – violence is the means, and ‘the compulsory submission of the enemy to our will is the ultimate object’ (I, p. 2).”43 Furthermore, unlike the Thirty Years War that preceded the Peace of Westphalia, in Clausewitzian conflicts a distinction was generally made between the enemy’s forces and the civilian populations.44 The traditional laws of war reflect these factors: justification for resort to force, military necessity, proportionality, and distinction of combatant forces. Although written after the Napoleonic Wars, Clausewitz recognized that with the forces of nationalism to fuel it, the capabilities of the industrial revolution to supply it, and the mass conscript forces to wage it, there were now wars that were too dangerous

39 <http://www.britannica.com/topic/371907/mechanics>, accessed

9/30/1999. (1996), p. 367. 41 Clauseqitz, Book I, p. 25 42 Such as the War of Jenkins’ Ear, leading to the War of the Austrian Succession in 1742. 43 Clausewitz, quoted in J.F.C. Fuller, The Conduct Of War, 1789-1961: A Study Of The Impact Of The French, Industrial, And Russian Revolutions On War And Its Conduct, p. 61. 44 Fuller, p. 59ff 40 Zagare

UNCLASSIFIED to fight because of the forces they could unleash. It was for exactly this reason that he emphasized the necessity for political purpose and limited objectives.

4. Rational Economic Actors Like Realism, the theories of economics grounded in the Enlightenment also looked towards the nation-state as the context for thinking about the growth and allocation of resources. Indeed, Adam Smith’s The Wealth of Nations clearly marks a transition from feudal views of property, in which it is grant or gift from a suzerain to capitalism, which is based on private ownership of wealth—citizens are endowed with “property rights” grounded in institutions and a legal framework outside the reach of rulers.45 Furthermore, Smith provides a context of national interests, not the rights of rulers, in looking at how wealth is created, owned, and shared. David Ricardo’s concept of “comparative advantage” and Smith’s “invisible hand,” leading to a self-regulating market system, were both consistent with other Enlightenment rational perspectives from science and politics. Subsequent writings by Jeremy Bentham and John Stuart Mill on utilitarianism provided both an ethical and legal basis for economic decisions on property that were grounded in natural law and natural rights, not on the subjective decisions of rulers. This then created the framework for rational actor economics, which rests on the basic principles of individuals pursuing their self-interests in competition with others by choosing among their preferred options rather than relying on the whims of rulers for allocating the wealth of a country.46 The entire concept of utilitarianism—or utility maximization—providing a theory of value based on individual preferences, and on expectations of actors following utilitarian principles is central to our concept of rational decision-making.47 Rational assessment of benefits and risks within these classical assumptions about value functions and human decision-making builds on the assumption, like that of Smith’s “invisible hand,” that all individuals are pursuing their own self-interests with an intention to maximize their utility. 45 Smith,

Wealth of Nations. Given our Founding Fathers beliefs in natural laws, it is no accident that the Fifth Amendment to the U.S. Constitution enshrines property rights as one of the fundamental liberties protected again encroachment by the sovereign. 46 William J. Baumol, Economic Dynamics, 3rd edition, (New York: Macmillan, 1970). 47 J. S. Mill, Utilitarianism. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED Most studies by political economists assume a standard model of rational individual action—what I will call a rational egoist. A wide range of economic experiments have found that the rational egoist assumption works well in predicting the outcome in auctions and competitive market situations (Kagel and Roth, 1995).… One of the major successes of experimental economics is to demonstrate the robustness of microeconomic theory for explaining market behavior.48 As one scholar noted, “Economics may be called the dismal science because economists routinely make worst case assumptions regarding people's motives. Economic reasoning is typically based on the self-interest hypothesis, ie, on the assumption that all people are exclusively motivated by their material self-interest.”49 Within this abstract, and rather sterile, context of human behavior, games involving Nash equilibria produce stable optimum solutions—“saddle points”—and this tends to reinforce expectations about stability and predictability. Interestingly, the common use of game theory and Nash equilibria in traditional deterrence analysis also tie together two of the foundational pillars—economics and realism—by tightly linking assumptions about economic rationality and non-cooperative behavior in decisionmaking. “A common criticism of economic models is that observed decision behavior typically deviates, often quite substantially, from the models' predictions. Most classical game theoretical analyses predict that rational, self-interested players will make decisions to reach outcomes, known as Nash equilibria (4), from which no player can increase his or her own payoff unilaterally. However, players rarely play according to these strategies.”50

5. A Coherent Foundation Although this Enlightenment model of the world around us had many interacting pieces, the framework behind our mental models assumed that its overall behavior, like that of a very complicated piece of machinery such as an automobile engine, could be 48 Elinor Ostrom, “Collective Action and the Evolution of Social Norms,” The Journal of Economic Perspectives, Vol. 14, No. 3, Summer 2000, p. 139. (Subsequently cited as Ostrom, “Social Norms”) 49 Ernst Fehr and Urs Fischbacher, “ Why Social Preferences Matter – The Impact of Non-Selfish Motives on Competition, Cooperation and Incentives,” The Economic Journal, Vol. 112, No. 478, Conference Papers (March, 2002), p. C1. (Subsequently cited as Fehr and Fischbach, “Preferences”) 50 Alan G. Sanfey, “Social Decision-Making: Insights from Game Theory and Neuroscience,” Science, 26 October 2007, Vol. 318, p. 599. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED understood by analyzing its individual component elements and the interactions among them, that it was both knowable and controllable, and that consequences of actions could be predictable. These assumptions were not unreasonable and, indeed, were largely reinforced by our experiences of everyday life in which proportionality and consistency in outcomes led to expectations of predictability in the world around us. Most importantly, those Enlightenment foundations seduced us into accepting a set of crucial presumptions about the underlying phenomenology of the international system and its actors: that it was rational, proportional, and knowable. These, in turn, favored an approach to epistemology, i.e., how to understand, that remains based heavily on Bacon’s notion of the scientific method: a replicable process of careful observation, precise measurement and gathering of accurate data, and experimental testing of hypotheses. Unfortunately, it is also a method that leads to an emphasis on reductionism and can produce a potentially unfounded sense of predictability. With those four aspects as the foundations for the mental framework of the international system and the workings of international politics, the character and implementation of deterrence naturally followed: • To prevent upset or to restore equilibrium • To create a rational risk-reward/cost-benefit calculus • To apply calibrated physical force in ways that could be accurately predicted

C. OVERVIEW OF COLD WAR NUCLEAR DETERRENCE The very visible destruction of Hiroshima and Nagasaki by two relatively small atomic weapons, followed by nearly two decades of above-ground testing and stockpiling of thousands of far larger thermonuclear weapons provided stark and frightening images of the likely aftermath of their use. In addition, concerns over radiation highlighted by pictures of Hiroshima survivors and victims of fallout from above-ground tests amplified the dangers of this “taboo technology.”51 It was against this background that American national security policy, with deterrence at its core, evolved.

51 Paul

Slovic, Baruch Fischhoff, and Sarah Lichtenstein, “Facts and Fears: Understanding Perceived Risks,” in R. Schwing & W. A. Albers, Jr. (Eds.), Societal risk assessment: How safe is safe enough? (pp. 181214). (New York: Plenum, 1980). Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED 1. The Genesis of Nuclear Deterrence As post-war tensions rose due to increasing Soviet pressures on Greece and Turkey throughout the late 1940s, the fracture lines between the wartime allies grew and soon coalesced into a tense two-sided confrontation. Early hopes for creating a post-war global community, reflecting the Wilsonian tradition in American foreign policy, had faded by 1947. Both the American leadership and foreign policy establishment became convinced that there existed insurmountable differences with an increasingly aggressive Soviet Union and that this fundamental divide defined a broad spectrum of relationships.52 With the public pronouncement of the Truman Doctrine in March 1947, it was clear that the breach with the Soviet Union was broad and deepening. In July 1947, the famous “X” article in Foreign Affairs written by George Kennan codified this view, although substantial disagreement over an appropriate response quickly became evident.53 With the Soviet blockade of Berlin and the start of the Berlin Airlift over the summer of 1948, tensions continued to mount, making the breach irreconcilable. President Truman announced the Point Four program (effectively what became known as the Marshall Plan) in January 1949 and the North Atlantic Treaty, creating NATO, was signed in April 1949. As one consequence of the rapidly deepening divisive confrontation, the three-hundred year-old multipolar international system was replaced by a new bipolar structure with little time for adjustment. In September 1949, the U.S. detected the first signs that the Soviet Union had conducted an atomic test; and in short order, the President directed the initiation of work on NSC-68—what became the foundational document of American post-war strategy. Basically drafted by Paul Nitze, that document, when finally approved by Truman in late June 1950 after the invasion by North Korea, served both to define the image of an implacable adversary and to create the sustained policy foundation (not only military but political and economic as well) to contest the Soviets on a worldwide basis: it put forward the strategy of Containment. As an earlier study highlighted, “Containment was adopted as the over-arching U.S. strategy to address the threat from a revolutionary power seeking to extend its domain and overturn the established order. Containment was designed to 52 Steven

L. Rearden, “The Evolution of American Strategic Doctrine,” SAIS Papers, Number 4, (Boulder, CO: Westview Press, 1984), p. 8. This entire section (pps. 7–19) provides a good concise summary of the early roots for Containment and deterrence. 53 Rearden, p. 9. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED bring about the collapse of the Soviet Union by giving the internal contradictions within Soviet society time to grow, fester, and kill it through its own Thermidor. Containment was a passive-aggressive strategy intended, with deliberation, to conceal its ultimately transformative purpose behind its defensive manifestation; it was seen by George Kennan as a decisive approach to the Soviet problem over the long-term. But it required the will both to continually defend against Soviet excursions and to maintain steady pressure—not only military but also economic and political pressures to create the stresses that would ultimately destroy Soviet power. Containment demanded the fortitude to remain on watch and constantly defend the ramparts in the meantime; it also demanded the patience—despite calls to adopt more overt, aggressive postures such as “rollback”—to wait out the Soviet Union’s demise from its own internal contradictions.”54 As the Cold War thus began in earnest, budget realities heavily shaped the choice of U.S. strategy: the perception of an overwhelming Soviet advantage in conventional forces led the U.S. to look to its unilateral possession of atomic weapons as an affordable counter to potential Soviet aggression. Despite the huge increase in American defense budgets in reaction to the invasion of Korea, this view was continued in the Eisenhower Administration; President Eisenhower spoke clearly of American atomic weapons as key to “offset the preponderance of [Soviet] military power in Europe.”55 Indeed, as Rearden noted, “In 1949, while previously serving as acting chairman of the Joint Chiefs of Staff, Eisenhower had helped advance that strategy [reliance on nuclear weapons] by urging Secretary of Defense Louis Johnson to make strategic bombing and air-atomic retaliation the centerpiece of defense planning.”56 In response to the consolidation of Soviet power in eastern Europe and growing Soviet military capability, Europe attempted to create its own defense counterweight; but fiscal constraints had similar effects as in the U.S. A French-led initiative to construct a European Defense Community (EDC) without Germany failed on fiscal grounds, compounded by manpower limitations. That failure spurred NATO to allow West Germany to join; but initial interest in large-scale conventional defense by NATO waned with the Lisbon force goals, requiring 96 ground divisions. Stark budgetary realities in both Europe and the U.S. placed real limits on the perceived ability to create an effective conventional defense for Europe. Moreover, despite a short period of fascination early in the Eisenhower period with theater atomic weapons for a direct 54 Cooper,

“Escalation Management,” p. 2. fn 3, p 3. 56 Rearden, p. 35. 55 Jervis,

UNCLASSIFIED defense capability (the “Pentomic Army”) for Europe, “Massive Retaliation,” enunciated by Secretary of State Dulles, remained the core strategic policy throughout the Eisenhower administration for deterring major Soviet acts of aggression. Deterrence works best when there is a clear coincidence of means and mechanisms, on the one hand, and threats and objectives on the other. Therefore, it was logical to employ threats of devastating large-scale retaliatory strikes to deter a surprise decapitating attacks (known as ”bolt out of the blue” BOOB attacks) by the Soviets. As an earlier report made clear, “And not far in the background lay the horrors of World War II, waged against totalitarian opponents who initiated conflict with surprise attacks against opponents on every front—Poland, France, the Soviet Union, and the United States. One of the key drivers of early U.S. nuclear policy was concern over surprise attack with nuclear weapons, reprising in a far more devastating way our entry into World War II as a result of Pearl Harbor.”57 However, with the Soviet atomic test in 1949, the Soviet thermonuclear weapons tests in the early 1950s, the apparent creation of a significant long-range bomber force (marked by the flyover at the 1956 Tsushino airshow), the 1957 orbiting of Sputnik, and the deployment of Soviet intercontinental ballistics missiles (ICBMs), the U.S. had to address the strategic problem of deterring Soviet conventional aggression, especially against western Europe, in the absence of an atomic monopoly. Continuing to threaten “massive retaliation” to prevent conventional attacks, even with sizable American forces at risk, was now less consistent with the balance of threats and risks, and therefore certainly less believable, after the development of a credible Soviet atomic capability. Threatening nuclear use to deter low-level activities was even less consistent, and hence even less a credible deterrent. With Massive Retaliation an increasingly incredible and untenable response to potential aggression, the Kennedy/Johnson administrations serially posed a number of alternative nuclear doctrines, such as the “no cities,” strategic defense, and “flexible response,” in an attempt to prolong an effective deterrent threat in the face of rapidly expanding Soviet strategic capabilities. At the same time, there was a renewed focus on creating effective theater capabilities, leading to the development of the NATO Triad— first direct defense with conventional forces, next escalatory response by theater nuclear forces, and then employment of strategic nuclear forces, in attempting to retain leverage 57 Cooper,

“Escalation Management,” p. 1.

UNCLASSIFIED from its nuclear forces for extended deterrence. With the announcement in early 1974 of NSDM 242 and the “new targeting policy,” a formal change to “limited options” and very controlled use was made clear to adversaries and allies alike in response to the Soviets having obtained strategic parity.

2. Commonly-Held Precepts of Nuclear Deterrence Even now, over sixty years after the start of the Cold War and the beginning of the development of the theory and practice of nuclear deterrence, it remains difficult to sort out facts and myths about deterrence—both as it was conceived and as it was practiced throughout that period. Despite the huge academic corpus on the subject (and a substantial but often still classified body of professional writings), clarity and understanding remain bedeviled by what would be called in fiction “the problem of the unreliable narrator”—few scholars of these topics came without strong views or biases (as Jervis himself notes in a quotation below) that clearly colored their narratives and findings. However deterrence was implemented: “Throughout most of the Cold War, deterrence had three principal objectives. The first, and most important, was our initial and overriding concern: to forestall strategic attacks on the U.S. itself, or against its forces. The second objective was to prevent major acts of conventional aggression against our allies, and the third was to prevent nuclear strikes against them as well. The U.S. accepted these latter two objectives as part of our political commitment to extend deterrence to our allies although they ran real risks of conflicting with the first. Indeed, it is difficult to overestimate the importance of our alliance relationships—NATO in particular—as the key driving factor in our deterrence, nuclear employment, and escalation policies.”58 The actual dictionary meaning of deterrence is “to restrain,” with the connotation of instilling self-restraint through fear, or doubt or anxiety.59 As one retrospective review article highlighted, there appeared to be reasonably common agreement over the key tenets of deterrence. “As Classical Deterrence Theory matured in the 1950s and early 1960s, many strategic thinkers nurtured its growth. Scholars like Herman Kahn, Thomas Schelling, Oskar Morgenstern, William Kaufman, and Glenn Snyder contributed mightily to its development and refinement. In time, 58 Cooper,

UNCLASSIFIED the theoretical edifice they created came to be seen as the Rosetta Stone of the nuclear age. As a descriptive tool, it was used to explain the operation of the international system and its constituent parts; and, as a normative device, policy makers in the United States and later the Soviet Union employed it as a guide to action. With seemingly good reason, the tenets of the theory came to be considered, in both academic and official circles, the conventional wisdom.60 There also appeared to be general agreement within the academic community on the benefits of nuclear deterrence. “Not only did Classical Deterrence Theory purport to explain the absence of a US-USSR was after 1945 but, if properly heeded, could all but eliminate the possibility of future superpower conflict. Deadly nuclear weapons and a carefully maintained strategic balance were the twin pillars upon which this global nirvana rested (Gaddis, 1986; Waltz, 1993).”61 However, there was perhaps substantially less agreement on key aspects than realized by those outside these communities. As the reviewer went on to note, this conventional wisdom was, however, actually a synthesis of two very different schools— structuralist (or Neorealist) and decision-theoretic; although they appeared to accept the same central role of nuclear deterrence, each brought different perspectives to bear and importantly saw quite different implications, especially with respect to stability of the system and the importance of relative balances between the two opponents.62 Moreover, while there were spectrums of opinion in both the academic and practitioner communities, there tended to be several significant differences in perspective between these two literatures. As Jervis summarized Brodie’s position63 with respect to nuclear weapons having revolutionized military theory and the relationships between force and foreign policy: “Nuclear weapons have severed the links between the ability to protect the state’s values; deterrence by punishment {retaliation} has replaced deterrence by denial because no one could win an all-out nuclear war; levels of absolute capability are now more important than relative power because with nuclear weapons, what is crucial is each side’s ability to cripple the other, and the capability is measured by the match between

60 Zagare

(1996), p. 366. (1996), p. 366. 62 Zagare (1996), p. 367. 63 Brodie was author of The Absolute Weapon and is often considered to be the father of nuclear deterrence theory. 61 Zagare

UNCLASSIFIED the country’s forces and the targets it seeks to destroy, not between the two sides’ forces.”64 One key fracture line was over the issue of whether nuclear deterrence was “existential”—that effective deterrence existed simply due to the “apocalyptic” consequences of a potential nuclear conflict. And it is clear that the center of mass within the academic corpus lies far closer to the pole that deterrence was “existential” and stable than do the writings of the practitioner community. In contrast to Brodie’s views (joined by the majority of the academic community), the practitioner corpus, on the other hand, sat closer to and more often evinced the serious concerns first expressed publicly by Wohlstetter in his 1958 RAND paper, “The Delicate Balance of Terror,” over the simple “existential” nature of nuclear deterrence and, with the growing Soviet strategic capability, the effectiveness of simple retaliatory threats.65 Such fundamentally different perspectives on the implications of ultimate societal vulnerability complicated common understandings concerning deterrence throughout the Cold War, and they continue to impact more recent analyses. Most adherents of Mutually Assured Destruction (MAD), especially those in academia, believed that such vulnerabilities undercut any attempt at, or utility of, using even more limited military force due to the danger of uncontrollable escalation. However, as the literature makes clear, while we could exercise “fate control” over the adversary under those conditions, we still could not control the behavior of our adversary, including his ability to make bad decisions or decisions with inadvertent consequences.66 Most policy-makers on the other hand—even those who assumed that unintended, uncontrollable escalation was unavoidable and were extremely concerned about societal consequences—believed that providing some alternatives to inevitable large-scale strikes was essential for effective deterrence of aggression, especially given our formal alliance commitments and less formal extensions of the deterrence umbrella. Furthermore, in the academic corpus there is also more emphasis (if not certainty) than in the practitioner literature that the appropriate mechanism for deterrence was by punishment (especially by large-scale retaliation) rather than denial. Another important fracture line, especially between the academic and practitioner communities, was over the issue of deterrence “by retaliation” versus “by denial;” academics 64 Jervis,

pps. 46-47 p. 68-69. 66 See Jervis (1989), p. 3 fn #7, Thibault and Kelley, The Social Psychology of Groups (New York: Wiley, 1959). 65 Jervis,

UNCLASSIFIED generally favored greater reliance on retaliation whereas the practitioner community sought to increase the range of choices available to decision-makers for forestalling and responding to potential Soviet acts of aggression. The problem has been compounded because many authors commonly use the term “deterrence” as shorthand for “nuclear deterrence” (or even more specifically, “deterrence by threat of nuclear retaliation”), although this narrow meaning was certainly not necessarily accepted by all the key contributors to classical deterrence theory.67 As Jervis, one widely respected academic specialist on the subject, observed twenty years ago, “So much has been written about nuclear doctrine that the issues and arguments, if not the answers, should be clear. But they are not, even—or especially—for the best-known strategy, Mutual Assured Destruction (MAD). Because those who are sympathetic to MAD do not agree on all its details, some confusion is understandable and this attempt at clarification must be in part a personal one. “Not only does MAD mean different things to different people, but the term is used sometimes for description and sometimes for prescription. It may also refer, either descriptively or prescriptively, to different aspects of policy—to declaratory policy, procurement policy, or war planning. Since these elements are not always consistent, one aspect of policy may be accurately described as MAD while others might not be.…”68 While theory and doctrine were continually developed, elaborated, and modified throughout the Cold War, none, in reality and thankfully, were ever evaluated through practical experiment. Therefore, absent empirical evidence, much of the commentary on validity continues to rest on speculation and essentially unprovable arguments that appeared almost theological. However, it is extremely important to appreciate that in practice deterrence was rarely so limited in its reliance on retaliation (and especially large-scale retaliatory strikes) as it might appear from a retrospective review of the academic (and popular) literature. “As noted at the time by Robert Osgood, limited war was intended to allow the U.S. to take meaningful (even if not decisive) actions while 67 See, for example, a recent RAND report on “Cyberdeterrence,” which perpetuates this crucial misunderstanding, p. 7. “For purposes of concision, the use of deterrence in this work refers to deterrence by punishment.” Martin C. Libicki, Cyberdeterrence and Cyberwar, (Santa Monica: RAND, 2009). 68 Jervis, p. 74 Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED minimizing the likelihood that our Soviet adversary would be pushed beyond the limits of his tolerable losses and thus escalate to major conflagration. Indeed, the concept of limited war was explicitly designed to put only the assets and forces committed to the engagement at risk rather than put larger stakes of national prestige or military forces from either side into the pot. Thus, recognized limits on objectives, forces employed, scope and scale of conflict needed to be understood and accepted by all parties.”69 However, it is fair to note that the forward-deployed American forces put at risk in the face of a Warsaw Pact attack served not only to improve the actual capabilities for theater combat, but also as tangible evidence of our commitment and as ways to raising the perceived risks to the Soviets in destroying them, potentially triggering unstoppable escalation. Finally, during the Cold War, although there was reasonably common agreement among policy-makers on deterrence doctrine as well as on an overarching security strategy agreed at the highest levels, there were several distinct policies addressing different aspects of nuclear deterrence.70 Practitioners would generally separate overall policy for nuclear war into several discrete, although related, policy elements. The planning process distinguished between employment policy—including targeting, release, and execution policies—from force structure and basing (acquisition and deployment) policies, and at times from strategic defense policy. In addition, from at least the mid–1960s onward with the beginning of the strategic arms limitation discussions between the U.S. and the Soviet Union, arms control was always another important policy element. And declaratory policy for nuclear weapons use, although more public, was often less explicitly recognized as a key aspect of the overall policy package for reinforcing deterrence, especially as the Soviet Union achieved strategic parity.71 However, despite an overall framework for policy coherence, these individual 69 Cooper,

“Escalation Management,” p. 6; see Robert E. Osgood, Limited War: The Challenge to American Strategy. (Chicago: University of Chicago Press, 1957). 70 For most of the Cold War, few other aspects of American security policy were as top-down directed and controlled, or as internally coherent, as policies for nuclear strategy. 71 The importance of this declaratory aspect became clear in the early 1970s as the Soviets began to reach strategic parity with the U.S., raising questions about the utility of nuclear weapons for deterrence. A little noticed but important adjunct of the shift to limited nuclear options codified by NSDM-242 in January 1974 was reflected in the presidentially directed study on “Political Sufficiency” (NSSM-191) that was tasked to answer the question raised by Secretary of State (and also National Security Advisor) Kissinger’s with his frustrated outburst in 1974 about “What in God’s name is the value of strategic superiority? What is the significance of it, politically, militarily, operationally, at these levels of numbers? What do you do with it?” {See By Hans Joachim Morgenthau, Kenneth W. Thompson, Robert John Myers, Truth and Tragedy, p. 225.} NSSM-191 was an exercise to understand and extract political utility from nuclear capabilities, despite the advent of strategic parity, primarily with respect to supporting friends Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED policy elements were often led by and had different effects on various bureaucratic entities and interests. As a result, there was actually considerable ferment and disagreement over the particulars of these policies, as well as the priorities among them. Now that we are faced with a more varied and difficult set of challenges to deter, including cyber attacks under circumstances where attribution and identity likely will be far more problematic than they were with potential nuclear threats, it certainly makes no sense to limit our thinking about deterrence to retaliatory means, especially since we did not do so throughout most of the Cold War. 3. The Practice of Traditional Nuclear Deterrence Simply conflating deterrence with defense, as often done in commenting on these issues, obscures the important rationale for deterrence as a separate and distinct policy choice.72 We may be faced with acts of aggression that must be opposed because of the potential consequences that would be posed by the adversary’s success; but there are at least two categories of such conflicts “which we may not wish to fight.” In the first case, we may determine that actual prosecution of conflict is not a desirable option because our chance of success in directly defending our position is low; this was clearly the case throughout much of the Cold War when we believed that the Soviet Union possessed overwhelming advantages in conventional forces if it attacked Western Europe. In the second case, such as large-scale nuclear use in which the consequences of even a successful active defense are so horrendous, it may be difficult (or meaningless) to distinguish winners from losers. In both these cases, deterrence provides a potential alternative mechanism to direct defense in order to forestall the hostile acts by the adversary without actually engaging in the conflict itself. While there might have been substantial differences of views between U.S. and Soviet leaders over the balance of strategic forces and the implications of that balance at points in the confrontation, both sides clearly understood that large-scale nuclear exchanges would have catastrophic consequences; and it was this shared vision that enabled nuclear deterrence to work.73

and allies and maintaining the umbrella of extended deterrence; much of it concerned how to talk about the potential employment of nuclear weapons to forestall adverse political changes from Soviet pressures. 72 Jervis, p 8–9. 73 This view did not seem to be shared by the Chinese leadership in the 1960s and early 1970s. The apparent difference in understanding and perspective held by the Chinese on this point unnerved US policy-makers and the Soviets as well, especially after the Chinese began to build nuclear weapons and delivery systems. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED

Figure 1: Range of Policy Options In fact, throughout the Cold War, deterrence was always seen as one policy option among a range of ways to oppose or limit potential acts of aggression, especially within the overall policy framework provided by Containment. Indeed, deterrence as a policy option sits within a broad spectrum of possible measures to actively oppose and respond to aggressive acts and did itself offer a range of ways to oppose specific adversary activities. However, as the very cursory review of the creation of post-war American nuclear strategy suggests, reliance on nuclear deterrence often became the default option because of the perceived immense differential in costs between credible conventional defense and strategic nuclear capabilities. Therefore, in light of the very significant differences between the cyber and nuclear problems, we need to be careful to avoid these types of reflexive responses that immediately place retaliation at the center of attention.74 Also often ignored in the instinctive focus on nuclear retaliatory responses as the dominant mechanism is that deterrence could be effectuated in a number of ways, including but not limited to sufficient protective measures to deny the adversary the likelihood of success in achieving his objectives. Throughout the Cold War the immense resources devoted to early warning, attack assessment, and command and control served not only the “assured destruction” retaliatory function (increasing value and probability of adversary loss), but also the objective of reducing the adversary’s perception of likely success in decapitating American leadership or destroying its forces.75

74 This

type of instinctive response, discussed at length in the JDM literature, is actually an unfortunate example of the effects of the “availability heuristic” on decision-making, skewing perceived options through the election of an inappropriate analogy. 75 See Attachment A, a “Chart on Triad Survivability.” Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED Moreover, simply focusing on “Deterrence by Retaliation” perspective neglects the central role of “escalation management” in operational deterrence policy in order to retain options other than the guarantee of an apocalypse once conflict started. Several Berlin crises and the Cuban Missile Crisis had highlighted the dangers of direct confrontations between the two superpowers and pointed to the need to emphasize management of crises, once they broke out, rather than simply continuing to pursue one’s initial objectives. Unless retaliatory strikes take place within a carefully monitored framework of escalation management to assure continued control through the stages of conflict, they are simply an explicit acknowledgement that deterrence has failed. Both the U.S. and the Soviets were generally careful and cautious about employing military force under the overhang of nuclear conflict, usually choosing to prosecute overt conflicts through proxies. However, the Soviet invasions of Czechoslovakia in 1968 and Afghanistan in 1979, as well as the implicit nuclear-saber rattling by the Soviets during the 1973 Yom Kippur War, gave American policy-makers substantial reasons to look for usable military options rather than simply accept strategic immobilism based on reliance on Mutual Assured Destruction (MAD) for deterrence. “It is necessary to recognize that our nuclear deterrence and employment policies, as well as U.S. escalation management policy, rested on a broad acceptance of the notion of crisis management: the overriding objective was to avoid a crisis turning into large-scale nuclear exchanges (which could be triggered by even low-level armed confrontations between superpower forces), not to achieve advantage or fulfill one’s initial conflict objectives. Return to the status quo ante was considered to be a more than acceptable outcome; little thought was given to forcing our Soviet adversary, or his client, to pay a price for having initiated an unsuccessful act of aggression, other than the failure of the aggression itself.”76 U.S. policy with respect to NATO and the umbrella of extended deterrence is perhaps the best illustration of the complex set of options for response that American policy-makers created. Escalation beyond the battlefield and to greater levels of violence would be the result of a deliberate decision to engage in controlled steps to raise the costs to the adversary until his limits were reached and losses were perceived to outweigh any gains. The NATO Triad of conventional direct defense, deliberate but limited theater escalation, and strategic strikes was the military counterpart to the 1968 Harmel report, which sought a more diverse set of interactions with the Warsaw Pact, 76 Cooper,

“Escalation Management,” p. 4.

UNCLASSIFIED including political engagement. The NATO Triad, especially with its concomitant political components stressing political engagement and arms control, was intended as a more modulated set of policies than the reliance in “flexible response” on military forces alone. Throughout most of the Cold War (after the American rhetoric about “rollback” ended), the U.S. and NATO were perceived to be on the defensive, at both the strategic and operational levels; we guarded the ramparts continually while the Soviets could choose the time and place to instigate acts of aggression. This posture was not only defensive, but also passive; and it yielded the strategic initiative to the Soviets. Moreover, for political reasons perceived necessary in order to maintain alliance solidarity and cohesion within NATO, our policy in response to probes or acts of aggression was seen to be merely restoration of the status ante quo. This policy significantly reduced the perceived costs and risks to the Soviets of initiating such activities since the cost of their wager (ignoring the possibility of escalation to a retaliatory strike) was relatively low—limited to their direct battlefield losses and repercussions from failing to seize their objective. This mindset was challenged in late 1983 with a provocative article; Huntington argued that the Soviets ought not to count on, and should certainly not be assured that, incursions in Europe against the West would merely be repelled, the Pact forces chased back across the border, and the status quo ante restored.77 Rather he argued that NATO should be prepared to carry out counter-attacks that crossed the Inner-German Border and potentially could seize Warsaw Pact territory, thereby posing risks of real losses worse than simply returning to the status quo ante. The paper generated significant controversy, especially in Europe among NATO allies; but it did serve to raise some fundamental questions about measures that could make deterrence more effective by employing more tools against all components of the deterrence calculus. Huntington’s paper reopened the door to thinking about making the stakes of a Soviet initial gamble symmetric and thus affecting the adversary’s fundamental risk assessment in a very different way than did post hoc retaliation. In a broader perspective, such options for precluding the adversary from achieving his objectives while reducing our risks and losses that can be employed once the conflict starts can provide important deterrence tools if there is a coherent framework for escalation 77 Samuel

P. Huntington, "Conventional Deterrence and Conventional Retaliation in Europe," International Security, Vol 8:3 (Winter 1983/84), pps. 32–56. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED management. Moreover, his article publicly highlighted two serious risks that resulted from posture that is both strategically and operationally defensive. First, with such an overall defensive posture, there are few viable deterrence options—other than effective defenses or ex post retaliation— so that it can be necessary to demonstrate continually the commitment and resolve to retaliate in order to reduce the likelihood that the Soviets would be tempted to try. Second, such a defensive posture put the unpleasant onus of escalation to nuclear first use on our leaders, always an exceptionally difficult decision.78 As a result of the first problem, credibility and commitment became the touchstone for assessing deterrence. Deterrence throughout the Cold War, in effect, had to operate seamlessly, in combination at many levels of the conflict hierarchy and across several time horizons, in an attempt to avoid presenting weak spots that could be exploited. At the lowest, tactical level, we sought to forestall specific acts of political pressure and overt aggression that might confer benefits on the adversary by guaranteeing that such acts would be resisted or disproportionate costs would be extracted. At the operational level, we sought to influence and channel the adversary’s plans and capabilities into less threatening paths. Finally, at the strategic level we sought to convey to the adversary that we were in for “the long game” and would commit the resources necessary to overturn any initial successes and that might be required in order to repel future initiatives. In doing so, we recognized that not every provocation or hostile act needed to be addressed directly and, indeed, choice of response was essential to a competitive position. Deterrence works best when it functions as a coherent structure with strong coupling between the hierarchical levels of conflict and across the temporal horizons such that the responses at the strategic, operational, and tactical levels serve to reinforce each other. Thus, if the adversary perceives a credible commitment at the strategic level to oppose his objectives, he is more likely to believe that we will respond firmly to forestall or repel tactical probes. At the same time, if we are successful at the operational level in blocking his preferred modes of attack, it reduces his perception of the potential capability to achieve his strategic objectives. However, failure at the operational level to pose a counter to what the adversary believes is a significant and advantageous capability may inadvertently communicate indecision about our 78 Placing

the burden of losing a critical objective or resorting to crossing a major escalation threshold with unknowable consequences forces an extremely unpleasant choice on the decision-maker; this dilemma is akin to being presented by your opponent with “a fork” move in chess. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED opposition to his strategic objectives or our ability to repel such attacks.79 Conversely, perceived doubts of commitment at the strategic level may tempt tactical probes; and continued lack of response to tactical provocations, may undercut any declared commitments at the strategic level. At the strategic level, deterrence seeks to devalue the worth of the adversary’s objectives, undercut his overall strategy to achieve them, and communicate our willingness as well as capability to contest him. At the operational level, deterrence seeks to create the perception that even if his strategic objective might be achievable, the adversary’s planned methods for executing his strategy are flawed, that his doctrine is ill-conceived, that his operational capabilities will be ineffective, and that his investment strategy looks to be “wasted resources.” Finally at the tactical level, deterrence seeks to persuade the adversary that a particular attack at this place and time will not succeed, or in the inimitable words of General Curtis LeMay when he was Commander of the Strategic Air Command, “Today is not the day.” Clearly we attempted to communicate to the adversary the strength of our commitment as well as the certainty of our opposition and the effectiveness of responses to aggressive initiatives. At the same time, creation of uncertainty in the adversary’s mind both about the particular action that would provoke our response was always a key aspect of nuclear deterrence policy after the invasion of Korea. Concern that the invasion was triggered by Secretary of State Acheson’s statement that Korea was outside the American defense perimeter sparked much thinking about declaratory policy, including explicit statements at the start of the Eisenhower administration that “Massive Retaliation” would be our response to Soviet incursions in Europe. Subsequent thinking, however, highlighted the dangers inherent with the use of “red lines” and also about specifying our exact means of response. Red lines appear to be attractive exactly because they explicitly demarcate our tolerance threshold, thus clearly communicating at what point we will respond to actions by our opponent. However, doing this implicitly says that we will tolerate activities that approach but do not cross this line; and this actually makes the adversary’s entire decision process much simpler, especially with respect to the risks of engaging in lesser provocations. 79 The missile that became known as “M-X,” the Peacemaker, was originally initiated as the Minuteman IV program in the early 1970s. However, in light of the Soviet development of fourth generation heavy ICBMs with clear counterforce capabilities, it was decided in 1974 as an outgrowth of NSSM-191 to publicize its development as a “new” system, the M-X, specifically to highlight its ” silo-busting” capability in order to counter the Soviet SS-18 and SS-19 developments. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED Moreover, by creating such a red line, we in effect force ourselves to respond in order to avoid devaluating clear commitments we have made. In addition, either doctrinal inflexibility, such as declaratory reliance on Massive Retaliation, or real strategic and operational inflexibility stemming from the lack of actual alternative response capabilities, such as constrained us in the 1950s–1960s, presents the adversary with a simpler decision calculus. As a result of these problems, Schelling recommended “threats that leave something to chance” with respect to both issues.80 In certain cases, however, where communicating certainty of response was absolutely essential and where there was little risk of further unintended escalation, our sensitivity to specific critical thresholds, such as strategic disarming strikes against leadership and retaliatory forces, was usually made very explicit. Even in the case of extended deterrence, the overall commitment was generally made by an explicit affirmative act, such as treaty or agreement, while he specific conditions for response were left ambiguous. The use of “fuzzy barriers” rather than red lines is intended to maintain an ambiguity of response designed to complicate both the adversary’s planning and his implementation of those plans. From the adversary’s planning perspective, fuzzy barriers increase the uncertainties (and hence, according to the Ellsberg paradox, the perceived risks) as to exactly when (and how) his action will be opposed, increase his potential costs for the operation (or conversely, that excess resources will be committed, increasing the “opportunity costs of the operation), or decrease the likelihood of success. From the execution perspective, an unknown threshold runs several risks: first, that lower-level incidents, presumed by the instigator that they would be tolerated by the other side, could actually trigger responses and thereby cede the initiative, and second, that preparatory activities for the threshold attack could serve to cue preemptive responses, fundamentally altering the expected outcomes. In this latter case, in order to avoid presenting warning cues, the adversary might be forced to employ second-best attack options, thereby lowering his likelihood of success. Finally, employing fuzzy barriers is also intended to deter both lower level and precursor activities that could result in unintended confrontation and possible escalation. The use of such fuzzy barriers serves to heighten the inherent uncertainties, including by adding increased uncertainty about timing of any response.

80 Schelling,

Strategy of Conflict, p. 187ff, takes an entire chapter to address this topic.

UNCLASSIFIED With respect to the second concern about an overall defensive attitude—which was implicit in many arguments for MAD, policy-makers also expressed serious unease during the Cold War because of the problem of the “crossing the threshold.” Academics often simply asserted that in the face of significant nuclear capabilities, concerns about potential escalation undercut the utility of military force; but few directly addressed the fundamental issue of “decision asymmetry” facing policymakers in willfully crossing the nuclear threshold first.81 And, indeed, from the early 1960s forward, this is the concern that drove most American nuclear policy-planners: the need to provide the president with usable alternatives to “going nuclear first” in order to avoid a choice between guaranteeing that the worst would happen or acquiescing to the adversary’s achievement of his aggressive objective.82 Concern over this decision asymmetry issue, in fact, really served as one of “the great divides” among practitioners and between practitioners and the academic research community. Since this issue colored so much of traditional deterrence planning, it is especially worthy of deeper examination in exploring cyber-deterrence because of the clear differences between the cyber and nuclear contexts with respect to crossing major thresholds and the potential implications and consequences of escalation. Finally, in addition to other important characteristics of classic deterrence as practiced against the Soviets, it is useful to recognize that we brought deterrence mechanisms to bear against the adversary to prevent serious acts of aggression in a manner that was both direct and active. On the other hand, to control third parties, especially those who were clients and protégés of the adversary, both the U.S. and the Soviets more often employed indirect deterrence exerted through pressures on the dominant power. Control of activities by clients and proxies was assumed to be problem for sponsor as we took the position that these actions were simply surrogates for direct measures by the other super-power. Therefore, concerns over ambiguous responsibility and liability for such activities was muted and subsumed into the overall problem of bipolar deterrence. Conditions today, with greater ambiguity of activities, difficulties in attribution and identification, and looser, less hierarchical connections among actions makes determinations of locus of control and therefore responsibility and liability, far more difficult in exercising effective deterrent threats.

81 See

Jervis, p. 98-99; his MAD-4 posture appears to be an attempt to address this concern. concerns were strengthened in practice by the consistent findings of high-level games and exercises conducted with very senior participants throughout the Cold War that it was essentially impossible to get an American president to make the “first use” decision. 82 These

UNCLASSIFIED

D. THE CALCULATION OF DETERRENCE The potential effectiveness of traditional nuclear deterrence was often described as an apparently straightforward calculation of costs versus gains governing the decisions of each side. However, although straightforward, that calculus was complicated because it incorporated a significant number of discrete quantified factors, often drawn from abstract models or simulations of two-sided nuclear exchanges; and, moreover, it also embedded many assumptions about behavioral factors that could not be quantified. In an effort to increase the precision of these calculations, the U.S. in particular made substantial efforts to analyze both the physical effects of these weapons against various target sets and to understand how that damage might be perceived by our adversary and affect his decisions. When nuclear retaliation was the principal mechanism of deterrence—either against nuclear attack or other forms of aggression, a large part of the potential costs to the adversary rested on what were assumed to be predictable physical consequences of the nuclear attack, either in an absolute or relative sense.83 Those who held an “existential” view generally agued that it was the level of absolute damage that was the important threat; others, like Kahn and Wohlstetter, suggested that relative outcomes were the more effective deterrent threat. From the introduction of “limited nuclear options” in 1974 onward, policy guidance for nuclear weapons employment actually emphasized relative measures of outcomes in order to implement deterrence. Significant efforts, formal and informal, were undertaken to communicate, explicitly and implicitly, to the Soviets that both capabilities and credibility would ensure that outcomes would not be favorable to them.

1. The Traditional Calculus of Deterrence Rather than simply posing losses, deterrence, however, actually operates by affecting the entire decision calculus of a potential actor. And importantly, that calculus has two basic elements: potential gains must be balanced against potential losses. Since each of these elements has, in turn, two parts—the value gained or lost and the likelihood of the outcome—there are actually four principal components in the deterrence calculus that can be targets for influence;84 the emphasis is on increasing the uncertainties and 83 Jervis,

p. 17ff. detailed in Section VII (Task 5), these components, and their combined effect, are represented as conditional and marginal probabilities in a reasoning under uncertainty modeling framework. 84 As

UNCLASSIFIED hence the risks that the opponent will perceive.85 Thus, looking only at the value component of the gains and losses also represents an incomplete specification of the deterrence equation; and doing so discounts potentially important effects of uncertainties that could be brought to bear on the opponent’s decision calculus. Even very large potential gains can be discounted significantly when the uncertainty of success is high. Similarly, even extremely small likelihoods of bad outcomes can be outweighed by risks from the magnitude of truly horrendous outcomes if they should occur. In many cases we sought to affect the adversary’s perception of likelihood for both potential gains and losses, since that was often easier to manipulate the perception of uncertainties than estimates of value; and increasing the unpredictability of the risks has strong effects. In the case of the Soviets, moreover, reducing confidence in their assessment of gains or magnifying the risks of losses, in particular, could be especially potent methods of improving deterrence effectiveness. Since the Soviet leadership was generally cautious and risk-averse, they would tend to overweight risks based on the findings of Prospect Theory.86 In conjunction with the Ellsberg Paradox, increasing the uncertainties would, therefore, have an especially strong effect on risk-averse decisionmakers.87 Symbolically, such a formulation can be expressed as: EFFdet ƒ [Potential Gain (Gain Value x Gain Probability) / Potential Loss (Loss Value x Loss Probability)] In reality, each of these four principal components also has sub-components that were identified explicitly and broken out because these factors are the products of complicated multi-component, chained calculations. Since many of the subcomponents can be individually affected by actions we can take to affect the overall

85 As demonstrated by the Ellsberg paradox, risk is a highly subjective perception not exactly equivalent to those in classic expected value calculations; unpredictable uncertainties heighten the perception of risk. (see p. 42ff) 86 See J. Cooper, D. Gouré, and K. Bue, Expectation and Uncertainty in Soviet Employment Planning: The Impact of Advanced Strategic Defenses, SRS Technologies Technical Note TN-MA-89-02, 1989. 87 Prospect Theory, discovered by Kahneman and Tversky in 1979, recognized that whether the decision frame is gain seeking or loss averse significantly affects the assessment of expected value. It makes substantial modifications to classical expected value utility axioms based on real-life practices as opposed to abstract models of human decision-making and was the basis for the 2002 award to Kahneman of the Nobel Prize in Economics. Daniel Kahneman and Amos Tversky (1979), "Prospect Theory: An Analysis of Decision under Risk", Econometrica, XLVII (1979), 263-291. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED calculation, even small changes in several of these could produce substantial effects on projected outcomes.88 With respect to perceptions of gain, these factors were closely related to an adversary’s objectives. Thus, for example, if he was attempting to decapitate our leadership before retaliatory strikes could be ordered, the adversary’s estimate of success would have to include not only predictions about the capabilities of his weapons and our defenses, but also about locations of our leadership, estimates of attack timing versus assumptions about sensors and warning, probabilities of disrupting communications, among other sensitive and tightly-held factors. With respect to potential losses, for example, these sub-components included, among others: the damage to be inflicted from large-scale nuclear retaliatory strikes in response; the likelihood that such threatened attacks would, in fact, be ordered; the probability that the orders would communicated and received successfully; the probability that attacks would reach their intended targets; and the probability that the weapons would work as predicted and produce the expected effects. Therefore, what may initially appear to be a straightforward calculus turns out to be anything but. It is not only the objective factors, in each case, but the subjective perceptions of those factors by each party that affect their decisions; the effectiveness of nuclear deterrence by threat of retaliation rested upon a number of factors, some affecting his perception of gains and others affecting his perceptions of losses. Thus, it is essential to understand and factor into the calculus the perspectives and contexts of the other players, not simply mirror image one’s own views.89 Within analyses for 88 Examples abound of serious mis-estimates for what were considered at the time to be wellcharacterized technical factors with respect to strategic weapons; three will suffice. First, not until the Soviet space-based nuclear weapon test and the U.S. Starfish nuclear test series starting in 1962 was the phenomenon of electro-magnetic pulse (EMP) discovered, with dramatic effects on communications and the performance of electronic devices. Second, calculations of nuclear weapon effects from ground shock on buried targets such as missile silos were largely based on data from thermonuclear tests conducted in the Pacific in the 1950s. Only in the late 1970s, due to the run-up in underground testing at the Nevada Test Site (NTS) prior to a potential Comprehensive Test Ban, was it discovered that there were significant differences in effects at the rather arid NTS than in the water-logged coral from the Pacific tests; and Soviet missile locations more closely resembled NTS conditions, with significant effects on calculated target damage. Third, despite extensive testing of ICBMs and the high accuracy of their re-entry vehicles (RVs) flying west-bound test trajectories into the Pacific, it was an open secret that there were unresolved bias errors with Minuteman III missiles on north-bound trajectories, affecting the core of the U.S. ICBM force throughout the 1970s and 1980s. 89 For example, the U.S. perceived use of strategic nuclear weapons as the key threshold, or step in the escalation ladder, denoting central strategic war. The Soviets, on the other hand, regarded violation of “the Motherland” as the key threshold, regardless of whether the weapons were conventional or strategic. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED planning employment options for deterrence, there was significant emphasis on precisely calibrating the degree of pain to be inflicted as well as on communicating and respecting “thresholds” of damage, consistent with the acts to be deterred. In order to understand the Soviet Union well enough to attempt to assess their views on these complicated factors, the U.S. needed to create an entire academic field; and even that had mixed success.90 However, not only does the deterrence calculus have to consider all the factors in the entire decision-making process of a potential actor, but to do that with two interacting players. A highly structured analytic construct of “escalation ladders,” invented by Herman Kahn, became a dominant American framework for assessing the utility and consequences, including counter-moves by the Soviet adversary. Moreover, assessing perceptions of benefits and losses had to be accomplished within the far more complex two-sided framework of a series of inter-related decisions by at least two parties, each of which could be misperceived or misunderstood by the other party, and where possible at all, choice of moves by the other party could easily be misunderstood. To improve the effectiveness of deterrence, it was important to exploit the perceptions of uncertainties in the adversary’s mind for each of these factors. Some of these factors were under our direct control, such as the likelihood of ordering execution; and, therefore, declaratory policy—explicit statements or implicit signals—could play a large role in shaping expectations. Others, such as probability of penetration to target, were jointly affected by estimates of our technical capabilities and the adversary’s defenses; and these estimates were based on a large number of assumptions not just about physical factors, but also human behaviors under stress. Moreover, these were rarely likely to be “set-piece” affairs, but highly interactive series of moves and countermoves difficult to predict beforehand. Most often the largest sources of uncertainty for both sides grew not from technical factors, but were related to expectations about highlevel decisions of the opponent such as, Would he initiate? Would we respond? Finally, since deterrence is ultimately about affecting the adversary’s overall perception of potential gains versus losses, we must not forget that such a calculus is “risk-weighted;” different actors exhibit significantly different tolerances for risk, and such tolerance is also almost always contextually dependent. Furthermore, as 90 Not

until years into the Cold War was Leite “Operational Code of the Politburo” (1951/53) widely disseminated and only after the Cuban Missile Crisis did we begin to appreciate that the Soviet escalation ladder was far different than ours. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED illustrated by Prospect Theory, the context in which the decisions are taken—whether the decision-maker is focusing on prospective gains or possible losses—also has an important impact on framing the problem, affecting perceptions of risk-weighted expected-value outcomes. Moreover, assessments of both the values and the likelihoods rely on perceptions of “self” and “other.”91 As noted in a recent article, “It was Justice Oliver Wendell Holmes who observed that relations between two actors really involve six "persons": each actor's self-image, each actor's image of the other and, finally, what each actor actually is.”92 Thus, the calculus of deterrence was always more complicated than it was made to appear by the use of abstracted game-theoretic approaches. Despite intense analytic efforts and spending huge amounts of resources to discover accurate information, there were actually four types of serious errors affecting the quantitative aspects of the traditional deterrence calculus (even without the possible intended effects of deception and disinformation); and these don’t touch on the additional uncertainties from human decisions and behaviors under stress. First, there were basic misunderstandings concerning important physical phenomenologies that affected critical technical estimates of the calculus (such as the three examples referenced in footnote 56). Second, there were both simple “measurement” errors and inherent uncertainties, such as those concerning the precise location and characteristics of targets, or exact yields of weapons. Much of the very large U.S. S&T collection and analysis effort was intended to address these uncertainties, with mixed results. Third, errors could be introduced by choices in analytic and algorithmic methods; for example, predicted missile accuracy was calculated from the results of multiple tests and statistical analyses of the components of guidance “error budgets.” However, very significant differences in the predictions from error budgets result from choice to use “root mean square” (RMS) or “root sum squares” (RSS) calculations. Fourth, almost all of the analyses employed Monte Carlo simulations and used Gaussian distributions, assuming that “the law of large numbers” of independent events was involved in the phenomena of concern. As subsequent sections (III–V) of this report will suggest, whether these were valid assumptions in the past, they are not likely to be appropriate 91 Because

it addresses how individuals “process the intentions and actions of others,” research findings on “theory of the mind” (TOTM) are relevant here. They provide an alternative perspective to that of classical economics in determining human decision-making and behavior, especially within social groups and relationships. Importantly, we are not suggesting that TOTM replace the more transactional calculus based on tangible benefits, but rather that we incorporate those findings since they are important for certain classes of social {network} relationships. 92 Ivan Krastev, “Strong enough for a 'reset' with Russia?” Washington Post, December 1, 2009. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED in the future. Indeed, given the nature of the cyber environment and many of its technical and operational characteristics, one should expect that a similar calculus for cyber will be far more subject to basic errors and prone to more elements of uncertainty in the future. Furthermore, the calculus by which traditional deterrence was evaluated also incorporated a substantial number of deeply embedded critical assumptions; these now deserve to be re-examined in light of better understanding of the effects of collective decision-making, as well as new knowledge about cognitive and neuropsychological processes of individual human judgment and decision-making. With respect to collective effects, these assumptions included: decision-makers as unitary actors; a utility-maximizing, “homo economicus” perspective using a game-theoretic framework with Nash equilibria; and, as previously noted, actors and decision-makers operating from an autarchic, non-cooperative perspective. As a first tear in this fabric of assumptions, Allison’s groundbreaking study of detailed U.S. decision-making during the Cuban Missile Crisis showed that, far from being unitary actors, states had large numbers of internally contending bureaucratic interests.93 Under these circumstances, decisions were made within a “bureaucratic politics” framework, strongly contradicting the “billiard ball” model. Subsequent work by Steinbruner and others then began to incorporate a broader look at organizational perspectives, including the role and impacts of organizational behavior and methods on decision-making.94 Individual human decision-making, moreover, turns out to be imperfect and less rational than presumed in classic deterrence analyses, and not because of imperfect information (an entirely separate issue worth exploring deeply in the context of knowability of cyber contexts and threats). For example, with “Prospect Theory,” Kahneman and Tversky had demonstrated that classical assumptions of human rationality were false—that a player’s assessment of the expected value of a gamble in which the probabilities of gain and loss (i.e., the risks) are known with certainty should be indifferent whether it is posed as a potential gain or loss was not true. Other distortions with serious implications for “rational” decision-making under conditions of uncertain information had also shown with the Allais and Ellsberg paradoxes. In 93 Graham Allison, Essence of Decision: Explaining the Cuban Missile Crisis (Boston: Little, Brown, 1971). Similar, although more speculative analyses, were conducted by Raymond Gartoff and others on military and government versus Party tensions, for example, in the Soviet Union. 94 John D. Steinbruner, The Cybernetic Theory of Decision: New Dimensions of Political Analysis. (Princeton, Princeton University Press, 1974). Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED particular, the Ellsberg paradox highlighted that people prefer known risks to uncertainty even when the expected value to be gained is less. “Prospect Theory,” as well as the Ellsberg and Allais Paradoxes, however, are only a few among a very large number of ways by which real people violate traditional assumptions of rationality.95 As importantly, the “rational actor” was presumed to make decisions without regard to emotional state, but recent research has shown this assumption is also false; and that affect has a very “powerful effect.”96 As Zagare had noted in a major review article, by the early 1980s a range of serious problems with the basic framework for decisions on deterrence was already apparent: “According to Mandel, ‘most scholars of the field no longer believe that states always use the ‘billiard ball’ rational actor approach; no longer treat psychological influences as random accidents or idiosyncratic deviations; and no longer assume that most subjective aspects of international behavior are inherently unanalyzable.”97 The research on actual processes of human decision-making has spawned a very large academic literature on cognitive impediments to judgment and decision-making that catalogues a wide range of errors, including violations of basic principles of logic such as commutativity and transitivity; and it is now considered to be a distinct field of study, termed “behavioral finance” or “behavioral economics.” However, little of that understanding of human and social decision-making, spread across several traditional disciplines, has been yet exploited to improve our understanding of deterrence; nor, as a review article noted, have the disparate findings from diverse disciplines been integrated into a coherent framework: “Essentially, the study of decision-making attempts to understand our fundamental ability to process multiple alternatives and to choose an optimal course of action, an ability that has been studied by various disciplines with different theoretical assumptions and measurement techniques, although with relatively little integration of findings.”98

95 Beyond “Prospect Theory,” other research by Kahneman, Tversky, and colleagues produced a huge compendium of cognitive imperfections related to human decision-making. Daniel Kahneman, Paul Slovic, and Amos Tversky, eds. Judgment under uncertainty: Heuristics and biases. (Cambridge: Cambridge University Press, 1982). 96 Sanfey, p. 602 97 Robert Mandel, “Psychological Approaches to International Relations,” in Margaret G. Hermann, ed., Political Psychology: Contemporary Problems and Issues (San Francisco, CA: Jossey-Bass, 1986), p. 251, quoted in Zagare, “Rationality and Deterrence,” World Politics, p. 240 98 Sanfey, p. 598. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED 2. Shifts in Deterrence Thinking Even if the basic deterrence framework still remained largely intact, thinking on implementing deterrence had changed significantly by the time the Soviet Union dissolved in 1989.99 Shifts in U.S. targeting policy and changes to damage sufficiency criteria best illustrate those shifts as deterrence adapted to improved knowledge of Soviet objectives and perspectives on conflict, their concerns over internal stability, and, at the same time, a better understanding of their internal political and bureaucratic dynamics. These major shifts had started with the 1974 move in policy towards “limited nuclear options” (LNOs), decreasing the emphasis on large-scale attacks targeting traditional categories of power such as strategic offensive forces (SOF), other military targets (OMT), and economic “urban-industrial” targets (U/I), and looking towards the use of LNOs to improve our relative outcomes. However, until 1980 essentially all employment policy and targeting studies had continued to emphasize holding at risk traditional means of national power, including sources of military and economic power, as well as mechanisms of internal control. The calculus of power on which these policies were based looked primarily at the capability to project state power externally. Beginning with the Nuclear Targeting Study (NTS) initiated by Secretary of Defense Harold Brown in 1979, deterrence policy began to focus on impeding Soviet long-term economic recovery, recognizing growing Soviet concerns over competitiveness and relative position with the West. In another shift away from the traditional perspective that had viewed the Soviet regime as a monolithic entity, however, employment policy and analyses of potential implications for targeting also began to examine more complex and more nuanced aspects of power and control within the Soviet Union and its Empire. As better understanding of crucial vulnerabilities within the Soviet Union was developed, including serious political and economic strains between nationalities and between various formal power centers, targeting began to focus more efforts on control mechanisms, fundamentally internal power structures, and relationships such

99 With

President’s Reagan’s initiation of a large-scale effort (SDI) to build a strategic defensive system in the mid-1980s, significant analytic attention was directed at developing a broader calculus of deterrence that included strategic defenses, also incorporated integrated strategic offensive and defensive force operations, and began to address problems of human decision-making in command and control. The principal investigator for the current project directed that effort, which conducted those analyses from 1985–1991 as part of the SDIO Mission Analysis Program. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED as nationality-based “fault lines” (i.e., “Others” vs Great Russians) and internal organizational conflicts (such as Party vs State vs military).100 Looking at influencing or altering the internal power relationships and dynamics of a regime potentially represented a fundamental change in thinking about the nature of deterrence and how it could be implemented. Perhaps most fundamentally, it opened the door to considerations of affecting decisions about Soviet choices on external objectives through influencing the internal dynamics of the regime. One crucial implication of such a direction was the need for far better understanding of these complex issues; and these issues went far beyond static or dynamic measures of tangible resources and power. Such potentially deep-seated changes in the deterrence framework were, however, stillborn with the collapse of the Soviet Union; and these lines of inquiry were generally not actively pursued until terrorism and proliferation of weapons of mass destruction became subjects of interest for deterrence. One important exception, however, was the successful experiment during the Serbia-Kosovo conflict to apply pressure on the “Milosevic family” connections with airpower and other measures in 1999 after normal targeting of traditional “state-based value structures” failed to induce the regime to stop its aggression. This represented the first attempt to use social network analysis (SNA) and exploit deep understanding of social relationships and internal power dynamics to influence regime decisionmaking. The success of this effort created a wider interest throughout the intelligence and policy communities in influencing relationship structures and exploiting tools such as SNA.

100 See

John Van Oudanaren, “Exploiting ‘Fault Lines’ in the Soviet Empire: An Overview,” RAND, P7012, September 1984.

UNCLASSIFIED III. KEY CHARACTERISTICS OF THE NEW GLOBALIZED STRATEGIC ENVIRONMENT (TASK 4) There have been truly fundamental changes to each of the four pillars inherited from the Enlightenment—Realism, the deterministic Newtonian framework, a Clausewitzian understanding of conflict, and classical assumptions about “rational behavior” by both human and state actors. As a result, the underlying model of the international system— the foundation on which U.S. national security planning and our traditional doctrine of nuclear deterrence was built—has been irrevocably altered; but too often our thinking remains tied to those old foundations and we are still continually surprised as unfamiliar and seemingly chaotic patterns of events unfold around us.101 In a cautionary vein, we should appreciate that the geocentric model of the Ptolemaic Universe lived on well after Copernicus, Galileo, and Kepler had provided a more accurate understanding of the motions of the planets and other celestial bodies. Through the use of increasingly complicated gyres, that model masked its inability to explain accurately the movements of the planets and the stars. It would be truly unfortunate if we failed to recognize that the deep changes in our international environment require us to profoundly rethink implications for our national security. Indeed, that there are a such significant number of important changes in the international system argues for a fundamental re-characterization of the framework we have employed to look at conflict in the international system and which has provided the basis for deterrence. Furthermore, the widespread and rapid growth of the cyber domain has itself introduced important new properties into the international system that also affect many national security considerations; and these factors need to be appreciated for both their novel effects and their amplification of other trends and forces. Although cyber capabilities, like nuclear weapons, are technological phenomena that have helped to dramatically alter the international environment, they introduce significantly different technical and social considerations with which to contend than did nuclear; these issues will addressed separately in the next section of this paper (Section IV). 101 Many

of these changes are not recent; they were evident as the Cold War was ending. Their implications were addressed in great detail in a previous study for the Deputy Secretary of Defense in 1999–2000; see Jeffrey R. Cooper, Information Engagement, SAIC, 2000. Other writers have also recognized these changes; for a more recent effort, see, for example, Joshua Cooper Ramo, The Age of the Unthinkable: Why the New World Order Constantly Surprises Us and What We Can Do about It. (New York: Little, Brown and Company, 2009).

UNCLASSIFIED Finally, beyond the fact that we now pursue our national security interests in an environment that is no longer accurately characterized by those four Enlightenment pillars, we must accept a world increasingly perturbed by phenomena produced by systems that are formally complex adaptive ones. Despite the difficulties these phenomena introduce, decision-makers must deal forthrightly with the implications of those phenomena in order to understand that world and to successfully plan and conduct operations in it. The old world was presumed to be fundamentally knowable through rational thought, by gathering and processing information, and by applying the reductionist analysis of the Scientific Method; those assumptions fed what was probably always a false sense of predictability and control. True appreciation of the “new order” will demand honesty about how much we can “know,” how accurately we can predict, and how well we can control actions and events; and the answers to these questions are not likely to give comfort to decision-makers.

A. THE CHANGING FOUNDATIONS OF THE INTERNATIONAL SYSTEM One of the most crucial changes in the international system was the breakdown of the bipolar system that had dominated relationships throughout the Cold War, which was itself a significant alteration of the multipolar structure that had historically characterized international politics since the Peace of Westphalia. A second aspect has been the emergence of important new actors—including non-state, non-governmental actors as well as supra-national entities—that have become essential voices on international affairs both within the state and within the international system. A third important factor was the rapid growth of diverse relationships and channels of interaction among actors in the system—and perhaps harder still for building an appropriate analytic framework is to incorporate the extraordinarily dense network of interconnections and the diverse range of relationships among actors that now exists. Fourth, a concomitant of new actors has been the demise of “the state” as the only key interlocutor in international relations, bilaterally, multilaterally, or within international forums—a change that makes understanding patterns and networks of influence far more difficult. Whether changes associated with far-reaching globalization and increasing integration of trade and financial relationships were triggered by the collapse of the Soviet Union and the ending of the Cold War, or whether those forces were themselves the crucial drivers in the demise of the Soviet Imperium is beside the point. The reality Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED is that these forces have fundamentally altered the structure and processes of the international system, deeply affecting three of the old foundations: realism, the Clausewitzian view of conflict, and the deterministic perspective of Newtonian physics. At the same time, the fourth pillar that saw human decision-makers as utilitymaximizing, economically “rational” actors has also been undermined as a large body of empirical evidence has provided new understanding of human judgment and behavior that forces us to rethink dramatically our basic propositions about how humans make decisions. In addition, the emergence of multi-dimensional inter-related relationships, or perhaps more properly the recognition of the frequency and pervasiveness of these phenomena, has introduced another important set of changes that affects all of these others—how to deal with a world of interconnected complex adaptive systems. Therefore, the geostrategic environment in which our national security framework had been created has been modified in ways that strongly argue that older concepts of deterrence must now be rethought at a fundamental level. It was already clear to some scholars that a breakdown of the strict bipolar structure would certainly alter the “physics” of the system; and although most commentators seem to have agreed that uncertainty is increased, the full implications were not clear at the time, and twenty years later, those implications still remain unclear: “…Close scrutiny of the competing arguments reveals an important underlying assumption that competing sides accept, and an important underlying difference in the implications that have been drawn from that assumption. Both ‘schools’ assume that multipolarity induces uncertainty in the international system, while bipolarity induces clarity. But, Deutsch and Singer (and others) seem to assume that uncertainty provokes cautious behavior, while Waltz (and others), with equal plausibility, argue that uncertainty provokes reckless, or at least miscalculated, behavior. The two contending arguments, then, really are about how people with the power to wage war respond to uncertainty, and not about the effects of polarity at all.”102

1. Beyond the Realist Model From the Realist perspective, powers of the state historically rested on tangible factors; and, moreover, there was little question that “power” or “security” was the dominant motivation of states. Sovereignty was absolute and defined by physical 102 Bruce

Bueno de Mesquita, “Toward a Scientific Understanding of International Conflict: A Personal View,” International Studies Quarterly, (1985), 29, p. 131

UNCLASSIFIED control of territory, control of borders, control of the populace, and control of the domestic economy. One of the central features of the post-Westphalian international system was the exercise of exclusive sovereignty by the state, including sole jurisdiction over its territory and population, with a clear demarcation of domestic from international affairs. And, indeed, outside attempts to interfere with the exercise of authority over domestic affairs, including control of the instruments of power, were considered to be causus belli. Authority resulted from having effective control over the instruments of power and having the sanction of law (and law enforcement) behind one's actions. Command of state instruments and territory involved physical control of them; and concomitantly, control of the physical components underwrote legitimacy and sovereignty. Indeed, the test of sovereignty was the ability to exercise it; under the Westphalian system of nation-states, in turn, legitimacy was tied to effective control of a defined territory, its populace, and its wealth. Finally, the wealth that contributed to a state's power was derived from control of the traditional economic factor endowments—land, labor and capital—and these were all based on tangible natural resources. States, because of their control of territory and physical resources, as well as their authority to levy taxes, were traditionally the only entities capable of raising large-scale forces and thus held an effective monopoly over the conduct of war. The use or threat of physical force against tangible assets was, therefore, the traditional means of coercion; and in that world, weapons such as bombs and cruise missiles that could strike at the physical underpinnings of state power were effective instruments of national power.103 Now, however, each of the four pillars is in the midst of being transformed—power and influence tend away from the tangible assets towards the more abstract resources created by information and influence. Sovereignty is not absolute and is now limited in the forms of control it may exert over its domain; and much of that control is now exercised in less concrete ways. From the historical perspective of international law, authority of the state over its domestic affairs was unquestioned, and indeed inviolable until fairly recently, even in cases of flagrant abuses of its own citizens. In light of the historical absolutism on this issue, United Nations Resolutions 687 and 688 passed after the first Gulf War represented remarkable breaches of this hitherto sacrosanct wall. Subsequent interventions by the international community in Bosnia, Kosovo, East Timor, the Congo, and Darfur all point towards growing limits on how a state can treat 103 Cooper,

“Information Engagement,” p. 23.

UNCLASSIFIED its own citizens without outside interference. Increasingly, international treaties and agreements (and their institutional mechanisms such as the WTO and WIPO), limit how states can apply their laws, even domestically. Finally, transnational issues such as proliferation of weapons of mass destruction, terrorism, and arms trafficking have become concerns of “the international community” allowing it to place additional limits on state sovereignty. Thus, while sovereignty no longer provides an impermeable shield against pressures from the outside over what were formerly considered to be purely internal, domestic matters, at the same time these limitations on sovereignty and authority create significant “white spaces” for the conduct of inimical activities outside any state’s control. Those traditional powers of states have also been weakened by the forces of political democratization and economic liberalization. The state’s monopoly of the means of large-scale violence was a corollary of exclusive authority, reinforced by the very magnitude of resources necessary to wage war in the modern era. Where in the past there have always been individuals and private entities who possessed great wealth, such assets were tangible and at risk to seizure by states. The combination of great private fortunes and corporate wealth together with the “dematerialization” of financial assets represents a new set of conditions that further loosen state control. Many new actors in the international system now possess vast wealth, political power, and even substantial capabilities for lethal force, including state-level capabilities in communications, organization, weapons, outside of state influence and do not seem to be under the same type of effective control by states that was presumed to exist previously. The emergence of non-state actors with capabilities for large-scale violence, not only for use against domestic authorities but also for use against other states, is a relatively new phenomenon; but drug cartels, international terrorist networks, and large-scale insurgencies with these capabilities are facts of life. Historically states were responsible for controlling all activities undertaken on their territory, including hostile acts against other states. But with the weakening of state control and the diminishment of sovereignty, together with the growth of these lethal capabilities, however, also come claims by some states of a reduction in their responsibilities based on arguments that they are incapable of controlling such activities. Such claims are also now often extended with respect to groups like

UNCLASSIFIED “patriotic hackers” and cyber criminals that they are outside the control of their states.104 Within the international community, authority now has more to do with the ability to lead by example or exhortation than by pressure and coercion exerted within traditional alliances and blocs. But perhaps the most striking changes have affected legitimacy and wealth. One of the key impacts of democratization is that physical control of a populace without their consent does not necessarily confer legitimacy within the international community; and, in many cases, the means by which that control is exerted are no longer considered to be purely an internal domestic matter. Second, in many cases, much of a nation's wealth now resides in intangibles such as financial accounts, intellectual property, or services that flow through global networks and that are more difficult to control directly. As demonstrated in the case of Kuwaiti oil after the Iraqi invasion, even a state's physical control of resources may not confer an ability to use the assets in the absence of the intangible aspects of agreed ownership. Certainly the rise of important non-state actors, both sub-state and supra-state, calls into question many of the core tenets of the Realist model with respect to the central, if not sole, role of states as the actors on the international scene. At one end of the spectrum, the range of sub-state actors is wide, including both individuals and groups, such as political parties, non-governmental organizations (NGOs), private voluntary organizations (PVOs), informal organizations composing civil society, and even gangs and criminal enterprises. In the past, such groups usually operated domestically and could be accommodated within the realist model by assuming they influenced the decisions of the unitary state actor. However, while they may still affect state decisions, it is also apparent that many sub-state actors play direct roles internationally, often outside the control of and at odds with their nominal parent state. At the other end of the spectrum of non-state actors are a range of supra-national entities, including the UN and the EU, and also IGOs, IPVOs, an entire international civil society, and global terrorist-, drug-, and WMD proliferation- networks, that play a wide range of roles with effects both on the international stage and within states themselves. One common effect, however, is the recognition that these networks of interests can exercise influence in many venues and at many levels, crossing traditional boundaries 104 The

ancient term “outlaw” would seem to fit these groups quite nicely; and it should be remembered that not only were “outlaws” outside the sanction of law, they were also outside the protection of law and liege.

UNCLASSIFIED in ways that were difficult for formally constituted organizations. Clearly the ability to exploit such relationships is not new; but the explosion of transnational networks significantly expands the reach of such influence. “Non-governmental organizations (NGOs), too, have realized the power of connections.… In each of these cases, NGOs gained leverage over reluctant states. They formed transnational networks that multiplied their lobbying power and put their message on the agendas of international institutions.”105 In most cases, these organizations have generated vast transnational networks of interested entities, creating uncertain boundaries between state and governmental functions and interests, on the one hand, and private, commercial, and civil interests, on the other. Concomitantly, these transnational linkages and the interplay of interests across these previous boundaries have also helped to erode the once clear distinction between what constitutes domestic affairs, traditionally protected by sovereignty, and international affairs. For better or worse, the old realist perspective presumed that rulers acted in the interests of the state, with or without consent of its citizens; and, therefore, the international community historically accepted as legitimate (at least in legal terms) even miscreant authoritarian and totalitarian regimes. Their decisions on domestic affairs were respected, up to the point that outside powers were prepared to take such actions constituting interference that could be considered a causus belli. The new environment does not so easily accept such claims of sovereign privilege for decisions of regimes, even with respect to its treatment of its own population, nor does it necessarily honor the historic shield against outside interference. As a result, non-state actors now have a wide range of ways in which they can bring influence to bear on states and other actors, across a broad spectrum of issues, and within both domestic and international forums. Perhaps most importantly, these diverse groups now have the capability to make domestic issues a matter of international interest. Not surprisingly given the historical context in which Realism developed, the sources of state power and influence were primarily physical and tangible (land, labor, and capital being the traditional factors of production), whether measuring economic—

105 Anne-Marie

Slaughter, “America’s Edge: Power in the Networked Century,” Foreign Affairs, Jan-Feb 2009 (http://www.foreignaffairs.com/print/63722).

UNCLASSIFIED GDP—or military—size of army—power.106 However, as pointed out decades ago by Nye, Keohane, and others, power and influence also include the ability to effect milieu goals, develop standards and protocols, and create knowledge that become sources of attraction for others.107 But understanding this new context of multi-dimensional interests and influence is far more difficult due to the interconnectedness of networks and the fading of old boundaries. Mirror imaging, always an ill-fated practice even with “billiard ball” actors, cannot possibly capture the complex interactions produced by the new networks of influence acting on decision-makers, from within and without. Incorporating bureaucratic politics and organizational behavior in the decision calculus were only first steps in coming to grips with the implications of the breakdown of the unitary actor assumption.

2. The Changing Character of Peace and Conflict In the traditional international system, conflict concerned competition for power, influence, and prestige, most usually related to tangible physical resources. Traditional military conflicts were fought in, and usually over, the material domain in which tangible physical resources were the dominant consideration. Views on the nature of peace and conflict during the Cold War largely continued the post-Westphalian perspective that war would be a profound disturbance of the natural condition of stability. However, while “peace” in the traditional sense might no longer be the natural state of the system, an absence of open hostilities between the two superpowers was a tolerable substitute. Indeed, the adoption of “Containment” as the overarching American strategy can be seen as a powerful ratification of this stability perspective. In addition to changes in the structure of the system itself, both the nature of conflict and of our perception of its role within the system, has undergone significant alteration since the Cold War. In altering the foundational elements of the international system, these forces have effected a transformation of the post-Westphalian rules of the international system and of the pursuit of national power. This current transformation moves away from recognizing the nation-state as the sole actor in international relations and appreciates that physical resources and strength are not the sole or even necessarily

106 Even

the particularly English phrase “punch above its weight” reflects this correlation of power with physical traits. 107 Whereas Realists, as well as Clausewitzians, generally see power as the ability to compel, this perspective mirrors Lewin’s sociological perspective that “attraction” is more powerful. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED the primary determinants of international power. In turn, this transformation creates a new set of strategic conditions for the exercise of power in international relations—by states and others. Additionally, new issues on the international agenda—addressed also in the broadened set of national security considerations—have drawn a wider set of interested constituencies into the deliberations over foreign policy, diluting the roles of both governments and traditional foreign policy elites. If the traditional Clausewitzian perspective viewed war as a rational continuation of the pursuit of state interests beyond politics, the ultimate character of a nuclear conflict began to raise fundamental questions about the utility of war to pursue state interests, but at least there were still recognizable state interests in the traditional sense. Increasingly, however, conflicts since the end of the Cold War appear to be pursued less for power reflected in material objectives (land, labor, and capital) than driven by abstract goals of identity, ideas, and ideals, what we might call the “Three Ids.” The ethnic, historical, and confessional conflicts in Bosnia, Rwanda, Kosovo, and Darfur are illustrative of these new drivers for conflict that have re-emerged. These reflect a far more psychological set of goals, almost Maslovian in character.108 And although these objectives are less tangible, they are no less real as motivations for serious conflict. Moreover, they may well reflect a more modern view of what actually constitutes power and influence. Unfortunately, many such conflicts are now intra-state and intra-communal and spring from internal strains of ethnicity, nationality, and religion—forces that had been restrained, or simply ignored by the superpowers, throughout the Cold War.109 By continuing the practices of “industrial age warfare” in making economic assets, industrial workforces, and populations in general high priority targets, one aspect of our Cold War policy was a significant departure from post-Westphalian practice of distinguishing civilian populations from military forces and targets and legitimized committing large-scale violence against civilian targets. “Retaliatory strikes to destroy the adversary’s national power and retard his long-term recovery were considered to be legitimate military options, even considering the strictures of the Laws of War regarding 108 Abraham

H. Maslow, Toward a Psychology of Being. Princeton, N.J.: Van Nostrand Company, 1968. it is not evident that internal strains or even overt opposition fed by grass roots networks and cyber-enabled global communications are about to take down leaderships within authoritarian states, these states certainly demonstrate by their repressive responses serious unease in the face of these forces about their stability and control. However, these concerns can certainly provide opportunities for leverage and influence to affect regime decision-making.

109 While

UNCLASSIFIED necessity and proportionality given the stakes and the likely immense collateral damage from even those large-scale attacks constrained to military targets.”110 Power is likely to flow increasingly from ideas, rather than from physical resources. In an environment in which abstract factors have assumed a more important role in defining state power, power must be reassessed to include the role of information. The capability to shape perceptions, generate support, and dissipate opposition extends well beyond the traditional news media. The ability to affect preferences over foods, music, clothes, and computer software may be as important as news reports both because it plays a significant part in creating the wealth of links that underlie globalization and because those preferences create reference frames for individuals and societies. It is especially important to recognize that many of the critical capabilities for operations in these important domains not only lie outside the traditional military toolkit, but outside direct government control—or even influence.111 Such changes have further eroded the traditional forms of sovereignty and should lead to a different understanding of what sovereignty is and what it implies. With legitimacy, authority, and wealth also increasingly based on non-tangible factors that states find more difficult to control, there are now new sources of leverage within the international system. As wealth has increased throughout the world, moreover, conflict stems less from the need to control tangible assets necessary for bare survival, and more from struggles over ideas, ideals, and identity. In Maslow's hierarchy, human needs progress from satisfying tangible physical needs, such as food, shelter, and clothing, to intangible psychological demands such as belonging, esteem, and self-actualization; it is not difficult to suggest that needs of states and others are following a similar pattern of development. The emerging prevalence of struggles over identity, reflected in communal conflicts over ethnicity, language, religion, and race, rather than over physical resources, is a manifestation of the increased importance of intangible elements such as heritage, beliefs, ideas, and systems, and that have been given added impetus by the Information Revolution. During the Cold War, large-scale nuclear use could threaten civilization on a worldwide basis. With respect to such conflict, Taleb noted,

110 Cooper,

111 Cooper,

“Escalation Management,” p. 5. “Information Engagement,” p. 24-25.

UNCLASSIFIED “The twentieth century was not the deadliest (in percentage of total population), but it brought something new: the beginning of the Extremistan warfare—a small probability of a conflict degenerating into total decimation of the human race, a conflict from which nobody is safe anywhere.”112 While the likelihood of such a conflict has receded significantly with the end of the bipolar confrontation (and as the nuclear arsenals of the two super-powers have been substantially reduced), at the same time, the likelihood of conflict in general, albeit on a different scale and with a significantly different character, has increased. Given the overriding influence of that bipolar structure, in that environment the U.S. (like the Soviet Union) was able to categorize most states as adversary, friend or ally, or “nonaligned;” and those roles held broadly across a wide range of issues.113 Serious confrontations, less open conflicts, were rare among states that were not adversaries. In the old paradigm of international politics, peace, crisis, and conflict were considered to be distinct states, with conflict reached by a process of transitions from “peace” to “crisis” and then “crisis” to “conflict.” When these state transitions to crisis or conflict did occur, they marked a sharp “phase change” that affected all aspects of the relationship. Under those circumstances, the focus of the U.S. was on maintaining stability of the system and preventing transitions to crisis or open conflict as we dealt with the Soviets.

OLD PARADIGM Peace

Crisis

War

DIPLOM ACY

MILITARY OPERATIONS

LIC

LRC

MRC

NUCL EAR OPERATIONS

CRISIS MANAGEMENT TO PREVENT STATE TRANSITIONS WAS KEY CONCERN “CRISIS” BEGINS

“WARNING” OBTAINED

CRISIS

PEAC E

TRANSITION 1

WAR TERMINATION

COMBAT BEGINS

CONFLICT

TRANSITION 2

Figure 2: Old Paradigm

“Against the backdrop of the two massive nuclear arsenals that developed, our implementation of deterrence and our mode of crisis management—for both nuclear and conventional incidents—was designed to avoid the series of transitions from peace to crisis to confrontation to nuclear showdown. The U.S. far preferred preventing the 112 Taleb,

p. 225.

113 Relationships among

states, other than with the two super-powers, generally were far more varied and complicated, reflecting the need to balance among multiple interests and multiple relationships.

UNCLASSIFIED act of aggression itself—rather than having to respond to it—and thereby possibly triggering unwanted escalation to massive nuclear exchanges.”114 In that environment, because of concern over possible unintended initiation of crises and the potential for significant escalation, the U.S. had been very careful to avoid serious provocations with the Soviets and also to limit military activities and systems that could be construed ambiguously as threats by the Soviets.115 For example, the U.S. had generally been careful to limit non-strategic weapon systems that could be considered to have significant strategic capabilities.116 Moreover, to avoid serious provocations, both the U.S. and the Soviets tended to use proxies to conduct overt activities that were likely be provocative or confrontational, such as the use of Cuban forces in Africa in the 1970s and 1980s. After the collapse of the Soviet Union, many of the previous constraints on activist and interventionist behavior faded. For a short period many argued that the U.S. had assumed the role of “unipolar power,” or as former Secretary of State Madeleine Albright put it at the time, “the indispensable nation.” During this period, it became clear that the U.S. was the only nation capable of purveying valuable “public goods,” well beyond the role it had played during the Cold War. This role was no longer merely extending deterrence to allies and friends as part of containing the Soviet Union and its allies, but a much more far-reaching function of creating much broader milieu goals consistent with our understanding that increased security for the United States and others would flow from extending democracy and economic liberalization for all.117 Moreover, we believed, correctly or incorrectly, that such values were fundamental, universal, and widely desired; and some also believed that they represented an irreversible step in the evolution of the international system (if not mankind).118 While the traditional Cold War concern had been to try to avoid crises, given that it represented such a sharp transition with the potential for disaster, the emerging post114 Cooper,

“Escalation Management,” p. 4. Nuclear Revolution, p. 1. 116 This issue came to a head in the 1980s, first with the Soviet SS-20 IRBMs, then the U.S. deployments of Pershing II and GLCM in response, and finally with the Discriminate Deterrence Report of the Commission on Integrated Long-Term Strategy (CILTS) recommending consideration of long-range conventional strategic strike systems. 117 This was not an entirely new conception of U.S. interests and role. Although recognizing the constraints in practice, a similar position (in opposition to the Kissinger position of narrow realist objectives) was forward in 1974 by Secretary of Defense James R. Schlesinger in a speech to the Chicago Council on Foreign Relations. President Obama’s acceptance speech for the Nobel Peace Prize echoes many of these same themes, although in the context of multilateral action. 118 Francis Fukuyama, The End of History and the Last Man. (Fukuyama, 1992.) 115 Jervis,

UNCLASSIFIED Cold War environment created conditions in which more open confrontation could be tolerated or even be seen to present opportunities for shaping relationships using a wide range of instrumentalities of leverage—collectively known as “coercive diplomacy”—with far less danger of lighting an inextinguishable fuse to nuclear calamity. And more overt posturing, almost always with a military component, usually has been an inherent feature of this transition.119 Along with the breakdown of the bipolar structure marking the end of the Cold War, the relatively stable categorization of states into fixed roles also dissolved, leading to a very different set of relationships among states, usually with multiple interests being pursued in multiple channels of engagement. As a result of this fluidity, we have witnessed another crucial change in the evolution of the international system that has immense implications for national security policy, well beyond the implications for deterrence. This is the erasing of the clear distinctions between these states that existed during the Cold War; and as a consequence, we no longer see a clear transition barrier between the “Peace” and “Crisis” states, nor between Figure 3: New Paradigm “Crisis” and “Conflict.” Given the paradigm, which had been constructed during the Cold War, on which we still rely for warning, these changes carry important implications for the indications and warning (I&W) system and for response planning as there may now be little practical difference in signatures and cues from behavior among these different states. This problem is actually quite different than addressing ambiguous warning that complicated responses to warning throughout the Cold War. That problem of ambiguous warning explicitly recognized that both conditions and the character of the relationship were different in these two states, and that responses to stimuli also needed to be different, but distinguishing the transition between the two states might be difficult. Furthermore, under current conditions, we must simultaneously manage multiple states with concomitant differences in the quality of the relationship with each of our counterparties; and we must be able to alter behavior in some components of the relation without altering all aspects. 119 Cooper, “Escalation Management,” p. 31. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED

3. Impacts of Modern Physics Classical physics, even when dealing with dynamic bodies, presumed that the objects had unique, intrinsic, singular and unchangeable attributes. In classical physics, objects have inherent characteristics that are not situationally dependent, and an object can occupy only one state at one time. Moreover, these laws that governed systems were universal, stable, and predictable; they did not change depending upon the perspective of the observer. Newton’s Second Law establishes by commonly understood laws of proportionality; in the old world, if you wanted to achieve large effects, one applied large forces. However, since early in the 20th Century, scientists realized that Newtonian physics could not explain the very fast, in which relativistic effects dominate, or the very small, which is the realm of quantum mechanics. More recently, the burgeoning field of complexity—applicable in many domains—has also called into question many of the fundamental deterministic assumptions embedded in Newtonian physics.120 Although neither quantum mechanics nor Einstein’s relativistic physics replaced Newtonian physics, they bounded the domain in which it applied; and complexity adds another dimension of difficulty in many domains still considered to be governed by Newtonian assumptions. For thinking grounded in Enlightenment roots, the concept of relativity introduced one important but very uncomfortable change—that while physical laws must be the same within an inertial reference frame, they may actually vary across different reference frames; thus, the notion of “universal laws” was not quite so universal.121 Quantum physics, furthermore, introduced a whole set of “spooky” characteristics such as multiple simultaneous states, “action at a distance,” and indeterminacy, with which even Einstein was uncomfortable. One of the truly complicating concepts introduced by modern physics is that objects in the quantum world can occupy multiple states at the same time (the Schroedinger’s Cat problem).

120 An

excellent series of presentations highlighting the broad range of domains in which complex phenomena occur was prepared as tutorials for the National Academy of Sciences Keck Futures Initiative (NAKFI) Conference on Complex Systems, November 2008. < http://www.keckfutures.org/conferences/complex-systems/webcast.html > 121 Special principle of relativity: If a system of coordinates K is chosen so that, in relation to it, physical laws hold good in their simplest form, the same laws hold good in relation to any other system of coordinates K' moving in uniform translation relatively to K. – Albert Einstein: The Foundation of the General Theory of Relativity, Part A, §1 Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED Interestingly, however new these factors were in physics, such complications have always existed in human and social relationships. Humans are most usually entangled in multiple webs of relationships, and often play different roles and assume different personas within those frames. Throughout medieval times, with its complex feudal relationships, prior to the Treaty of Westphalia it was common for individuals to be confronted with multiple allegiances, shifting roles, and differing identities. It is only in the “modern” era of nation-states, where citizenship is defined by nationality, that attribution and identity of actors in the international system have been assumed to be straightforward, even if sometimes technically challenging (such as from submerged missile launches). In the new post-modern environment multiple roles can be assumed and personas will alter frequently, even if identity of an actor does not. Again, more like sub-atomic particles in modern physics, key attributes of actors may be highly interactive, changeable, and evanescent. Although uncertainty existed in the Newtonian universe, it was boundable and predictable, like a series of Bernoulli coin tosses; and more precise information about initial conditions would improve the predictability because the processes and interactions were well characterized and assumed to be stable. But quantum mechanics introduced a fundamental type of uncertainty that no amount of information could assist in removing: measuring one aspect could make it impossible to know another.

B. THE ARRIVAL OF COMPLEXITY Formally complex adaptive systems take this problem of uncertainty many steps further by exhibiting the property of “emergence” and often obeying different statistical laws than the common Gaussian distributions. Emergence, a key property of complex adaptive systems, means that the collective entity acquires characteristics that are not intrinsic to its individual components and often produces a behavior that is not predetermined by known equations governing these interactions.122 Fundamentally, complexity results from large numbers of independent elements interacting with each other in multiple possible ways; and one of the seminal books on complexity noted three distinctive characteristics of complex systems: spontaneous self-organization, adaptivity, and dynamism.123 122 Waldrop,

Complexity: The Emerging Science at the Edge of Order and Chaos. (New York: Simon & Schuster, 1992), p. 82. 123 Waldrop, p. 11. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED One likely cause for the increase in systems around us exhibiting complex behaviors appears to be a direct function of the growth that has been enabled by cyber capabilities and fueled by globalization; worldwide networked relationships have created interdependencies in physical infrastructures, worldwide commercial and financial webs, and social relationships. These networks rarely grow by detailed design or by following a prescribed architecture or plan; they evolve and continually adapt to conditions around them. “Cooperation leads to integration, and integration to the complexity we see in modern life;” and enabled by good communications and the ability to share information, integration feeds on itself to create even more interconnections.124 As Taleb said about the academic researchers and analysts (Watts, Strogatz, and Barabasi, among others) who have made “network theory” into a distinct discipline, “They all understand Extremistan mathematics and the inadequacy of the Gaussian bell curve. They have uncovered the following property of networks: there is a concentration among a few nodes that serve as central connections. Networks have a natural tendency to organize themselves around an extremely concentrated architecture: a few nodes are extremely connected; others barely so.”125 Networks clearly foster interactions, and the couplings (both feed-back and feedforward loops) among parts of networks and between networks are often not recognized until emergent behavior occurs. One consequence of complexity results from the property of emergence related to these linkages, that unexpected outcomes result from interactions among entities at many scales, creating behaviors that cannot be easily related to either intrinsic properties or the initial conditions; as a result, they appear to behave very unpredictably, as the classic cascade of a sand pile shows. Complex systems cannot be understood by examining the properties and behaviors of the individual components and then integrating their interactions—the reductionist approach of the traditional Baconian scientific method. Complex systems can only be appreciated as gestalt phenomena—by examining the system as a whole. Structures and processes that appear to be solid and stable can change rapidly as a result of emergent behavior, undergoing an instantaneous “phase change” seemingly unrelated to the magnitude of the force that triggers the change. This {the nature of complex systems} requires acknowledging that systems often viewed in the past as stable entities that need significant 124 Pennisi, 125 Taleb,

Science, p. 1196. p. 226.

UNCLASSIFIED shocks to disintegrate are just as often veined with many minute and there fore largely unseen fault lines that can be activated by very small disturbances. The fact that these small disturbances (physicists call them "critical states") exist and can power fully impact world events has innumerable implications for intelligence work, but at the very least it requires that we have the patience to let intelligence officers pursue very small leads and gather data on seemingly unimportant, tiny fault lines.126 There is one extremely important implication of this increasing interconnectedness of the infrastructures on which we now depend, cyber among them: that while these networked infrastructures have increased overall economic welfare, they are subject to large-scale and unpredictable disruptions that can have major impacts on our lives.127 “A similar effect [a small probability of extreme event] is taking place in economic life.… globalization… is here, but it is not all for the good: it creates interlocking fragility, while reducing volatility and giving the appearance of stability. I other words, it creates devastating Black Swans. We have never lived before under the threat of a global collapse. Financial institutions have been merging into a smaller number of very large banks. Almost all banks are now interrelated. So the financial ecology is swelling into gigantic, incestuous, bureaucratic banks (often Gaussianized in their risk measurement)—when one falls, they all fall.”128 Accompanying the other consequences of complexity, moreover, is a basic change in the nature of uncertainty that complicates our ability to understand these phenomenologies. Unlike the usual Gaussian distributions with which we are familiar, complex systems possess “fat tails:” they exhibit more extreme events, and larger ones, that we are used to expecting, leading to “the rise of the black swans.” Moreover, they often obey power laws that feed their non-linear reactions. As a result, unlike Gaussian statistics where the bulk of variation occurs in the central body of the distribution and where the uncertainty is itself predictable, these distributions create what Taleb calls a Type 2 uncertainty, where the randomness comes from a small number of extreme events. This type of randomness is inherently unpredictable.129 Decision-makers facing choices in complex situations exhibiting such Type 2 uncertainties are likely to be more risk averse—given the Ellsberg paradox that perceived risks increase as the uncertainty

126 Medina

and Fisher, p. 15-16. Sheffi, The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage, (Cambridge, Mass: MIT Press, 2005. 128 Taleb, p. 225. 129 Nassim Nicholas Taleb, “The Black Swan: Why Don’t We Learn that We Don’t Learn,” Highlands Forum 23, Las Vegas, November 2003, p. 19. 127 Yossi

UNCLASSIFIED increases, even where the expected value of the outcome remains the same, and more cautious—given the implications of Prospect Theory. Thus, we have come a long way from a world where expectations and reference frames were shaped by a Newtonian perspective on the universe, including universal laws, deterministic physics, and predictability. That Enlightenment universe was tailormade for how humans prefer to think; this was a world presumed to be fundamentally knowable through rational thought and the reductionist approach of Bacon’s “Scientific Method” to analyze the pieces in order to understand the whole. Taleb highlighted our tendency to “…rule out the extraordinary and focus on the ‘normal,’” including things that can be precisely quantized and treated algorithmically.130 “When these ideas and crisp constructs inhabit our minds, we privilege them over other less elegant objects, those with messier and less tractable structures…”131 We brought these perspectives to our epistemology and instantiated them in the models often used to describe and analyze complicated systems—whether physical or virtual, whether mechanical systems or social ones. Thus, in economics we came to believe that highly mathematical abstractions could capture the predictability of “economically rational actors.” “The result was a new orthodoxy, known as "rational expectations," that still dominates, underpinning everything from the way pension funds invest to how financial analysts put values on securities. Among its main branches is the idea that markets are "efficient," meaning that even an uninformed investor can get a fair shake, because the price of any security tends to reflect all available information relevant to its value.”132 As a result of the recent catastrophic events in the financial world, we are seeing a shift from an “economic focus” to “finance focus,” supposedly a recognition of a fundamental change in drivers, and motivations. As a former Federal Reserve governor was quoted, "We could be looking at a paradigm shift… ".133 However, one of the clearest intrusions of complex systems and phenomena has been into finance and economics; and consequently even new models based on a finance focus are no more likely to capture the emergent and unpredictable properties than those built from the 130 Taleb,

p. xxiv. p. xxv. 132 Mark Whitehouse, “Crisis Compels Economists to Reach for a New Paradigm,” Wall Street Journal, November 4, 2009. 133 Frederic Mishkin, now a Professor at Columbia University, cited in Whitehouse, op. cit. 131 Taleb,

UNCLASSIFIED economic focus. They are simply too often inappropriate for understanding formally complex phenomena. As noted in a recent Studies in Intelligence article by two experienced intelligence analysts, “Lesson 6: The complexity of the modern world is overwhelming our existing intellectual and informational models. “The modern economy with its complex financial instruments— derivatives, credit default swaps, and other exotic investments—became too unwieldy, too complex for anyone, even the ‘experts,’ to understand. No amount of number crunching by economists using current analytical and informational techniques would have allowed them to anticipate fully what was happening. They did not fail to execute; they failed to understand. {Emphasis added} “We too are in danger of failing to understand. Our rule-based and single-method approaches are adequate for tackling orderly problems but fall short in terms of helping us master the chaotic ones—yet we continue to ignore that chaotic problems do exist and profoundly affect our world.”134 In this world of complex adaptive systems rather than try to forecast, it is better to continually probe, test, observe, modify, and adapt since many behaviors are likely to be emergent, not predictable from initial conditions.135 As argued by two researchers deeply enmeshed in the study of complex systems about a new conceptual approach to these phenomena, “We begin by questioning the universality of three basic assumptions {the assumption of order, the assumption of rational choice, and the assumption of intentional capability} that pervade the practice and to a lesser degree the theory of decision-making and policy formulation in organizations.… “This paper contends that although these assumptions are true within some contexts, they are not universally true. We also believe that in decision-making at both policy-making and operational levels, we are increasingly coming to deal with situations where these assumptions are not true, but the tools and techniques which are commonly available assume that they are.”136

134 Medina

and Fisher, “Lessons from the Economic Crisis,” Studies In Intelligence (SII), VOL 53, No 3, Sept 2009, p. 15. 135 See Dawn R. Gilpin and Priscilla J. Murphy, Crisis Management in a Complex World, (New York: Oxford University Press, 2008) for an extended treatment of the implications for public sector decisionmakers dealing with crises fostered by complex phenomena. 136 Cynthia Kurtz and David Snowden, “The New Dynamics of Strategy: Sensemaking in a Complex World,” IBM Systems Journal, Vol. 42, No. 3, 2003, p. 462. Snowden was formerly the Chief Scientist, IBM UK. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED The table below highlights some of the critical differences in key properties between the old world based on Newtonian physics and the environment around us that is a product of modern, if not “post-modern” physics. Table 1: Key Differences of Post-Newtonian Physics Characteristic

Newtonian

“Post-Newtonian”

Paradigm

• mechanical (“Clockwork universe”)

• ecological

System

• stable

• evolving

Key Focus

• materialistic

• informational

Dominant Properties

• mechanical

• quantum

Response to Stimuli

• proportional

• non-linear

Laws

• deterministic

• probabilistic • indeterminate

Statistics

• Gaussian

• power laws and Black Swans

Validity of Laws

• universal

• within reference frame

Future State

• predictable

• emergent

State of Knowledge

• knowable

• fundamental uncertainty

Controllability

• yes

• no

Mechanism for Optimization

• a fortiori optimization

• real-time adaptivity

Mode of Knowledge

• rational

• complex

Method of Understanding

• reductionism

• gestalt

UNCLASSIFIED

IV. IMPORTANT ASPECTS OF THE NEW CYBER-ENVIRONMENT 137 Unlike the world constructed on those four Enlightenment pillars to which we were accustomed, the new cyber environment reveals some significantly different properties, with crucial implications at several levels—physical, economic, military, and political. Cyber is clearly a child of modern physics, owing more to Bohr, Einstein, and Heisenberg than to Newton; in physical terms, cyber operates at the speed of light, is non-tangible, reproducible, and scales easily. In economic terms, it often generates increasing returns to scale, is non-rival, provides high leverage, and exhibits winnertake-all properties. Politically it tends to undercut hierarchies and favor networks. And with respect to the military, it favors replacing largely previously autarchic systems with technologies and products from and intertwined with the commercial sector.

A. SOME KEY CHARACTERISTICS Older information technologies—including scribes, printing presses, phonographic records, audio and video tapes, and photographic reproduction—all relied on analog, mechanical or physical replication in which quality degrades (or perhaps more accurately, in which duplication is never exact) as more copies and subsequent generations are made from an original. With digital technologies, however, exact replicas can be produced without regard to the number of copies produced or to the generation number of the copied source material. Digital technologies offer a priceless advantage through real-time error correcting codes and the counterpart capability of “lossless” compression for infinite copying or retransmission without losing the original quality. However, exactly because digital information is changeable, information in digital form can also be manipulated at will. Continuing long-term trends, every two years or less the speed of silicon processors doubles and storage costs decline by half; every five years compression efficiency improves at least by a factor of 30; and speed and volume of transmission capability continue to increase rapidly for both local and global users. As a result, digital microelectronics technologies have exploded across the entire spectrum of information activities, from quantized digital sensors, to digital communications, to digital

137 Much

of this section has been abstracted from Cooper, “Infosphere,” and updated as necessary.

UNCLASSIFIED processing and archiving of information, and now increasingly as means to display dynamic information.138 Perhaps a less noticed but absolutely crucial aspect of the new digital technologies is the fundamental reshaping of communications architectures and that this results in changing the ways we think about them. Unlike the older public switched telephone networks (PSTNs) with dedicated and predictable stable circuits, in these new networks, even within a message, “Transmission paths are stochastic—they do not rely on fixed links or even deterministic paths—and present dynamic system topologies.” As the earlier paper went on to highlight, “Even the important metaphors in communications are changing; increasingly common is the “handshake,” recognizing that a two-way, synchronous duplex communication path has been opened that will enable “conversations” rather than one-way broadcast transmissions of messages or orders.… Traditional military communications architectures, often designed primarily for one-way transmission of orders and asynchronous responses, relied either on classic hub and spoke, ring, or star topologies for point-to-point information distribution or on broadcast approaches for reaching mobile units; but these approaches were not without serious problems. Classic link-to-link networks employed distribution hubs, such as central switching systems, in order to minimize the total number of individual links and circuits and, therefore, the cost and complexity needed to interconnect any two parties within the network.… At the same time, however, these architectures introduced significant vulnerabilities due to the existence of the hubs, which created concern for the survivability of limited numbers of “critical nodes.”139 Within the digital domain, voice, text, video, or numbers are basically all the same— simply data; digital data streams are not context sensitive, and the form of the medium is not affected by the character of the material being transmitted. Digital transmission is relatively cheap and quick, can be compressed far more easily than analog data, and has inherent data correction capabilities; and, moreover, the ability of digital signals to be accurately transmitted even over analog channels multiplies its utility and applicability. Advanced digital technologies allow high quality multiplexing which substantially increases channel capacity without loss of data quality or integrity; and digital transmission makes even voice radio communications truly two-party duplex 138 One

of the less appreciated aspects of digital information is the result of dynamic updating and annotation capabilities that make archiving complicated and version control very difficult. It can significantly affect security procedures necessary for information integrity and communications authentication. 139 Cooper, “Infosphere,” p. 49–50. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED telephony. Moreover, the previously separate global networks for primarily landbased, fixed users (telephone and internet) and those serving mobile users from satellite and terrestrially-broadcast radio-frequency communications (HF/UHF radio and TV, cellular telephone, and satellite direct broadcast) are now rapidly converging into an interconnected web serving all users; and the effects of this converged infrastructure can be expected to exhibit increasingly complex properties. These new information and communications capabilities have helped to create a truly global information infrastructure and a common shared environment in which traditional notions of geography and spatial separation are far less important; geographic distance no longer implies time delays in communication between any two points.140 The phenomenal growth of the Internet, among other drivers, has highlighted the altered topology of the new information environment—one in which borders, distance, and duration of usage are no longer a useful measure of cost impact on service. This factor also reflects the reality of a fundamentally different economic structure or paradigm for digital information technologies. While it was previously believed that marginal cost differences from new users would pale in comparison to the immense fixed costs of creating the basic service network at a defined quality of service level,141 in retrospect that judgment was overly optimistic. Although the information generates increasing returns to scale, the cyber infrastructure itself is a network of physical systems that continue largely to obey the laws of classical economics, with increasing marginal costs. The original judgment was basically true for the transmission backbone, especially as fiber and highly-multiplexed, highly-coded satellite transmission capabilities developed; for distribution to end-users, however, the argument failed in large part due to not fully comprehending the immense costs of “the last mile problem.” Two sets of implications must be considered in assessing the economics of digital information—impacts on both the supply and demand sides. On the supply side, with the advent of modern information technologies, the costs of gathering and processing information, rather than the costs of physically disseminating it, now dominate the economic calculus. This may be an important reason behind information overload, since high costs no longer force selectivity in data production and distribution. On the

140 For example,

many UAV operations over Afghanistan are controlled directly from the Continental United States (CONUS). 141 Cooper, “Infosphere,” p. 28. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED demand side, modern processing, correlation, and fusing capabilities may make the demand curve positive as well, at least over a large segment of the user base. The ability to search selectively through huge academic corpuses and to have tailored streams brought to one’s desktop seems to have changed the way people find, interpret, and understand information about the world.142 The ability to inexpensively collect, process, and fuse allows “piecing the mosaic together;” and, therefore, previously unusable, if not useless, discrete pieces of data can be converted into useful information in the aggregate. This novel capability clearly has important impacts for information users and for increasing appetites for nearly infinite amounts of data.143 With all of these changes, and especially given the emphasis on the virtual properties of the cyber domain, it is critically important to recognize, as the Lewis paper reminds us, that the physical infrastructure for cyber has been paid for, is operated by, and is owned by specific entities. Moreover, those physical assets, although they create a global-straddling virtual “cyberspace,” are still located in real places and subject to the laws of those countries. “Cyberspace is not the high seas. Sovereign control exists for all of the networks that a cyber weapon may use to reach its target – even though this control may last only a few milliseconds. National sovereignty applies completely to cyberspace, even if nations have not always chosen to assert it. There is no moment when a collection of bits moving from one computer to another is not actually on a network that someone owns and that is physically located in a sovereign state. The exceptions might be undersea cables or satellite transmissions, but transmissions over these systems still takes place on a facility where the owner is subject to a nation and its laws.”144

B. SOME IMPORTANT IMPLICATIONS As the earlier paper noted, one important consequence of these new characteristics and capabilities, is that information is now increasingly seen as a factor of production and product in its own right. Indeed, information itself has acquired actual value; as one leading commentator pointed out:

142 Nicholas

Carr, “Is Google Making Us Stupid?” The Atlantic, July/August 2008. have suggested that this factor portends fundamental changes how science is conducted. See Chris Anderson, “The End of Theory: The Data Deluge Makes the Scientific Method Obsolete,” Wired Magazine, 16.07, 6/23/08. 144 Lewis, p. 3. 143 Some

UNCLASSIFIED “It is only in the past two decades that we have come to realize that information has taken on a new character, that it has passed from being an instrument through which we acquire and manage other assets to being a primary asset itself. Until very recently, for instance, commentators referred to our society as a post-industrial, service-based economy, descriptions that accept the idea that information industries were becoming more and more important but that still failed to recognize the emergence of information as a commodity, now calling out for protection and definition of ownership rights.”145 Another important consequence of these characteristics is the increasingly intertwined nature of the “infosphere;” this also means that there are no impenetrable boundaries between nations or domestic domains; and this loss of geographic reality has exposed the formerly safe rear areas of the nation’s domestic infrastructure. One important corollary is that there are no sanctuaries; even secure rear areas are now as exposed as front-line forces to information attacks by opponents. Moreover, distinctions between military and commercial functions are increasingly meaningless when over 95% of defense messages move over the public networks, when just-in-time logistics for forces engaged in combat reach back directly into contractor facilities often operating on the open Internet, and when commercial contractors provide real-time communications and analysis services in support of on-going military operations. A perhaps lesser-noticed, but important, impact of the transition to informationenabled just-in-time production and on-line transaction processing is that previous distinctions between historical and current information have also become meaningless. These new real-time systems often rely on data stored in accessible archives, making corruption of archival data just as critical as corruption of real-time data streams; and this creates an entirely new set of information security concerns.

1. Public Goods and Shared Resources As the earlier paper noted, digital information exhibits three strikingly different properties than its analogue counterpart: “Information breaks many of the traditional rules that apply to other critical national or commercial resources, for it appears to generate increasing returns to scale. Unlike natural resources, information has declining marginal costs of production (meaning creation and dissemination); with new technologies, dissemination costs per additional 145 Anne

Wells Branscomb, Who Owns Information? (New York: Basic Books, 1994), p. 1.

UNCLASSIFIED user are low versus the initial “first copy” costs, and will steadily decrease as more bandwidth and local storage become available at low cost.… Moreover, like money, information is rarely destroyed by use (although use can reduce information’s future value by making it less exclusive).146 Perhaps the most important characteristic of digital data is that it is manipulable and rapidly accessible. It can be reproducibly altered by algorithmic transformation and displayed in a wide variety of formats and projections, each purpose-built to conform to user needs, and therefore adding value for one user without, in the process, reducing value for others.”147 There may be a particularly wide divergence between the monetary and social costs of information, on both the positive and negative sides of the ledger. Fueled by rapidly and sharply falling replication and dissemination costs information is becoming a public good. There are significant aspects, creating both benefits and costs, of digital information capabilities that are difficult to measure solely in narrow financial terms. Real-time information exchanges create “conversations”—collaborative ventures in which information is not only shared but also created or increased—on which commerce, finance, and culture are increasingly reliant.148 These conversations benefit both parties, generating value by transforming capabilities enabled by information. In a period of dramatically declining information prices, the most significant costs of information use are opportunities foregone; the real cost-imposition is on the attention of the user at the point where the amount of information available begins to strain the limits of human ability to assimilate information. As one keen observer of information commented, “wealth of information creates poverty of attention.”149 “The differences between creating and disseminating information and doing the same for other goods suggest that, in economic terms, information may be a public rather than private good in many cases. A public good is one that is both non-rival and non-exclusive. A non-rival good is one for which the marginal costs imposed by additional users are zero (although the marginal costs of additional production may still be positive); and unlike the problem of a “shared commons,” use by one party does not diminish another’s opportunity for use. A traditional example is that of a lighthouse, which, once constructed, can be used by 146 Information

also resembles money in that it can be used more effectively if it is used more quickly—a fixed stock of information can be leveraged if its “velocity” of use can be increased. For example, the more efficiently an archive’s information can be retrieved, the more valuable a resource the archive is. This suggests a need for some measure of the “liquidity” of information. [fn in original] 147 Cooper, “Infosphere,” p. 18. 148 See Keith Devlin, Goodbye, Descartes: The End of Logic and the Search for a New Cosmology of the Mind (New York: John Wiley and Sons, Inc., 1997). 149 Professor Harold R. Varian, “The Information Economy,” Scientific American, September 1995, p. 200. (Varian is now Chief Economist of Google, Inc.). Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED any number of ships without imposing additional costs on either the operator or users. A non-exclusive good is one which people cannot be prevented from consuming—in this case the traditional example is national defense, which, once “produced,” protects everyone within a country’s borders, rather than only those who choose to pay for it. Unlike private goods whose benefits are fully appropriable by the creator or seller, the benefits from public goods can rarely be directly captured, or appropriated, by the producer, thus creating large “externalities” that distort and complicate assessment of benefits and utility. This handicap of public goods means that charging people for the use of such goods is very difficult, since there is no way of making use conditional upon payment.150 Society as a whole benefits from greater information use, especially from efficiencies created and widespread sharing of knowledge. Lower gathering and transaction costs also leads to the ability of information to facilitate or enable new modes of collaboration and coordination such as virtual communities and global supply chains, and these fundamentally alter existing organizational arrangements and economic factors defining “efficiency.”151 As these new efficiencies spread, overall welfare is significantly enhanced. “As a public good is typically used much more than it is paid for directly by its users, the social benefits of production tend to far exceed the benefits that actually accrue to any private producer. Moreover, society’s overall welfare is maximized by its widespread use even though no one supplier may be able to profit. Inevitably, then, the good will be underproduced from society’s point of view, for the producer will only produce at the level where the costs of production equal his own benefit, rather than society’s benefit. This inefficiency is called a market failure; although society’s utility would be maximized at a high level of production, the market fails to provide the good at that level because it has no way of rewarding the producer.”152 However, while information may be a public good, the infrastructure still depends on resources that are both rival and exclusive and is, therefore, not a public good but rather a type of “commons”—similar to shared natural resources. “We use the term common-pool resources (CPRs) to refer to resource systems regardless of the property rights involved. CPRs include natural and human-constructed resources in which (i) exclusion of beneficiaries through physical and institutional means is especially costly, and (ii) 150 Cooper,

“Infosphere,” p. 21. example, John John Seely Brown, “Creation Nets: Harnessing the Potential of Open Innovation” April 2006. 152 Cooper, “Infosphere,” p. 21. 151 See, for

UNCLASSIFIED exploitation by one user reduces resource availability for others (13). These two characteristics—difficulty of exclusion and sub-tractability— create potential CPR dilemmas in which people following their own shortterm interests produce outcomes that are not in anyone’s long-term interest.”153 Unfortunately, the cyber domain is subject to the same problems that can afflict all commons; as Lewis noted: “Cyberspace is best seen as a "pseudo commons," a space where owners have granted the right of way to any and all traffic as long as it does not impose costs or damage upon them. There are a host of “interconnect” agreements5 that give the illusion of a commons. Under current interconnect rules, traffic is allowed to pass from nation to nation without inspection or confirmation of identity. This passive approach to sovereignty results from political decisions to defer to commercial agreements on interconnection among networks (and the reasons for this are a combination of ideology and commercial concerns).”154 The cyber domain, therefore, encompasses two quite different types of networked relationships. First, connectivity in the physical and logical layers of the infrastructure creates networks that have interdependent characteristics but rely on the classical economic characteristics of the physical infrastructure. Second, connections in the informational layers create virtual relationships and disseminate information, and these appear to exhibit network characteristics. Thus, the cyber itself domain is a unique hybrid regime of physical and virtual properties and it requires that we acknowledge its special characteristics, which are quite different than those of the common physical world with which we are familiar. As a result, the cyber infrastructure generally exhibits classical economic characteristics of increasing marginal costs in terms of providing additional bandwidth and accommodating incremental users; on the other hand, the information itself appears to generate increasing returns to scale. This complex hybrid regime has important implications for decision-making, and therefore, for cyber-deterrence, as will be discussed in Section VI.

153 Elinor

Ostrom, Joanna Burger, Christopher B. Field, Richard B. Norgaard, and David Policansky, “Revisiting the Commons: Local Lessons, Global Challenges,” Science, VOL 284, 9 April 1999, p. 278. (Subsequently cited as Ostrom, et. al., “Commons”) 154 Lewis, p. 3. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED

2. Emerging Vulnerabilities Combined with our growing dependencies on information and the cyber infrastructure that carries it, societies are increasingly vulnerable to potentially largescale systemic disruptions. As the earlier paper highlighted, A third important consequence results from our Faustian bargain— concomitant with acceptance of the information revolution is the emergence of a collective national infrastructure encompassing electricity, telecommunications, oil and natural gas, freight transportation, air traffic control, and other systems. This infrastructure is increasingly reliant on real-time scheduling and processes and is fully integrated into a national information infrastructure that is, in turn, increasingly integrated with a global information infrastructure. Moreover, these systems are often monitored and controlled remotely through system control and automated data acquisition (SCADA) systems that are themselves networked telecommunications systems tied into the same potentially vulnerable infrastructures. These trends are producing a system that is increasingly efficient;155 but it is stable only in its dynamic configuration and may not degrade gracefully.… The obverse is that there is also an increasing loss of direct control over and understanding of what a physical system is doing when the computer systems act as intermediaries between the operator’s perceptions and the physical reality.… Moreover, these complex software-dominated systems present real problems in testing and validation.156 Finally, as highlighted in the earlier paper, one other important change is worth emphasizing: the new information technologies are enabling us to take tools, machines, and systems that could formerly only be operated by expert “masters” with finelyhoned expertise, and make them usable—as appliances—by individuals without specialized training or capabilities. This has both good and bad implications. Unlike the civilian world in which the telephone was designed for usability by almost anyone, the military has traditionally favored functionality over usability and has been prepared to support the specialist corps or cadres necessary to use complex equipment. The ability to dispense with specialists, however, also means an increasing ability to flatten hierarchies and remove the intermediate layers composed of specialist controllers and 155 Several

recent studies indicate, for example, that the low U.S. domestic savings rate is compensated for by a much higher rate of capital productivity than Germany or Japan. See “America’s Power Plants,” The Economist, 8 June 1996, p. 82. 156 Cooper, “Infosphere,” p. 29. See David L. Parnas, foreword to Digital Woes, by Lauren Ruth Wiener (Reading, Mass.: Addison-Wesley, 1994), pp. ix-xiii. Also see Judith Hurwitz, “Testing the Untestable,” Computerworld Client/Server Journal, February 1996, pp. 30–31. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED managers. This does tend to improve efficiency. However, as that paper noted, the resulting disintermediation has had diverse effects, ranging from managers answering their own phones to analysts doing their own desktop publishing; the specialist, in turn, has now often become not a “doer” but an advisor to those who replaced him.157 One of these effects is, however, not so benign; the widespread availability of “ready-to-use” malware and software for botnets now allows amateurs and script kiddies to stage very sophisticated and large-scale cyber exploits formerly requiring expert knowledge and significant resources. Beyond this, the widespread exchange and trafficking in cyber attack capabilities vastly increases the numbers who can emerge as serious cyber threats. Importantly, in the cyber domain attacks can be staged from the informational realm, where the marginal costs of producing and disseminating information is near zero, against the physical realm, where resources for the infrastructure are both rival and exclusive and do show increasing marginal costs. Thus, large-scale spam and other DDoS attacks create dysfunction in the physical networks and impede communications and the flow of useful information; like Gresham’s Law, cheap information drives out more valuable products. The old environment with its assumptions about unitary actors and physical resources presumed, with some reason, that authorities, responsibilities, and capabilities were coincident. The cyber domain, however, presents a fundamentally different picture of divided powers, with important constraints on the ability to decide and act. In many cases, both domestically and internationally, governments have fewer legal authorities over information systems and cyber infrastructures, although they can still exercise legal authority over the physical components resident in their territory. Moreover, not only governments but also corporate and individual users increasingly grapple with the problem of divided responsibilities, with no party seemingly having end-to-end responsibility for operation of the system; but governments are likely to carry the responsibility, at least in the public eye, for catastrophic failures. Finally, unlike traditional national security domains, governments (especially in the U.S.) control far fewer of the technical and physical capabilities than they did with more classic instruments of military power.

157 Cooper,

“Infosphere,” p. 27–29.

UNCLASSIFIED These novel combinations of characteristics stemming from cross-regime hybrid properties, on the one hand, and divided powers, on the other hand, have significant implications for protection of cyber systems and information not yet fully appreciated nor addressed in planning.

Table 2: The Changing Logic of Deterrence: Implications for Cyber-Deterrence

Traditional Deterrence Postulate

Old System Condition

New System Condition

“Networked Deterrence” Postulate

• Only states are key actors

• “States” hold monopoly on large-scale force

• Range of actors possess largescale lethal force

• Non-states are key actors as well

• Two-sided, zerosum game with autarchic state actors

• Bi-polar competition among peers

• Multi-polar, with actors at multiple levels

• States seek to maximize power

• Key actors may have range of objectives

• Multi-sided, mixed-motive games between actors with social preferences

• Only states need to be deterred

• Only other states can threaten state power

• Non-states hold can threaten states as well as other important equities

• A wide range of actors need to be deterred

• The physical attributes of state power can be “held at risk”

• Power and influence result from tangible physical capabilities

• “Soft power” as is key aspect of power

• Value in networks can be affected

• Power and influence based on networked connections

• All actors have value that can be “put at risk”

• Physical aspects of state power can be targeted

• Webs of influence can affect behavior • Networks can be targeted and

UNCLASSIFIED influenced • States are responsible for all activities within their borders

• States exercise absolute sovereignty and control

• States are responsible for national security and defense of critical targets

• States possess full authorities for defense

• State sovereignty not absolute and control may be absent

• Many states cannot enforce control within their borders • Some states claim lessened responsibility

• States may not possess authorities or capabilities for defense of critical targets

• Protecting critical targets is a shared responsibility

• Individuals and others should have responsibilities for protecting their equities • Suzerains are responsible for activities of subordinates and surrogates

• States have responsibility/ liability for activities nominally under their control

• States often claim “lack of control”

• Shared sense of catastrophic consequences

• Potential apocalypse from nuclear confrontation

• Uncertainty about catastrophic consequences from cyber use

• States disclaim responsibility/ liability for activities nominally under their control

• Difficult to ensure responsibility/ liability for activities of subordinates and surrogates

• No evidence of shared sense of catastrophic consequences

• Uncertain degree of concern about cyber • Nuclear weapons have defined but limited uses

• Operational utility of nuclear weapons open to question

• Cyber appears to be operationally usable instrument

• Nuclear weapons had “existential” capability

• Not clear that cyber has “existential” impact

• Cyber capabilities infused throughout military and civilian sectors

UNCLASSIFIED • Decision-makers are classically rational

• Decision-makers assumed to be utilitarian, with “homo economicus”

• Individuals have social preferences

• Calculus has stable deterministic game-theoretic outcome

• Decision-makers have stable objectives

• Decision-makers have multiple objectives with varying preference patterns

• Calculus has multiple nondeterministic outcomes

• Calculus of deterrence is complicated but tractable

• Effects are deterministic and predictable158

• Hybrid character of cyber introduces two different perspectives

• New calculus of deterrence is complex

• Deterrence measures have predictable effects

• “Billiard-ball” model of interactions and closed-form game-theoretic assumptions suggest predictability

• Complex relationships and interactions dominate influence networks

• Complexity denies predictability of effects

• Recognize warning cues of state transition

• Clear transitions from “Peace” to “Crisis” to “Conflict”

• Parallel states of cooperation, competition, and conflict

• Manage the balance of preference patterns

• Prevent the transitions

• Cognitive processes affect decision-making

• Decision-makers behave in complex, often unpredictable ways

• Each state has own preference pattern

C. RECONCEPTUALIZING THE PROBLEM OF CYBER-DETERRENCE Because the combination of nuclear weapons and deterrence became the cornerstone of American security policy in the late 1940s, it is probably common, but ahistoric, to treat deterrence as if it sprang forth along with our nuclear arsenal.159 It is also unfortunately common to view specific features of nuclear deterrence doctrine as 158 Assuming

a large n event. treatment of deterrence is a good illustration of the “availability heuristic” noted by Kahneman and Tversky, one of the classic impediments to judgment and decision-making.

159 This

UNCLASSIFIED defining deterrence in general and then attempting to apply these features to cyberdeterrence.160

1. Some Background Thoughts on Deterrence and the Cyber Domain Deterrence—and even many of its modern manifestations—is not a new concept and its use long pre-dated nuclear weapons. Indeed, the Roman adage, “Si vis pacem, para bellum (If you want peace, prepare for war),” should remind us that the concept of deterrence has been part of statecraft and military strategy for millennia.161 Being perceived as prepared and willing to fight was seen as one way to assure that conflict would not be necessary. In another book, Luttwak goes on to remind us that, “…Above all, the Romans clearly realized that the dominant dimension of power was not physical but psychological—the product of others’ perceptions of Roman strength rather than the use of this strength. “The siege of Masada in A.D. 70–73 reveals the exceedingly subtle workings of a long-range security policy based on deterrence.…The entire three-year operation, and the very insignificance of its objective, must have made an ominous impression [especially in light of the commitment of an entire Roman legion, author’s note] on all those in the East who might otherwise have been tempted to contemplate revolt: the lesson of Masada was that the Romans would pursue rebellion even to the mountain tops in remote deserts to destroy its last vestiges, regardless of cost. And as if to ensure that the message was duly heard, and duly remembered, Josephus was installed in Rome where he wrote a detailed account of the siege, which was published in Greek, the acquired language of Josephus, and that of the Roman East.”162 As with the destruction of Carthage, essentially an ancient version of “Massive Retaliation,” the pitiless siege of Masada was clearly designed to communicate to all challengers the Roman willingness and capability to face down adversaries and see conflicts through to whatever bloody ends were necessary to ensure victory. Not surprisingly (since the Romans essentially waged industrial-style warfare), this kind of total war (and with absolute war aims) was a precursor of the mass industrialized warfare of the late 19th and 20th Centuries that generally devastated losers and often bankrupted the winners.

160 See

Libicki, Cyberdeterrence. Strategy, p. 3. 162 Luttwak, The Grand Strategy of the Roman Empire, p. 3–4. 161 Luttwak,

UNCLASSIFIED Beginning in the 1920s in response to the battlefield slaughters of World War I, strategic bombing was advocated to “solve” the problem of mass warfare against the modern industrial state—threatening that although you couldn’t defeat it on the battlefield, you could destroy it. However, even the massed raids of World War II couldn’t realistically achieve the necessary destructive objectives; but with the advent of nuclear weapons, strategic bombing came into its own. Thus, the threat of large-scale retaliatory use of nuclear weapons was seen as the effective way to avoid the insurmountable pitfalls of modern industrial warfare—devastating damage and financial bankruptcy—in conflicts one couldn’t afford to lose. It was hoped that it would allow the state to avoid engaging in wars it couldn’t afford to fight without simply ceding to the adversary the fruits of his aggression. As the famous British military theorist, J.F.C. Fuller, noted, however, deterrence had also been employed by the Italian city-states during the Renaissance, but implemented very differently for considerations that mirror modern concerns: they were concerned with limiting the costs of war and potential damage to their exquisite cities. Their small, but highly trained and expensively equipped military forces, the condottieri, were simply too valuable to waste in open combat; and no one wished to devastate the culture that had been laboriously rebuilt after Rome fell.163 Here deterrence was accomplished by demonstrating advantage in resources and superiority of position without resort to actually drawing blood.164 Another quite different approach was employed by the British to enforce their colonial rule throughout the 19th Century. Aware that British military forces, their “thin red line,” were stretched far too thinly to protect all of their far-flung colonial outposts with capacity for immediate response and relief, the British emphasized not the rapidity of their response but rather the certainty that the response would occur—what might be termed an “implacable response.” Reacting to the rebellion by the Indian Army that started in early 1857 (often called the Sepoy Mutiny), the British regained the advantage after seizures of major cities including Delhi and Lucknow in 1858. But the rebellion was not fully settled until 1859 when substantial numbers of mutineers, their leaders, and civilian sympathizers were put to death in a series of large-scale public executions 163 J.F.C.

Fuller, The Conduct Of War, 1789-1961: A Study Of The Impact Of The French, Industrial, And Russian Revolutions On War And Its Conduct, p. 15–16. 164 This is really not different from the utility of massive antlers on male elk and quite similar to publicly demonstrating the size of one’s strategic forces (as with the 1956 Moscow bomber flyover at the Tsushino Airshow) or the accuracy of our ballistic warheads with splashdowns at Kwajelein. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED across India in retaliation for the uprising. The initial British defeat in January 1879 by the Zulu army at the Battle of Isandlwana resulted in an extended military campaign against the Zulus by the British, only ending with the Battle of Ulundi, the capture of their king, and the razing of the royal kraal, the capital of Zululand, on July 4, 1879. For an even more extended example, it was not until 1898 with Kitchener’s victory at the Battle of Omdurman that British closed the book on their loss of Khartoum to the Mahdi’s forces in 1885. Similarly, the British and allied response to the seizure of their embassies in Beijing by the Boxers in June 1900 was not concluded until September 1901 with a treaty settlement with the Chinese government (whom the allies held responsible); that settlement required the Chinese to carry out extraordinarily severe punishments on the rebels and make a substantial indemnity payment to the allied governments. These examples of implacable response certainly don’t mirror most recent concepts for nuclear deterrence (and their proposed cyber analogues) and they are also quite unlike the majority of historical cases of deterrence. The recent model of deterrence tied the response quite closely in time to the triggering incident, akin to methods of classical conditioning in which response is directly related to stimulus. Axelrod highlighted this model in his “tit-for-tat” method of reinforcing reciprocity in order to instill and maintain cooperative behavior in the Prisoner’s Dilemma game.165 In the examples above, on the other hand, the British selected the mechanism of certainty as opposed to timeliness to allow them to choose the time and place of response; and the British, like the Romans before them, worked hard to establish a reputation for being implacable enemies.166 Traditional concepts of deterrence operating through the threat of immediate retaliation depended on the stimulus-response effects and were, therefore, a type of operant conditioning that clearly depends on the presumed consequential character of the response directly linked to the stimulus. The effect of extended or delayed response such as discussed above operates on the target more closely to socialization than traditional operant conditioning, over time building in internal inhibitions as norms rather than as simple fear responses. In light of the substantial number of different ways that deterrence can be conducted and the wide range of cyber challenges that the U.S. faces, it is worthwhile not to

165 Axelrod,

The Evolution of Cooperation. names of the initial class of British battle cruisers that later fought at the Battle of Jutland— Invincible, Inflexible, Indomitable, Indefatigable—are quite illustrative of this interest in reputation.

166 The

UNCLASSIFIED narrow the choice of methods for cyber-deterrence before we can explore fully all the implications for the cyber domain of the emerging geostrategic security context. As a recent paper on cyber-deterrence pointed out, There are some parallels for cyber conflict with the task of assembling strategic concepts for the use of nuclear weapons, an immense technological innovation that required years of work to reshape American thinking on national security. We are in our thinking about the relationship of cyber conflict to security where we were in the early 1950s concerning strategic thinking on nuclear weapons, and some early writings on nuclear weapons and arms control by scholars like Brodie, Kahn and others are instructive in considering how to approach cyber conflict.167 Regardless of whether the “apocalyptic” nature of consequences of nuclear use is indeed intrinsic or is a learned reaction to nuclear weapons was beside the point in the early Cold War. Given that the United States had recently demonstrated the consequences of the use of atomic weapons at Hiroshima and Nagasaki, the potential consequences of the use of atomic weapons were quite clear, as was our potential willingness to use them. Brodie and others writing in the immediate wake of two stark examples of the catastrophic consequences of nuclear use on cities didn’t need to focus on this question, and it is easy to understand why. As media coverage of numerous above-grounds tests, including high-yield thermonuclear weapons, instances of fall-out, and popular literature and movies with apocalyptic or post-apocalyptic storylines, all reinforced the perception of nuclear weapons as the “Absolute Weapon”—with terrifying images of cities blown away and horrifying concerns over the subsequent impacts of radiation.168 But as Lewis went on to note, there are far more fundamental problems with the strategic nuclear analogy: There is some merit to this analogy, but it overstates the destructive capacity of cyber weapons and it understates the political uncertainties that complicate operations in cyberspace.169 The widely understood emphasis on retaliation in strategic nuclear deterrence doctrine clearly flowed directly from the certainty in the immensity of the value to be lost in any large-scale retaliatory response. This “apocalyptic vision” was thought to dwarf any considerations of both possible gains and the likelihood of the outcomes. 167 Lewis, p. 2. 168 With

reference to issues related to “taboo technologies,” see Slovic, Fischhoff, and Lichtenstein, “Facts and Fears.” 169 Lewis, p. 2. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED Indeed, one of the over-riding arguments in the (still continuing) debates on nuclear deterrence was over the “existential” nature of the threat from use of nuclear weapons.170 Today very few believe that cyber attacks pose either that catastrophic magnitude of damage or that the mere existence of cyber capabilities poses an effective “existential” response; there does not appear to be an “apocalyptic vision” of consequences if large-scale cyber attacks should take place. Yet another important difference is reflected in the problem of attribution and identification—both of which were considered to be relatively simple for nuclear threats; and this issue often dominates thinking with respect to the distinct properties of the cyber domain compared with nuclear deterrence. Attribution and identification are complicated not only by the global interconnectivity and widespread “dual-use” applications of cyber capabilities throughout societies, but also by the intermingling of external and internal threats, both with respect to national and enterprise boundaries; they are clearly not simple problems in the cyber domain.171 Therefore, at some point, attempting to apply traditional strategic deterrence theory based on large-scale nuclear retaliation really does become like maintaining the geocentric Ptolemaic model of the universe after the discoveries of Copernicus. Its basic shortcomings can be papered over to mask its incompatibility with a more realistic view, and it is increasingly a fragile structure on which to build security; but it is unlikely to be replaced until a better framework is evident.172 For exploring the problem of cyber-deterrence, therefore, it is probably useful to treat strategic nuclear deterrence as a special case of deterrence, rather than as the core model, and to look at other potential analogies to provide a more appropriate basis for cyber-deterrence. The U.S. experience with “extended deterrence” in the NATO context probably provides a better analogical basis than strategic nuclear deterrence for beginning to understand the complex issues related to cyber-deterrence for three reasons. First, the strategic nuclear deterrence analogy ignores that most cyber equities are neither under the U.S. government’s direct control or authority (especially by the military), nor is their protection automatically a U.S. military (or government) responsibility. Therefore, we can think even about domestic .gov, .com, and .net domains as potential subjects for 170 See

for example Brodie, The Absolute Weapon, and Wohlstetter, “The Delicate Balance of Terror” for the classic statements of such contrasting views. 171 Any discussion on this topic to be more useful than this must really be at the classified level. 172 Bueno de Mesquita, p. 122. This is, in fact, one of Kuhn’s important points about paradigm shifts. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED extended deterrence in this regard. As in the NATO context, under what conditions, against which threats, and with what modes of cooperation for extending protection, among other key issues, would be topics for negotiation and agreement with our partners in cyber-deterrence. Second, and as importantly, the NATO model for “extended deterrence” also shifts the focus from retaliation (stressed by many current commentators) to the far more diverse, complex, graduated, and relevant model of the NATO deterrence triad of direct conventional defense, deliberate escalation with limited use of nuclear weapons in theater, and finally potential employment of strategic forces against our adversary’s military forces and homeland. It is critical to note that in the NATO framework first use of nuclear weapons was not intended for retaliation, but for military and political effects of intra-conflict bargaining and escalation control; it’s purpose in crossing the “nuclear threshold” was to shock—to communicate a message and induce a pause into the wartime operations—so that decision-makers on both sides would carefully reconsider the path they were on. Third, this NATO context provides useful historical experiences with nuclear “programs of cooperation” (POCs), information sharing, joint civilian and military planning, as well as collaborative research, all of which may offer useful examples for addressing our current cyber challenges. This analogy recognizes, moreover, that the multinational NATO framework had to address many of the same difficult issues of multi-party cooperation that will certainly bedevil cyber, both domestically and internationally. Finally fourth, employing the NATO extended deterrence model as a basis also recognizes that several of our NATO allies possessed their own independent capabilities that needed to be accepted and accounted for in our planning. As usefully laid out by Lewis, from a national perspective, potential cyber threats cover a very broad spectrum of inimical activities,173 ranging from: • reconnaissance, espionage, and criminal activities (such as theft), • attack preparations (including leave-behind weapons), • disruption and damage of military targets outside national territory, • disruption and damage of military targets within national territory, • disruption and damage of other government targets within national territory 173 Adapted

from J.A. Lewis, p. 6.

UNCLASSIFIED • disruption and damage of critical infrastructure, and • disruption and damage of other civilian targets. Many of these activities may be conducted covertly for criminal or intelligence purposes, including financial gain, economic advantage, or operational preparation; others might be openly belligerent. However, there should be little doubt that these could all represent real threats of disruption with serious economic and other costs to societies, as well as to mission critical operations of governments, including essential national security functions. Moreover, what we detect and recognize could only be the precursor steps to more seriously hostile activities; and objectives behind the incidents may remain ambiguous and the sources unidentified. “Threats” has been used in this report exactly because it covers the broadest range of potentially inimical activities; furthermore, it avoids definitional issues involved with categorizing and distinguishing among terms such as “attacks” and “use of force,” which have important connotations for national security planners and decision-makers. Furthermore, it does not require initially specifying the relevant legal regime (Title 10, Title 18, Title 34, or Title 50) or determining the authorities who may have jurisdiction in order to think through how they might be deterred. For the purposes of this report, these are all activities that might be worthy of being deterred, regardless of the perpetrator or the objective behind the activity. Nuclear weapons did create the possibility of “apocalyptic” consequences, recognized by civilians and government decision-makers alike. However, do these cyber threats pose such “apocalyptic” consequences? The very visible destruction of Hiroshima and Nagasaki from two relatively small atomic weapons, followed by two decades of above-ground testing of even larger-size thermonuclear weapons provided stark and frightening images of the likely aftermath of the use of nuclear weapons. In addition, concerns over radiation highlighted by pictures of Hiroshima survivors and victims of fallout from above-ground tests amplified the dangers of this “taboo technology.”174 As noted by Jervis, even Herman Kahn recognized that the awesome destructive power of thermonuclear weapons had created what might be called an “existential threat” to societies and that, as a result of this fearsome vision, most people could not believe that their very existence did not induce extreme caution in rational decision-makers.175 174 Slovic, Fischhoff, and 175 Jervis,

Lichtenstein, “Facts and Fears.” see fn 63 on p. 23 quoting Kahn, On Escalation (Baltimore: Penguin Books, 1968), p. 246.

UNCLASSIFIED Although one still frequently encounters references to a “digital Pearl Harbor,” few experts now believe this to be a realistic threat. Moreover, recent polling data indicates that most Americans are far more concerned about identity theft than massive societal disruption from attacks on digital systems.176 The studies and the report of the Comprehensive National Cyber Initiative (CNCI) and the subsequent “sixty-day review,” furthermore, emphasized the substantial loss of important information and interference with mission critical operations, rather than catastrophic societal disruption, as the most significant threats. Thus, in the absence of an “apocalyptic” vision, cyber does not appear to cast the same shadow as nuclear weapons; and, furthermore, an important corollary is that cyber certainly does not present an “existential” threat—sufficient by its mere existence to cow potential knowledgeable adversaries. Even in the nuclear era, few governments accepted that stark existential logic and generally focused on how to create usable options for those forces. “Before the implications of the nuclear revolution can be explored, we should note the fallacy in the common argument that because military victory is impossible in a nuclear war, nuclear weapons have little utility. At first glance, it would appear that this conclusion follows ineluctably from the premise. That it makes no sense for either side to start a major nuclear war nullifies the threat to strike except in retaliation.…”177 Therefore, in the absence of an “apocalyptic” overhang on perceptions, more relevant questions about cyber impacts in the military context relate to the degree of its utility and its estimated effectiveness in operational situations. Not only do these assessments require detailed analyses of specific situations; but the entire framework for assessing their value is likely to be less existential and more utilitarian than for nuclear strikes.178 At a technical level, previous concerns over issues in the nuclear era such as how much advantage there is in striking first and the relationship of force posture and size to degree of advantage, resulting in the “the stability-instability paradox,” still exist; but they must be totally reassessed in light of specific characteristics of the cyber domain and our operational dependencies on cyber infrastructures and capabilities.

176 Charles

Allen, formerly Assistant Secretary for Intelligence, Department of Homeland Security, quoting a recent poll on cyber concerns of American citizens; HSPI conference, November 2, 2009. 177 Jervis, p. 19. 178 There’s a very long and rich history in games and exercises conducted during the Cold War that nuclear use, at whatever scale, simply terminated these efforts. It was extremely difficult to get even seasoned decision-makers to work through subsequent steps of post-nuclear use actions and responses. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED Much of the thinking about characteristics of the cyber domain has tended to be dominated by fascination with those novel “virtual” aspects of cyber systems and networks that exhibit non-classical economic properties such as non-rival resources, network effects, decreasing marginal costs, including social networks and information itself that also possess these properties. However, the underpinnings of the cyber world—the infrastructure and transport layer—are physical networks exhibiting classical economic characteristics such as rival resources, exclusivity, increasing marginal costs, and decreasing returns to scale; and as a result, cyber-deterrence must operate in both these regimes to be effective. As indicated earlier, this would present a very complicated environment for decision-making even within the constrained decision calculus of traditional deterrence since the two regimes obey fundamentally different decision rules and exhibit different behaviors. With significant differences in preference patterns and objective functions for these two regimes, this will make for some very interesting but challenging set of problems for analysis and modeling.

2. The Importance of Reconceptualizing The combination of two logical inferences that have been carried over from our nuclear experience continues to complicate designing effective cyber-deterrence measures. • Syllogism #1: “attribution is essential for retaliation” = “attribution is essential for deterrence,” and • Syllogism #2: “we can’t deter them” = “they can’t be deterred.” Often one of the key benefits from explicitly identifying complicating if not showstopping factors such as these syllogisms is the recognition that, given the characterization of the problem, the existing constraint matrix, and the boundary conditions, continuing to frontally assault the problem will simply not allow the problem to be overcome. Reconceptualization opens the door to fundamentally rethinking the nature of the problem, re-articulating the desired objectives, and possible routes to desired goals: in this case, both what is to be deterred and the potential methods for implementing deterrence policies. In many instances, reconceptualizing the nature of the problem, including questioning the basic tenets of the question and fundamentally reformulating the way to achieve key objectives, may offer the only path to a feasible solution set; and three Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED cases may be illustrative of the very different ways—operational, technical, and doctrinal—that problem reframing may open solution spaces.179 A fourth example, community policing, introduces an important notion shared with “networked deterrence:” basically altering perceptions of “who owns the problem” and where the locus of responsibility lies for preventing inimical activities. A fifth example from the 1980s, also with direct relevance to cyber-deterrence, concerns reconceptualizing the safety, security, and survivability challenges for theater nuclear forces in the face of the massive Warsaw Pact threat to them; solutions to this set of challenges required reframing the problem in terms of operational doctrine and processes rather than “technological fixes.”180 Shutting down the Soviet Air Operation. By the late 1970s, NATO was seriously concerned with the capability of Warsaw Pact forces to stage a successful attack across the Inner-German Border from an unreinforced “short-warning” posture; and the massive “Soviet Air Operation” against NATO forces was a critical component in its threatened success. The Defense Science Board (DSB) Task Force on Long-Range Conventional Cruise Missiles was tasked to assess the potential utility of large-scale cruise missile attacks to disrupt or shut down that air operation. The Task Force, over a three-year period, explored a wide range of possible attacks modes against the air bases from which these attacks would be staged, including strikes on the hardened hangarettes sheltering the aircraft, the critical logistics facilities supporting base operations, and against the runways and taxiways to prevent take-off. Even with very large-scale strikes, none of the options offered a reasonable expectation of significantly disrupting the initial ability to launch the attacks for any substantial period of time, at most complicating or delaying the timing of the initial strikes, due to the very substantial number of bases and structures that would have to be attacked and a robust Warsaw Pact reconstitution capability. Despite the inherent vulnerability of the aircraft themselves, given the robustness of the Pact aircraft shelters, the assessment was that even massive bomb and missile attacks against bases would destroy relatively few aircraft.181

179 The

Principal Investigator of this current report was involved in each of the first three cases. detailed treatment of this issue see Jeffrey R. Cooper, Thomas Blau, and Daniel Gouré, A Survivability-Oriented Architecture for Land-Based Theater Nuclear Forces, Jeffrey Cooper Associates, Inc., 15 February 1983. 181 Due the large advantage that the Pact possessed in numbers of aircraft, NATO could not afford a “war of attrition” in defeating Pact air; destroying large numbers of attackers for each wave launched was essential. 180 For a

UNCLASSIFIED They key was found, however, when it was recognized that the devastating effectiveness of the air operation lay not in its first wave, but in the Warsaw Pact’s continued ability to stage numerous successive waves, wearing down NATO’s air defenses and cumulatively inflicting massive damage on NATO’s capabilities to respond to the mass mechanized attacks by Pact ground forces. That led to the critical insight that the period of maximum vulnerability for Pact air to cruise missile strikes was after the initial wave had been launched, during the recovery phase which was time-sensitive because fuel limits placed severe constraints on when the planes had to land. This insight altered the focus from preventing the initial strikes to disrupting the subsequent waves and redirected the objective of the cruise missile strikes to preventing the Pact’s ability to recover its aircraft at bases where they could be sheltered effectively. Despite Pact abilities given several hours to clear and repair runways, they could not effectively do that in the short time available with strike aircraft aloft. Forcing the Pact aircraft to land at bases without shelters would make relatively easy targets of large numbers of soft unsheltered aircraft, very vulnerable to dispersable submunitions. This refocusing, moreover, allowed a more effective weapons load-out for the cruise missiles enabling the use of lighter-weight, highly fractionated munitions suitable for damaging runways or destroying unsheltered aircraft rather than heavy unitary penetrating warheads needed to crater runways or destroy hangarettes. Denying Soviet RORSAT/EORSAT Surveillance. By the late 1970s, the Soviets had demonstrated the ability to surveil and track U.S. carrier battle groups (CBGs) with space-based radar and ELINT satellites, opening the way to large-scale lethal cruise missile strikes by Soviet air and naval forces. Given the large radar cross-sections of the carriers, even disciplined emissions control (EMCON) and ship-based jamming would not provide high assurance of location uncertainty for the CBGs. Despite intense study of many options, although space-based jamming was theoretically effective, orbital mechanics made it impossible to maintain a jammer in the correct geometry for any reasonable period. Reconceptualization provided the solution to this critical problem insoluble by normal head-on approaches. Building on research by Italian astro-physcists who had discovered the unusual orbital dynamics of tethered satellites, members of a DSB Summer Study devised a method to employ a tethered jammer with which appropriate geometry could be maintained, thereby providing an effective counter to both Soviet RORSAT and EORSAT threats. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED Adaptive Preferential Missile Defense. Beginning in the early 1980s, projected Soviet deployments of heavy ICBMs with multiple independently-targeted re-entry vehicles (MIRVs) created a significant threat to the survivability of the U.S. land-based missile force. As part of President Reagan’s Strategic Defense Initiative (SDI), sophisticated multi-layer defenses were explored; but numerous analyses initially indicated that even a system with very effective sensors and interceptors, but relying on pre-determined allocation strategies, could not prevent a massive attack (with high numbers of RVs targeted at each silo) from destroying a high fraction U.S. ICBMs. The invention of adaptive preferential defense (APD), instead relying on real-time allocation based on sensor information of defense interceptors to those silos receiving the fewest number of penetrating RVs, fundamentally altered the predicted effectiveness of the system in one of its key roles. It was necessary to basically reconceptualize missile defense operational doctrine, changing what has been baseline planning assumptions for over thirty years, to enable the system to meet critical objectives.182 Community policing. In an entirely different domain, community policing with its emphasis on prevention through presence in the community and focus on proactively solving community problems, not crime per se, reconceptualizes the traditional view of law enforcement with its stress on ex post facto enforcement of crimes. With “police no longer the sole guardians of law and order, all members of the community become active allies in the effort to enhance the safety and quality of neighborhoods.”183 The goal in community policing of relocating the locus of responsibility from formal authorities to the community in problem solving and crime prevention and the creation of partnership mechanisms joining the police with the community are both potential useful concepts for enhancing cyber-deterrence.

182 Jeffrey

Cooper, Charles, Peña, and Kara Bue, “How Defenses Work and the Implications for Strategic Defense Architectures,” SRS Technologies Technical Note TN-MA-87-01, 1987. 183 “Understanding Community Policing: A Framework for Action,” (Washington, DC: Bureau of Justice Assistance, Department of Justice, NCJ 148457, August, 1994), p. viii, Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED V. A NEW FRAMEWORK FOR PEACE AND CONFLICT (TASK 1) With the Cold War’s end and the dissolution of the bipolar divide, a fundamentally different structure of international relations emerged—with a far richer and denser pattern of interactions and relationships, as well as institutional arrangements—among a broad spectrum of government, commercial, and individual entities.184 In the intersecting web of these relationships, parties may simultaneously play multiple roles, seeking different objectives, and exhibiting multiple personas. Even the “post-Realist” frameworks have generally continued to treat states as unitary actors, while recognizing the shortcomings of this approach.185 A new framework is needed that incorporates the very fundamental changes in the international system, complex relationships among a now diverse set of relevant actors, and sometimes novel characteristics of networked actors and their decision processes. Given this new situation, we propose a new conceptual framework, more appropriate for addressing this more complex environment, that we have termed the “Three Cs”—Cooperation, Competition, and Conflict (3Cs). The “3Cs” framework introduces the notion of multiple, different, and parallel “decision frames” for each actor to account for the multiple roles they play. This Three Cs framework, therefore, builds on but also extends the traditional Realist construct—of actors pursuing their self-interest—first, by incorporating actors other than states, and second, by allowing states and other actors to seek opportunities for mutually beneficial cooperation within the overall model of pursuing their own self-interests.186

A. SYSTEMIC CHANGES Throughout the Cold War the U.S. and the Soviet Union understood they were not simply competitors seeking modestly different outcomes over the long-term. Regardless of the specific temperature of the relationship at a particular moment, they most often operated as if they were deadly adversaries in a zero-sum struggle for ultimate victory. That intense bipolar U.S.–Soviet conflict conditioned how we thought about our overall pursuit of state interests; and it certainly also underlay thinking about 184 See

Anne-Marie Slaughter, The New World Order (Princeton: Princeton University Press, 2004). O. Keohane, After Hegemony: Cooperation and Discord in the World Political Economy, (Princeton, N.J.: Princeton University Press, 1984), p. xiii. 186 This is similar to what Keohane did in “going beyond Realism” by stressing the role of institutions within the Realist construct. See Robert O. Keohane, After Hegemony, p. 16. 185 Robert

UNCLASSIFIED relationships between states, usually creating a strong duality in characterizing another party—friend or adversary. Thus, we had close allies, such as the UK, with whom a cordial relationship was assumed to be fairly constant, notwithstanding occasional differences on specific situations. These relationships, as well as our views of the other parties—whether friendly or hostile—were generally stable and colored our overall interactions with those parties. Especially with our former Soviet-bloc adversaries, for much of the Cold War we had relatively few formal channels of interaction and communication between the governments. More generally among these relationships with the Soviet Union and members of the Warsaw Pact, there were also relatively few truly private interactions. Even such private arrangements that did occur (such as company-to-company trade deals and educational exchanges) were almost always conducted within the parameters determined by the temperature of the governmental relationship and were generally carefully regulated by governmental authorities on both sides.187 In general, therefore, regardless of the specific situation or transaction, assessment of “role” and orientation in specific interactions could generally be based on the identity of the actor. Moreover, as interactions with eastern bloc entities were clearly dominated by the over-riding characterization of a hostile state-to-state relationship, there were few genuinely cooperative relationships. As a result, the security dimension was generally paramount in all considerations of relationships with the Soviet Union and dominated other objectives that might be pursued. However, counter-posed with those adversarial interactions, a very different type of interstate relationships developed among the capitalist states of the West. These relationships led to the creation of numerous functional institutions and platforms for cooperation across a very broad range of dimensions—economic, political, military, social, educational, and cultural, among others; and this extremely dense web of overlapping interconnections reinforced a sense of common community. This pattern has been called “hegemonic cooperation” in the academic literature; and many thought it remarkable for its general lack of discord and conflict between states with “acknowledged common interests,” but often divergent preferences and values.188

187 Even

scientific and educational exchanges were vetted and approved by the government; and most commercial transactions were carefully monitored and subject to government approval. 188 Robert O. Keohane, After Hegemony, p. ix. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED It is important to recognize that even though there were mutually irreconcilable political objectives in the competition between the U.S. and the Soviet Union, including perceptions of Manichean stakes and “evil” character of the adversary that remained throughout the Cold War, there also did develop over time a commonly perceived “shared interest” with the Soviet Union.189 The very magnitude of the potential consequences of an act of outright belligerence between the two adversaries fostered, as noted above, a shared cooperative interest in avoiding a nuclear war; and this led to creating mechanisms and forums for arms control discussions and agreements. This recognition also tended to place significant constraints on deliberately hostile behaviors that could lead to direct conflict and possible escalation. Over time, both sides more or less willingly entered into wider range of cooperative activities designed to reduce the friction and the likelihood that misperceptions or unintentional acts could also result in war. Such measures included the “Hotline” arrangements and the Incidents at Sea Agreement. Nonetheless, most interchanges between the two competitors remained overtly adversarial and the contest as a whole was viewed as a “zero-sum” competition. With the breakdown of the bipolar structure and relaxation from instinctual expectations of hostile intent in every act by the “other side,” both the stark adversarial character that had colored relationships between blocs has faded and been replaced by a more diverse and far more nuanced set of relationships in which the expectation is not necessarily one of conflict. The U.S. is now friends and allies with many of our former adversaries. Even between the U.S. and Russia, certainly the overall temperature no longer reflects a sense of Manichean struggle and not every exchange is expected to be conflictual.190 Private commercial relationships have also exploded, even where differences between the governments remain deep; and the U.S. and potential challengers now maintain numerous networks of relationships with each other, as well as with a wide range of other parties. Therefore, one of the most salient changes that must be recognized is in the character of the relationships we will have with competitors, as well as with friends and allies. Most importantly, we can no longer

189 As

Joe Nye and others have pointed out, the U.S. and the Soviet Union did have one very deep “shared interest,” avoiding nuclear war. As a result of their clear interests, they took a range of cooperative measures, including agreements on arms control and operational practices, to reduce the likelihood of such a nuclear conflict. The choice of the less hostile term “détente” to characterize the supposedly less confrontational nature of the relationship beginning in the 1970s was a recognition, however, that even that shared interest still operated within an overall context of a very competitive, even if less openly hostile, set of interchanges. 190 The possible exception, of course, remains our perspective on terrorists and the struggle against terrorism. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED simply define relationships simply as conflictual based on the identity of the other party as adversaries or as “the main enemy.” Moreover, those international institutions and forms of cooperation created during the Cold War to enhance Western cohesion did not disappear into an anarchic struggle for power as many Realists had posited, but rather they became mechanisms to seek mutually beneficial outcomes across a broader range of issues in an environment no longer dominated by the bipolar conflict. However, the same diversity in our relationships that we now see with former opponents is now also true with friends and allies; with frequently divergent objectives and less pressure from a common threat to forge common interests, these relationships also exhibit more variety and fluidity. Indeed, in this new set of conditions, characterization of relationship becomes more a function of activity rather than an inherent attribute or fact of identity of the other party; however, usually the balance of interactions over some period, rather than any single transaction, becomes the yardstick by which relationships are assessed. And for this reason, it appears useful to employ a more neutral term than adversary or opponent in order to recognize the role-based nature of identity; “counterparty,” a term used by the financial community to denote the other party in a transaction, is a logical choice. Fed by globalization, therefore, this web of relationships among states and other actors on the international stage has altered the “fundamental physics” of the international system and the interactions among the actors from that of the Realist model. Perhaps the most crucial difference is that “role” can now no longer be assumed to be tightly or uniquely bound to identity or to flow from longstanding relationships; the value from many more relationships is now more situationally dependent.191 As Keohane noted, the implication is to understand “cooperation not as harmony but as an intensely political process of mutual adjustment in a situation of actual and potential discord.”192 Moreover, these multiple objectives flowing from the different roles result in “mixed-motive” games; and another important property of such conditions is that actors may, therefore, not exhibit stable preference patterns or dominance order among objectives.193 Thus, the 3Cs framework remains firmly within the Realist construct 191 Moreover,

if the policy of “engagement” proves to be durable, it will likely accelerate this trend towards balancing particular transactional interactions and the overall benefits from a relationship. 192 Keohane, After Hegemony, p. 52. 193 The JDM literature provides many examples of violations of transitivity in human decision-making; but “mixed-motive” situations add yet another set of problems. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED because it continues to see the actors driven by and pursuing self-interest—whether in terms of security or other measures of power and influence; but the games are more complex endeavors with mixed motives and shifting preferences, allowing cooperation as well as competition, and not necessarily in a zero-sum autarchic environment. Unlike the classical physics-based balance of power system, the international system that has emerged now appears to act more like a large, complex organism, composed of dynamic networks of relationships that are linked together and that are also constantly adjusting and reconfiguring to changing conditions. Structural arrangements in the international system were historically hierarchical, rigid, and difficult to change; in physics terms, the system itself had huge inertia. And when the configuration did change, large impacts were expected on the perceived power relationships. Even if players changed status, places in the hierarchy, and alliance arrangements, the systemic features themselves remained conflictual. Fundamental disruptions to the system were more frequently the result of disagreements over the allocation of power within the system than from frontal assaults attempting to alter its structure. Networks, however, are different than more formal or hierarchical structures; they often grow and evolve rather being built by design. Designed structures may contend with dynamic conditions, but they are often relatively static in configuration. Network configurations, on the other hand, tend to be dynamic and adaptive; in particular, they tend to be more resilient in the face of insult or challenge since their linkages are more fluid and the structures less rigid.194 Networks also change differently than more rigid, defined structures; they tend to adapt and evolve in response to pressures from both participants and the external environment, and this is especially true of networks with living components that can alter their objectives, not just their response to stimuli such as changing environmental conditions. In fact, shifting the paradigm from physics to biology and looking at the international system as a complex living ecology with distinct niches and numerous “food webs” appears to offer many benefits for understanding the features and behaviors of the reconfigured international system and its many interacting participants. Moreover, this perspective helps to better appreciate the system as a whole—one in which actors play multiple roles within multiple relationships, pursue

194 Yossi

Sheffi, The Resilient Enterprise.

UNCLASSIFIED different objectives within them, in which interactions occur within and between numerous networks simultaneously, where networks possess intricate feedback-back loops, and where the system exhibits “emergent” properties.195 Therefore, in order to better understand the altered international system that has emerged since the end of the Cold War, perhaps the most significant change that is required is to shift our mental model of that world from that physics-based mechanical system to one of a dynamic complex living ecology, one that is continuously in flux.

B. NEW SYSTEMIC RELATIONSHIPS Autarchy, not interdependence, was the common condition of the old system. Compared with the simplifying assumptions of Realism about behavior and the bipolar structure of the Cold War, a complicating reality in the new international system is that actors, whether states or other entities, are now likely to be involved in multiple relationships, these relationships are conducted through multiple and diverse channels, and the actors may seek varying objectives and exhibit different personas in these relationships. Moreover, although in the past these actors would have been treated as if they were unitary entities, they are really composites with multiple internal components pursuing varying interests and possessing different capabilities, with influence and linkages that often reach beyond their own borders.196 Slaughter highlighted an especially important aspect that, “The emerging networked world of the twenty-first century, however, exists above the state, below the state, and through the state.”197 As a result, the intersecting relationships of these composite actors now create a far more complex web of interconnected networks— including diverse interactions between players at different levels of organization and hierarchy, often from different nationalities with different allegiances—than usually incorporated in Realist or academic thinking in general about international relations. We and all other players on the international stage are enmeshed in relationships and

195 Indeed,

these are features that distinguish formally “complex adaptive systems.” However, in order not to complicate an already difficult discussion, the issues and problems arising from “complexity” will be left to a later time. 196 The implications of treating collective entities such as states as complex composites rather than as unitary actors are extremely important and will be addressed in the subsequent section in some detail. 197 Slaughter, “America’s Edge.” Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED networks of relationships that affect our behavior in the international system; and we cannot change this fact.198 Moreover, the relationships among these entities, including collective groups as actors, vary quite dramatically in purpose, form, structure, and strength; and the differences in the nature of the relationships clearly affect the specific characteristics of the ties between them. These relationships can range from highly transactional onetime interactions to long-term communities based on shared values, not simply achievement of specific objectives. And as was seen in the behavior between the U.S. and Soviet Union, there is often some recognized set of shared interests even in the most intense competitions. Moreover, whatever the particular characteristics of these relationships, they are in fact “social relationships” creating certain expectations concerning motivations and behaviors on the part of the participants, not just the utility-maximizing economic interest that had been assumed as the driver in rational decision-making. As two well-known behavioral economists commented about the implications of these social relationships, “A substantial number of people exhibit social preferences, which means they are not solely motivated by material self-interest but also care positively or negatively for the material payoffs of relevant reference agents.199 Shifts away from viewing interactions among entities to be adversarial and purely competitive, like simple enemy-enemy or predator-prey relationships as found in “the state of nature,” as Hoffmann had emphasized about the Realist perspective, should clearly suggest adopting a “post-realist” perspective on international politics. These changes towards more social relationships among states and other groups are perhaps not unlike the evolution of humans and other social animals into social groups and organizations for mutual benefit. If one thinks in these evolutionary terms, as a recent Science article about the differences between dogs and wolves noted, “The loss of fear and aggression towards others and the emphasis on cooperation rather than competition are steps that early hominids must also have taken as they organized into groups, although for dogs the change also required evolving a deep attachment to an entirely different species.”200 198 This

is true whether Slaughter is correct or not in her subsequent judgment that in this environment, “…the U.S. has a clear and sustainable edge.” Slaughter, “America’s Edge.” 199 Fehr and Fischbacher, “Preferences,” p. C1. 200 Virginia Morell, “Going to the Dogs,” Science, Vol. 325, 28 August 2009, p.1064. From this perspective, of course, an interesting question becomes whether genuine attachment and instinctive Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED As more complex mutualistic relationships replace simpler “fang and claw” fights for survival, there is a concomitant shift to “cooperative” modes of existence, remaining mindful of Keohane’s warning that cooperation is not necessarily harmonious or altruistic. As noted in a recent major review article about the evolution of cooperation, regardless of the context: “The challenge of cooperation is to explain how self-interest is overcome given the way natural selection works.… But cheaters—those who benefit without making sacrifices—are likely to evolve because they will have an edge over individuals who spend energy on helping others, thus threatening the stability of any cooperative venture.… Researchers have spent countless hours observing social organisms from man to microbes, finding that even single-celled organisms have sophisticated means of working together.”201 If microbes can manage to cooperate, then the emerging environment within the interconnected international system, even without hegemons or “a Leviathan” to enforce formal rules, need not be one of Hobbesian anarchy since the networked social relationships create and foster certain types of preferred behaviors. “Common rules, norms, and sanctions are the mutually agreed upon or handed-down drivers of behavior that ensure group interests are complementary with those of individuals. These are sometimes called the rules of the game (21), and they give individuals the confidence to invest in the collective good. Sanctions ensure that those who break the rules know they will be punished.”202 This heightened recognition of the increased “social aspects” of the international system does suggest that we also begin to recognize that these social relationships create, as Durkheim noted, “social facts.”203 These social facts include laws, morals, beliefs, customs, and fashions and they create institutions through “beliefs and modes of behavior instituted by the collectivity.” The social facts are reflected in the links between group members and have implications on motivations and behaviors by members of the group; they may be “low trust” or “high trust,” exhibit altruism or selfinterest, tolerate selfishness or demand reciprocity. However, whatever character they do exhibit is created by norms and expectations, whether loosely or strongly enforced; collaboration, as opposed to cooperation in pursuit of self-interest, in inter-state or inter-group relationships, requires a similar evolutionary change as opposed to simple alteration of conscious behavior. 201 Elizabeth Pennisi, “On the Origin of Cooperation,” Science, Vol. 325, 4 September 2009, p. 1196. 202 Pretty, p. 1913. 203 Durkheim, p. 49. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED that these norms do affect the behavior of members in relations with each other, as well as with outsiders. Importantly, the effects of networks relate not only to members, but they can create what economists term “externalities” that impinge, for good or bad, on outsiders to the network. This large academic literature includes both sociology and social psychology, as well as some sub-disciplines in economics and political science, that touch on the influence of multi-party relationships (i.e., groups) and social environments on decision-making—both by the groups themselves and by individuals within those groups. This literature now needs to be incorporated in how we think about decision-making in the deterrence context, as well as in the broader context of national security decision-making. As Posen recognized, however, within the international system participants include not only system makers and system takers, but also system breakers.204 System makers are those (like the U.S.) who take an active role in shaping the character of the networks; and within the international system they are often the creators of “public goods,” whether providing security services, fostering the institutional frameworks, or assisting financial stability. System takers, like their counterparts in “commons,” actually comprise two somewhat different populations; both are generally satisfied with the structure, rules, and outputs of the system and are prepared to live within the system. One group is prepared to abide fully not only by the formal rules, but also the norms of the network, including reciprocity and contribution. The other group, however, are “free riders,” simply seeking to appropriate benefits without making any contribution in return; and they will do so as long as the rules or norms allow them to do so. System breakers, on the other hand, actively oppose the common objectives, and usually the structure and rules as well; they seek to alter the distribution of benefits and especially the mechanisms of governance and control. Considering the international system as a network with features of shared resources (often called “commons”), it certainly has to contend with the “free rider” problem, as all networks that exhibit features of a “commons” must. However, in most networks outside the international system, there are enforceable legal frameworks usually that constrain flagrant system breakers; here the actions of the participants provide the only recourse. In order to maintain alliance solidarity and retain cohesion on central concerns during the Cold War, we and the Soviets rarely sanctioned free riders within our blocs; 204 Barry

R. Posen, “Command of the Commons,” International Security, Vol. 28, No. 1 (Summer 2003),

p. 5–46. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

UNCLASSIFIED with respect to non-aligned countries who often benefited from the stability or economic opportunities such as filling trade gaps, we tolerated free riding to minimize strains and prevent open opposition or alliance with the other bloc. During much of that period, the U.S. assessed those costs as tolerable; but the Soviets found managing the economic strains of allowing free riders or providing sufficient rewards to subordinate members of the bloc quite difficult by the end of the Cold War.205 As the international system shifts away from relationships within dominating blocs towards diverse relationships with multiple objectives, it is to be expected that how the value of relationships is assessed will change as well. In many respects, the relationships between states and among other actors in the geostrategic landscape now often resemble the complex relationships that occur in the financial services sector. Those relationships can serve as a good example of how we believe that this new of international relations model is evolving; here the test of any relationship is the expected stream of benefits over some time horizon longer than single transactions, but free-riding is generally not tolerated for very long—contribution and reciprocity are expected as the price of relationship. The financial services sector is a large and varied community that includes a broad spectrum of entities: some very large, diversified global firms; regional banks and lenders; specialized functional companies; small boutique operations serving discrete niche markets; and individual lenders and investors. Especially among the large firms, it is not unusual to both compete intensely for “deals” and also to work with those other firms as collaborators in a range of transactions. Firms such as Citi, JP Morgan Chase, and Goldman Sachs compete with each other for a range of business as well as for critical resources and talent; at the same time, they often cooperate as partners with or as agents of competing firms in managing large financial transactions for clients. Similarly fluid role relationships exist between the financial services firms and customers and vendors. Thus, the financial services community has recognized for years that there are a wide variety of possible interactions and relationships among the parties and that these may occur in parallel. As a result, in order to separate an automatic binding of role to identity they use the term “counterparty” to specify the other side in a transaction. This usage recognizes that the same counterparty may play different roles in different

205 Charles

Wolf, et. al., “The Costs of the Soviet Empire,” RAND, R-3073/1-NA, September 1983.

100

UNCLASSIFIED transactions and emphasizes that role and activity should characterize the treatment of the counterparty, not identity.206

C. CHARACTERISTICS OF NETWORKED ACTORS There are a number of important changes in the character of actors in the international system that must be recognized. First, unlike in the traditional Realist perspective focusing on states, there are now a wide variety of different actors on the international scene that must be treated as significant players. Indeed, one of the crucial changes in the current geostrategic environment is that many of the significant new challenges come from neither peer nor near-peer actors, but rather from non-state or sub-state actors, including terrorist groups, criminal gangs, and proliferation networks as well as NGOs, PVOs, and IGOs. Non-state entities play a wide variety of important roles on the international stage, in political, security, commercial, financial, legal, cultural, social, technological, religious, and other dimensions that now comprise the breadth of current international relations. Second, whatever their type, previously these entities would have usually been treated as if they themselves were unitary actors.207 And within the billiard ball model of state actors, the impacts of many of these non-state or sub-state entities would have been treated as purely internal domestic factors whose effects would be felt only through the influence they exert on the actions of the states in which they reside. However, most actors are really collective entities with diverse constituent parts; and now, (not unlike in quantum field theory) the influence of the actions of these subcomponents often has direct effects on foreign actors, including the sub-state components of other states. One characteristic that these collective actors all share is that they are networks of components linked by various relationships; however, since the structure and nature of these networks can be very different, as can the content and strength of those interior ties, a more detailed understanding is required than simple generic assumptions about composite entities can provide. Third, while it is true that the study of international relations has always recognized the existence of groups such as coalitions and institutions, in most cases the groups that 206 Requirements

to judge creditworthiness exist, notwithstanding, and this characteristic does color all others in financial relationships. 207 Treating collective entities such as states as complex composites is a very significant change from Realism’s assumption of “unitary actors.” Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

101

UNCLASSIFIED were treated as significant actors within the international system—such as alliances and organizations—have been relatively formal and institutionalized.208 Now it is important to also address a wide range of far less formal types of social entities, including a range of networked types. Indeed, some of these entities may not only be informal, but rather virtual or even implicit, for example, as Lewin discovered about groups bound by “fate interdependence.”209 In cases of “fate interdependence,” the groups can be informal and virtual; and membership may be imposed involuntarily on members by outsiders who then treat the members of the group commonly because these outsiders perceive shared characteristics of group members.210 Such groups can be inadvertently created, moreover, by the actions of small numbers of individuals whose behaviors can be seen to be tolerated (or characteristics willingly shared) by the larger group, in effect perceptually contaminating the entire entity for outsiders. Beginning with World War II, the treatment of entire societies who are led by, support, or merely “tolerate” aggressive leadership regimes may be symptomatic of this effect and likely provides one element in supporting the destruction of civilian economic infrastructures. The type of purposeful unrestricted warfare (such as strategic bombing) waged against these societies marks a sharp break with post-Westphalian traditions distinguishing military from civilian targets and with Clausewitzian conflict, but highlights the dangers of “collective responsibility” that may be imposed. Fourth, recognizing that actors are participants in social relationships and networks of relationships represents a sharp change from the Realist perspective of viewing actors as simply autarchic competitors in an anarchic environment. Moreover, this shift to looking at actors as enmeshed in networks of relationships in which they participate—and which have effects on their motivations and behaviors—also suggests that we also need to consider reassessing the determinants of decision-making and behavior to incorporate explicitly non-autarchic cooperative behaviors, among others. The issues related to collective judgment and the effects of social relationships have long been recognized. The classic treatment of collective judgment, the “madness of

208 Even

where signed agreements are absent, there were usually formal commitments made. Section VI.C.2. 210 See p. 119 for further discussion of “fate interdependence.” 209 See

102

UNCLASSIFIED crowds,” was first published by Mackay in 1841.211 As Bernard Baruch wrote in the Foreword to the 1932edition, “All economic movements, by their very nature, are motivated by crowd psychology.… Yet I never see a brilliant economic thesis expounding, as though they were geometrical theorems, the mathematics of price movements, that I do not recall Schiller’s dictum: ‘Anyone taken as an individual, is tolerably sensible and reasonable—s a member of a crowd, he at once becomes a blockhead,…”212 Among other effects, entanglement in social networks involves the assumption of social norms and group expectations as forces shaping behaviors of members of the group, both within and outside the group. As one recent finding notes about the effects of social context, “In reality, decision-makers are generally less selfish and strategic than the model predicts and value social factors such as reciprocity and equity.”213 The social networks in which all actors are enmeshed create a series of influences on their perceptions and behaviors. “The last 15 years have seen a large number of studies indicating that in addition to material self-interest - social preferences shape the decisions of a substantial fraction of the people. A person exhibits social preferences if the person not only cares about the material resources allocated to her but also cares about the material resources allocated to relevant reference agents. Depending on the situation, the relevant reference agents may be the colleagues in the firm with whom a person interacts most frequently, or a person's relatives, or the trading partners, or a person's neighbours. It is important to keep in mind that in different domains a person may have different reference agents.”214 States individually pursuing their self-interests may operate from a narrow set of utility metrics (usually assumed to be a “homo economicus” perspective); but where the actors are social creatures performing within various relationship contexts that create “social facts,” the motivations for behaviors and the components of their decision calculus are likely to be far more complex. As we have begun to recognize through modern cognitive and neuroscience that the relatively simple construct of “homo economicus” is itself based on a sterile picture of human rationality, we now also need to begin to accommodate understanding of the broader impacts of these social facts on 211 The

second edition, with its more well-known title, was published in 1852. Charles Mackay, LL.D., Memoirs of Extraordinary Popular Delusions and the Madness of Crowds (London: Office of the National Illustrated Library, 1852). 212 Bernard M. Baruch, Foreword in Mackay, op. cit., p. xiii. 213 Sanfey, p. 599. 214 Fehr and Fischbach, “Preferences,” p. C2. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

103

UNCLASSIFIED human decision-making. While these influences may be less tangible than the traditional Realist elements of national power, they may exert effects that are just as powerful; and, moreover, they act not only from the outside on the whole collective, but inside on parts of the composite entity as well. This is very analogous to the effects of “field theory” in modern physics compared with classical Newtonian physics.

1. Structures and Ties of Groups 215 Social scientists understand that relationships create linkages among actors, some formal, others informal. Political scientists have analyzed the characteristics of linkages that different types of political systems and relationships can create; and economists have emphasized the range of ties that financial and commercial relationships can foster. The results from this work are widely reflected in the literature on the international system and international relations and are the foundation of classical analysis of inter-state relations reflecting the traditional focus on states and formal organizations. The implications of other forms, primarily what we might broadly term social relationships and the structures and linkages of these groups, on the other hand, have traditionally been ignored and not generally incorporated into mainline thinking on international relations until relatively recently. Yet in an environment that increasingly exhibits, as discussed above, “a far richer and denser pattern of interactions and relationships,” understanding these structures and linkages appears essential. Perhaps as a function of the post-feudal emphasis in international relations on nationality as defining identity, those social relationships (such as families, clans, and tribes, among others), in particular, in which the non-tangible aspects of membership exert bonds based on blood ties, language, religious faith, oaths of loyalty, common interests or beliefs (including feelings of “otherness” or persecution) had not been part of the traditional canon. Moreover, unlike well-researched topics addressing dealing with bureaucratic organizations, the structures of these groups, including the factors affecting the nature and strength of ties, have tended to be terra incognita for national security until particular questions arise.216 215 The

characterizations of non-state actors in this section draw heavily on a presentation by Professor Itamara Lochard at the Highlands Forum, Wye Plantation, April 2008, and additional materials provided by Dr. Lochard. 216 We are certainly witnessing the same intense interests in cultural anthropology and ethnography for counter-insurgency in Iraq and Afghanistan as was evident during parts of the Viet Nam War, but the general proposition of disinterest in these topics remains quite valid. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

104

UNCLASSIFIED As a starting point for thinking about networked actors, we will build on research by Lochard that identifies examples of “non-traditional” actors, including individuals, gangs, criminal networks, terrorists groups, and insurgent forces, which are now presenting increasing security concerns. Lochard then goes on to provide a useful typology of possible structures for these non-state groups.

• Hierarchical model: Regardless of scale, these entities appear in many ways to be most like traditional organizations, possessing a hierarchy among the members, some degree of functional or other disaggregation, and generally a top-down mode of command and control. The entire organization is generally has an agreed set of objectives and the group is interdependent for pursuit of its overall objectives, although individual components may have highly discrete and focused tasks.

105

UNCLASSIFIED

â&#x20AC;˘ Franchise model: These entities are quite common in the commercial world, but have been less frequently observed in political or military environments until recently. Like the hierarchical model, the highest node provides some coherence in objective or consistency in method, but the subordinate entities tend to be relatively self-contained and are not interdependent. A key distinguishing feature is the significantly looser control exerted on subordinate entities resulting in significantly more operational autonomy than usual in a top-down hierarchical model. However, military operations conducted along the lines of auftrasgtaktik as developed by the Germans in WWI do operate in this manner. In this model, continued coherence of overall operations in pursuit of common objectives requires substantial flows of information about the evolving conditions of many dynamic elements.

â&#x20AC;˘ Wheel and spoke model: This distributed model disaggregates by function or location; and subordinate elements may vary widely in their structures and priority among objectives. This model is more transactional than the hierarchical model, but it maintains a degree of interdependence among reasonably autonomous nodal elements not found in the franchise model; however, the directionality of the flows of services and compensation cannot be determined in the abstract. In many ways, this model resembles the feudal relationships predating the nation-state.

106

UNCLASSIFIED

• Clustered/Core model:

• Flat Network: Non-hierarchical task-oriented “flat” networks have become increasingly common in business and research as near-real-time communications have improved and information transaction costs have declined dramatically. Many open source software development efforts appear to take this form. Generally this type of group coalesces around pursuit of an objective or common interest; and participation is voluntary, although members may be recruited. In the absence of an agreed leader, decisions are taken by implicit consensus; but reputation, trust, and contribution tend to be important elements in maintaining the coherence with objectives and direction. As noted by Lochard, these groups can form at a variety of levels: sub-state, prestate (for the proto-/para- governments), national, regional, transnational (with coordination across countries and regions), and supra-national. Moreover, they can exhibit a wide range of different objectives, ranging from benign to malignant, over a range of dimensions of interest. Furthermore, they also exhibit a range of motivations, which are often not exclusive, including political (secession, rights, etc.), ideological/religious/millenarian beliefs, economic (criminal enterprises, sale of illicit

107

UNCLASSIFIED goods, people or protected, resources), relative depravation, personal or psychological (and this may be the case for the sole actor in any group). Ties, however, not only vary in type, patterns of configuration, and their general character (such as family, organizational, interest community), but also with regard to features such as symmetry/asymmetry, directivity, reciprocity, which can all vary as functions of the social relationships as well. Characteristics such as directionality and symmetry are crucially important for understanding how influences affect and can be brought to bear on various parties within a network. Although the specific ties that bind the members may arise from a wide range of factors related to the relationship, these ties can be grouped into three types. “Three types of connectedness (bonding, bridging, and linking) have been identified as important for the networks within, between, and beyond communities (22). Bonding social capital describes the links between people with similar objectives and is manifested in local groups, such as guilds, mutual-aid societies, sports clubs, and mothers’ groups. Bridging describes the capacity of such groups to make links with others that may have different views, and linking describes the ability of groups to engage with external agencies, either to influence their policies or to draw on useful resources.”217 Among the important differences between groups is the “binding strength” of the group attraction, which not only influences the international cohesion of the group but also affects its propensity to engage with other groups. Another key difference is the strength of the norms that operate on members of the group, reflecting member’s perception of the “network value” to them; the more that members perceive value from participation, the more likely they are to accept the norms and expect other members to follow them as well. Furthermore, not only does a network inculcate and impose values, but members themselves bring values that can shape the structure of the network as well as influence the nature of the ties. As Fukuyama argued in Trust: The Social Virtues and the Creation of Prosperity, there is an immense impact of trust on the forms of cooperation, in turn affecting prosperity and well-being of the groups and society.218 As we have suggested, networked relationships can exert powerful influences on environments in which members exist and also on outsiders who operate in those environments. This 217 Pretty, p. 1913. 218 Francis

Fukuyama, Trust: The Social Virtues and the Creation of Prosperity. (New York: Free Press,

1995). Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

108

UNCLASSIFIED effect of social environment—“broken windows”—has been recognized by law enforcement; “broken windows” refers to the visible signatures of acceptable or tolerated behaviors as providing norms for behavior within an environment.219 Networked relationships can be powerful because they can utilize the resources and capabilities of other network participants to affect parties who are not members; and these can create more opportunities to influence the behavior of parties who are not members but who have relationships with members. The import of both the 2002 and 2009 Nobel Prizes in Economics being awarded to non-economists for work on decision-making strongly supports the notion that a broader understanding of human decision-making than the previous narrow focus from political science and classical economics is needed in order to operationalize concepts of deterrence that take into account these social aspects. As noted by Ostrom and colleagues, results of experiments in which communication and cooperative behavior was allowed produce significantly different results than those obtained from classical non-cooperative games. The weakness of mere words and the necessity of external agents to enforce contracts is also a foundation upon which the powerful edifice of non-cooperative game theory has been constructed. John Nash (1950, 1951) distinguished between cooperative and non-cooperative games. In cooperative games, players can communicate freely and make enforceable agreements; in non-cooperative games, they can do neither. Some theorists particularly stress the inability to make enforceable agreements: "The decisive question is whether the players can make enforceable agreements, and it makes little difference whether they are allowed to talk to each other. Even if they are free to talk and to negotiate an agreement, this fact will be of no real help if the agreement has little chance of being kept. An ability to negotiate agreements is useful only if the rules of the game make such agreement binding and enforceable".220 Clearly the ability to exploit such relationships in international politics is not new; but the explosion of transnational networks significantly expands the potential reach of such influences. It may be far more important that the relationships in which we are now all enmeshed exhibit multiple characters because this creates many more opportunities to affect behaviors; but it also significantly complicates understanding how particular actors may evaluate their equities. 219 James

Q. Wilson and George L. Kelling, “Broken Windows,” The Atlantic, March 1982. Ostrom, James Walker, and Roy Gardner, “Covenants With and Without a Sword: SelfGovernance is Possible,” The American Political Science Review (APSR), Vol. 86, No. 2 (Jun., 1992), p. 404. (Subsequently cited as Ostrom, Walker, and Gardner, “Covenants”).

220 Elinor

109

UNCLASSIFIED In many respects, relationships between states often resemble the complex relationships seen in the commercial sector, perhaps not surprising as commercial and non-governmental interactions (what were formerly “low politics”) now dominate the number and frequency of international interchanges. These intersecting relationships create a far more complex ecology than when state-to-state interactions over politicomilitary issues (“high politics”) were the dominating concerns of international relations. The fact that that interactions among states and other actors are now likely to involve multiple relationships, be conducted through multiple and diverse channels, and involve actors exhibiting personas that may differ in each of these relationships must affect how we think about what deterrence is and how it is implemented. Another of the crucial differences from the traditional conflict model brought about by the changes in the international system is the erasing of the clear distinctions between the two states of “Peace” and “Crisis” that existed during the Cold War; and this factor has immense implications for national security policy that go well beyond the impacts on deterrence. As a result, we have also witnessed the fading away of the previous explicit transition barrier between the “Peace” and “Crisis” states; and this carries particular implications for warning and response, especially in the cyber domain, as there may now be little distinguishable difference between the two states in practice. This change actually poses a quite different challenge than the problem of ambiguous warning that complicated responses to warning throughout the Cold War. The previous ambiguous warning problem explicitly recognized that both the conditions and the character of the relationship in these two states were different, and appreciated as well that responses to stimuli also needed to be different; but the ambiguity of actions might make it difficult to distinguish the transition between the two states. Under the current situation, on the other hand, the ambiguity stems from the pursuit of multiple objectives that largely washes out real distinctions between the two states; and the discriminant for a change in preference pattern from cooperative to competitive to conflictual is likely to be based more on assessment of intentions and motivations, as well as on the overall balance of value from the relationship than the particular activities themselves. As a result, policy-makers must simultaneously manage multiple states with concomitant differences in the quality of the relationship with each of our counterparties; and they must be able to alter behavior in some components of the relation without altering all aspects. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

110

UNCLASSIFIED

2. Influences of Social Relationships Given the very wide variety of informal relationships that can co-exist alongside the more formal ones usually considered, in this paper we will use the term “social relationships,” in which some type of mutualistic ties exists, to contrast with the autarchic interactions among states presumed by the Realist model.221 There are many forms of networked relationships—especially social relationships with human participants: some are bound by “social facts” such as family ties; others are bound by the pure altruism of some of the participants; there are cooperative relationships bound by ties such as strict reciprocity; and some in which a greater willingness to tolerate “free riders” exists (such as “hegemonic cooperation” as existed among Western countries during the Cold War). Also, there are clearly communities in which, for ethical, ideological or religious reasons, such mutuality of contribution is not demanded; but few see these as models for relations within the international system. “Cooperation,” which is one form of effective social relationship among selfinterested entities not mediated by higher authority, is, therefore, consistent with an international system in the absence of a Leviathan. Thus, it is an appropriate starting point for exploring the implications of social relationships; and cooperative models exist widely, both in nature and in human-constructed activities, as suggested by Pennisi, “In some cases, cooperation has fueled key evolutionary transitions, helping to create integrated systems. Worker ants have no offspring of their own and instead feed their queen's offspring in colonies often considered "super-organisms" many thousands of individuals strong. Cells managed to specialize and stay together, giving rise to multicellular organisms. "At each of those levels, formerly independent reproductive units and targets of selection become integrated into a single reproductive unit and target of selection," notes biologist James Hunt of North Carolina State University (NCSU) in Raleigh.”222 As Pennisi noted, despite the costs to self-interest in mutual relationships, “And yet cooperation and sacrifice are rampant in nature. Humans working together have transformed the planet to meet the needs of billions of people.”223 Such cooperative 221 These

are sometimes called “social connections.” See Joseph E. Stiglitz, Amartya Sen, and Jean-Paul Fitoussi, Report by the Commission on the Measurement of Economic Performance and Social Progress, September 2009. (This is often known as the Sarkozy Report on Social Well-Being since he requested it as President of France.) <http://www.stiglitz-sen-fitoussi.fr/documents/rapport_anglais.pdf>. 222 Pennisi, Science, p. 1196. 223 Pennisi, Science, p. 1196. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

111

UNCLASSIFIED networks that are based on pursuit of self-interest through achieving mutual interests and a fair balance of advantages work best when there is some degree of reciprocity and contribution on the part of every participant. How to effectuate beneficial behaviors such as reciprocity and equitable contribution becomes a key issue is assessing the utility of such arrangements. Social relationships have been shown to create a number of benefits for participants (called “internal effects”); and there are a range of effects that these social relationships can exert on motivations and behaviors of members of these groups. In addition, these relationships also create “externalities” that affect the environment around them.224 “Given that we live in highly complex social environments, however, many of our most important decisions are made in the context of social interactions, which are additionally dependent on the concomitant choices of others—for example, when we are deciding whether to ask someone on a date or entering a business negotiation. Although relatively understudied, these social situations offer a useful window into more complex forms of decisions, which may better approximate many of our real-life choices.”225 The capability to use such relationships and effects to influence behavior is a key reason to explore how these factors could be exploited, including factors affecting participation and creation of norms. Although not the focus of this effort, effects such as “group think” do need to be recognized because they are widespread and powerful.226 Janis, in his work on “group think” emphasized the distorting effects that group pressures to minimize conflict and reach consensus could have on decisions, highlighting eight specific symptoms:227

224 See

the “Sarkozy report,” p. 182.

225 Sanfey, p. 598 226 Irving

L Janis. Victims of Groupthink. (Boston. Houghton Mifflin Company, 1972). L. Janis & L. Mann, Decision Making: A Psychological Analysis of Conflict, Choice, and Commitment. (New York: Free Press, 1977).

227 I.

112

UNCLASSIFIED Table 3: Symptoms of “Group Think” • Illusion of Invulnerability: Members ignore obvious danger, take extreme risk, and are overly optimistic. • Collective Rationalization: Members discredit and explain away warning contrary to group thinking. • Illusion of Morality: Members believe their decisions are morally correct, ignoring the ethical consequences of their decisions. • Excessive Stereotyping: The group constructs negative stereotypes of rivals outside the group. • Pressure for Conformity: Members pressure any in the group who express arguments against the group's stereotypes, illusions, or commitments, viewing such opposition as disloyalty. • Self-Censorship: Members withhold their dissenting views and counter-arguments. • Illusion of Unanimity: Members perceive falsely that everyone agrees with the group's decision; silence is seen as consent. • Mindguards: Some members appoint themselves to the role of protecting the group from adverse information that might threaten group complacency.

Clearly such effects as groupthink can exert influence on decision-making and behavior, even of senior officials mindful of them, unless extreme care is taken.228 However, it is apparent that social relationships and participation in groups can also exert other types of influences on motivations and behavior; and it is these other factors that “networked deterrence” seeks to exploit in influencing behaviors of potential cyber attackers. To understand how influence can be exerted on members of groups, this paper will focus on two issues: how membership in cooperative social groups exerts influence on its members and how that condition of cooperation can be maintained. As a starting place, because of its direct relevance to “networked deterrence,” the work of two prominent social scientists—Kurt Lewin and Elinor Ostrom—will be emphasized.

228 See

both Neustadt and May, op. cit., and Graham Allison, op. cit., for extensive discussions of this problem.

113

UNCLASSIFIED a) Kurt Lewin: Understanding Social Effects on Motivation and Behavior Kurt Lewin, the inventor of psychological “field theory,” had a major impact on appreciating the influences of groups and “helped to move social psychology into a more rounded understanding of behavior (being a function of people and the way they perceive the environment).”229 Lewin strongly held “a preference for psychological as opposed to physical or physiological descriptions of the field” and saw individual motives as clearly being dependent on group pressures.230 He tightly coupled psychology (need, aspiration, etc.), sociology (motives and fields), and topology (lifespace) into “a single well-integrated system.”231 “In his field theory, a ‘field’ is defined as ‘the totality of coexisting facts which are conceived of as mutually interdependent’. Individuals were seen to behave differently according to the way in which tensions between perceptions of the self and of the environment were worked through. The whole psychological field, or ‘lifespace’, within which people acted had to be viewed, in order to understand behaviour. Within this individuals and groups could be seen in topological terms (using map-like representations). Individuals participate in a series of life spaces (such as the family, work, school and church), and these were constructed under the influence of various force vectors.”232 From his field theory work on group dynamics, Lewin’s work provides two key insights for cyber-deterrence—interdependence of fate and task interdependence—that can inform our understanding of how group participation affects decision-making of its members.233 First, Lewin argued that there is a psychological driver for group formation; groups form “not because their members necessarily are similar to one another (although they may be); rather, a group exists when people in it realize their fate depends on the fate of the group as a whole.”234 An extremely important corollary of this point is that it does not appear to matter whether such group membership is explicit, voluntary, and participatory or simply implicit and defined by others, as in the case of “Jews in Germany” explored by Lewin. 229 Mark

K. Smith, “Kurt Lewin, groups, experiential learning and action research,” The Encyclopedia of Informal Education, 2001 <http://www.infed.org/thinkers/et-lewin.htm> 230 Kurt Lewin, Field Theory in Social Science: Selected Theoretical Papers. D. Cartwright (ed.). (New York: Harper & Row, 1951). 231 Allport in his foreword to Kurt Lewin, Resolving Social Conflict: Selected Papers on Group Dynamics, Gertrude W. Lewin (ed.), (New York: Harper & Row, 1948), p. ix. 232 Smith, 2001 <http://www.infed.org/thinkers/et-lewin.htm>. 233 R. Brown, Group Processes. Dynamics within and between groups, (Oxford: Blackwell, 1988). 234 Brown, p. 28. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

114

UNCLASSIFIED “[I]t is not similarity or dissimilarity of individuals that constitutes a group, but rather interdependence of fate. Any normal group, and certainly any developed and organized one contains and should contain individuals of very different character…. What is more, a person who has learned to see how much his own fate depends upon the fate of his entire group will ready and even eager to take over a fair share of responsibility for its welfare.”235 Second, Lewin argued that while fate interdependence can be a fairly weak form of interdependence in many groups, “task interdependence”—where there are strong dependencies in achieving the goals of group members—may be a more significant factor. “In other words, if the group’s task is such that members of the group are dependent on each other for achievement, then a powerful dynamic is created.… These implications can be positive or negative. In the former case one person’s success either directly facilitates others’ success of, in the strongest case, is actually necessary for those others to succeed also… In negative interdependence – known more usually as competition – one person’s success is another’s failure.”236 This factor is extremely important because many of the groups that pose cyber threats exhibit these dependencies; even nominally flat network forms are interdependent where there is any functional distribution of tasks.237 As Smith noted about Lewin’s appreciation of the effects of task interdependence on members of groups, “Kurt Lewin had looked to the nature of group task in an attempt to understand the uniformity of some groups’ behaviour. He remained unconvinced of the explanatory power of individual motivational concepts such as those provided by psychoanalytical theory or frustrationaggression theory (op. cit.). He was able to argue that people may come to a group with very different dispositions, but if they share a common objective, they are likely to act together to achieve it. This links back to what is usually described as Lewin’s field theory. An intrinsic state of tension within group members stimulates or motivates movement toward the achievement of desired common goals (Johnson and Johnson 1995: 175). Interdependence (of fate and task) also results in the group being a 235 Lewin Resolving

Social Conflicts: Selected Papers on Group Dynamics. pps. 165-6. 2001. Also see Brown, p. 30ff for a more in-depth discussion. 237 For example, among the “loosest” networked groups are those involved in open source software development. Studies of even these groups, which often have no hierarchy or central leadership, and are composed, moreover, of very individualist participants performing self-selected functionally distinct roles (code writing, code review, testing, etc.), illuminate the strong interdependencies as well as the importance of ties such as contribution, reputation, trust, and reciprocity that are determined subjectively by other members of the group. 236 Smith,

115

UNCLASSIFIED ‘dynamic whole’. This means that a change in one member or subgroups impacts upon others.”238 In addition, Lewin posited that attraction to goals or other “forces” was a stronger force than repulsion or pressure; and this turns out to be an important insight into developing a useful modeling basis for “networked deterrence.”239 Also, importantly for understanding and implementing “networked deterrence,” Lewin’s work on “field theory” also provides a quantitative basis for exploring the effects of social relationships on decision-making and behavior, with behavior as “a function of the field that exists at the time the behaviour occurs,” that the “concrete person in a concrete situation can represented mathematically”240 and the use of topology to express relationships among actors and their environment.

b) Understanding Mechanisms of Social Cooperation Because of the similarities to the problem of managing shared natural resources confronted by those seeking to deter the range of cyber threats, it is worthwhile to lay out the process by which collective action and cooperative mechanisms became an effective alternative to formal, centralized, directive approaches—which, along with retaliation, still seem to dominate thinking about cyber-deterrence. With his “Tragedy of the Commons” article, Graham Hardin had popularized the problems of managing shared natural resources; interestingly, Hardin’s article had opened, “At the end of a thoughtful article on the future of nuclear war, Wiesner and York concluded that: “Both sides in the arms race are . . . confronted by the dilemma of steadily increasing military power and steadily decreasing national security. It is our considered professional judgment that this dilemma has no technical solution. If the great powers continue to look for solutions in the area of science and technology only, the result will be to worsen the situation.”241 This was not unlike states and other actors pursuing their own self-interests in a Realist model of international relations,

238 Smith,

2001. want to express my appreciation to Danny Kahneman for suggesting that Lewin’s work on field theory could be usefully applied in thinking about networked deterrence and how to model it. Highlands Forum 34, Wye Plantation, April 27–29, 2008. 240 Hall, C.S. and Lindzey, G., Theories of Personality 3e, (New York: John Wiley and Sons, 1978), p. 386. 241 G. Hardin, Science, 13 December 1968, p. 1243. 239 I

116

UNCLASSIFIED “The prediction that resource users are led inevitably to destroy CPRs is based on a model that assumes all individuals are selfish, norm-free, and maximizers of short-run results. This model explains why market institutions facilitate an efficient allocation of private goods and services, and it is strongly supported by empirical data from open, competitive markets in industrial societies.”242 This was, therefore, not dissimilar to the problem of the “security dilemma” in an international system without a Leviathan; and Hardin concluded that only a centralized coercive authority could resolve these problems. The starkness of Hardin’s original statement has been used by many scholars and policy-makers to rationalize central government control of all common-pool resources (3) and to paint a disempowering, pessimistic vision of the human prospect (4). Users are pictured as trapped in a situation they cannot change. Thus, it is argued that solutions must be imposed on users by external authorities. Although tragedies have undoubtedly occurred, it is also obvious that for thousands of years people have self-organized to manage common-pool resources, and users often do devise long-term, sustainable institutions for governing these resources (5–7). It is time for a reassessment of the generality of the theory that has grown out of Hardin’s original paper. Here, we describe the advances in understanding and managing commons problems that have been made since 1968. We also describe research challenges, especially those related to expanding our understanding of global commons problems.243 In the security domain, fostering cooperation has usually focused on creating “international institutional” mechanisms with enforcement capabilities, primarily formal agreements, such as arms control treaties, or institutions like the UN or WTO, can be seen in this light.244 Not unlike many political scientists seeking to solve the “security dilemma,” Ostrom, et al, started down the same road of looking at formal cooperative mechanisms. As Ostrom noted, At first, many people agreed with Hardin’s metaphor that the users of a commons are caught in an inevitable process that leads to the destruction of the very resource on which they depend. The “rational” user of a commons, Hardin argued, makes demands on a resource until the expected benefits of his or her actions equal the expected costs. Because each user ignores costs imposed on others, individual decisions cumulate to a tragic overuse and the potential destruction of an open242 Ostrom, et.

al., “Commons,” p. 279. Ostrom and Joanna Burger, “Revisiting the Commons,” Science, 9 April 1999, VOL 284, p. 278. (Subsequently cited as Ostrom and Burger, “Revisiting the Commons”) 244 Robert O. Keohane and Elinor Ostrom, Local Commons and Global Interdependence: Heterogeneity and Cooperation in Two Domains, 243 Elinor

117

UNCLASSIFIED access commons. Hardin’s proposed solution was “either socialism or the privatism of free enterprise” (2).245 But then her path diverged from Hardin’s solution; Ostrom and others recognized that Hardin’s original formulation of the “tragedy of the commons” problem was incorrect—that a centralized government manager was not necessarily required. Ostrom began to look for a solution in less formal mechanisms of “collective action,” a body of work that resulted in her sharing the 2009 Nobel Prize in Economics. “Contemporary political theories frequently presume that individuals cannot make credible ex ante commitments where substantial ex post temptations exist to break them unless such commitments are enforced by an external agent.”246 Ostrom recognized that there are many possible forms of social relationships among self-interested parties. “Humans adopt a narrow, self-interested perspective in many settings, but can also use reciprocity to overcome social dilemmas (22). Users of a CPR include (i) those who always behave in a narrow, self-interested way and never cooperate in dilemma situations (free-riders); (ii) those who are unwilling to cooperate with others unless assured that they will not be exploited by free-riders; (iii) those who are willing to initiate reciprocal cooperation in the hopes that others will return their trust; and (iv) perhaps a few genuine altruists who always try to achieve higher returns for a group.”247 Having highlighted the potential influence of cooperative social relationships to influence behavior, Ostrom then argued that it is important to address one of the key problems of “collective action”—the “free rider,” “The tragedy of the commons, the prisoner’s dilemma, and the logic of collective action are closely related concepts in the models that have defined the accepted way of viewing many problems that individuals face when attempting to achieve collective benefits. At the heart of each of these models is the free-rider problem. Whenever one person cannot be excluded from the benefits that others provide, each person is motivated not to contribute to the joint effort, but to free-ride on the efforts of others. If all participants choose to free-ride, the collective benefit will not be produced. The temptation to free-ride, however, may dominate the decision process, and thus all will end up where no one wanted to be.… These models are thus extremely useful for explaining how perfectly rational individuals can produce, under some circumstances, outcomes 245 Ostrom

and Burger, “Revisiting the Commons,” p. 278. Walker, and Gardner, “Covenants”, p. 404. 247 Ostrom, et. al., “Commons,” p. 279. 246 Ostrom,

118

UNCLASSIFIED that are not ‘rational’ when viewed from the perspective of all those involved.”248 Ostrom and her colleagues believed that the creation of enforceable “covenantal” agreements among the parties sharing the CPR could be an effective mechanism; and the enforceability of such covenants would arise from the effects of social relationships in which repeated, longstanding ties are expected. Despite predictions that narrow selfinterested choices would result from such cooperative mechanisms, Ostrom tested the proposition and found this not to be true: “Empirical evidence, however, suggests that appropriators in common pool resources develop credible commitments in many cases without relying on external authorities.”249 These results were consistent with findings from Axelrod and others that long-term relationships and consistency in enforcing reciprocity could create effective norms of behavior. This finding that the ability to communicate and sanction could allow groups to enforce behavior without an external authority was central for a solution based on “collective action.” “However, predictions based on this model [of selfish behavior] are not supported in field research or in laboratory experiments in which individuals face a public good or CPR problem and are able to communicate, sanction one another, or make new rules.”250 As Axelrod had showed in The Evolution of Cooperation, the fostering of cooperative behavior is a learning process: non-cooperative behavior needs to be sanctioned (“tit-for-tat”) and cooperative behavior rewarded to ensure that reciprocity is enabled and the highest value outcomes are reached. More recent research suggests that, especially with public goods, expectations of future benefits (rewards) may be a more important driver than sanctions: “In this study, we demonstrate that it is not costly punishment that is essential for maintaining cooperation in the repeated public goods game but instead the possibility of targeted interactions more generally.… “We find that reward is as effective as punishment in maintaining contributions to the public good. However, although punishment is costly for both parties, reward creates benefit and thus results in higher total payoffs. Furthermore, when both punishment and reward are possible, positive reciprocity supersedes negative reciprocity, and punishing results in lower group-level benefits. Although punishment may outperform rewards in one-time anonymous interactions, our findings suggest that 248 Ostrom,

Governing the Commons: The Evolution of Institutions for Collective Action, (Cambridge: Cambridge University Press, 1990). p. 6. 249 Ostrom, Walker, and Gardner, “Covenants”, p. 404. 250 Ostrom, et. al., “Commons,” p. 279. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

119

UNCLASSIFIED positive reciprocity should play a more important role than negative reciprocity in maintaining public cooperation in repeated situations.”251 However, operant conditioning depends on that consistent application of the “titfor-tat” response, which would demand that sanctions or rewards be imposed for each occurrence, or the behavior is presumed to be “non-consequential.” On the other hand, behaviors conditioned by Pavlovian conditioning, another type of associative learning with conditioned responses to associated stimuli (“markers”) not the original stimulus itself, are not maintained by direct consequences, but rather by creating expectations that serve to modify or create new instinctual behaviors. Social norms are created by the behaviors of group members that then serve as markers of acceptable behavior. Unfortunately, the effects of conditioning, regardless of type, tend to fade when behaviors are not reinforced. In building on these insights into mechanisms for social cooperation, Ostrom provided a fundamentally different basis for influencing the behavior of actors who might, despite the overall advantages of cooperation, be inclined to pursue their own self-interest. And, moreover, her research, and that of others, provided solid reasons to look beyond the use of non-cooperative games and Nash equilibria in assessing deterrence. “The weakness of mere words and the necessity of external agents to enforce contracts is also a foundation upon which the powerful edifice of non-cooperative game theory has been constructed. John Nash (1950, 1951) distinguished between cooperative and non-cooperative games. In cooperative games, players can communicate freely and make enforceable agreements; in non-cooperative games, they can do neither. Some theorists particularly stress the inability to make enforceable agreements: "The decisive question is whether the players can make enforceable agreements, and it makes little difference whether they are allowed to talk to each other. Even if they are free to talk and to negotiate an agreement, this fact will be of no real help if the agreement has little chance of being kept. An ability to negotiate agreements is useful only if the rules of the game make such agreement binding and enforceable.”252

251 David

G. Rand, Anna Dreber, Tore Ellingsen, Drew Fudenberg, and Martin A. Nowak, “Positive Interactions Promote Public Cooperation,” Science, Vol. 325, 4 September 2009, p. 1272ff. 252 Ostrom, Walker, and Gardner, “Covenants”, p. 404. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

120

UNCLASSIFIED D. COOPERATION, COMPETITION, AND CONFLICT: THE 3CS FRAMEWORK To accommodate in our thinking about deterrence the tremendous expansion in the numbers of channels of interaction and communication with most of our counterparties, and the breadth of domains that they cover, we should re-examine our traditional concepts for response to threats by which a state transition significantly altered all aspects of the relationship. This new multiplicity of relationships and roles demands a different approach to assessing the very complex implications of potential “deterrence” actions due to the differential effects such actions may create within different network contexts. These entangled relationships also argue against the ability—as well as the desirability—of trying to alter all of them in reaction to a change in one channel, except in extremis. This points toward assessing responses to particular activities not with a specific, case-by-case approach, but within a much broader, coherent strategic framework that allows balancing a wide range of factors and equities. Thus, one might tolerate a single particularly provocative action in a relationship that provides significant benefits; but one might also be far less tolerant of a series of low-level activities that are merely annoying in a relationship that has only marginal utility. In both cases, communicating the reason for our response to the counterparty is important for the purpose of maintaining reciprocity and encouraging not only mutually beneficial behaviors, but respect for appropriate norms. The “Cooperation, Competition, and Conflict” (or 3Cs) framework allows actors— while pursuing their self-interest—to seek opportunities for mutually beneficial cooperation within multiple sets of relationships and introduces the notion of having multiple parallel “decision frames.”253 As Keohane posited, “States do not typically cooperate out of altruism or empathy with the plight of others, nor for the sake of pursuing what they conceive as ‘international interests.’ They seek wealth and security for their own people, and search for power as a means to these ends.”254 Furthermore, the 3Cs framework also goes beyond the Realist construct by explicitly recognizing that these networks of relationships affect their motivations and behaviors. It recognizes that actors can pursue different objectives in different networks and that these three types of relations can exist contemporaneously or simultaneously, resulting in complex

253 This

is similar to what Keohane suggested in “going beyond Realism” by stressing the role of institutions within the Realist construct. See Robert O. Keohane, After Hegemony, p. 16. 254 Keohane, After Hegemony, p. x. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

121

UNCLASSIFIED “mixed-motive games.”255 Importantly, such “mixed-motive” games do not, unlike Nash equilibria, produce stable optimum solutions. In fact, for assessing decisions by these actors, the decision space may resemble the sets of multiple attractors produced by complex systems in which predicting the choice among them is impossible. While adopting a similar perspective with respect to the utility of cooperation as does international institutional theory, unlike institutional theory that emphasizes formal institutional mechanisms for international cooperation, the 3Cs framework sees networks of relationships, whether formal or informal, as the crucial mechanisms for fostering cooperative behavior. “Like other political institutions, international regimes can be explained in terms of self-interest. Furthermore, they exert an impact on state policies largely by changing the costs and benefits of various alternatives. They do not override self-interest but rather affect calculations of self-interest.”256 Thus, the 3Cs framework remains firmly within the Realist construct because it continues to see the actors driven by and pursuing self-interest, whether in terms of security or other measures of power and influence. The 3Cs framework does not, however, adopt the “Lockean culture of anarchy, in which actors are neither enemies nor friends, but rivals. They all seek their own advantage, without any particular animosity, or empathy, towards others.”257 Unlike Keohane’s use of this perspective, the 3Cs does recognize differences not just in “distributional outcomes” but also in “distributional objectives,” and these will be affected by the social preferences highlighted by Fehr and Fischbach.258 Actors may see their self-interests within a larger social frame and their self-interests served by a mutuality of benefits. This self-interest, whether by a group or an individual, can be pursued in a number of ways, as denoted by the definitions of the 3Cs decision frames, some more mutually beneficial than others. These orientations, through preferences, define a reference frame for “interactions” with other parties. As a corollary, therefore, the decision calculus will reflect a “homo socialis” rather than a “homo economicus” perspective. Individual interactions may still be transactional and mostly benefiting

255 See

Schelling, Strategy of Conflict. After Hegemony, p. xi. 257 Keohane, p. xiii, See also Alexander Wendt, Social Theory of International Politics (Cambridge: Cambridge University Press, 1999). 258 Keohane, After Hegemony, p. xiii. 256 Keohane,

122

UNCLASSIFIED one party; but social ties bound by reciprocity (and sense of fairness) will fray if the balance of mutuality is too heavily weighted or too consistently one-sided.259 Cooperation: this is a relationship in which the objective is a “positive-sum” outcome for the participants as a whole; 260 the optimization is Pareto efficient, in which this overall increase in welfare is achieved with no party being made worse off. This decision frame, reflecting an orientation towards a beneficial outcome (in absolute terms) and mutuality of benefits, actually pursues (in formal terms) a weak Pareto optimum (WPO) in which an increase in welfare benefits all participants. In current international institutional theory, this decision frame is often referred to as “coordination.” Within economic markets, this might be a novel production technology that because of significant efficiencies produces a substantial consumer surplus that can be shared by both producers and consumers. Competition: the objective is an improved relative position, but one that can often produce an increase in overall welfare. The preferred outcome is certainly advantageous to winner, but not necessarily disastrous for the loser. However, the overall decision metric, however, is a non-Pareto optimization since all parties are not assured that their welfare will not be decreased. In current international institutional theory, this frame is often referred to as “cooperative.” Within the economic markets, this case might involve a novel production technology similar to that above, but one where control of intellectual property enables the inventor to take significant market share from his competitors while still increasing overall welfare through cost savings to consumers. Conflict: the objective is improved relative position, not overall improvement in welfare. As a result, the outcome sought reflects a “zero-sum” orientation, with the winner increasing his welfare but with the loser clearly worse off, usually in absolute as well as relative terms. However, the winner although improving his relative position, could end up being worse off in absolute terms; this reflects a classic game-theoretic situation of non-cooperative players and is often reflected in real conflicts. Using these economic concepts and algorithmic approaches to define these terms and distinguish among the players decision frames may be of great utility, especially in 259 Ernst Fehr and Simon Gächer, “Fairness and Retaliation: The Economics of Reciprocity,“ The Journal of Economic Perspectives, Vol. 14, No. 3, Summer 2000, p. 159–160. (Subsequently cited as Fehr and Gächer, “Reciprocity”). 260 This mirrors Friedberg’s concept of a “plus-sum” outcome for a mutually beneficial US-China relationship. Aaron L. Friedberg, “Ripe for rivalry: prospects for peace in multipolar Asia,” International Security, Vol. 18, No. 3 (Winter 1993). Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

123

UNCLASSIFIED understanding how such players may approach complex choices; and, moreover, being able to express these preferences algorithmically should materially assist subsequent modeling and operationalizing the insights from this 3Cs framework. Although these specific definitions may differ from those sometimes used in the literature of international cooperation and institutions, the meanings and operational implications of these different preference patterns are similar.

124

UNCLASSIFIED VI. CREATING A NEW FRAMEWORK FOR CYBER-DETERRENCE (TASK 2) There are several fundamental reasons for creating a new framework for deterrence in general and for cyber-deterrence in particular. First, the international system has clearly evolved away from the Realist model of “unitary” state actors pursuing selfinterest in an anarchic geostrategic environment by increasing their own power or security. The evolving system now involves a wide range of actors, all enmeshed in a range of relationships with other parties that create multiple objectives and constraints, on a dynamic and continually changing international landscape. Many of the current actors are motivated, however, by considerations other than traditional power and exploit methods for influence that also do not correspond to the traditional tools of state influence. This is quite unlike the proposition that Morgenthau had put forward, “We assume that statesmen think and act in terms of interest defined as power, and the evidence of history bears that assumption out.”261 Furthermore, the old distinction between “high politics”—that concerned with traditional sources of power—and “low politics”—that concerned with other interests such as “legal, economic, humanitarian, and cultural”—no longer makes sense in the new context of international relations.262 Therefore, power must now be defined with a broader connotation than a narrow emphasis on political, economic, and military factors.263 Second, interactions among states and other actors are now likely to involve multiple relationships, be conducted through multiple and diverse channels cutting across various hierarchical levels, and involve actors exhibiting different personas in these relationships. Therefore, the traditional physics-based model of state interactions as elastic collisions between discrete billiard balls is no longer an appropriate representation of the altered international system. Since that model of autarchic actors served as an important part of the paradigm for the deterrence calculus, these very different patterns of interaction—and their effects on decision-making—should also alter how we think about what deterrence is and how it is implemented. Just as the billiard ball model of atomic interactions was replaced by quantum field theories (QFT) such as quantum electrodynamics (QED), we should now explore models of the international system that incorporate the effects of complex social relationships and 261 Morgenthau,

Politics Among Nations, p. 5. recognized these other aspects as legitimate interests, but did not consider them to be motivators of state behavior. See Morgenthau, Politics Among Nations, p. 30; for a more recent view, see Slaughter, The New World Order. 263 See Joseph S. Nye, Jr., Soft Power: The Means to Success in World Politics, (New York: Public Affairs, 2004) and The Powers to Lead, (New York: Oxford University Press, 2008). 262 Morgenthau

125

UNCLASSIFIED interacting networks of those relationships, both within and between actors, on motivations and behaviors.264 Moreover, the other underlying classical physics concept of a relatively static system normally in equilibrium—congenial to the balance of power model of international politics—has now also been superceded by picture of a far more dynamic, more complex system. This new system resembles less a physics-based mechanical artifact; it is certainly not Newton’s “clockwork universe.” Rather it appears to be a dynamic living ecology, which is formally a complex adaptive system (CAS) that is less predictable than deterministic systems. And it is important to understand that this reduced predictability arises less from an inability to measure or specify precisely the initial conditions than from inherent uncertainties about the processes and implications of interactions: complex systems exhibit the crucial inherent property of “emergence.” As a result, it is important to recognize that those Enlightenment foundations also seduced us into accepting a set of crucial presumptions about the nature of an international system—among them rationality, proportionality, predictability, and knowability—that may no longer be operative in this new international system and are certainly no longer appropriate assumptions for deterrence or useful guidelines for policy-makers. Third, an effective approach to deterrence in this new environment must recognize that the “value“ by which power and influence is both exercised and measured is now far more a function of these networked relationships in which actors are enmeshed than possession of traditional factors of national power, the physical assets of land, labor, and capital. This creates a new focus for deterrence—that networks are themselves the source of value and should be the focus for affecting decisions. This project will, therefore, explore how to incorporate the complex 3C relationships and assess “network ® value” within a deterrence framework by looking at modifying SIAM , an existing influence network model, in order to evaluate new methods for assessing a novel approach to a deterrence calculus. Fourth, that the cyber domain itself exhibits some unique properties must be taken into account. Cyber actually encompasses two quite different types of networks: on the one hand, connected by the physical and logical resources of the cyber infrastructure, 264 A

direct social analogue to quantum field theory can be found in Kurt Lewin’s work on psychological “field theory” as pointed out by Danny Kahneman, Highlands Forum 34, April 2008.

126

UNCLASSIFIED there are networks that share limited resources; and on the other hand, there are communities of interests that are linked by information and discourse, where the information is non-rival and non-exclusive—like a true public good. Those networks that share physical and logical resources are in fact one type of “commons” or “common pool resources” (CPR) that must grapple with the management of limited physical resources. The virtual “communities of interest” may, in fact, be a second type of “commons,” in which the scarce resource is attention. Conflict in this cyber environment is relatively new, exhibits unique features, and also presents unfamiliar challenges. Because the cyber domain is a peculiar hybrid combination of physical and virtual properties, we must acknowledge that conflict in it possesses special characteristics that are quite different than those of the common physical world with which we are more familiar; and in translating deterrence to the cyber domain, it is, therefore, essential to account for these characteristics. As Lewis rightfully pointed out: “Cyber conflict is a new and complicated strategic problem. There is neither an adequate policy framework to manage conflict in cyberspace nor a satisfactory lexicon to describe it. Uncertainty is the most prominent aspect of cyber conflict – in attribution of the attackers identity, the scope of collateral damage, and the potential effect on the intended target from cyber attack. Many concepts – deterrence, preemption, proportional response – must be adjusted or replaced for the uncertain cyber environment.”265 Fifth, these are already exceptionally complicated issues, but they are, in addition, burdened with crucial aspects of formally complex systems. The widespread existence of entangling networks that now appear throughout many dimensions of the international system—political, economic, social—and the characteristics of the cyber domain itself both introduce complex system properties that are essential to address in thinking about cyber-deterrence. Aside from their technical aspects, complex systems introduce issues of fundamental indeterminacy, uncertainty, and knowability that affect planning and control of policy and operations in troublesome ways for decisionmakers. Finally, as previously highlighted, choice of analogy can have serious effects: on the one hand, casually adopting an analogy that does not fit well provides an inappropriate basis for decision and action; on the other, ignoring or incorrectly applying a model that 265 Lewis, p. 1. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

127

UNCLASSIFIED could be a useful heuristic guide can also lead to bad choices.266 While cyber is as highly technical as the nuclear domain, and while the impact of both technologies have had important implications for the international system and its constituent parts, those implications are starkly different. Unfortunately, the strategic nuclear analogy has highlighted two carryovers from traditional deterrence thinking that continue to be very salient in discussions of cyber-deterrence and that bedevil careful analysis of our cyber problems; however, both are self-defeating and both are likely to be wrong: • Syllogism #1: “attribution is essential for retaliation” = “attribution is essential for deterrence,” and • Syllogism #2: “we can’t deter them” = “they can’t be deterred.” Syllogism #1 tightly couples effective deterrent action to knowing the specific identity of the perpetrator of a hostile act in order to retaliate. Syllogism #2 suggests that direct deterrent responses by the U.S. are essential to preventing inimical cyber activities targeted at us. Attribution or identification of the attacker is likely to be far more uncertain than with nuclear weapons, and it is also not clear that even if we know who they are, that cyber attackers will have value that can be directly targeted in response. Therefore, it is worth exploring in more detail the range of mechanisms through which deterrence was and can be pursued, especially those that don’t require specific attribution and don’t depend on retaliatory threats for their effectiveness. Specifically addressing these two syllogisms and finding effective methods to tackle the problems they highlight are critical reasons for developing a new approach to cyberdeterrence that can complement traditional deterrence approaches that are dependent on attribution and retaliation. A. THE NETWORKED DETERRENCE CONCEPT Classical deterrence was based on influencing the behaviors of autarchic unitary actors, pursuing power measured by tangible factors, by affecting decisions made by leaders rationally calculating costs and benefits within a narrow game-theoretic construct. It operated by affecting perceptions of potential benefits and risks in the actor’s relatively isolated, abstract decision calculus; and these actors were almost always identifiable and had physical assets that could be held at risk. In that framework, to deter acts against us it was critical that the U.S. be able to insure that the 266 See

Neustadt and May.

128

UNCLASSIFIED adversary perceive that costs that would be imposed directly by us outweighed any potential gains. Thus, actions taken by us against them would directly deter their hostile acts. Now that model of deterrence faces serious problems with respect to ambiguity of an attack, identity of the attacker, and finding value important to the attacker to hold at risk. Enhancing deterrence and assessing the utility of “networked deterrence” to address and overcome these critical problems is an important objective of this research project.

1. A New Framework for Deterrence As discussed above in Section V, it is now a reality that all players—including states, as well as individuals and other non-state actors, regardless of whether or not they are terrorists or terrorist groups—are entangled in multiple types of relationships. The first key aspect of the “networked deterrence” concept rests on an understanding that these relationships powerfully affect every actor’s motivations and behaviors, and hence their decision calculus. This concept argues consequentially that affecting (or threatening to affect) those relationships can influence the behaviors of an actor; and it should be generally applicable to forestalling a wide range of potential threats. In this concept, deterrence can be exercised indirectly by our actions to affect the network of relationships in which the potential challenger is involved even where we may not know the exact identity of the actor causing the problem.267 It is important to note that networked deterrence is not intended to replace classic direct deterrence methods where they can be employed successfully, but rather to augment them with a range of indirect methods to influence actors and behaviors that we could otherwise not deter. This “networked deterrence” concept, focusing more on affecting networks of relationships than the actors as independent entities, reflects not just the impact of globalization and worldwide trade and financial networks in which most actors are involved, but also a better understanding of the crucial implications of “social networks” at all levels on decision-making and behavior of the participants. This concept builds on research on cooperative relationships done in recent decades by, among others, Keohane, Oye, Axelrod, and Ostrom, but also on earlier groundbreaking work done by Lewin in the 1930s and 1940s. The question originally posed by Axelrod 267 Lewin’s

two concepts of “fate interdependence” and “task interdependence” create opportunities that we can exploit: for the networks that we affect to influence their members without us necessarily knowing the identity of the particular member.

129

UNCLASSIFIED is relevant here, “Under what conditions will cooperation emerge in a world of egoists without central authority?”268 Given a better appreciation of the importance of social relationships on behavior, this report will start constructing this new deterrence framework by building on four elements that have been usefully employed by the financial services sector to help manage their risks in complex networks of relationships: penalty, futility, dependency, and counter-productivity.269 The second key aspect of this new framework is that the calculation of the “value“ pursued by players is now far more a function of these networked relationships in which actors are enmeshed than direct possession or control of tangible resources. Two factors lead to this emphasis on these networks as a new focus for affecting power relationships. First, as argued by Nye and others, “soft power“ and “smart power” (the ability to build, enrich and employ networks) have emerged as recognized components of international power and influence.270 Second, as stressed recently by Slaughter, these networks themselves may create the most important source of value for actors seeking power and influence.271 Success in networks fosters growth and densification; highly connected nodes tend to attract even more links and this pattern of highly directed growth is one reason that networks exhibit power law statistics. While directly “holding at risk” such networks may be an outdated concept, certainly seeking to influence actors through these networks, directly or indirectly, and to create restraining forces within those network contexts, appears to be a worthwhile concept to explore in order to enhance deterrence. That the network itself is now a source of value implicitly introduces the notion of Metcalf’s Law—that value structures of networks are strongly non-linear—into the deterrence calculus.272 As an example, even though Russia today is increasingly exhibiting many of the unpleasant authoritarian characteristics of the former Soviet Union, it is no longer an autarchic economy sheltered from the external environment. Now that Russia is rather firmly tied into international energy, trade, and financial networks, it is subject to 268 Axelrod,

The Evolution of Cooperation, p. 3. Venables, Director, Cyber Security, Goldman Sachs, presented at Highlands Forum Enrichment Session on Deterrence, March 10, 2008. 270 For example, see Joseph Nye, Soft Power: The Means to Success in World Politics and The Powers to Lead. 271 Anne-Marie Slaughter (now Director of Policy Planning at US Department of State), “America’s Edge: Power in the Networked Century,” Foreign Affairs, Jan-Feb 2009. (http://www.foreignaffairs.com/print/63722). 272 Metcalfe’s Law: the value is proportional to the square of the number of connected users of the system (n2). 269 Phil

130

UNCLASSIFIED collateral effects on its networked relationships, as the events since its invasion of Georgia last August demonstrated: adverse effects on foreign exchange rates, energy transactions, project financing and insurance, all reflected changes in the international community’s view of Russia as a “partner” in a wide rage of relationships. More strikingly, our relations with China provide a clear example of the complexity that multiple roles impose within interdependent relationships and with which both we and our counterparties must all contend.

B. CREATING AN APPROPRIATE MODEL FOR CYBER-DETERRENCE A number of researchers have re-looked at deterrence theory since the collapse of the Soviet Union and have questioned its utility for new challenges such as terrorism and cyber threats. They often suggest that many of the new adversaries can’t be deterred because they are not “rational” and highlight the lack of important adversary target structures that could be held at risk. In addition, they usually stress the twin problems of ambiguity of attacks and anonymity of the attackers as reasons that deterrence won’t work. One of the greatest obstacles in seeking to apply deterrence to the problem of cyber security, therefore, is to address the almost inevitable, but simplistic, question of “how can you deter if you don’t know who committed the act?” This instinctive response likely arises from the common, but misconceived, notion discussed previously that deterrence must rest largely, if not solely, upon the threat of devastating retaliation (such as nuclear strikes).273 Deterrence is most effective, however, when it operates on the entire decision calculus of a potential hostile actor; it should employ measures against both the perceptions of potential gains and potential losses and target all four principal components previously identified—{Type 1}Gain Value, {Type 2}Gain Probability, {Type 3}Loss Value, and {Type 4}Loss Probability. All for elements need to be assessed as sources for possible deterrent leverage and potential mechanisms identified for exploiting this leverage. A careful assessment of cyber-deterrence must, therefore, also examine all aspects affecting the context in which those decisions by our counterparties are taken in order to ensure that every potential leverage point is identified. Context for decision-making frames the perceptions that are integral to understanding judgment and decision273 This actually

raises two important issues that are both related to the nuclear-cyber comparison but are separate considerations. First, the extent to which cyber attacks pose the same threat of devastating damage demanding a devastating response. Second, whether cyber can pose a threat of devastating retaliation to the particular attacker.

131

UNCLASSIFIED making under uncertainty and risk; and detailed understanding of these factors will be essential for effective exploitation. What one scholar said recently about the type of indepth knowledge necessary for effective counter-insurgency is equally true of networked deterrence, “Without hard thinking about and intricate knowledge of the other side of the hill, counterinsurgency can become a kind of military art form, dangerously abstracted from real life.… In every such war, the counterinsurgents learn the need for local knowledge: language first, and from it, all they can discover about authority structures, grievances, customs and local politics.”274 Similarly in law enforcement, “community policing” requires similarly deep understanding of the social matrix in order to forestall criminal activities, not just arrest and prosecute offenders after the fact. What we understand today about individual and group decision-making by humans has progressed significantly since the cardinal tenets of deterrence were conceived and subsequently elaborated, and integrating both this understanding and the specific knowledge about particular actors into our considerations of deterrence is essential. It was a long and difficult process to create a suitable knowledge foundation about the Soviet Union for use in traditional deterrence planning and assessments; given the multiplicity of potential challengers, the present task will be much harder. For almost every actor, the international context is now dominated by networks of relationships in which they are engaged rather than by transactional encounters of autarchic actors. Relationships create links and impose certain types of ties that affect and constrain behaviors; a key difference in interactions between members of “communities” and interactions between “strangers” is an expectation of reciprocity because of the continuity of those interactions. And clearly there are examples in international relations of the use of such reciprocal dependencies, including the treatment of diplomats (such as declarations of persona non grata status) as a matter of standard diplomatic practice. Appreciating the implications that actors exist within a complex matrix created by relationships that have shared interests, the impacts of these networked relationships can be exploited to shape motivations and behaviors of participants and, to some degree, of outsiders wishing to interact with members of the network. 274 Eliot

A. Cohen, “Obama’s COIN toss,” Washington Post, Sunday, December 6, 2009, p. B4.

132

UNCLASSIFIED The employment of such effects, not usually exploited in thinking about cyberdeterrence by the national security community, can be seen in the approach employed by the financial services community to reduce their cyber risks. Because the potential threats to our defense and national cyber capabilities, whether states, non-state entities, or individuals, are now similarly entangled in such networks of relationships, we propose to adapt and extend that approach from the financial services sector in order to deter attacks by exerting influence on potential attackers through their networks of relationships, including dependencies with us and our partners. As with the problem the U.S. faced throughout the Cold War of how to protect an effective deterrent capability in the face of a continually evolving Soviet threat, it is critical to understand that there were no panaceas then, there are none for our current cyber challenges—our protective postures and our operational responses will have continually to adapt and evolve. The work by Ostrom, et. al., on “adaptive governance” for common pool resources addresses similar challenges, and it is one reason that this body of research is so relevant for the cyber-deterrence problem.275

1. A Financial Services Sector Model As discussed previously in Section V.B, the financial services sector comprises a very complex series of relationships; and it is within this context that it must contend with a wide range of potential threats to its important cyber systems, which can come from both inside and outside and can be malicious or accidental. These threats can include: • Unauthorized and illicit access to and misuse of sensitive information to protect both client and firm confidentiality, • Unauthorized information sharing, • Theft and embezzlement, • Theft of intellectual property and other unique process data, • Access to sensitive financial information, • Illicit credentialing and violation of employee privacy, • Disruption of communications, • Disruption of systems, and 275 Thomas

Dietz, Elinor Ostrom, Paul C. Stern, “The Struggle to Govern the Commons,” Science, Vol. 302, 12 December 2003, fn 28, p. 1911. (Subsequently cited as Dietz, Ostrom, and Stern, “Struggle.”) See also Ostrom, “Panaceas.”

133

UNCLASSIFIED • Corruption of data. A deterrence approach consisting of four elements—penalty, futility, dependency, and counter-productivity—has been effectively employed by some members of the financial services sector to help manage their cyber risks in dealings within this complex environment.276 We believe this approach can provide a useful starting place for thinking about constructing an effective cyber-deterrence framework for national security cyber challenges. These measures by private parties serve as an especially useful as a foundation since they generally lack the power or sanction of governmental authority and, therefore, leave substantial room for augmenting with the additional powers that governments could bring to bear. Two of these measures—penalty and futility—have been generally part of classic deterrence thinking; and, to first order, they do not depend on the existence of relationships or communities to constrain potential inimical activities. Interestingly, two other measures in this approach—dependency and counter-productivity—both exert their effects through complex relationships; and these have not generally been part of the traditional deterrence toolkit. Therefore, this approach can serve as a useful starting place for exploring the broader implications of social networks on affecting motivation and behavior. In this approach, penalty corresponds to traditional imposition of potential costs, either by affecting loss value {Type 3} that might be imposed on an attacker or increasing the loss probability {Type 4}. Such penalties could take the form of referral for criminal prosecution, civil legal actions for recovery of damages, imposing financial constraints on the perpetrator, or retaliation, to the extent allowed. For private parties, the authority to strike back and retaliate in kind is clearly subject to strict legal constraints, nor can a private party themselves impose penalties such as criminal sanctions. However, private actors can employ other forms of retaliation that impose costs—such as refusal to engage in subsequent transactions with transgressors, again subject to legal constraints on boycotts and embargoes. Carrying through on previously made declarations to impose penalties in order to increase the perceived likelihood that the costs will be extracted from the attacker is important for deterrence effectiveness. Futility refers to protective measures taken to make cyber attacks more difficult, more costly to the attacker, more sporadic, or less effective. If it is more difficult, 276 With

permission, this discussion draws heavily on a presentation by Phil Venables, Director, Cyber Security, Goldman Sachs, that was presented at a Highlands Forum Enrichment Session on Deterrence, March 10, 2008.

134

UNCLASSIFIED technically or economically, for someone to attack you, that adversely alters the potential attacker’s perception of relative gains versus costs. To the degree that his access is less predictable his risks increase and his potential gains are reduced. Part of "futility" also operates on the attackers perceptions of “opportunity costs;” by making the effectiveness of your protective processes transparent, other lower-hanging fruit becomes more attractive as a target.277 The attractiveness of such futility measures is reinforced because they can often affect several of the principal components of the deterrent calculus simultaneously. They can raise the potential costs to the attacker by forcing more or higher quality resources to be committed for the same gain {Type 3}; they can increase his likelihood of failing to achieve his objective or of being caught {Type 4}; they can reduce his probability of success {Type 2}; and they can decrease the value of his benefits {Type 1}. By creating effective barriers, these measures can increase the likelihood that attacks will be detected, thereby forcing disclosure of intent and increasing the probability of appropriate reaction. In addition, effective protective measures can create thresholds of capability needed for successful attacks, not only reducing the probability of success, but also increasing the risks of attribution by narrowing the population of capable perpetrators—increasing the likelihood that a penalty could be imposed. Furthermore, a side benefit is that by increasing security and/or resilience of your systems and operations, your perceptions of your own risks are reduced, which alters your decision calculus, including willingness to take responsive actions. Dependency creates a direct relationship between the potential attacker and the target that creates value for the attacker, which could be put at risk from attacks. In the financial services community, some nation-states may be clients whose continued ability to execute transactions or make investments could itself be put at risk by the attacks (even without attribution) or (with attribution) by responding to the attack by cutting off the relationship or impacting other aspects of the relationship. While such dependent relationships may not prevent attacks by themselves, they may significantly affect the perpetrator’s assessment of risks versus benefits from the attacks. Counter-productivity is similar to dependency, but it operates indirectly by affecting a wider set of relationships, including those of the party attacked but also those in 277 Such

“impact shifting” may be useful for private parties seeking to protect their own equities in a sea of similar targets; but it may be less useful for governments seeking to protect specific assets or operations, or as a mater of public policy.

135

UNCLASSIFIED which the attacker participates. As Venables suggested, this could take the shape of the public outrage that occurs after an attack because of the effects on related members or simply because the attack is perceived to violate norms of acceptable behavior. It can work in more focused ways as well by making those related to the party attacked more willing to provide information about the attacker or by strengthening the norms of tolerated behaviors. If the networks in which the attacker participates perceive costs due to the attack, or feel their norms have been violated, they may similarly become a less useful or less tolerant set of relationships for the attacker. Especially to the degree that the attacker’s capabilities rely on “task interdependencies” with his network, this factor certainly affects his perceptions of risks and benefits from an attack since he depends on continued assistance from (or at least tolerance by) those networks. Venables stressed the point that in the cyber realm, the focus for deterrence efforts should generally not be on the identity of the individual attacker, but rather, emphasizing measures that influence the trust network in which the attackers operate. He emphasized, “It follows that if we identify and destroy that network, we destroy the ability of the individual attacker.” Importantly, while relationships are clearly central to the effectiveness of dependency and counter-productivity, networked relationships can significantly amplify the effectiveness even of penalty and futility by spreading knowledge throughout the networks of interested parties. The fact that one company is prepared to press hard to see attackers penalized to the full extent may embolden other members of the community to take similar actions. Similarly, disseminating to other members of the community knowledge of attack signatures and methods, on the one hand, and about effective protective measures, on the other, can increase the speed and effectiveness as well as lower the cost of effective protective measures. At the same time, communicating to and among potential attackers that this company is “too tough a target” may dissuade some potential attackers; or dissemination of such information may well cause attackers to shift their focus to other potential targets.

2. Extending the Financial Sector Approach The range of cyber threats to national security may be broader than that faced by the financial services sector; but they are similar enough in character and source, even if the targets and scale might be considerably different, to warrant exploiting the useful features of the financial services cyber-deterrence approach. Moreover, given that one Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

136

UNCLASSIFIED of the objectives behind the “networked deterrence” concept is to minimize the reliance of deterrence on attribution, it is worth noting that of the four components in that approach, only penalty specifically demands that we be able to attribute the attack and accurately identify the attacker. Generally the protective activities undertaken to increase futility do not require that the identity of an attacker be known for them to be effective, although characteristics of likely attacks themselves are extremely useful.278 Because dependency operates from the potential attacker’s perspective, it also is not reliant on identification by the party attacked. Lastly, even counter-productivity does not require that we know who specifically is the attacker, although it can be it more effective if we can identify the matrix of relationships from which the attack was carried out. Counter-productivity will also be effective if the networks from which the threat emanates believe that the threat itself or the deterrence measures taken either in preparation or response will have significant adverse effects on their well-being. In many cases, moreover, it is more likely that other participants in the potential attacker’s networks will be able to identify them than will we; as a result, cooperative measures with those networks may offer significant leverage. The cases of futility and counter-productivity are particularly interesting because they illustrate some very important points about why we need to rethink the presumed dependence on attribution for developing cyber-deterrence measures. With respect to futility, there are a range of effective protective measures that might be termed “selfinitiating” responses: these do not require identification of the attacker but rather the recognition of inimical activities—they are triggered by the act itself, not by knowing the identity of the attacker (nor the objective of the attack). The use of an electrified fence for perimeter security of a facility is a good analogy: the fence shocks an attacker when touched, not because it knows who the attacker is. In the case of counterproductivity, the effects on behavior are exercised by members of the groups in which the attacker participates, not by us directly. As noted above, those members may know who an attacker is and, because of pressures applied on the group as a whole, may sanction the offender or take other actions in order to minimize potential adverse consequences to the group. They may also, however, operate indirectly by exerting pressure on all group members by enforcing norms that minimize tolerance of “bad behaviors” or reducing their willingness to cooperate, actively or tacitly, in those activities, both without knowing specifically who is guilty of a triggering act. If these 278 There

are some exceptions, of course, such as security measures, including non-cooperative biometric identification, that use signatures of potential attackers to protect against intrusions.

137

UNCLASSIFIED networks include those who are linked to the attacker by “task interdependence,” such measures may offer especially useful leverage. Thus, while influencing attackers by threat of imposing ex post penalties for illicit activities requires specific knowledge of the identity of the attacker, affecting behaviors through the creation and enforcement of norms is less subject to this constraint. Given the importance of norms in shaping behaviors of group members, an important first step in adapting the financial sector approach to deterring harmful cyber activities is to add fifth component: fostering a greater intolerance for “unacceptable” behaviors. By creating more explicit expectations and by strengthening norms, if not more formal rules and constraints, regarding activities considered unacceptable by members of the group, damaging cyber activities and tolerance for committing them may be subject to tighter constraining influences by the group. The necessary counterpart to creating intolerance is fostering a more mindful attitude towards use of cyber systems and shifting the “default” attitude to one of careful employment. This is similar to the noticeable effects that increased intolerance for drunk driving has had, and not just in the United States. Although no change in norms and their enforcement will induce perfect compliance with models of good behavior, they can be an important component of behavioral constraints imposed by social relationships. The globally networked environment, especially because it shares an important feature with other “commons”—that inimical activities reduce benefits for and impose costs on all—really demands strengthening the group norms against such behaviors and they can be shown to be in the interest of almost all parties. In this area, as noted above, the government can bring some capabilities and authorities to create rules and norms not available to private parties, including using civil and criminal penalties as a start on norm building and enforcement. By strengthening legal penalties where legal frameworks are in place, certainly the government can directly impose costs through more vigorous prosecution of criminal activities and help set an example for societal norms. And it also has the authorities to retaliate under specified conditions when properly authorized to do so. The government can create incentives for and cooperate with private actors in their norm building and cooperative enforcement efforts by encouraging private action against illicit cyber activities through the use by commercial entities of “terms and conditions” (“T&Cs”) by underwriting standards and by relaxing certain antitrust restrictions against collaborative activities in this area. Moreover, the government can go well beyond what private entities can do individually in several Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

138

UNCLASSIFIED areas, such as sharing information widely among concerned parties. Many of these activities are already underway, but they would be significant more effective if they were elements in a more coherent framework directed by an appropriate national strategy. More broadly, the government can also help educate the general population about good cyber practices and the importance of obeying norms; this is not unlike campaigns against drunk driving and to increase immunizations against threatening diseases. Unfortunately, the current “default” attitude to cyber by the general population and by users who should be more concerned is usually one of sloppiness; too often little care or attention is given to what should be common “public health” measures for the cyber environment. As a first step, the government can encourage through its own activities the use of good practices that help build norms; this will demand far more discipline than has been seen to this point. However, compared with commercial enterprises, in attempting to improve cyber-security in order to strengthen futility, the government has to contend with a host of constraints not usually limiting the private sector, including scale, procurement rules, personnel practices, budgetary cycles, Congressional oversight and pressures, among others. Having said that, futility remains the as the most high-leverage place to start effective efforts within a new cyberdeterrence framework; and more emphasis of cyber “public health” measures would be a useful first step.

Table 4: Applying the Five Principles: Some Examples

Potential Deterrence Mechanisms Classic Deterrence

Networked Cyber-Deterrence

Futility • Improve Survivability

• Better intrusion detection and protection • Heterogeneous systems • Polymorphic operations

139

UNCLASSIFIED • Randomized VMs • Effective Defense of Strategic Offensive Forces (SOF) and C3I

• Active cyber-protection measures

• Assured Operations and Reconstitution

• Resilient networks • Alternative operational modes • Multiple independent communications capabilities • Restoration/Reconstitution capabilities

• Capability to Countervail

• Restoration/Reconstitution capabilities • Capabilities to break interdependencies

• Share attack profiles

• Share attack signatures

• Share identity information

• Share attacker identity data

• Share “best practices” methods

• Cooperative cyber-security efforts

• Unanswered Escalation

• Reduce QoS to problem domains

Penalty

• Damaging Counter-Attack • Counter-Offensive • Ex Post Retaliation • Seek Criminal Prosecution

• Severe criminal penalties

• Impose Civil Penalties

• Harsher civil damages • Regulatory measures

Dependency • Reduce cooperation in other channels (i.e., Clamp down on civil

140

UNCLASSIFIED exchanges) • Constrain relationship • Increase transaction costs • Cut off relationship • Damage reputation/poison trust networks

CounterProductivity • Launch-on-Warning • Launch-under-Attack • Doomsday Machine • Affect Reputation • Increase transaction costs

Intolerance • Public education • “Points on license”

Key: • Official Measure x • Financial Sector Measure y

3. Completing the Framework: Some Issues for Consideration As a recent Foreign Affairs article emphasizes, the key elements of a deterrence policy appropriate to the new international conditions still rest on the two core factors of traditional nuclear deterrence—capability and credibility.279 Effective deterrence works best when it is a self-reinforcing, nested hierarchical structure—strategic/ operational/tactical—with strong coupling between the levels. Strengthening the 279 Lieber

and Press, “Nukes We Need,” Foreign Affairs, November/December 2009, p. 41.

141

UNCLASSIFIED factors and mechanisms that create the linkages between these levels in the new digital environment would help create a coherent, more effective cyber-deterrence capability. Furthermore, reduced reliance on retaliatory measures as the basis for effective cyberdeterrence in this framework would allow deterrence to be improved without heightening concerns about increasing our cyber-attack capabilities that underwrite retaliation for offensive purposes. For cyber, this issue of consistency in norms and responses may actually be more acute than it was for nuclear deterrence throughout the Cold War; in the cyber domain, the day-to-day low-level “nuisance” activities, such as intrusions and botnet enabled distributed denial-of-service attacks, can mask or assist in providing entry points for operationally serious exploits. Although the rhetoric is overheated, another recent Foreign Affairs article makes this point. “…Most disturbing, their limited success [in stopping such activities] may embolden future hackers to attack critical infrastructure, such as power generators or air-traffic-control systems, with devastating consequences for the U.S. economy and national security.”280 Credibility is built is not just willingness to carry out postulated responses to a particularly flagrant provocation, but the belief by an opponent (and others) that we are in fact prepared to do so. Credibility is linked, at one level, to the appropriateness and proportionality of our likely response, which is why early U.S. plans for “Massive Retaliation” and strikes against urban-industrial targets were replaced by more discriminating, even if still large-scale response options. But such beliefs are colored, indeed deeply conditioned, by a wide range of our behaviors, not just by considerations of our specific response to the instant possible high-level exploit. One might think, therefore, of deterrence as a nested hierarchy of consistent and coherent responses, from high-level strategic policy through operational-level activities down to tactical, day-today reactions. An essential aspect of a credible deterrence policy, therefore, is the creation of an overall reference frame for potential attackers that supports the belief that we will conduct particular response activities. This cannot be done simply by declaratory statements of intent, but must be demonstrated by tangible activities. Interestingly, the Masada example emphasizes the key role of declaratory policy for deterrence to be effective. Toleration of provocations that we find aggravating but not lethally 280 Clark

and Levin, “Securing the Information Highway,” Foreign Affairs, Nov/Dec 2009, p. 2.

142

UNCLASSIFIED threatening may well induce potential adversaries to perceive that we are not serious about actually responding to more threatening activities. However, tensions can arise between those who are concerned that excessively stringent enforcement of agreements can degrade the overall tenor of relationships and those who believe that lax enforcement of rules and norms simply creates temptations for bad behavior.281 Historically, the attempt to maintain a favorable balance of strategic power with respect to our principal adversary throughout the Cold War, including the maintenance of an “assured destruction” retaliatory capability, certainly fed concerns about creating the classic “security dilemma” that could result from perceptions of unfavorable force balances by our opponent.282 The continuous dynamic of competing strategic and other force structures certainly reinforced sensitivities that potential force asymmetries could create temptations and undercut deterrence. Especially as almost all parties are increasing interconnected, an effective cyber–deterrence framework, placing far more emphasis on protective measures and network influences than direct retaliation, could offer a “plus-sum” outcome with improved resilience and confidence for most parties, without creating similar concerns over a cyber “security dilemma.” The extent to which relationships can be influenced by actions from outside the network of participants and the ability of networks to affect the motivations and behaviors are both key questions for assessing the concept “networked deterrence.” Neither can be answered in the abstract, but instead require deep understanding and specific knowledge about the particular networks involved and their patterns of linkages, including types and strengths of bonds. Companies in the financial services sector had assumed that they possessed a very deep knowledge base about most of their counterparties, just as we assumed that the U.S. had deep knowledge about its important adversaries. Recent events have illustrated the limitations of those assumptions in both sectors. Implementing networked deterrence will clearly require us to do better with respect to understanding our counterparties and the networked relationships in which they are involved.

281 This

was a serious problem with verification and enforcement of arms control agreements with the Soviets and has been with others as well, as our more recent experiences with North Korea and Iran can testify. 282 See Jervis, p. 53ff. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

143

UNCLASSIFIED 4. Exploiting Collective Action for Effective Cyber-Deterrence In the financial services community, reputation, trust, and reciprocity have impacts that can be measured in monetary terms. Thus, most of the analysis behind the use of deterrence measures within the financial context is obviously based on financial ties, rather than on a broader range of political, economic, and social relationships that operate in the international community; but there are strong parallels to employing such leverage in the national security community. To deter cyber challenges that represent national security threats, as a first step, we will have to find those ties appropriate to the wider range of communities that we will wish to influence. The fact that we are attempting to operate in and impose some sort of order on what Lewis termed a “pseudo-commons” suggests that we need to appreciate the research on the best way to deal with managing common pool resources and shared environments. The traditional approaches, like Hardin, instinctively tried to take either a top-down, centralized approach with directive control or an approach based on formal institutional mechanisms; and we cab certainly see the same forces at work with regard to the cyber problem. “Much environmental regulation in complex societies has been ‘command and control.’ Governments require or prohibit specific actions or technologies, with fines or jail terms possible for punishing rule breakers.”283 The Nobel prize-winning work by Ostrom and Williamson showed, however, first, that neither “a Leviathan” nor formal institutions were necessary to address these problems and second, that cooperative actions by self-interested parties through their own actions could achieve the desired goals. “Among them are that rules should clearly define who gets what, good conflict resolution methods should be in place, people's duty to maintain the resource should be proportional to their benefits, monitoring and punishing is done by the users or someone accountable to the users, and users are allowed to participate in setting and modifying the rules. Notice the absence of top-down government solutions.”284 What is especially important about this body of work is that it does not attempt to overturn the central Realist proposition that actors on the international stage will pursue their selfish self-interests above other interests, but it recasts how that selfinterest can best be pursued I this new environment. 283 Dietz,

284 David

Ostrom, and Stern, “Struggle,” p. 1909. R. Henderson, “A Nobel for Practical Economics,” Wall Street Journal, October 12, 2009.

144

UNCLASSIFIED The research by Ostrom, et. al., on addressing the problem of common pool resources through collective action, by strengthening cooperative mechanisms in shared environments rather than by centralized authority, provides important lessons for developing an effective cyber-deterrence framework. However, cyber-deterrence must operate against decisions being taken in two fundamentally different regimes that interact with each other but the centralized approaches generally ignore the key characteristics of both regimes. Attempts to protect the cyber domain over the past decade have not recognized the complications arising from the fact that the cyber hybrid regime comprises two quite different types of networks and systems, with the result that it has failed to appreciate the true complexity of mixed-motive situations with often incompatible decision frames for policy makers. Therefore, the CPR model must be modified to take into account the differences in perspectives that these two different decision regimes introduce into the assessment of benefits and costs of particular actions. The next major issue concerns how to implement the cyber-deterrence framework, building on the financial sector approach, discussed above, but explicitly employing the governance processes and mechanisms identified suited to problems of the “commons.” Adapting the governance model created by Dietz, Ostrom, and Stern (subsequently referred to as the D-O-S model) appears to provide a useful conceptual path for moving forward since it addresses many of the same conditions that exist for the new international security environment in their work on shared natural resources. As they note about governance of CPRs, “Commerce has become regional, national, and global, and institutions at all of these levels have been created to enable and regulate trade, transportation, competition, and conflict.”285 In response to these factors, their research laid out an alternative to the centralized authority model, including a general approach and set of mechanisms that should be similarly useful for enhancing deterrence of cyber challenges. Most importantly, rather than relying on any single mechanism, the D-O-S model for governance has power because it integrated a number of diverse but powerful elements. “The store of governance tools and ways to modify and combine them is far greater than often is recognized. Global and national environmental policy frequently ignores community-based governance and traditional tools, such as informal communication and sanctioning, but these tools can have significant impact.”286 285 Dietz,

286 Dietz,

Ostrom, and Stern, “Struggle,” p. 1908. Ostrom, and Stern, “Struggle,” p. 1908.

145

UNCLASSIFIED Perhaps most importantly, rather than looking towards either centralized command and control approaches or financial incentives, it brought into play the powerful motivations created by social relationships and communities with shared interests and concerns. As Fehr and Fischbach had similarly noted about the key role of social preferences, “We show empirically that economists fail to understand fundamental economic questions when they disregard social preferences, in particular, that without taking social preferences into account, it is not possible to understand adequately (i) effects of competition on market outcomes, (ii) laws governing cooperation and collective action, (iii) effects and the determinants of material incentives, (iv) which contracts and property rights arrangements are optimal, and (v) important forces shaping social norms and market failures.”287 This recognition of the power of social preferences to affect choices and behaviors leads to a strategy for shifting behaviors from one driven by tangible rewards to one driven by group allegiance through using group preferences to create effective norms for cooperative behavior that benefits the group as a whole. Not unlike the challenges in the cyber domain, Ostrom and her colleagues understood that they needed to find a common solution space that address three quite different problems. First, they needed to create reasons for “norm-abiding” groups to participate in a network that would clearly include members with different interests and priorities, without the availability of financial incentives from exogenous sources. Second, they had to create means to make previous “free riders” conform to norms that benefited all members of the group. Finally, had to create a mechanism—covenants— to address the problem of “norm-breakers” without relying on external legal sanction. Drawing on previous work, Ostrom realized that being able to communicate and negotiate agreements is useful only to the extent that the agreements can be made binding and that they can be enforced. “In other words, communication without a change in the payoff function does not eliminate a Nash equilibrium (the major solution concept used in non-cooperative game theory).”288 A key insight from this body of research was that there were varying, indeed often conflicting, objectives and preferences among the interested parties; and, therefore, it was more complicated than attempting to optimize or manage a process with 287 Fehr

and Fischbach, “Preferences,” p. C1. Walker, and Gardner, “Covenants,” p. 404.

288 Ostrom,

146

UNCLASSIFIED commonly agreed, even if conflicting, objectives. In general, the use of game theory constructs such as the Prisoner’s Dilemma and Nash equilibria were based on the less complicated situations without such mixed motives and where information costs were trivial. They appreciated that having good information was key to any approach, but that information availability could be a major constraint. As they understood with respect to information, “If sufficient resources are made available for monitoring and enforcement, such [centralized command and control] approaches are effective.”289 However, in the case of financial markets and the cyber domain as well, the actors most closely involved (including those who create the threats) themselves often closely hold the very information needed for centralized decisions and that timely information is often only available “at the edges.” The absence of a centralized ability to collect and process information in a timely manner, however, fundamentally altered the nature of the problem and, therefore:. “We refer to adaptive governance rather than adaptive management because the idea of governance conveys the difficulty of control, the need to proceed in the face of substantial uncertainty, and the importance of dealing with diversity and reconciling conflict among people and groups who differ in values, interests, perspectives, power, and the kinds of information they bring to situations. Effective environmental governance requires an understanding of both environmental systems and humanenvironment interactions.”290 Dietz, Ostrom, and Stern also recognized that the environment with which were dealing, like the problem of cyber threats, with was very dynamic, with players and interests changing along with changes in the pool (and value) of natural resources and the general environmental conditions. “Devising effective governance systems is akin to a co-evolutionary race. A set of rules crafted to fit one set of socio-ecological conditions can erode as social, economic, and technological developments increase the potential for human damage to ecosystems and even to the biosphere itself. Furthermore, humans devise ways of evading governance rules. Thus, successful commons governance requires that rules evolve.”291 Indeed, beyond the commonality of a high degree of dynamism, much of the problem space they contend with mirrors key features in cyber-deterrence; their “coevolutionary” race reflects many of the same problems as attempting to use “red lines”

289 Dietz,

Ostrom, and Stern, “Struggle,” p. 1909. Ostrom, and Stern, “Struggle,” fn 28, p. 1911. 291 Dietz, Ostrom, and Stern, “Struggle,” p. 1907. 290 Dietz,

147

UNCLASSIFIED or static defenses to protect critical cyber capabilities in the face of very rapid change in the underlying technology base and employment of those technologies by diverse groups of users. The original review article by Dietz, Ostrom, and Stern, “The Struggle to Govern the Commons,” lays the foundation for a process appropriate to encouraging collective action among parties with different interests. They provided a process in which the individual steps were detailed and explicit because they recognized that these “voluntary approaches and those based on information disclosure” were new and had not then been researched in depth; and that issues of non-financial incentives for compliance and mechanisms for sanctioning would be difficult issues to resolve.292 Based on their understanding of the complex interacting forces at work, they devised a set of general principles (shown in the graphic below to foster the cooperative behavior that would produce the desired collective action.

Fig. 3. General principles for robust governance of environmental resources (green, left and right columns) and the governance requirements they help meet (yellow, center column) (13, 158)

T. Dietz et al., Science 302, 1907 -1912 (2003)

Figure 4: The Dietz-Ostrom-Stern “Governance Process”293 This process has five component elements—providing information, dealing with conflict, inducing rule compliance, providing infrastructure, and preparing for 292 Dietz,

293 Dietz,

Ostrom, and Stern, “Struggle,” p. 1909. Ostrom, and Stern, “Struggle,” p. 1910.

148

UNCLASSIFIED change—all of which appear to be appropriate for making cyber-deterrence effective. It is worth quoting the rationale for the elements at some length in order to highlight the parallelism in the two problem areas.294 “Providing information. Environmental governance depends on good, trustworthy information about stocks, flows, and processes within the resource systems being governed, as well as about the humanenvironment interactions affecting those systems. This information must be congruent in scale with environmental events and decisions. Highly aggregated information may ignore or average out local information that is important in identifying future problems and developing solutions. “Effective governance requires not only factual information about the state of the environment and human actions but also information about uncertainty and values. Scientific understanding of coupled humanbiophysical systems will always be uncertain because of inherent unpredictability in the systems and because the science is never complete). Decision makers need information that characterizes the types and magnitudes of this uncertainty, as well as the nature and extent of scientific ignorance and disagreement (80). Also, because every environmental decision requires tradeoffs, knowledge is needed about individual and social values and about the effects of decisions on various valued outcomes.” “Dealing with conflict. Sharp differences in power and in values across interested parties make conflict inherent in environmental choices. Indeed, conflict resolution may be as important a motivation for designing resource institutions as is concern with the resources themselves. People bring varying perspectives, interests, and fundamental philosophies to problems of environmental governance, and their conflicts, if they do not escalate to the point of dysfunction, can spark learning and change. “Inducing rule compliance. Effective governance requires that the rules of resource use are generally followed, with reasonable standards for tolerating modest violations. It is generally most effective to impose modest sanctions on first offenders, and gradually increase the severity of sanctions for those who do not learn from their first or second encounter. Community-based institutions often use informal strategies for achieving compliance that rely on participants’ commitment to rules and subtle social sanctions. Whether enforcement mechanisms are formal or informal, those who impose them must be seen as effective and legitimate by resource users or resistance and evasion will overwhelm the commons governance strategy.” “Providing infrastructure. The importance of physical and technological infrastructure is often ignored. Infrastructure, including 294 Dietz,

Ostrom, and Stern, “Struggle,” pps. 1908–1910.

149

UNCLASSIFIED technology, determines the degree to which a commons can be exploited (e.g., water works and fishing technology), the extent to which waste can be reduced in resource use, and the degree to which resource conditions and the behavior of humans users can be effectively monitored. Indeed, the ability to choose institutional arrangements depends in part on infrastructure.” “Be prepared for change. Institutions must be designed to allow for adaptation because some current understanding is likely to be wrong, the required scale of organization can shift, and biophysical and social systems change. Fixed rules are likely to fail because they place too much confidence in the current state of knowledge, whereas systems that guard against the low probability, high consequence possibilities and allow for change may be suboptimal in the short run but prove wiser in the long run. This is a principal lesson of adaptive management research.” More recently, Ostrom grew concerned that the general principles in “The Struggle to Govern the Commons” have sometimes been taken as procedural panaceas, a cookbook approach that would seemingly allow solutions without doing the hard but necessary work on the details that differentiate different cases.295 A new study documents updates the original framework for analyzing the management of common pool resources and especially highlights the significant research issues attached to making progress on understanding these complex issues. Her cautions on these issues apply equally to the challenge of making cyber-deterrence effective and keeping it relevant to changing circumstances. In particular, she highlights that in the case of drawing upon multiple disciplines of knowledge, “Without a common framework to organize findings, isolated knowledge does not cumulate.”296 Similarly, the framework for improving our ability to address threats to our important cyber capabilities presented in this report draws concepts from a number of different academic disciplines and attempts to integrate them into an effective set of measures. Because many of these disciplines have not been actively exploited in the past to support studies of deterrence, integrating them into a common framework for cyber-deterrence will likely be complicated and difficult. Doing so for cyber-deterrence presents the same challenges in that different “scientific disciplines use different concepts and languages to describe and explain complex social-ecological systems (SESs).” Therefore, an important aspect of any follow-on efforts to implement these concepts should begin with developing a shared taxonomy, with common terms and an 295 Ostrom, “Panaceas,” 296 Ostrom, “General

p. 15181. Framework,” Science, Vol. 325, 24 July 2009, p. 419.

150

UNCLASSIFIED acceptable glossary so that key concepts from the different disciplines can be discussed and analyzed as part of a coherent conversation.

C. IMPLICATIONS FOR A NEW MODEL FOR DETERRENCE This report argues that in order to incorporate a better understanding of human judgment and decision-making, two different aspects of human judgment need to be addressed: improved knowledge of individual judgment and better appreciation of the effects of social context on collective intelligence and decision-making. It is not the purpose of this paper to explore these issues deeply here; but rather, as we look at constructing an effective calculus of deterrence appropriate to the new challenges, to highlight the need to recognize these two distinct factors and to integrate them better into our decision calculus. The first of these issues, concerning individual judgment, has already been noted in Section III.D. and the second, the effects of social relationships were addressed in Section V.C. We believe that deterrence is fundamentally a set of belief statements and propositions about perception, decision-making, and behavior. Since in the past it was usually assumed (and almost always modeled) as if the behaviors of concern for deterrence were non-cooperative, it is useful to conjecture about the implications of social effects (that is, the implications from membership and participation in groups) on our understanding of perception, decision-making, and behavior as they impact deterrence. The change from a usually “zero-sum” competitive relationship with one peer “main enemy” to a more dynamic environment in which our national security interests are affected by a wide range of actors within a very diverse set of relationships argues that we re-examine the fundamental tenets of the traditional deterrence calculus and the factors affecting decision-making within that context.297 Networked relationships affect the behavior of members of the network by creating expectations and norms, if not more formal rules and constraints, regarding activities considered acceptable by the group. The multiplicity of relationships and roles in this new geostrategic environment demands a different approach to assessing potential “deterrence” options because these factors will have to be assessed within different network contexts and then integrated into an assessment of perceived value by various actors. As a result, this new calculus also demands a multi-level assessment of human 297 Jervis,

p. 52.

151

UNCLASSIFIED decision-making calculus—including societal-wide, group-social, and individualindividual effects—that can evaluate how these factors influence behaviors. In addition to the social effects, there is also significant new research on the cognitive and neuropsychological processes at the individual human level on how these factors affect human judgment and decision-making. Because perception and decision-making— including by adversaries, counterparties, and other participants in their social networks—are such important elements of deterrence, it is very relevant to understand how we perceive how others perceive and think, important issues related to “theory of the mind.” Being able to place ourselves in other’s perspectives, including some appreciation for differences in risk profiles and preference patterns, whether resulting from cultural factors, functional roles, or personas, will be essential in selecting effective deterrence measures. Such differential impacts, and our perceptions of them, will produce very complex implications for the motivations and behaviors of actors. And as Keohane recognized, the existence of multiple equilibria will significantly complicate deterrence analyses.298 In order to support the development of an appropriate network-based influence model to capture the important properties of the 3Cs framework and the complex relationships implicit in the “networked deterrence” concept, a set of Key Definitions will be required. We will start with “identity” since that is where this effort began. • Identity: Identity is usually defined as the collective set of definitive characteristics by which something can be recognized or by which one thing can be distinguished from another. For individuals, here we mean those physical as opposed to behavioral characteristics that allow us to recognize a specific person; at a technical level this usually implies the use of measurements such as biometric makers including DNA, retinal scans, and fingerprints. For groups, in our context identity usually implies the composition of the group in terms of individual members. It is usually the answer sought to the question, “Who?” • Role: Role, as differentiated from identity, is defined by functional behavior, position, or purpose of an individual or group. Using a theatrical analogy, in a sense it is the “part” played; Hamlet is the son of the dead king.

298 Keohane,

After Hegemony, p. xv-xvi. Keohane lays out a set of research issues for institutional theory, but these are most relevant to networks as well.

152

UNCLASSIFIED • Persona: Persona is defined as the distinguishing character or personality of an individual, and it may include the psychological, behavioral, and physical aspects. Using that same theatrical analogy, it is “how” the part is played: with one persona, Hamlet can be diffident and uncertain; with another persona, he is the confident avenging son. • Network: In simplest terms, network is a collection of linked nodes. Networks may be composed of either physical or social components. The cyber infrastructure is a physical network; a “community of interest” is a social network. In this report, although we use the term “network” generically, the connotation is an informal collective of participating entities that has grown as opposed to a formal organization with defined structure. • Relationship: We define relationship as a set of ties or links between one social entity and another; these entities may be individuals or groups. In this report, the term “relationship” will always imply a social relationship, while network may be composed of either social or physical elements. Within each bloc during the Cold War, the old bipolar structures had been very hierarchical and bureaucratic, in the sense of specifically allocating different functions to different organizational entities. As the old bipolar structure broke down, so did many of the internal hierarchies that governed roles and functions; and one consequence of this breakdown was the emergence of large numbers of niches and competition for them, and often new forms of networked entities (such as innovation fabrics and micro-lending networks) to fill these needs.299 As a result, there have been significant changes in the types of organizational entities that now populate the security environment. An appreciation of the striking differences in the international security environment surrounding the cyber-deterrence problem strongly argues that we must re-look at our fundamental paradigm for understanding the world around us and its implications for appropriately modeling essential phenomena. One clear implication is that a physicsbased model may no longer be an appropriate representation of the altered international system; the new international system that has emerged appears to act 299 See, for

example, John Hagel III and John Seely Brown, The Only Sustainable Edge: Why Business Strategy Depends on Productive Friction and Dynamic Specialization, (Cambridge, Mass: Harvard Business Press, May 2, 2005). Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

153

UNCLASSIFIED more like a large complex ecology. Therefore, as suggested previously, shifting the paradigm from physics to biology and looking at the international system as a dynamic living organism means treating it as a formally complex adaptive system. This perspective appears to offer many benefits for understanding the overall behavior of the system, as well as the behaviors of its components. In particular, such a paradigm would explicitly introduce several crucial aspects absent in the physics-based model: • Complexity, • Effects of affect on perception and behavior (psychology), • Beliefs, ideology and religion, • Impacts of impediments to judgment and decision-making (both cognitive and neuro aspects), • Networks, and • Level of organism (or scale of phenomena). The modeling approach that we propose for this purpose is discussed in the following section. Like the Dietz-Ostrom-Stern governance process, this model does not offer a panacea for addressing cyber threats or their analysis. Given the challenges identified throughout this paper, we do not believe a single model (with a “capital M”) is realistic. Rather, the approach taken in the next section is to consider a framework— much like the cyber deterrence framework of the “Three Cs” itself—that allows for multiple roles and relationships to be represented for a given set of actor identities and personae.

D. MECHANISMS FOR “NETWORKED DETERRENCE” An important insight in making the cyber-deterrence problem more tractable is to recognize the diversity of the challenges to our cyber capabilities as well as understand how this range of threats could impact our critical dependencies on those cyber capabilities. We suggest, as a first step, decomposing the overall challenge into a set of problem categories so that ameliorative measures appropriate to the particular characteristics of each category can be identified. Creating such a taxonomy of threats and key characteristics would be an important early task in the proposed scoping and design effort; and this taxonomy will serve detailed exploration of possible modeling representations; e.g., causal relationships, non-directed but fixed relationships, temporal dependencies. However, carrying out such an effort is beyond the scope of Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

154

UNCLASSIFIED the present research project; but some guidelines clearly flow from the concepts laid out in this report. For illustrative purposes in this paper, we disaggregate the overall cyber security problem into three baskets, using an approach to categorization based on general target type: 1) challenges to the infrastructure and transport layer; 2) attacks against large enterprises and domains (such as .mil and .gov) which manage their own infrastructures and network arrangements; 3) and incidents involving individuals and the public at large, who depend on commercial products and service providers for access, and affecting internet availability and operability.300 The properties differentiating these categories could include both the nature of the incidents (targets, objectives, technical methods, and level of sophistication, among others) and potential opportunities and constraints on ameliorative methods (legal authorities, technical capabilities, operational expertise, etc). The problems are inter-related and incidents can flow between baskets; but it is useful for analytic and operational purposes to distinguish among them in order to understand how to address the distinct challenges presented in each category. Within each of these broad categories there are a range of specific challenges and security issues that need to be parsed in detail; but this categorization presents starkly different security problems and potential consequences for each category, as well as significant differences in authorities and capabilities for response to those challenges. While the third basket is not a direct responsibility of the DoD, dependencies by DoD on the global internet for significant communications capabilities and on commercial entities for mission critical support make the interconnectedness of the internet an attractive access point for potentially hostile activities. Moreover, information available on the internet about private individuals can potentially compromise security procedures for protecting enterprise domains and mission critical operations essential to national security. As a result, it should be emphasized that incidents directed at individual users can have effects that flow into the other baskets, and these impacts need to be addressed within a comprehensive framework for cyber-deterrence.301

300 This

categorization has been chosen because it has the benefit of making issues of authorities and legal regimes explicit. 301 For example, aside from contributing to the high level of background noise that can mask other activities, exploits against individuals can easily provide the basis for social engineering that can be used directly against national security interests. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

155

UNCLASSIFIED Clearly attacks on the cyber infrastructure and transport layer can affect all users, including military users whose communications depend on the public internet and common infrastructure, through direct and indirect effects on network connectivity and throughput. Military users are also simply a class of enterprise users that support often sensitive and mission-critical functions on combinations of private networks (nominally controlled by the user enterprise) and common external infrastructure. Attacks on those enterprise domains can affect not only those functions, but degrade or destroy information important for national security-related mission critical operations without necessarily alerting government decision-makers; other exploits could allow nonauthorized users to actually modify operations or steal sensitive information. The two problems highlighted below can be considered as useful exemplars of salient chalenges that will need to be explored through exercises or simulations, as well as by analysis to assess how deterrence measures could be employed to protect these important cyber equities.302 Information Loss. Loss of important information (technical and other) by military, government, and commercial enterprises can compromise critical competitive advantages and expose organizations to infiltration from outside. Such losses can occur through both â&#x20AC;&#x153;insidersâ&#x20AC;? who can exploit authorized knowledge and access, and external, remote intrusions by users who may have gained access either through authorized or unauthorized means. Distributed Denial of Service Attacks. Large-scale distributed denial of service (DDoS) attacks can have significant effects on particular enterprises and classes of users. as well as affect the performance of the network as a whole. Because DoD remains dependent on public networks for many important functions, this type of disruption has potentially serious national security consequences. Undertaking such a categorization should be a high priority in comprehensive program to develop a complete threat taxonomy, identify potential deterrent options for those threats, and test such options through exercises, analysis, or simulations. Importantly, a significant benefit to this suggested approach of exploring specific concepts in a series of pilot experiments is that important legal, regulatory, declaratory, and disclosure issues which might not be apparent in more abstract discussions will be 302 These

issues were addressed in more detail in a separate memorandum to OSD/SCP and USD(I)/IOSS on potential pilot experiments, which is not part of this current project, on 1 November 2009.

156

UNCLASSIFIED identified during the detailed planning and conduct of these pilots and can then be addressed as part of the necessary policy deliberations. Moreover, the identification of effective cyber-deterrence methods that do not require specific attribution or identification of the perpetrator and also reduce reliance on retaliation is of particular interest. Instead these preferred deterrence efforts function by operating on all four components of the deterrence calculus, especially reducing the perceptions of the value of the gains and the likelihood of success in achieving them, without necessarily requiring retaliatory responses as the mechanism. Fortunately, there are several categories of potential cyber-deterrence measures that meet these concerns with respect to attribution, identification, and retaliation. One category includes self-initiating responses; minefields, electrified fences, and “Doomsday machines” all represent measures in which neither attribution nor identity is required—the stimulus of the attack sets the response in train, moreover, without regard to knowledge of why as well as who. This has the added utility of removing ambiguity of objective as an element in the response decision, although one must be prepared for the consequences—intended or unintended—of the automatic responses.303 An alternative type of self-initiating response, which may be very appropriate for the cyber-deterrence task, sets in train alerting procedures and force generation measures, both offensive and defensive, that significantly increase readiness and capability, but which themselves do not constitute retaliatory strikes. On the defensive side, these measures could include triggering polymorphic protective operations304 or increasing the stringency of security procedures. They could, for example, change the “default” options on a variety of security settings or procedures, tightening down access or inducing significantly more “mindful” attention by system operators, among other “commitment devices.”305 For example, the utility of “zero-day exploits” for an 303 There

are clear dangers, of course, in this degree of automaticity in response, including being triggered by accident or false alarm. As a result, the U.S. never seriously considered employing Doomsday machines or launch-on-attack strategies; and even the very carefully controlled alert procedures for U.S. nuclear forces had very stringent formal decision requirements to reduce the chance of false alarms set these processes in train. 304 What we mean by “polymorphic operations” are a shifting set of state configurations and operating procedures that decrease an attacker’s ability to know what specific posture or procedures he will actually face for his attack. 305 See Richard H. Thaler and Cass R. Sunstein, Nudge: Improving Decisions about Health, Wealth, and Happiness, (New York : Penguin Books, 2009). One of the significant findings from behavioral finance is the ease with which humans can be induced to make choices or execute behaviors by presentation and default settings. Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

157

UNCLASSIFIED attacker is that they don’t prematurely give the defense a signature prior to actual operational employment; the obverse is that the attacker has to have very high confidence that he can predict the actual conditions that his attack will encounter. Polymorphic operations introduce a high degree of uncertainty into predictions about future state conditions. On the offensive side, activities could include triggering very overt preparations to generate offensive capabilities or decreasing the incident threshold at which responses will be conducted. Another utility of “fuzzy barriers” rather than “red lines” as triggering thresholds is that they can be altered and communicated through implicit action, not explicit announcement; this can provide significant flexibility in “tuning” the message to be communicated and allowing diversity of response in reacting to provocations without degrading the threshold. During the Cold War era, the U.S. developed a very wide range of such measures for its nuclear forces that could be undertaken with controllable degrees of disclosure so as to be able to use them for signaling as well as increasing real readiness.306 Other types of measures will be important as well, including those that affect the fundamental financial or economic attractiveness of certain harmful cyber activities or the costs in tolerating them. Many cyber attacks, like other criminal activities, appear to have mixed-motives or at least serve multiple purposes; but criminal activities can be precursors or enablers of threats with serious national security consequences. Attacking the attractiveness of criminal cyber activities by going after the back-end financial transactions through which the illicit gains are extracted in usable form appears to be a worthwhile topic to explore. Table 5: Mechanisms of Effect

Category of Effect

Mechanism

Example

Type 1: (Decrease Value of Gain)

306 It

is instructive to review the use by Presidents from Eisenhower through Ford of “putting the strategic forces on alert.” The clearest example of its use for signaling was announcing that the ICBM force was being put “on alert.”

158

UNCLASSIFIED

• Decrease financial gain • Increase attack costs • Increase opportunity costs • Damage trust networks

Type 2: (Decrease Probability of Gain) • Increase overall uncertainty of success • Decrease expectation of success of specific opportunities • Decrease expectation of subsequent utility • Increase likelihood of preparation detection • Increase likelihood of attack detection

Type 3: (Increase Value of Loss) • Increase potential criminal penalties • Increase potential civil penalties • Damage reputation/trust network

159

UNCLASSIFIED

• Increase operating costs/decrease cooperation

Type 4: (Increase Probability of Loss) • Increase likelihood of discovery • Improve forensics • Improve intelligence • Increase likelihood of tip-off • Increase likelihood of sanctions by trust networks

Practiced in the past, and consistent with the concept of networked deterrence, is increasing pressure on subordinate entities through their superior partners in response to ambiguous activities for which attribution can’t be precisely determined. Despite the claims of many states that they lack the capability to control inimical activities within their sphere of sovereignty, they still have a duty to attempt to exercise control; and international law does recognize the rights of parties harmed by these uncontrolled activities to use “retorsion,” or pressure, to force the dominant entity to exert control or assume liability for failing to do so. The objective of such pressures remains the same, to force the dominant party to assess their overall costs and benefits in tolerating such activities, although within the current more complicated context of multiple relations and objectives, it may take more effort to assist them in understanding this balance. In reality, such relationships between subordinate and superior are simply a special case of the more general situation that all entities in the international system are now Prepared under contract number N65236-08-D-6805, Under Secretary of Defense for Intelligence, Joint & Coalition Warfighter Support, Cyber, Information Operations and Strategic Studies Task Order, DWAM80950.

160

UNCLASSIFIED enmeshed in webs of trust networks that create benefits and obligations. Strengthening the value propositions of mutually beneficial relationships with us is an essential part of a networked deterrence strategy. But for that strategy to work, “engagement” in these networks must create strong and enforceable ties of reciprocity that can be put at risk by failure to live up to obligations or made more beneficial in return for meaningful contributions. It is essential that policy-makers recognize that these effects must operate within a coherent framework that extends over several time-horizons. Not every failure of reciprocity in the short-term needs to be met with a harsh tit-for-tat response; but balance of equitable benefits must be enforced for these ties to matter. However, not even a series of interactions that yield asymmetric benefits to us in the short-term should be taken necessarily as advantageous nor appropriate when weighed in the context of objectives over longer time horizons. Implicit in the results of this research is a conclusion that a policy of “engagement,” if it is to yield any benefits for the U.S., must create a set of conditions in which all parties to the relationship understand that reciprocity is important. Engagement may imply cooperation, that is, seeking a mutually beneficial outcome, but that does not mean the relationship has to be “friendly.” The previously noted injunction by Keohane is worth repeating, to understand “cooperation not as harmony but as an intensely political process of mutual adjustment in a situation of actual and potential discord.”307 Returning to the roots of nuclear deterrence is useful at this point. It is essential to remember that Containment was the overarching strategy and that we employed deterrence to support Containment; deterrence not as an end in itself, but rather it was the mechanism we used in order to prevent the Soviet Union from gaining advantage from acts of aggression. The objective behind Containment was to block Soviet initiatives in the short-term so as to allow internal pressures to modify the dynamics (and objectives) of the regime in the long-term. We need to bring that same perspective to bear in our current circumstances and first define what are our long-term objectives, develop the appropriate strategy for those objectives, and then employ cyber-deterrence as an element in implementing that strategy. Without that strategy, there is no effective way to assess costs and advantages other than for their immediate consequences.

307 Keohane,

After Hegemony, p. 52.

161