We have implemented new login procedure. Learn More


Deterrence In Cyberspace


In a world where Cyberattacks initiated by nation-states have become the new normal, this policy brief by Chris Painter presents a reasonable framework for deterrence, with consequences for bad state actors.


A framework for deterrence against state-sponsored cyber attacks


In the past three years, barely a week has gone by without a report of a critical cyberattack on a business or government institution. We are constantly bombarded by revelations of new ransomware strains, new botnets executing denial-of-service attacks, and the rapidly expanding use of social media as a disinformation and propaganda platform.


Perhaps most alarmingly, a great many of these attacks have their origin in the governments of nation-states.


We have moved well beyond business-as-usual signals intelligence operations in the past decade. Some of the most significant malware outbreaks in recent years, such as NotPetya and WannaCry, originated in state-run skunkworks.


Cyberattacks initiated by nation-states have become the new normal, and countries, including Australia, have struggled to respond. Far too often, they're considered a low priority and met with a shrug of the shoulders and a "What can you do?"


In this paper, Chris Painter offers us a way forward. Chris presents a reasonable framework for deterrence, a way that we as a nation can help limit the deployment of cyber warfare tools.


Chris has designed these recommendations to punish bad actors properly and discourages future bad behaviour. Based on actions that have worked in the past, they serve as a starting point for us to scale back on the increasing number of state-sponsored cyber attacks.


Most importantly, these actions aren't just for the benefit of the state—they will allow us to protect private citizens and companies that all too often get caught in the cyberwarfare crossfire. If we can ensure costs and consequences for those who wrongly use these tools to wreak damage, bad actors might start thinking twice before engaging in this destructive behaviour.