Accession Number:



Cyber Attacks, Attribution, and Deterrence: Three Case Studies

Descriptive Note:

Technical Report,01 Jun 2014,23 May 2015

Corporate Author:

US Army Command and General Staff College Fort Leavenworth United States

Personal Author(s):

Report Date:


Pagination or Media Count:



The purpose of this monograph is to examine the role of a defenders ability to attribute a cyber attack and its effect on deterrence. Conflict in cyberspace is constantly evolving and deterrence might provide stability and understanding of these conflicts. Because of the speed at which cyber attacks can occur and the rate at which they can spread, it is important to understand how countries using cyber weapons frame the problem. The method used in this paper is controlled comparison of three different cyber attacks the 2007 attacks on Estonia, the Stuxnet attack on Iran, and the LulzSec attacks multiple targets in 2011. These three events bore the similarity that defenders could not immediately attribute the attack to an actor. This attribution problem influenced how the defenders responded to the problem. Upon further research, however, it became apparent that attribution was not the defenders biggest problem in two of the three cases. Attribution may not always be immediately available through technical means, but eventually defenders had enough information on which to act. At this point, other problems arose, like escalating a cyber conflict with a far more powerful neighbor or determining how to respond without a cyber capability of ones own. These cases demonstrate attribution is a necessary but not sufficient cause for responding to a cyber attack and that defenders have many response options available, from technical defense of their networks to escalation of the conflict to kinetic military strikes. Additionally, cyber deterrence does not require the high levels of attribution that some theorists argue. Instead, a counterattack can rely on a lower level of attribution because the target is typically a known adversary and because the results from a cyber attack are generally much lower than the effects from a kinetic attack.

Subject Categories:

Distribution Statement: