2017 Cyber Attack Deterrence: Defense Science Board (DSB) Task Force on Cyber Deterrence Developing Scalable Strategic Offensive Cyber Capabilities, Resilience of U.S. Nuclear Weapons, Attribution

This is a complete reproduction of the final report of the Defense Science Board Task Force on Cyber Deterrence released in late February 2017. The Task Force was asked to consider the requirements for deterrence of the full range of potential cyber attacks against the United States and U.S. allies/partners, and to identify critical capabilities (cyber and non-cyber) needed to support deterrence, warfighting, and escalation control against a highly cyber-capable adversary. Public interest in cyber deterrence has grown over the past several years as the United States has experienced a number of cyber attacks and costly cyber intrusions. However, it is essential to understand that cyber attacks on the United States to date do not represent the "high end" threats that could be conducted by U.S. adversaries today - let alone the much more daunting threats of cyber attacks and costly cyber intrusions that the Nation will face in coming years as adversary capabilities continue to grow rapidly. The Task Force determined the United States faces three distinct sets of cyber deterrence challenges.
First, major powers (e.g., Russia and China) have a significant and growing ability to hold U.S. critical infrastructure at risk via cyber attack, and an increasing potential to also use cyber to thwart U.S. military responses to any such attacks. This emerging situation threatens to place the United States in an untenable strategic position. Although progress is being made to reduce the pervasive cyber vulnerabilities of U.S. critical infrastructure, the unfortunate reality is that, for at least the next decade, the offensive cyber capabilities of our most capable adversaries are likely to far exceed the United States' ability to defend key critical infrastructures. The U.S. military itself has a deep and extensive dependence on information technology as well, creating a massive attack surface.

Second, regional powers (e.g., Iran and North Korea) have a growing potential to use indigenous or purchased cyber tools to conduct catastrophic attacks on U.S. critical infrastructure. The U.S. Government must work with the private sector to intensify efforts to defend and boost the cyber resilience of U.S. critical infrastructure in order to avoid allowing extensive vulnerability to these nations. It is no more palatable to allow the United States to be held hostage to catastrophic attack via cyber weapons by such actors than via nuclear weapons.

Third, a range of state and non-state actors have the capacity for persistent cyber attacks and costly cyber intrusions against the United States, which individually may be inconsequential (or be only one element of a broader campaign) but which cumulatively subject the Nation to a "death by 1,000 hacks."

Dettagli