Skip to main content



commentary Commentary

Commentary: Deterrence, retaliation and arms control - a guide to tackling information warfare

We need to rethink our constructs of cyberdefence and draw a red line between soft power of open persuasion and the hard power of covert information warfare, says Joseph S Nye.

Commentary: Deterrence, retaliation and arms control - a guide to tackling information warfare

Once people log onto a rogue Wi-Fi, they expose themselves to hackers.

CAMBRIDGE: The United States responded weakly after Russian cyber operations disrupted the 2016 presidential election.

US President Barack Obama had warned his Russian counterpart, Vladimir Putin, of repercussions, but an effective reply became entangled in the domestic politics of Donald Trump’s election. That could be about to change.


Recently, American officials anonymously acknowledged that US offensive cyber operations prevented a Kremlin troll farm from disrupting the 2018 Congressional elections.

Such offensive cyber operations are rarely discussed, but they suggest ways to deter disruption of the US presidential election in 2020. Attacking a troll farm will not be enough.

Deterrence by threat of retaliation remains a crucial but underused tactic for preventing cyberattacks. There has been no attack on US electrical systems, despite the reported presence of Chinese and Russians on the grid. Pentagon doctrine is to respond to damage with any weapon officials choose, and deterrence seems to be working at that level.

READ: As digital threats multiply, will cyber insurance take off? A commentary

Presumably, it could also work in the gray zone of hybrid warfare, such as Russia’s disruption of democratic elections. Given that US intelligence agencies are reported to carry out espionage in Russian and Chinese networks, one can imagine that they discover embarrassing facts about foreign leaders’ hidden assets, which they could threaten to disclose or freeze.

Similarly, the US could go further in applying economic and travel sanctions against their inner circles. The diplomatic expulsions and indictments since 2016, and the recent offensive actions, were only first steps toward strengthening America’s deterrent threat of retaliation.


But deterrence will not be enough. The US will also need diplomacy. 

Negotiating cyber arms-control treaties is problematic, but this does not make diplomacy impossible. In the cyber realm, the difference between a weapon and a non-weapon may come down to a single line of code, or simply the intent of a computer programme’s user.

Thus, it will be difficult to prohibit the design, possession, or even implantation for espionage of particular programmes.

In that sense, cyber arms control cannot be like the nuclear arms control that developed during the Cold War. Verification of weapons stockpiles would be virtually impossible, and even if it were assured, stockpiles could quickly be recreated.

Security personnel sits behind the bullet-proof window at the headquarters of Germany's BSI national cyber defence body in Bonn. (Photo: Reuters)


But if traditional arms-control treaties are unworkable, it may still be possible to set limits on certain types of civilian targets, and to negotiate rough rules of the road that minimise conflict. 

For example, the US and the Soviet Union negotiated an Incidents at Sea Agreement in 1972 to limit naval behavior that might lead to escalation. The US and Russia might negotiate limits to their behavior regarding each other’s domestic political processes.

READ: A sober assessment of the recent 'breakthrough' on the South China Sea, a commentary

Even if there is no agreement on precise definitions, they could exchange unilateral statements about areas of self-restraint and establish a consultative process to contain conflict. Such a procedure could protect non-governmental organisations’ right to critique states while at the same time creating a framework that limits governmental escalation.

Sceptics object that such an arrangement is impossible, owing to the differences between American and Russian values. But even greater ideological differences did not prevent agreements related to prudence during the Cold War.

Skeptics also say that Russia would have no incentive to agree, because elections are meaningless there. But this ignores the potential threat of retaliation discussed above: The US has more to lose in the current situation, which should encourage it not to hold back from pursuing its self-interest in developing a norm of restraint in this grey area.

In a meeting in luly 2018, Mr Donald Trump failed to challenge his Russian counterpart Vladimir Putin on the issue of electoral interference, only to concede a day later that Moscow did interfere. (Photo: AFP/Brendan Smialowski) President Donald Trump (L) met with his Russian counterpart Vladimir Putin in Finland, taking the strongman at his word that Moscow did not interfere in the 2016 US presidential vote AFP/Brendan Smialowski


Jack Goldsmith of Harvard Law School has argued that the US needs to draw a principled line and defend it. That defence would acknowledge that the US has itself interfered in elections, renounce such behavior, and pledge not to engage in it again.

The US should also acknowledge that it continues to engage in forms of computer network exploitation for purposes it deems legitimate. And officials should “state precisely the norm that the United States pledges to stand by and that the Russians have violated.”

This would not be unilateral disarmament on America’s part; rather, it would draw a line between the permitted soft power of open persuasion and the hard power of covert information warfare.

READ: What next as the Government looks beyond disinformation in targeting foreign influence in Singapore, a commentary

Overt programmes and broadcasts would continue to be allowed. The US would not object to the content of Russia’s open political speech, including their propagandistic RT television network.

But it would object when Russia promotes its views through covert coordinated behavior such as the 2016 manipulation of social media, or dumping hacked e-mails.


Non-state actors often act as state proxies in varying degrees, but the rules would require their open identification. And because the rules will never be perfect, they must be accompanied by a consultative process that establishes a framework for warning and negotiation.

Photo illustration of a hacker. (Photo: Gaya Chandramohan)

Such a process, together with stronger deterrent threats, is unlikely to fully stop Russian interference, but if it reduces the level, it could enhance America’s defence of its political system.

Given the poor state of US-Russian relations, with Putin boasting about new nuclear weapons, the climate for an agreement is not promising, though there have been some hints of Russian interest.

At the same time, the partisan divisions in US politics over the legitimacy of Trump’s relationship with Russia also make negotiations difficult. If both sides want to avoid dangerous escalation, perhaps the possibilities can be explored in the context of a professional or military-to-military dialogue. 

Or the idea may just have to wait until after the 2020 election.

Joseph S Nye is a professor at Harvard. His forthcoming book is Do Morals Matter? Presidents and Foreign Policy from FDR to Trump.


Also worth reading