Cyber Warfare: An Architecture for Deterrence

NOTE You can also find the content of this chapter at the SANS Institute InfoSec Reading Room as the “Solution Architecture for Cyber Deterrence” paper (

For a government cyber deterrence strategy to be effective, it must have network penetration tools as well as tools for distributed denial of service (DDoS), parallel scanning, reconnaissance, surveillance, and other capabilities. Most importantly, it must be able to assess cyber-attack attribution rapidly and with certainty. This chapter furthers the definition of cyber-deterrence architectures and evaluates elements of future architectures in a penetration testing environment.

I leverage available policy research to conduct a line-of-sight analysis from strategic goals to pen testing source code, filling in important architectural gaps. I also discuss policy implications of the proposed technical solutions. Lastly, I assess cyber-deterrence capabilities at strategic and technical levels, envision technologies that provide components of the solution, and document the results as conceptual architecture with research prototypes.

Introduction to Cyber Deterrence

The mission of cyber deterrence is to prevent an enemy from conducting future attacks by changing their minds, by attacking their technology, or by more palpable means. This definition is derived from influential policy ...

Get Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.