This important December 2017 report has been professionally converted for accurate flowing-text e-book format reproduction.
Cyberattacks against critical infrastructure are not merely theoretical. Nations and private enterprises have come to understand that critical infrastructure can be attacked via cyberspace with serious repercussions. Critical infrastructure is vital to the United States because it provides power, water, transportation, and communication services to the American public. Those services are essential to U.S. security, economy, and health. Many documents, some dating back to the Cold War era, examine deterrence strategies to defend critical infrastructure against physical attacks, but literature regarding deterrence against cyberattacks on critical infrastructure is minimal. Deterrence is most important when defense is difficult, and defending critical infrastructure in cyber space is significantly difficult. Unlike conventional attacks, cyberattacks are fast and inexpensive, with ambiguous sources of origin. That is why a serious study deterring cyberattacks against critical infrastructure is necessary. Although the U.S. government is aware of the dangers posed by cyberattacks against its critical infrastructure, it does not have a well-developed strategy for deterring them. This thesis analyzes current U.S. cyber deterrence strategies and explores the feasibility of deterring cyberattacks against U.S. critical infrastructure.
I. INTRODUCTION * A. RESEARCH QUESTION * B. PROBLEM DESCRIPTION AND SIGNIFICANCE * C. LITERATURE REVIEW * 1. Protecting Critical Infrastructure * 2. Cyber Deterrence * D. METHODOLOGY * E. THESIS OVERVIEW * II. CYBERATTACKS ON CRITICAL INFRASTRUCTURE * A. INTRODUCTION * B. STUXNET * 1. Iran's Deterrence Policy * 2. Did Deterrence Fail or Succeed? * 3. Attribution * 4. Retaliation * C. BOWMAN AVENUE DAM * 1. U.S. Deterrence Policy * 2. Did Deterrence Fail or Succeed? * 3. Attribution * 4. Retaliation * D. SUMMARY * III. CONCLUSION * A. LESSONS LEARNED * 1. Deterrence Policy and Deterrence Failure * 2. Attribution * 3. Retaliation * B. IMPLICATIONS FOR U.S. POLICY * C. CAN THE UNITED STATES DETER CYBERATTACKS ON ITS CRITICAL INFRASTRUCTURE? * D. RECOMMENDATIONS FOR FUTURE RESEARCH