Blog post

Is Deterrence Really a Thing in Cyber-Security

By Leigh McMullen | October 26, 2022 | 0 Comments

Why is an ICBM a “Strategic” weapon, and a HIMARS a “Tactical” weapon.  When does a weapon become a strategy? When possessing one causes your adversaries to make different decision than they would if you didn’t.

Indeed, since time immemorial, standing militaries, dating back to Sparta, also served this purpose. As tools that could be used if we don’t get our way.   They serve to deter adversary aggression. Yet Cyber-defense is one of the few areas of engagement where it seems like our ability to deter adversaries is greatly limited.

Or is it?

I know it can feel like playing a game whose only possible scores are zero or negative-one. But does it have to be?

I had occasion last week to hang out for hours with 3 top leaders from various aspects of our nation’s cyber forces. They represented both offensive, defensive and R&D capabilities. And those conversations were awesome.  Brian Gattoni, CTO of the US Cybersecurity Infrastructure Security Agency, was particularly insightful with examples of how regular enterprises are deterring adversaries, or creating consequences for those that do attack.  I will of course share those with all of you in due time, but before we do that, I want to hear from you. What are you doing in the terms of deterrence? What would you love to be able to do?

Let’s discuss this in the comments, if you’d prefer to share privately, we can set up an inquiry call, I’d love to chat.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed