Day Two of #DeterrenceConf kicking off with my previous 3* Peter Watkins. Talking cyber, space and deterrence including @blagden_david

Starting with cyber, highlighting how understanding of technicalities of cyber still remain in a small community. Probably need to grow understanding of the capability and it’s limitations.

How do we deter cyber attacks? We have threatened to use multi-domain responses as agreed at NATO Wales 17. The problem is anonymity and attribution - who is the return address? How do we get to certainty? Prove the machine and location but not the C2 and executive.

Deterrence by altering risk calculus. Aggressor perceives cost outweighs benefit. No reason why use of a new weapon cannot be deterred via threat of retaliation using same and/or different weapons.

To go beyond x domain deterrence new weapon would have to possess unmatched capability and be available to one side. But nuclear technology and unlimited cost alter this paradigm.

Nobody suggesting retaliation against irritant cyber with nukes! But escalatory pathway does exist but is problematic. If we can’t attribute, and the aggressor does not fear the risk of identification and retaliation they are unlikely to back down or cease.

Attribution doesn’t necessarily need to be completely precise. It needs to reveal interests of attacker through highlighting their interests. If we can reveal a set of interests, then we have pressure points for deterrence and hold them at risk.

Can we rely on cost imposition? Not always. ‘Thrill of the fight or noble crusader’ hacktevists. No punishable interests and complex ethical dilemma of humanitarian consequences - freedom of speech/information. Some attacks only to capture small resources: info, money, kompromat.

Cyber attacks likely to compromise our retaliation capability - C2, logistics, continue to conduct cyber when kinetic operations underway? There is also risk - ‘false flag’ cyber attacks or hacks. Protecting the innocent ‘cyber accident’ in the cyber and info domain.

Technical anonymity is not a barrier to cyber deterrence by punishment. Identification of interests enable retaliation. But it has risks - normative costs/blowback risks. Retaliation could be escalatory. Retaliation may have unintended consequences and third order effects.

Very strong challenge of whether we can act without certainty of attribution. That’ll definitely come up in Q and A.

On to Space! Space Warfare and ‘Extended deterrence’ capabilities and implications. Off we go: congested, complex, cluttered etc. 21k traceable debris, 1k orbiting systems, launch sites, commercial, state, alliances.

Space Power Theory Bleddyn Bowen 2017. Space warfare continuation of terra-politics governed by politics. Governed by celestial communications and strategy. Earth orbit is the celestial limitation - currently. Space is commanded from Earth - not space.

Bowen’s 7 Propositions. Space War is for control of space. Space unique but not isolated from Earth. Command of space does not equal command of Earth. I can’t type that fast for all of them.....

Space deterrence literature - US more advanced than UK. 1. Strikes against space will exist in early stages of future conflict. 2. Space is a key consideration for defence and prosperity now and in the future.

Divergence. 1. Space is unique. So integral it requires a separate policy. 2. Space is just another domain - deterrence involves space (through and in space) and is so intertwined in national defence and prosperity, has to be integrated.

Space Deterrence. Space dominance critical to US and allied defence and projection. Loss is space assets would be decisive in ability to project/not project power.

Collective Management. Space as collective management - an extension of the global commons. Space deterrence deters harmful actions by whatever means against national assets and assets that support space operations. Space now could be perceived as an Achilles heel - vulnerability

Inadvertent escalation. Occasional or cumulative attacks or ‘accidents’ that build to a conventional goal. What resilience do we have? Replacement space architecture to re-establish dominance?

Loss of space assets would undermine credibility of conventional and strategic forces. What would be the mechanism for attacking space infrastructure without posing further problems - space debris, collision etc.

NATO. Critically dependent on space but doctrine and planning had not kept pace. EU of acted collectively could be a Tier 1 space power. The UK (incidentally) has woefully low numbers of space architecture.

Although US has most advanced space and cyber capability this doesn’t necessarily mean US has a effective deterrence theory or capabilities for space.

In competition threats will test thresholds of US/NATO/EU response. A lack of balanced alliance systems also makes response risky - leads to escalation spiral. Attribution is also tricky - was a laser malicious or was it measuring? Jamming, dazzling spooking all possible ‘errors’

Good news is the fragility of space has some existential deterrence. People view space as highly provocative and escalatory. Comprehension and understanding remains low and reluctance to ‘go there’.

Looking at deterrence short of national survival and deterring war. Power is threatened by other mechanisms and this has altered how states threaten each other. What we called asymmetric approaches yesterday.

This selects the population as the centre of gravity and the ways to reach them. The ways to reach populations now, in our Information Age is not through power projection. But more likely through information, cyber, economic and destabilising political legitimacy.

Technology is driving this change - as it starts to become further embedded into everyday life ‘internet of things’. This opens the aperture of vulnerability to the population and also draws threats to them through consuming data and information.

Therefore the opportunity for threat actors in the Information Age is through destabilising activity targeting their population, economy and political institutions. This falls below the threshold of national security and we do not have sufficient structures to deal with it.

Although we laugh about free WiFi being the new hierarchy of needs - it shows how vulnerable populations are. Security is formed through combination of security and instability both internally and externally. Deterrence is not well geared to protecting some aspects.

If we take the referent object as ‘way of life’ a number of our own actions appear destabilising against threat states and therefore instead of deterring may be mobilising our own actions against ourselves.

For example sanctions, intended to punish, actually destabilise the recipient and alter the way of life of populations. This could harden societal resilience against us - rather than seeking to undermine the threat’s power base.

We can’t blame societies for being vulnerable or threats for seeking destabilising activities as a strategy. We need to balance society’s access and exploration of technology with the necessity of protecting citizens from destabilising activity.

This falls below the threshold of most of national security and defence and therefore we need a different approach and capability mix. *Great paper.

Chair adds that we tend to focus on ‘the deterrent’ as if it works or not. What the last paper highlights is a need to talk about deterrence in a more nuanced and x domain way. *this docks with recent article of UK hiding behind nuclear shield.

Valuable comment here that x domain deterrence waning in use in the US. It marginalises cyber and space and assumes we’re master puppeteers of all domains. The challenge is then how to we achieve integration? Chinese talk about integrated strategic deterrence. We can’t do that.

So how do we in the west build systems and processes to meet integration to orchestrate across domains in a joined up way. The textbook answer would be ‘Fusion Doctrine’ it is a mechanism but yet tested.

I agree with this. There is a lot of self congratulatory back slapping about the Salisbury response - but in reality this was a pin point attack of specificity and indisputable. It’s not the same as meeting a stronger cross domain challenge to national security.