NOTE You can also find the content of this chapter at the SANS Institute InfoSec Reading Room as the “Solution Architecture for Cyber Deterrence” paper (http://www.sans.org/reading-room/whitepapers/legal/solution-architecture-cyber-deterrence-33348).
For a government cyber deterrence strategy to be effective, it must have network penetration tools as well as tools for distributed denial of service (DDoS), parallel scanning, reconnaissance, surveillance, and other capabilities. Most importantly, it must be able to assess cyber-attack attribution rapidly and with certainty. This chapter furthers the definition of cyber-deterrence architectures and evaluates elements of future architectures in a penetration testing environment.
I leverage available policy research to conduct a line-of-sight analysis from strategic goals to pen testing source code, filling in important architectural gaps. I also discuss policy implications of the proposed technical solutions. Lastly, I assess cyber-deterrence capabilities at strategic and technical levels, envision technologies that provide components of the solution, and document the results as conceptual architecture with research prototypes.
The mission of cyber deterrence is to prevent an enemy from conducting future attacks by changing their minds, by attacking their technology, or by more palpable means. This definition is derived from influential policy ...