Understanding deterrence and dissuasion in cyberspace is often difficult because our minds are captured by Cold War images of massive retaliation to a nuclear attack by nuclear means. The analogy to nuclear deterrence is misleading, however, because many aspects of cyber behavior are more like other behaviors, such as crime, that states try (imperfectly) to deter. Preventing harm in cyberspace involves four complex mechanisms: threats of punishment, denial, entanglement, and norms. Even when punishment is used, deterrent threats need not be limited to cyber responses, and they may address general behavior as well as specific acts. Cyber threats are plentiful, often ambiguous, and difficult to attribute. Problems of attribution are said to limit deterrence and dissuasion in the cyber domain, but three of the major means—denial by defense, entanglement, and normative taboos—are not strongly hindered by the attribution problem. The effectiveness of different mechanisms depends on context, and the question of whether deterrence works in cyberspace depends on “who and what.” Not all cyberattacks are of equal importance; not all can be deterred; and not all rise to the level of significant national security threats. The lesson for policymakers is to focus on the most important attacks and to understand the context in which such attacks may occur and the full range of mechanisms available to prevent them.

中文翻译：

---

网络空间的威慑与劝阻

理解网络空间中的威慑和劝阻通常很困难，因为我们的脑海中浮现出冷战时期对以核手段发动的核攻击进行大规模报复的画面。然而，与核威慑的类比具有误导性，因为网络行为的许多方面更像是国家试图（不完全）阻止的其他行为，例如犯罪。防止网络空间的伤害涉及四种复杂的机制：惩罚威胁、否认、纠缠和规范。即使使用惩罚，威慑威胁也不必仅限于网络响应，它们可以针对一般行为和特定行为。网络威胁数量众多，通常模棱两可且难以归因。归因问题据说会限制网络领域的威慑和劝阻，但主要有三种手段——防御拒绝、纠缠和规范禁忌——并没有受到归因问题的强烈阻碍。不同机制的有效性取决于背景，而威慑在网络空间是否奏效的问题取决于“谁和什么”。并非所有网络攻击都同等重要；并非所有人都能被吓倒；并非都上升到重大国家安全威胁的程度。政策制定者的教训是关注最重要的攻击，并了解可能发生此类攻击的背景以及可用于防止它们的全部机制。并非所有人都能被吓倒；并且并非都上升到重大国家安全威胁的水平。政策制定者的教训是关注最重要的攻击，并了解可能发生此类攻击的背景以及可用于防止它们的全部机制。并非所有人都能被吓倒；并且并非都上升到重大国家安全威胁的水平。政策制定者的教训是关注最重要的攻击，并了解可能发生此类攻击的背景以及可用于防止它们的全部机制。