The United States struggles to impose meaningful costs for destructive or disruptive cyber operations. This article argues that the United States' restrained responses stem from a desire to avoid risk in an inherently uncertain operational environment. The societal desire for risk avoidance is the prism through which policymakers address the cyber domain and deliberate responses to attacks. The article shows that two particular operational characteristics of cyberspace—its complex adaptiveness and the ease of proliferation—combine to increase the risk of misattribution and the risk of unintended effects, including collateral damage, inadvertent escalation and blowback. These characteristics present a particular obstacle for risk societies such as the United States in the application of meaningful punishments. In addition to establishing the roots of US restraint, the article traces the application of risk management practices, including preventive action, increasing resilience and consequence management, from the Obama administration to the Trump administration. The analysis reveals that risk management has underpinned the overall US approach to the cyber domain.

中文翻译：

---

不确定条件下的克制：美国为何容忍网络攻击

美国努力为破坏性或破坏性网络行动施加有意义的成本。本文认为，美国克制的反应源于在固有的不确定的作战环境中规避风险的愿望。社会对风险规避的渴望是政策制定者处理网络领域和对攻击做出蓄意反应的棱镜。这篇文章表明，网络空间的两个特殊操作特征——复杂的适应性和易于扩散——共同增加了错误归因的风险和意外影响的风险，包括附带损害、无意升级和反击。这些特征给风险社会（例如美国）在实施有意义的惩罚方面带来了特殊的障碍。除了确定美国克制的根源之外，本文还追溯了从奥巴马政府到特朗普政府的风险管理实践的应用，包括预防性行动、增强弹性和后果管理。分析表明，风险管理是美国网络领域整体方法的基础。