Hostname: page-component-cd9895bd7-dk4vv Total loading time: 0 Render date: 2024-12-24T13:15:13.596Z Has data issue: false hasContentIssue false

Deterrence with Imperfect Attribution

Published online by Cambridge University Press:  03 August 2020

SANDEEP BALIGA*
Affiliation:
Northwestern University
ETHAN BUENO DE MESQUITA*
Affiliation:
University of Chicago
ALEXANDER WOLITZKY*
Affiliation:
Massachusetts Institute of Technology
*
Sandeep Baliga, John L. and Helen Kellogg Professor, Kellogg School of Management, Northwestern University, [email protected].
Ethan Bueno de Mesquita, Sydney Stein Professor, Harris School, University of Chicago, [email protected].
Alexander Wolitzky, Associate Professor, Department of Economics, MIT, [email protected].

Abstract

Motivated by recent developments in cyberwarfare, we study deterrence in a world where attacks cannot be perfectly attributed to attackers. In the model, each of $$ n $$ attackers may attack the defender. The defender observes a noisy signal that probabilistically attributes the attack. The defender may retaliate against one or more attackers and wants to retaliate against the guilty attacker only. We note an endogenous strategic complementarity among the attackers: if one attacker becomes more aggressive, that attacker becomes more “suspect” and the other attackers become less suspect, which leads the other attackers to become more aggressive as well. Despite this complementarity, there is a unique equilibrium. We identify types of improvements in attribution that strengthen deterrence—namely, improving attack detection independently of any effect on the identifiability of the attacker, reducing false alarms, or replacing misidentification with non-detection. However, we show that other improvements in attribution can backfire, weakening deterrence—these include detecting more attacks where the attacker is difficult to identify or pursuing too much certainty in attribution. Deterrence is improved if the defender can commit to a retaliatory strategy in advance, but the defender should not always commit to retaliate more after every signal.

Type
Research Article
Copyright
© The Author(s), 2020. Published by Cambridge University Press on behalf of the American Political Science Association

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Footnotes

We have received helpful comments and feedback from Daron Acemoglu, Scott Ashworth, Wiola Dziuda, Hulya Eraslan, Drew Fudenberg, Louis Kaplow, Navin Kartik, Roger Lagunoff, Robert Powell, Konstantin Sonin, Kathy Spier, and seminar audiences at A.S.S.A. 2019, Becker-Friedman Economic Theory Conference 2018, Chicago, ECARES, Georgetown, Harvard, LSE, Political Economy in the Chicago Area (P.E.C.A.) conference, UBC, and the Wallis Conference 2018. Zhaosong Ruan provided excellent research assistance. Wolitzky thanks the Sloan Foundation and the NSF for financial support.

References

Abreu, Dilip, Pearce, David, and Stacchetti, Ennio. 1990. “Toward a Theory of Discounted Repeated Games with Imperfect Monitoring.” Econometrica 58 (5): 10411063.CrossRefGoogle Scholar
Acemoglu, Daron, and Wolitzky, Alexander. 2014. “Cycles of Conflict: An Economic Model.” American Economic Review 104 (4): 13501367.CrossRefGoogle Scholar
Adams, James. 2001. “Virtual Defense.” Foreign Affairs 80 (3): 98112.CrossRefGoogle Scholar
Rudolf, Avenhaus, von Stengel, Bernhard, and Zamir, Shmuel. 2002. Inspection Games. In Handbook of Game Theory with Economic Applications, Volume 3, eds. Aumann, Robert and Hart, Sergiu, 1947–1987. Amsterdam: Elsevier.Google Scholar
Baker, George, Gibbons, Robert, and Murphy, Kevin. 1994. “Subjective Performance Measures in Optimal Incentive Contracts.” Quarterly Journal of Economics 109 (4): 11251156.CrossRefGoogle Scholar
Baliga, Sandeep, and Sjöström, Tomas. 2004. “Arms Races and Negotiations.” Review of Economic Studies 71 (2): 351369.CrossRefGoogle Scholar
Bar-Gill, Oren, and Harel, Alon. 2001. “Crime Rates and Expected Sanctions: The Economics of Deterrence Revisited.” The Journal of Legal Studies 30 (2): 485501.CrossRefGoogle Scholar
Bartholomew, Brian, and Guerrero-Saade, Juan Andres. 2016. “Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks.” Virus Bulletin Conference, October 5.Google Scholar
Bassetto, Marco, and Phelan, Christopher. 2008. “Tax Riots.” Review of Economic Studies 75 (3): 649669.CrossRefGoogle Scholar
Berman, Eli, , Jacob N. Shapiro, and , Joseph H. Felter. 2011. “Can Hearts and Minds be Bought? The Economics of Counterinsurgency in Iraq.” Journal of Political Economy 119 (4): 766819.CrossRefGoogle Scholar
Blackwell, David. 1951. “The Comparison of Experiments.” In Proceedings, Second Berkeley Symposium on Mathematical Statistics and Probability, ed. Neyman, Jerzy, 93102. Berkeley: University of California Press.Google Scholar
Bond, Philip, and Hagerty, Kathleen. 2010. “Preventing Crime Waves.” American Economic Journal: Microeconomics 2 (3): 138159.Google Scholar
Buchanan, Ben. 2014. “Cyber Deterrence isn’t MAD; It’s Mosaic.” Georgetown Journal of International Affairs IV: 130140.Google Scholar
Buchanan, Ben. 2017. The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations. Oxford: Oxford University Press.CrossRefGoogle Scholar
Chassang, Sylvain, and Zehnder, Christian. 2016. “Rewards and Punishments: Informal Contracting through Social Preferences.” Theoretical Economics 11 (3): 11451179.CrossRefGoogle Scholar
Chassang, Sylvain, and Miquel, Gerard Padró i. 2010. “Conflict and Deterrence under Strategic Risk.” Quarterly Journal of Economics 125 (4): 18211858.CrossRefGoogle Scholar
Clark, David D. , and Landau, Susan. 2010. Untangling Attribution. In Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, 323–52. Washington, DC: National Academies Press.Google Scholar
Clarke, Richard A. , and , Robert K. Knake. 2010. Cyberwar: The Next Threat to National Security and What To Do About It. New York: Ecco.Google Scholar
Crèmer, Jacques. 1995. “Arm’s Length Relationships.” Quarterly Journal of Economics 110 (2): 275295.CrossRefGoogle Scholar
Department of Defense. 2018. “Summary: DoD Cyber Strategy 2018.” https://media.defense.gov/2018/sep/18/2002041658/-1/-1/1/cyber_strategy_summary_final.pdf.Google Scholar
Di Lonardo, Livio, and , Scott A. Tyson. 2018. “Political Instability and the Failure of Deterrence.” SSRN. https://ssrn.com/abstract=3094929.Google Scholar
Edwards, Benjamin, Furnas, Alexander, Forrest, Stephanie, and Axelrod, Robert. 2017. “Strategic Aspects of Cyberattack, Attribution, and Blame.” Proceedings of the National Academy of Sciences 114 (11): 28252830.CrossRefGoogle ScholarPubMed
Fearon, James D. 1997. “Signaling Foreign Policy Interests: Tying Hands versus Sinking Costs.” Journal of Conflict Resolution 41 (1): 6890.CrossRefGoogle Scholar
Feaver, Peter, and Geers, Kenneth. 2017. “‘When the Urgency of Time and Circumstances Clearly Does Not Permit …’: Pre-Delegation in Nuclear and Cyber Scenarios.” Chap. 13 in Understanding Cyber Conflict: 14 Analogies, eds. Perkovich, George and Levite, Ariel E., 33–45. Washington, DC: Georgetown University Press.Google Scholar
Ferrer, Rosa. 2010. “Breaking the Law When Others Do: A Model of Law Enforcement with Neighborhood Externalities.” European Economic Review 54 (2): 163180.CrossRefGoogle Scholar
Freeman, Scott, Grogger, Jeffrey, and Sonstelie, Jon. 1996. “The Spatial Concentration of Crime.” Journal of Urban Economics 40 (2): 216231.Google Scholar
Glaeser, Edward L. , Sacerdote, Bruce, and Scheinkman, Jose A.. 1996. “Crime and Social Interactions.” Quarterly Journal of Economics 111 (2): 507548.CrossRefGoogle Scholar
Glaser, Charles L. 2011. “Deterrence of Cyber Attacks and US National Security.” Cyber Security Policy and Research Institute Report GW-CSPRI-2011-5. https://cspri.seas.gwu.edu/sites/g/files/zaxdzs1446/f/downloads/2011-5_cyber_deterrence_and_security_glaser_0.pdf.Google Scholar
Goldsmith, Jack. 2013. “How Cyber Changes the Laws of War.” European Journal of International Law 24 (1): 129138.CrossRefGoogle Scholar
Graetz, Michael J. , , Jennifer F. Reinganum, and , Louis L. Wilde. 1986. “The Tax Compliance Game: Toward an Interactive Theory of Law Enforcement.” Journal of Law, Economics and Organization 2 (1): 132.Google Scholar
Green, Edward J. , and , Robert H. Porter. 1984. “Noncooperative Collusion under Imperfect Price Information.” Econometrica 52 (1): 87100.CrossRefGoogle Scholar
Gurantz, Ron, and , Alexander V. Hirsch. 2017. “Fear, Appeasement, and the Effectiveness of Deterrence.” Journal of Politics 79 (3): 10411056.CrossRefGoogle Scholar
Hathaway, Oona A. , Crootof, Rebecca, Levitz, Philip, Nix, Haley, Nowlan, Aileen, Perdue, William, and Spiegel, Julia. 2012. “The Law of Cyber-Attack.” California Law Review 100 (4): 817885.Google Scholar
Hayden, Michael. 2011. “Statement for the Record, House Permanent Select Committee on Intelligence: The Cyber Threat.” https://www.hsdl.org/?view&did=689629.Google Scholar
Hennessy, Susan. 2017. “Deterring Cyberattacks: How to Reduce Vulnerability.” Foreign Affairs November/December.Google Scholar
Hohzaki, Ryusuke. 2007. “An Inspection Game with Multiple Inspectees.” European Journal of Operational Research 178 (3): 894906.CrossRefGoogle Scholar
Monitor, Information Warfare. 2009. “Tracking GhostNet: Investing a Cyber Espionage Network.” The Citizen Lab, March 28.Google Scholar
Jervis, Robert. 1978. “Cooperation under the Security Dilemma.” World Politics 30 (2): 167214.CrossRefGoogle Scholar
Jervis, Robert. 1979. “Deterrence Theory Revisited.” World Politics 31 (2): 289324.CrossRefGoogle Scholar
Kaplan, Fred. 2016. Dark Territory: The Secret History of Cyber War. New York: Simon & Schuster.Google Scholar
Kello, Lucas. 2017. The Virtual Weapon. New Haven, CT: Yale University Press.CrossRefGoogle Scholar
Khalil, Fahad. 1997. “Auditing without Commitment.” RAND Journal of Economics 28 (4): 629640.CrossRefGoogle Scholar
Kollars, Nina, and Schenieder, Jacquelyn. 2018. “Defending Forward: The 2018 Cyber Strategy is Here.” War on the Rocks, September 20.Google Scholar
Kydd, Andrew. 1997. “Game Theory and the Spiral Model.” World Politics 49 (3): 371400.CrossRefGoogle Scholar
Lando, Henrik. 2006. “Does Wrongful Conviction Lower Deterrence?Journal of Legal Studies 35 (2): 327337.CrossRefGoogle Scholar
Libicki, Martin C. 2009. Cyberdeterrence and Cyberwar. Arlington, VA: RAND Corporation.Google Scholar
Libicki, Martin C. , Ablon, Lillian, and Webb, Tim. 2015. The Defender’s Dilemma: Charting a Course toward Cybersecurity. Arlington, VA: RAND Corporation.Google Scholar
Lin, Herbert. 2012. “Escalation Dynamics and Conflict Termination in Cyberspace.” Strategic Studies Quarterly 6 (3): 4670.Google Scholar
Lindsay, Jon R. 2015. “Tipping the Scales: The Attribution Problem and the Feasibility of Deterrence against Cyberattack.” Journal of Cybersecurity 1 (1): 5367.Google Scholar
McDermott, Rose, , Anthony C. Lopez, and , Peter K. Hatemi. 2017. “‘Blunt Not the Heart, Enrage It’: The Psychology of Revenge and Deterrence.” Texas National Security Review 1 (1): 6989.Google Scholar
Milgrom, Paul, and Roberts, John. 1994. “Comparing Equilibria.” American Economic Review 84 (3): 441459.Google Scholar
Mookherjee, Dilip, and Png, Ivan. 1989. “Optimal Auditing, Insurance, and Redistribution.” Quarterly Journal of Economics 104 (2): 399415.CrossRefGoogle Scholar
Myerson, Roger B. 2009. “Learning from Schelling’s Strategy of Conflict.” Journal of Economic Literature 47 (4): 11091125.CrossRefGoogle Scholar
Nakashima, Ellen. 2018. “Russian Spies Hacked the Olympics and Tried to Make it Look Like North Korea Did it, U.S. Officials Say.” Washington Post, February 24.Google Scholar
National Cyber Security Center. 2019. “Turla Group Exploits Iranian APT to Expand Coverage of Victims.” https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_TURLA_20191021%20VER%203%20-%20COPY.PDF.Google Scholar
Nye, Joseph S. Jr. 2011. “Nuclear Lessons for Cyber Security?Strategic Studies Quarterly 5 (4): 1838.Google Scholar
Panetta, Leon. 2012. “Remarks by Secretary Panetta on Cybersecurity to the Business Executives for National Security.” http://archive.defense.gov/transcripts/transcript.aspx?transcriptid=5136.Google Scholar
Png, Ivan. 1986. “Optimal Subsidies and Damages in the Presence of Judicial Error.” International Review of Law and Economics 6 (1): 101105.CrossRefGoogle Scholar
Polinsky, A. Mitchell , and Shavell, Steven. 2000. “The Economic Theory of Public Enforcement of Law.” Journal of Economic Literature 38 (1): 4576.CrossRefGoogle Scholar
Powell, Robert. 1990. Nuclear Deterrence Theory: The Search for Credibility. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
Radner, Roy. 1986. “Repeated Principal-Agent Games with Discounting.” Econometrica 53 (5): 11731198.CrossRefGoogle Scholar
Rid, Thomas, and Buchanan, Ben. 2015. “Attributing Cyber At tacks.” Journal of Strategic Studies 38 (1–2): 437.Google Scholar
Rogin, Josh. 2010. “The Top 10 Chinese Cyber Attacks (That We Know Of).” Foreign Policy, January 22.Google Scholar
Sah, Raaj K. 1991. “Social Osmosis and Patterns of Crime.” Journal of Political Economy 99: 12721295.CrossRefGoogle Scholar
Sanger, David. 2018. “Trump Loosens Secretive Restraints on Ordering Cyberattacks.” New York Times, September 20.Google Scholar
Sanger, David, and Broad, William. 2018. “Pentagon Suggests Countering Devastating Cyberattacks With Nuclear Arms.” New York Times, January 16.Google Scholar
Schelling, Thomas C. 1960. The Strategy of Conflict. Cambridge, MA: Harvard University Press.Google Scholar
Schrag, Joel, and Scotchmer, Suzanne. 1997. “The Self-Reinforcing Nature of Crime.” International Review of Law and Economics 17 (3): 325335.CrossRefGoogle Scholar
Segerson, Kathleen. 1988. “Uncertainty and Incentives for Nonpoint Pollution Control.” Journal of Environmental Economics and Management 15 (1): 8798.CrossRefGoogle Scholar
Shavell, Steven. 1985. “Uncertainty over Causation and the Determination of Civil Liability.” Journal of Law and Economics 28 (3): 587609.CrossRefGoogle Scholar
Shaver, Andrew, and Shapiro, Jacob N.. 2016. “The Effect of Civilian Casualties on Wartime Informing: Evidence from the Iraq War.” Working Paper. https://scholar.princeton.edu/sites/default/files/jns/files/shaver_shapiro_2016_tips.pdf.Google Scholar
Shevchenko, Vitaly. 2014. “‘Little Green Men’ or ‘Russian Invaders’?” BBC, March 11.Google Scholar
Silva, Francisco. 2016. “If We Confess Our Sins.” International Economic Review 60 (3): 13891412.CrossRefGoogle Scholar
Singer, P. W., and Friedman, Allan. 2014. Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford: Oxford University Press.Google Scholar
Smith, Alastair. 1998. “International Crises and Domestic Politics.” American Political Science Review 92 (3): 623638.CrossRefGoogle Scholar
Snyder, Glenn H. 1961. Deterrence and Defense: Toward a Theory of National Security. Princeton, NJ: Princeton University Press.CrossRefGoogle Scholar
Sullivan, Eileen, Weiland, Noah, and Conger, Kate. 2018. “Attempted Hacking of Voter Database Was a False Alarm, Democratic Party Says.” New York Times, August 23.Google Scholar
ThreatConnect. 2016. “Guccifer 2.0: All Roads Lead to Russia.” https://threatconnect.com/blog/guccifer-2-all-roads-lead-russia/.Google Scholar
Trager, Robert F., and Zagorcheva, Dessislava P.. 2006. “Deterring Terrorism: It Can Be Done.” International Security 30 (3): 87123.Google Scholar
Tsebelis, George. 1989. “The Abuse of Probability in Political Analysis: The Robinson Crusoe Fallacy.” American Political Science Review 83 (1): 7791.CrossRefGoogle Scholar
United States. 2011. “International Strategy for Cyberspace: Prosperity Security, and Openness in a Networked World.” https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf.Google Scholar
Weissing, Franz J. , and Ostrom, Elinor. 1991. Irrigation Institutions and the Games Irrigators Play: Rule Enforcement without Guards. In Game Equilibrium Models II: Methods, Morals, and Markets , ed. Selten, Reinhard, 188262. Berlin: Springer-Verlag.CrossRefGoogle Scholar
Submit a response

Comments

No Comments have been published for this article.