A cyber deterrence policy is attainable to provide guidelines to reacting to cyber events from state or non-state perpetrators. However, reaction must be of a clear line of accusation and proof as with the cyber domain it is difficult to align a specific culprit. For instance, through our readings, it is easy to access a server or even access a point through a wi-fi device or influence of a mobile smart phone. Origin can easily be erased; therefore, pinpointing a specific physical person, group, or country is difficult as compared to conventional weapons where there is a clear line of start to finish. Other practical problems in regards to deterring cyber attacks is the escalation of force. An intrusion through espionage may lead to physical damage of systems and escalate to the point of war.

However, solutions are sometimes easier said than done as mentioned by author Libicki (2009), “Fourth, everyone does it. Those who try to establish deterrence policies to prevent others from doing what they do themselves perforce reveal themselves to be fools or hypocrites—unless they are so powerful that they can get away with it. It is doubtful whether even the United States qualifies as being that powerful. A deterrence posture against CNE would be viewed as hypocritical and probably not credible—indeed, as incredible” (p. 24). Moreover, another potential solution rather than being a hypocrite is through a show of force by presenting to the international community the capability that a nation has and the ability to execute it, such as the parading of ICBMs or even the utilization of them through posted recordings. Tying it to cyber deterrence is the use of attacks on another nation and the vocalization of taking ownership for the destruction of a system.

Furthermore, US policy of cyber deterrence should be explicit and implicit. I know that sounds like a double-edged sword where policy is conflicting. My reasoning is that it really depends on the actions a society would need to take. Whether it is deterrence through punishment or denial. I think that deterrence through punishment must be driven by explicit requirements as the response or reaction by a state or actor must have definitive proof that intent was malicious and not accidental through self-negligence. Additionally, implicit policy can be provided to deterrence through denial as there are various solutions to a problem that can limit or prevent further intrusions. Actions of denial does not have the same affects as punishment such as international affects which may pull various nations into conflict when in actuality, only a singular culprit is to blame whether internally or externally.