Destructible Domain: Is Cyberwarfare a new domain of warfare?

Abstract

This article makes a counterintuitive argument that cyberwarfare is not a new domain of warfare. It has been unnecessarily hyped. The analysis of the past 20 years shows that there have hardly been any successful cyber-attacks and even supposedly successful cyber-attacks have had extremely limited success. This article argues that cyberweapons can be an irritant and can supplement other domains of warfare but cannot be considered a domain on their own or a separate domain of warfare. The so-called cyberwarfare suffers from a Prediction Paradox which means since it has already been predicted earlier hence its probability of creating havoc declines automatically as states become well-prepared for such an attack. Even if attacks take place, there are highly likely chances that they will be less catastrophic than predicted. The cost-benefit analysis of cyberwarfare from the state's standpoint also makes it an improbable choice, given the skill and money involved in developing a cyberweapon. In terms of cost-benefit analysis, cyberweapons are ineffective, and if ineffective, they cannot form a fifth domain of warfare. On the hand, the theory of deterrence is being used as a measure to deal with cyberattacks. There are two types of deterrence i.e., deterrence by punishment and deterrence by denial. However, this paper supports deterrence by denial as a viable policy measure to deal with cyberattacks. Deterrence by denial is an approach that emphasizes improving cybersecurity and resilience to make it harder for attackers to successfully breach systems, steal data, or disrupt operations. As far as cyberattacks are concerned, deterrence by denial is the best strategy.

Keywords Cyberwarfare, Cyberweapons, Cyberattacks, Prediction Paradox, Domains of Warfare, Deterrence by Denial