you can't deter cyber war

I noted earlier that it is misleading to think of cyber operations as a "domain" of war. Today I want to draw attention to a fine article by P.W. Singer arguing that it is also unhelpful to think of applying nuclear war deterrence theory to cyber operations. Singer notes many areas of difference, including the false promise of offensive dominance.

Perhaps where the Cold War parallels fall short the most is the idea that building up offensive capabilities will deliver deterrence. This is a constant refrain: not just the need to build up U.S. cyber offense, but the need to make sure others know the United States has those capabilities.

He argues instead for efforts to set international norms for cyber behavior, build diverse capabilities, and strive for resilience in case of attacks.

I think there's also a parallel with "nonlethal weapons," the 1990s push for capabilities that would reduce civilian casualties when America intervened abroad. The best ones were turned over to the special operations community because knowledge of the capability would lead to a loss of surprise and countermeasures. Many cyber tools are only good once. Exploiting a zero-day flaw exposes it and leads to fixes. So we have to keep our electronic "powder" dry as long as possible.