According to the FBI, about 4000 ransomware attacks happen every day.  In the United States alone, victims lost $209 million to ransomware in the first quarter of 2016.  Even worse is the threat to critical infrastructure, as seen by the malware infections at electrical distribution companies in Ukraine that caused outages to 225,000 customers in late 2015.  Recent reports on the Russian hacks into the Democratic National Committee and subsequent release of emails in a coercive campaign to apparently influence the U.S. Presidential Election bring further national attention to the inadequacy of cyber deterrence.  The U.S. government seems incapable of creating an adequate strategy to alter the behavior of the wide variety of malicious actors seeking to inflict harm or damage through cyberspace.

Author Scott Jasper provides a systematic analysis of the various existing strategic cyber deterrence options and introduces the alternative strategy of active cyber defense.  He examines the array of malicious actors operating in the domain, their methods of attack, and their motivations.  He also offers answers on what is being done, and what could be done, by the government and industry to convince malicious actors that their attacks will not succeed and that risk of repercussions exists.  Jasper then proposes adopting a strategy of active cyber defense that combines internal systemic resilience to halt cyber attack progress with external disruption capacities to thwart malicious actors’ objectives.  He shows how active cyber defense is technically capable and legally viable for the deterrence of cyber attacks.