by Michael Rühle, Head of the Hybrid Challenges and Energy Security Section, NATO’s Emerging Security Challenges Division, Brussels
For over seven decades, deterrence has been a key concept of western defence and strategic thinking. The reason for this prominence is not difficult to fathom. Deterrence is congenial to democracies. As Lawrence Freedman, one of the most prominent analysts of deterrence, observed, when a state adopts a deterrence strategy “it signals that it does not seek a fight but still considers some interests to be so vital that they are worth fighting for. It implies a defensive intent without weakness. It seeks to prevent aggression while being non-aggressive. It sustains rather than disrupts the status quo.”
The principle of deterrence
It is therefore not surprising that many scholars are now trying to apply deterrence to new threats, such as cyber, disinformation, election interference, or “hybrid” combinations of such activities. If deterrence worked in the Cold War, when the threat of nuclear annihilation reminded all sides to act with caution and restraint, so the thinking goes, perhaps it can also be made to work against less visible, non-kinetic threats.
If only it were so easy. Deterrence in the Cold War worked because the interests at stake were existential and, hence, threats of using force – even nuclear force – to defend these interests were credible. Moreover, both sides at least tacitly acknowledged – and largely respected – each other’s spheres of interest. Finally, while the Cold War saw immense political and economic competition between East and West, both sides tried not to overstep certain “red lines” or push the other side into a corner. In other words, it was a game for high stakes, but it was also a game that followed certain unwritten rules.
Traditional (mostly nuclear) deterrence is still an important part of taming interstate relations, even if the emergence of new nuclear players, such as North Korea, and new technologies, such as hypersonic missiles, have made the game more difficult. Still, the major challenge for traditional inter-state deterrence is less the question of whether it still works, but rather whether its most important means – nuclear weapons – are still morally acceptable. The Treaty on the Prohibition of Nuclear Weapons, or Ban Treaty, which has now entered into force, seeks to de-legitimise nuclear weapons and thus create political and social pressure for their ultimate abolition. However, it is unlikely that the Ban Treaty will achieve its goal, given that no nuclear power or their allies have signed it. Hence, nuclear deterrence will be around for a long time to come.
Does deterrence apply to new threats?
The real challenge for the concept of deterrence today is whether it can also apply to non-kinetic, non-existential threats. Employing the term “deterrence” in this context may be comforting, as it implies that one can preserve the status quo against one’s competitors irrespective of their means of attack. However, a closer look reveals that there are no reasons for such comfort. Deterring non-kinetic, non-existential and sometimes non-attributable actions is far more difficult than deterring an adversary’s military action. The very logic of classic (military) deterrence, namely to prevent one’s opponent form doing unwelcome things, does not apply to the “grey area” of cyberattacks, fake news campaigns and similar threats. In a traditional military deterrence relationship, adversaries stay away from each other. The threshold for a military response is fairly clear. By contrast, cyberattacks, disinformation campaigns, or other hostile acts happen all the time, suggesting that deterrence is already “failing” day by day. Restraint – one of the key ingredients of a successful deterrence regime – has given way to a constant struggle by non-kinetic means.
Since most non-kinetic campaigns are not posing an existential threat, and since countermeasures such as economic sanctions also hurt the defender, many nations will be reluctant to punish each malign action of an aggressor with serious reprisals. This reluctance will be even greater if the attacker is a sizeable military power. Put differently, in the “grey area” there is neither a clear threshold for a response nor is there clarity as to the nature of the response. Moreover, one needs to take account of the asymmetry of interests between the attacker and the defender. If one assumes that the initiator of non-kinetic attacks does so because important interests are at stake, he will not be deterred by sanctions or similar acts of punishment. By the same token, if a hybrid aggressor believes that he is defending vital strategic interests, the prospects of him being publicly “named and shamed” by the defender will hardy compel him to call off his attack. He will simply deny that he is the culprit, relying instead on the low likelihood that his culpability will ever be proven convincingly.
Raising the price for an agressor
Does this mean that western states or alliances should simply accept such malign activities as the “new normal” of interstate competition? Far from it. There are many ways to raise the cost for an aggressor. For example, retaliating against a cyberattack with a cyberattack of one’s own entails the risk of unintended escalation, yet it may also make the attacker realise that the costs of his actions outweigh their benefits. Another example is to respond asymmetrically with measures that target the vital strategic interests of the perpetrator. For example, in response to a sustained campaign of political interference or disinformation, western states, even without attribution, could provide a sizeable package of military or other support to a vulnerable nation in the perpetrator’s sphere of influence. Such measures, designed to pose strategic dilemmas for the aggressor, are much more likely to influence his cost-benefit calculus and to change behaviour. However, one should not conclude that these types of deterrence measures could offer the near-perfect protection that nuclear weapons may have provided in the Cold War. In the “grey area”, unwelcome actions of all kinds will continue to occur.
Resilience is the solution for the future
For all these reasons, perhaps the most important intellectual leap in the contemporary security debate is to put traditional notions of deterrence by punishment on the back burner and instead take a closer look at another concept: resilience. It proceeds from the assumption that attacks will happen and the stricken company, nation, or alliance must be able to take the hit and bounce back rapidly. Consequently, resilience requires investments in cyber defence, in the protection of critical energy infrastructure, and in public education on how to deal with fake news on social media. Such an approach, which focuses on how to cope with an attack rather than with deterring it, may be seen by some as too fatalistic. However, rather than trying to stretch or redefine the concept of deterrence to make it applicable to today’s more complex lower-level threats, resilience is ultimately the more useful paradigm for coping with a world where interstate competition increasingly takes place in the “grey area”.
“Resilience requires investment in cyber defence, in the protection of critical energy infrastructure, and in public education on how to deal with fake news on social media.”
Michael Rühle
is Head of the Hybrid Challenges and Energy Security Section in NATO’s Emerging Security Challenges Division. The views expressed are his own.