The US needs to fundamentally rethink its strategies for stopping cyber attacks[1] and should develop a tailored approach to deterring each of its key adversaries, according to a new government report.
The report published by the US State Department[2] -- like a recent paper on botnets[3] -- comes in response to an executive order signed by President Donald Trump last year, which called for a report "on the nation's strategic options for deterring adversaries and better protecting the American people from cyber threats."
The report said that while the US has become dependent upon sophisticated networked information systems, its rivals have been learning to exploit that dependence to "steal from Americans, disrupt their lives, and create insecurity domestically and instability internationally."
The cyber threat posed by rival states -- and by Russia, China, Iran and North Korea in particular -- is often alluded to by intelligence agencies, but the US and its allies have struggled to find a way to deter these cyber intrusions.
The unclassified cyber-deterrence overview published by the State Department doesn't mention particular countries, but said that strategies for deterring malicious cyber activities "require a fundamental rethinking". The report said that the US has made efforts to promote a framework for "responsible state behaviour in cyberspace", but noted that this has not stopped state-sponsored cyber incidents.
"The United States and its likeminded partners must be able to deter destabilizing state conduct in cyberspace," the State Department warned.
Of course, the US has plenty of military muscle should it come to full-on cyberwarfare[4], but it's much harder to tackle cyber attacks that don't necessarily deserve an armed response -- which make up the majority of attacks.