Cyber Deterrence Declaratory Policy, 2011-2015

We collected US public statements on cyber deterrence declaratory policies (2011-2015)for an event last week as part of a larger project we're doing with NTI on cyber deterrence:

US Declaratory Policy for Cyber Deterrence: Public Statements

(1) The White House, “International Strategy for Cyberspace” May 2011

“When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country.  All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners.  We reserve the right to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests.  In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible.”

(2) Department of Defense Strategy for Operating in Cyberspace, June 2011

"The Department will work with interagency and international partners to encourage responsible behavior and oppose those who would seek to disrupt networks and systems, dissuade and deter malicious actors, and reserve the right to defend these vital national assets as necessary and appropriate."

(3) Remarks by Secretary Panetta on Cybersecurity to the Business Executives for National Security, New York City, October 11, 2012

“If we detect an imminent threat of attack that will cause significant, physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us to defend this nation when directed by the president.  For these kinds of scenarios, the department has developed that capability to conduct effective operations to counter threats to our national interests in cyberspace.  Let me clear that we will only do so to defend our nation, to defend our interests, to defend our allies and we will only do so in a manner that is consistent with the policy principles and legal frameworks that the department follows for other domains including the law of armed conflict.”

(4) White House, Expanding Our Ability to Combat Cyber Threats, April 1, 2015

“we need to deter malicious cyber activity and to impose costs in response to the most significant cyber intrusions and attacks, especially when those responsible try to hide behind international boundaries.  Effective incident response requires the ability to increase the costs and reduce the economic benefits from malicious cyber activity.  And this means, in addition to our existing tools, we need a capability to deter and impose costs on those responsible for significant harmful cyber activity where it really hurts — at their bottom line.  That is why today, the President announced a new sanctions program that authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to sanction malicious cyber actors whose actions threaten the national security, foreign policy, or economic health or financial stability of the United States.”  

(5)  Remarks by Secretary Carter at the Drell Lecture Cemex Auditorium, Stanford Graduate School of Business, Stanford, California, April 23, 2015

“President Obama has said that we will respond to cyber-attacks in a manner and at a time and place of our choosing using appropriate instruments of U.S. power.  DoD has spent a lot of time figuring out how to help do so while also holding true to our nation’s enduring interests, traditions, and values.”