This report looks at the political-military aspects of cybersecurity and attempts to place it in the larger context of international security. This report identifies six principles that should guide the United States in developing a strategic approach:
- Cyberspace is not a unique environment. States will behave in this environment as they would in any other.
- We cannot "disarm" in cyberspace, and there will be no "global zero" for a cyberattack.
- We have entered a period of sustained, low-level competition for influence where opponents' miscalculations and misperceptions are a source of risk to the United States.
- U.S. interests are best served by embedding cyberattack and cyber espionage in the existing framework of international law, and long-term U.S. interests are best served by winning international agreement to this.
- America's immediate goal in negotiation should be to increase the risks of launching a cyberattack or engaging in malicious cyber activity for both state and nonstate opponents.
- There is a limit to what negotiation can achieve in reducing risk; there will always be risk. The U.S. goal should be to decrease and bound this risk as part of its larger efforts to strengthen international security.