The IT Law Wiki


Threat shifting is a

response of adversaries to perceived countermeasures or obstructions, in which the adversaries change some characteristic of their intent to do harm in order to avoid or overcome the countermeasure or obstacle.


Threat shifting can occur in one or more of several domains: the time domain (e.g., a delay in attack or illegal entry to conduct additional surveillance, etc.), the target domain (selecting a different, less-protected target), the resource domain (adding resources to the attack in order to reduce uncertainty or overcome countermeasures), or the planning/attack method domain (changing the weapon or path, for example, of the intended attack or illegal entry).

However, threat shifting is not always frictionless for the adversary — and therefore can be of some value to the defenders. The adversaries may delay their attack, consume additional resources, undertake complexity, expose themselves to additional countersurveillance and counter-terrorism scrutiny, and/or shift to a less consequential target.

Threat shifting can, in some cases, increase risk by steering an adversary to an attack that is more likely to succeed or of greater consequence.