Deter by Denial

DETERRENCE BY DENIAL: A NEW THEORETICAL MODEL FOR A SAFE, DEFENSE-DOMINANT CYBERSPACE

Abstract

A new theoretical model is proposed to enable effective deterrence by denial, potentially providing for a cyberspace that is defense-dominant and thereby potentially ending the offense- dominant imbalance currently resulting in a highly unstable and dangerous disequilibrium. The theoretical model is based on a new computer hardware architecture that fixes an overlooked but fatal flaw in the ancient Von Neumann architecture used in current computers. That architecture is obsolete now because it has no inner hardware defense against Internet malware attacks and is therefore inherently vulnerable, literally inviting endless cyberattacks. The new architecture introduces a new inner impermeable hardware barrier or barriers with the capability denying with certainty any access from the Internet to a protected part or parts of the computer, including its central controller. The theoretical model is sufficiently straightforward and mature to enable commercial development now and widespread deployment in the relatively near future.

Introduction

Numerous assessments for the National Research Council (NRC) have concluded with good reason that relying primarily on the threat of retaliation to deter cyberattacks on the United States appears to be the “inevitable choice” because there is no alternative in a cyberspace that is so clearly offense-dominant now. Unfortunately, the same assessments recognize that such offensive cyber deterrence just as inevitably introduces an apparent host of extremely serious problems, including massive uncertainty of results and associated risks of unintended consequences, including uncontrollable escalation.

Moreover, the majority of these offensive cyberdeterrence problems have no realistic solution because they are inherent in any likely scenario. Consequently, despite seeming to be the only choice, offensive cyberdeterrence may in practice be ineffective and dangerous as well, particularly (and ironically) so because of the extraordinary weakness of cyber defense. The excessive imbalance is likely to amplify uncontrollably the effects of the dominant offense. As a result, securing cyberspace appears as a practical matter today to be impossibly complex, if not just plain impossible.

Fortunately, the assessment of the overwhelming superiority of offense over defense in cyberspace, while true today, is not in fact inevitable, either theoretically or practically. A new theoretical model has been created with surprising potential to actually invert the existing cyberspace asymmetry to defense-dominant, which is a far safer state, one that innately produces the most stable equilibrium to avoid cyber conflict.

The surprising potential is so usual because the new theoretical model is based on a single technological change so basic it touches nearly every component of cyberspace. The model replaces the original and now classic Von Neumann computer hardware architecture, over 65 years old, with a simple new architecture that fixes an inherent security defect in the Von Neumann architecture and does so at the most fundamental possible level, thereby finally enabling safe computer connection to the Internet.

Consequently, this paper elaborates on the alternative concept of deterrence by denial

More information (PDF)