| Summary: | Motivated by recent developments in cyberwarfare, we study deterrence in a world where at-tacks cannot be perfectly attributed to attackers. In the model, each ofnattackers may attackthe defender. The defender observes a noisy signal that probabilistically attributes the attack.The defender may retaliate against one or more attackers, and wants to retaliate against theguilty attacker only. We note an endogenous strategic complementarity among the attackers: ifone attacker becomes more aggressive, that attacker becomes more “suspect” and the other at-tackers become less suspect, which leads the other attackers to become more aggressive as well.Despite this complementarity, there is a unique equilibrium. We identify types of improvementsin attribution that strengthen deterrence—namely, improving attack detection independently ofany effect on the identifiability of the attacker, reducing false alarms, or replacing misidentifica-tion with non-detection. However, we show that other improvements in attribution can backfire,weakening deterrence—these include detecting more attacks where the attacker is difficult toidentify or pursuing too much certainty in attribution. Deterrence is improved if the defendercan commit to a retaliatory strategy in advance, but the defender should not always commit toretaliate more after every signal.
|
|---|