@article{205,
  author = {James M. Acton},
  title = {Cyber Warfare & Inadvertent Escalation},
  abstract = {The advent of cyber warfare exacerbates the risk of inadvertent nuclear escalation in a conventional conflict. In theory, cyber espionage and cyberattacks could enhance one state's ability to undermine another's nuclear deterrent. Regardless of how effective such operations might prove in practice, fear of them could generate escalatory “use-‘em-before-you-lose-‘em” pressures.Additionally, cyber threats could create three qualitatively new mechanisms by which a nuclear-armed state might incorrectly conclude that its nuclear deterrent was under attack. First, cyber espionage could be mistaken for a cyberattack. Second, malware could accidentally spread from systems that supported non-nuclear operations to nuclear-related systems. Third, an operation carried out by a third party could be misattributed by one state in a bilateral confrontation to its opponent. Two approaches to risk reduction are potentially viable in the short term: unilateral restraint in conducting potentially escalatory cyber operations, and bilateral or multilateral behavioral norms.},
  year = {2020},
  journal = {MIT Press - Journals},
  month = {2020-04},
  issn = {0011-5266},
  url = {https://direct.mit.edu/daed/article/149/2/133/27317/Cyber-Warfare-amp-Inadvertent-Escalation},
  doi = {10.1162/daed_a_01794},
  note = {If these suggestions seem to fall far short of the challenge presented by the potential risk of cyber interference with nuclear forces or C3I systems, it is because they almost certainly do. There is a profound mismatch between the importance of governing cyber capabilities and governments' (in)ability to do so. That said, modest steps may prove to have extrinsic value. For much of the Cold War, the idea that the United States and the Soviet Union might conduct inspections of one another's nuclear forces seemed far-fetched. But such inspections, which today involve counting the reentry vehicles emplaced on intercontinental ballistic missiles, were the culmination of a stop-start confidence-building process that began, after the Cuban missile crisis, with the modest first step of creating a hotline between the two superpowers. Political change in the Soviet Union was unquestionably a necessary enabling condition for the breakthroughs of the late 1980s and early 1990s, but it might not have been possible to capitalize on such change had there not been an ongoing arms control process on which to build. There is no guarantee that an analogous process for managing cyber capabilities is possible. But if it is, it will inevitably begin with a modest first step.},
}