By Jon Lindsay
A new and notable cyber attack, allegedly from Iran and targeting an American gaming firm for disruption rather than exploitation, is being reported in the media: http://www.businessweek.com/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas. This is interesting for deterrence theorists for a number of dimensions: (1) it appears to be a use of cyber to inflict punishment for the political position of the firm’s CEO; (2) the attackers appear to be seeking out and avoiding the threshold which would invite retaliatory punishment, (3) they are aided in doing so by a victim striving to keep the attack secret to protect its reputation, and (4) all of this involves (allegedly) foreign targeting of a US non-state actor (firm) as a way of increasing the ambiguity of the attack to avoid a retaliatory punishment in administering the first coercive punishment.
One passage speaks directly to the stability-instability logic of CDD we have been discussing for a while: “Experts worry that America’s rivals may have found the sweet spot of cyberwar—strikes that are serious enough to wound American companies but below the threshold that would trigger a forceful government response. More remarkable still, Sands has managed to keep the full extent of the hack secret for 10 months.”