SMA hosted a speaker session with Dr. David Maimon (Department of Criminal Justice and Criminology, Georgia State University) as part of its SMA General Speaker Series.
Cyber-attacks have increasingly become a more prevalent national security threat since 2000; however, deterrence literature rarely mentions cyberspace. This lack of focus represents an important gap in deterrence research. Dr. Maimon commented that his team from Georgia Southern University noticed the lack of research into cyber deterrence after conducting a literature review across four main academic fields: a) criminology, b) law, c), information systems, and d) political science. Through their research, they identified two main types of deterrence which are: a) absolute deterrence and b) restrictive deterrence. Restrictive deterrence—or influencing criminals to scale down their actions—was considered by the research team as the best option to pursue, because it is the most realistic outcome. Absolute deterrence—or completely shutting down an action—was not considered a realistic goal.
Dr. Maimon commented that the frequency of hacks, their scope, and the time a hacker infiltrates a computer system can be reduced by conducting three restrictive deterrence actions. These actions are: a) spreading gossip about the ability for authorities to arrest hackers, b) sending hackers a warning message once they had infiltrated a computer, and c) messaging the hackers directly after they gained access to a computer. Dr. Maimon commented that the effects of these restrictive deterrence measures were evident for several weeks. Also, these actions are not only applicable to cyber deterrence from hackers but can be used for any cyber-criminal activity. This is because criminals are rational actors who weigh the costs and benefits of their actions. Dr. Maimon commented that the next stage in their research is identifying what key features of restrictive deterrence are actually forcing criminals to restrict the scope of their actions.