Confidence Building Meaures for the Cyber Domain
USMA Research Unit Affiliation
Army Cyber Institute
There is a growing debate among scholars and practitioners in the cyber conflict field regarding the extent to which the cyber domain is likely to be characterized by inadvertent escalatory spirals and arms races between increasingly cyber-capable states. Historically, technological innovation or geopolitical dynamics have propelled states to form confidence building measures (CBM) or create arms control regimes to institutionalize constraints on offensive military technology and guard against inadvertent conflict and escalation. We argue that cyber CBMs could blunt some of the factors that contribute to crises and escalation. Given the absence of arms control regimes for the cyber domain, cyber CBMs could be used to mitigate the risks to stability between states and possibly change the incentives that could lead to crises. In assessing current cyber confidence building initiatives, this article creates a novel framework to better understand these efforts. It also identifies limits of cyber CBMs and provides prescriptions for new steps in cyber CBMs to enhance mutual security and guard against inadvertent conflict stemming from cyber operations.