Publication

This paper discusses the increasing risk posed to US critical infrastructure by a cyber attack and how preparing for or responding to such a crisis is complicated by ambiguity in cyberspace, primarily regarding responsibility and intent. The author then discusses how this ambiguity exacerbates the risk that countries, such as the US, could amid a geopolitical crisis, misattribute an attack, unduly retaliate or expand a crisis, or be unable to attribute an attack at all, thereby preventing or delaying a response. The author also examines how the US could prevent or mitigate the problems caused by ambiguity in cyberspace.