Deterrence focuses on making potential adversaries think twice about attacking, forcing them to consider the costs of doing so, as well as the consequences that might come from a counterattack. There are two main principles of deterrence. The first, denial, involves convincing would-be attackers that they won’t succeed, at least without enormous effort and cost beyond what they are willing to invest. The second is punishment: Making sure the adversaries know there will be a strong response that might inflict more harm than they are willing to bear.

For decades, deterrence has effectively countered the threat of nuclear weapons. Can we achieve similar results against cyber weapons?