The U.S. is working to build a cyber deterrence policy and philosophy that will build coalitions and clearly communicate, through both word and deed, that cyber attacks against the U.S. and its allies will lead to severe consequences. Transparency in these efforts, however, poses a singular difficulty. While joining with like-minded countries in a united front malevolent actors will likely increase effectiveness, a more aggressive cyber stance will change international norms and create “Catch-22” situations for transparency efforts. “If states aren’t willing to talk about the actions they take in cyberspace or their capabilities, it is unreasonable to expect others to do so,” stated a former government source speaking to Fifthdomain. And in creating deterrence, it is important that enemies know your capabilities and what harm you can threaten with them. But, in being transparent, one risks undoing the effectiveness of cyber operations that rely on targeting vulnerabilities through capabilities that are not fully known by the adversary. The director of the Cyber Security Project at Harvard’s Belfer Center concludes that “in seeking merely to deter enemies, the US finds itself constantly on the back foot. Instead, the US should be pursuing a more active cyberpolicy, one aimed not at deterring enemies but at disrupting their capabilities.”
Source: The problems transparency creates for cyber operations