Creating Restraint in Cyberspace: Forward Cyber Operations and Theories of Restraint

Download PDF(1MB)

Main Image Credit Courtesy of pink / Adobestock

This Occasional Paper examines foundational theories of restraint to better understand the utility and risks in applying forward cyber operations to generate restraint in competitors.

As offensive cyber activities continue to trend in a dangerous direction, some states are turning to defensive strategies that involve cyber operations beyond the boundaries of their own systems. A commonly cited aim of this approach is to induce restraint in adversaries, but how to accomplish this goal remains unclear. To better understand the utility and risks in applying forward cyber operations to generate restraint in competitors, this paper examines how they might be applied under foundational theories of restraint: deterrence by punishment and compellence; deterrence by denial; entanglement; normative constraints and tacit cooperation. A structured analysis reveals three key implications and suggests associated recommendations for future policy development: 

  • Using forward cyber operations to induce restraint is not a straightforward matter of imposing costs. Instead, both costs and gains can be affected at multiple points of an adversary’s calculus. The utility, requirements, and risks involved in doing so vary significantly across different theoretical pathways to restraint. Current cyber strategy development should expand scope to consider multiple paths to restraint, accounting for their distinct utility and risks, to offer policymakers greater flexibility in addressing a broader range of cyber threats (above and below the threshold of armed conflict). In general, the utility–risk analysis here suggests that forward cyber operations should prioritise: intelligence collection for deterrence by denial and as an enabler of other restraint pathways; and targeting adversary cyber-operations infrastructure. 


  • A state’s ability to leverage partnerships (both internationally and domestically between government and industry) influences its ability to affect cyber adversaries’ costs-gains calculus with forward cyber operations. Accordingly, governments must develop trusted, more operational cyber partnerships with key allies and select private firms that have the capability to exchange and leverage forward-derived information in implementing the various paths to restraint. 


  • Effective forward defence involves more than intelligence agencies and the military. Other government organisations possess distinct expertise, relationships and capabilities that can produce powerful forward effects (such as law enforcement agencies or economic organisations that can request or compel owners of forward infrastructure to reduce malicious actors in their networks). Meaningfully integrating a broader range of capable actors into strategies that use forward cyber operations for defence is essential. This, however, can require greater centralised control than some states currently exhibit to overcome the organisational and political impediments to improving collaboration and unity of effort. Possessing capability alone is not the full measure of a country’s power. The ability to organise and employ it to effect is just as important.

Explore our related content