Persistent engagement is a strategic paradigm for cyberspace born out of failure. Deterrence theory proved neither flexible enough nor well adapted to the domain. A new domain called for a new strategy. Rather than prevent cyber-attacks by convincing the attacker the cost is not worth the risk, persistent engagement seeks to prevent cyber-attacks by disabling the attacker’s capacity preemptively. There are fears around the precedents that persistent engagement sets and how those norms may one day be quite damaging. However, these concerns miss the broader nature of the environment and the already emerging norms that called for a response. To be fair, open questions remain. How the role of national sovereignty in cyberspace continues to develop could drastically alter the evolution of persistent engagement. Nonetheless, persistent engagement is a much sounder starting point for American cyber strategy than deterrence.
President Putin made three foundational assumptions in launching his war against Ukraine that should have been correct but were not. First, Putin assumed the invasion of Ukraine would be a quick and easy fight. Second, he assumed the world would denounce the invasion but tacitly allow it. Third, Putin assumed the war would deter NATO expansion.
