Discussion Questions: Given the characteristics of the cyber domain, what are some of the elements necessary to make up an effective policy of cyber deterrence? Is such a policy even possible? What are some of the practical problems of deterring cyber attacks and what are some of the potential solutions? One way to address this question is to look at the traditional forms of deterrence when it involves conventional weapons or nuclear weapons. Are there similarities? In the nuclear era it was clear that such weapons were under the control of states – usually great powers – and therefore it was easier to convey intent to the adversary. How do we do that in cyberspace? Should the US policy of cyber deterrence be implicit or explicit?