from "Engineering Trustworthy Systems" by Saydjari
- Deterrence requires detection, attribution, and consequences
- Attribution can be increased with deception techniques, getting help from other companies/ISPs/law enforcement
- Is a country responsible if it doesn't punish citizens for hacking? What about if it secretly funds groups that hack? By doing this countries can evade consequences by claiming that they are not responsible