Conflict Prevention

Overview Ukraine faces two severe and immediate challenges: armed pro-Russian separatists in the eastern part of the country and a sharp, nationwide economic deterioration stemming in no small part from that military threat. Ukraine’s economy has contracted violently over the past year, and it is still burdened by a legacy of corruption and inefficiency that strains its fiscal balances, limits growth, and undermines fragile political unity. Reinforcing and sustaining the economic reform process currently underway is a crucial step toward consolidating the political gains that Ukraine has made since the Maidan uprising in late 2013, and presents a nonmilitary route for the United States and other countries to push back against Russia. In that context, the Maurice R. Greenberg Center for Geoeconomic Studies at the Council on Foreign Relations (CFR) convened an international group of roughly thirty experts, including government officials, market participants and other practitioners in international finance, political economy, and Eurasian security for a half-day workshop in Washington, DC, in late June. This report summarizes the highlights of the discussion and the views of the workshop participants. Participants sought to understand Ukraine’s economic challenges, explored obstacles impeding economic reform, and identified possible ways for outside actors to support Ukrainian policymakers more effectively during a vital period in the months ahead. The United States has a profound interest in supporting the emergence of a new, reform-minded government in Ukraine—not just for the sake of the Ukrainian people, but for the sake of the broader American-led international system and for perceptions of the United States’ ability to lead it. In the years ahead, U.S. leadership, not just in Europe, is likely to be tested in terms of its ability to enforce international norms in the face of abuses and coercion comparable to what is currently unfolding in Ukraine. Participants argued that by helping Ukraine’s leaders catalyze Ukrainian economic recovery, the United States could help mount a robust defense of the existing order against revisionist threats—an effort that would pay geopolitical dividends across broad geographical regions. This report, which you can download here, summarizes the discussion’s highlights. The report reflects the views of workshop participants alone; CFR takes no position on policy issues. Framing Questions for the Workshop Defining the Problem What are economic prospects for Ukraine? What are the critical decision points in the next twelve months? What are different security scenarios or variables that may alter this economic outlook? Identifying "Success" in Ukraine and Obstacles to Progress What are the identifiers of ‘success’ twelve months hence? Twenty four months hence? What are the conditions necessary to return Ukraine to the markets? What interests are at odds (U.S., EU, Ukraine, and International Financial Institutions)?  Are there significant gaps in the landscape of international institutions that need to be filled? How successful have our efforts been to date? What has worked well? Less well? Outlining Paths to Improvement Are there lessons from experience on how to navigate various tensions? Are there new approaches worth trying? What would these approaches require of all sides? What are appropriate next steps? Charts From This Report

Introduction There is growing risk of a violent uprising in the West Bank that could be costly to Israelis and Palestinians and harmful to U.S. interests. Violence could be ignited in various ways and escalate rapidly, further shrinking the space for a two-state solution and complicating U.S. efforts on other regional challenges. It would also necessitate humanitarian and reconstruction assistance from already burdened allies. Moreover, a West Bank crisis could elicit punitive responses from Europe, possibly driving a wedge between the United States and its European allies, and enable unhelpful regional states, particularly Qatar and Turkey, to meddle. An uprising would also stress an already troubled U.S.-Israeli relationship and possibly increase congressional opposition to any nuclear deal with Tehran. Thus, despite the seemingly isolated nature of an outbreak of violence confined to the West Bank, the United States should, especially in the wider frame of increasingly violent regional politics, take measures in the next eighteen months to reduce the probability of West Bank violence and minimize—to the extent possible—its consequences should such conflict prove unavoidable. The Contingency While Gaza under Hamas has experienced repeated wars with Israel since 2008, the West Bank has been relatively quiescent since the end of the second intifada in 2005. Yet the risk of a violent uprising in the West Bank has increased recently because of the following developments: Accumulating Palestinian frustration with the status quo and the receding prospects for political independence. Many Palestinians are disenchanted with the prospects for independence, with some turning to violence in frustration. Several dramatic "motivated lone wolf" attacks have occurred in Jerusalem, most notably the June 2014 kidnapping and murder of three Israeli teenagers, which precipitated the beating and immolation of an Arab youth by Israeli extremists shortly afterward. Incidents of stone throwing and Molotov cocktails, which stood at two hundred per month before the 2014 Gaza war, surged to five thousand per month later in 2014, while over one thousand Palestinians have been detained in Jerusalem since 2014—quadruple the number detained between 2000 and 2008. Increasing Israeli encroachment on Palestinian territories including into sensitive areas like the Temple Mount/Haram al-Sharif. Tensions surrounding the Temple Mount/Haram al-Sharif persist. Although many Jews regard the Temple Mount as holy, most have acquiesced to long-standing restrictions on Jewish worship atop the platform near the two mosques situated there. Some devout activists, however, recently challenged these constraints, sparking confrontations. The expansion of West Bank settlements, in combination with other irritants, could also spur renewed violence. A deteriorating Palestinian economy that reduces job opportunities and incomes resulting from the imposition of additional punitive measures. Israeli actions to cut off funds for the Palestinian Authority (PA), especially import duties that Israel collects on behalf of the PA under a provision of the Oslo Accords, could worsen the plight of many Palestinians. Growing friction within the PA and between the PA and Hamas. Factional fighting within the PA could spill over into clashes with the Israel Defense Forces (IDF). Hamas's rising stature within the West Bank—notwithstanding its decreasing popularity in Gaza—could embolden it to confront the PA or Israel itself. Israel arrested more than ninety Hamas operatives across the West Bank in May and June 2014, disrupting a plot to bomb the Temple Mount/Haram al-Sharif and incite a third intifada. Increasing involvement by the self-proclaimed Islamic State group and/or al-Qaeda. Al-Qaeda has attempted to infiltrate Israel, and the Islamic State has proximity, access, and a reservoir of willing volunteers. Israel would likely perceive any jihadist attack penetrating Israel's dense perimeter as having been facilitated by Palestinian sympathizers in the West Bank, which could precipitate an IDF operation in the West Bank. In January 2014, Israel disclosed that it had disrupted a jihadist conspiracy in Hebron run by senior al-Qaeda leaders. These developments are creating a combustible situation. A wide range of potential events could trigger an uprising in the West Bank. On the Palestinian side, the PA could successfully petition the International Criminal Court to investigate and indict Israelis for war crimes. This action would almost certainly precipitate an Israeli reaction, probably in the form of economic sanctions, or new or expanded settlement construction that closes off Jerusalem from the West Bank. Following the September 2012 UN General Assembly vote on observer status for Palestine, Israel ended a long-standing moratorium on settlement construction in the so-called E-1 corridor, the remaining contiguous zone linking the West Bank and Arab Jerusalem. On the Israeli side, renewed attempts to appropriate the Temple Mount/Haram al-Sharif for regular worship services, or perceived attempts to encroach on the village of Silwan, a predominantly Palestinian village in East Jerusalem, could result in violence. By 2014, the so-called silent intifada had impelled Israeli authorities to augment the current force in Jerusalem with one thousand special operations personnel, four additional border guard units, and a volunteer force of armed civilians. The Israelis have also substantially increased foot and vehicle patrols, checkpoints, and barricading of police stations; reinstated a policy of destroying the homes of Palestinian offenders; and instituted longer sentences for crimes such as stone throwing. The situation in the West Bank is not identical and should be distinguished from circumstances in Jerusalem. The latter is more sensitive to both sides. Fighting, should it erupt, will play out differently in the two locations owing to the differences in the proximity of the populations and the types of forces that would be utilized by both sides. A third round of fighting could grind on for months, entailing considerable violence and large-scale destruction. During the second intifada from 2000 to 2005, when Palestinian security forces clashed with the IDF, Israeli forces destroyed the PA's physical law enforcement and security infrastructure. As in subsequent clashes with Hamas in 2008, 2009, 2012, and 2014, the IDF deployed a combined-arms approach, using air power, armor, and infantry to subdue Palestinian combatants. The Palestinian side in the West Bank is now more heavily armed and better trained, factors that could drive violence to even higher levels. Warning Indicators Rising Palestinian frustration with the status quo and apparently receding prospects for political independence. This would be signaled by more frequent and provocative statements by Fatah; lingering protests and demonstrations; social media agitation that goes viral; sermons or other forms of incitement; a decline in Palestinian security cooperation with Israel; and increases in lone-wolf attacks, kidnappings, or similar crimes. Increasing Israeli encroachment in the West Bank. Indicators would include an increase in construction permits; Israeli public commitments to settlement expansion or construction in sensitive areas like the Temple Mount/Haram al-Sharif, Silwan, or the E-1 corridor; public endorsements by Israeli politicians or opinion leaders of altered arrangements for broader Jewish access to the Temple Mount; new closures; added checkpoints; raids into West Bank Area A; house demolitions; and settler-related violence. Violent provocations by either side that resonate emotionally would also serve as indicators. Downturn in the Palestinian economy. The major indicator would be a prolonged period during which the PA could not pay salaries, due either to steeply declining foreign donor contributions or Israeli withholding of tax revenues, alone or in combination with extended closures or roadblocks. Growing friction within the PA and with Hamas. This would include open dissent, assassinations, delegitimation of President Mahmoud Abbas by influential opposition leaders on social media and through demonstrations, loss of support for Fatah, friction with Hamas, and spillover of factional fighting leading to confrontations with the IDF. Al-Qaeda video remarks by jihadist leaders urging individual Muslims to act against Israel or an "apostate" PA. Jihadist penetration of the West Bank, whether though their prodigious social media or the insertion or recruitment of operatives, would constitute a potential precursor of renewed violence. The Islamic State could radicalize elements within Hamas and the Palestinian Authority—as it has inspired admirers in other countries—as a prelude to or as a result of a crisis. Implications for U.S. Interests Renewed violence in the West Bank would reduce Washington's already diminished ability to advance a two-state solution, which has long been a core U.S. foreign policy objective. The second intifada persuaded many Israelis that a two-state solution could not be effectively secured, and the subsequent diplomatic stalemate has made many Palestinians equally dismissive of a two-state solution. Renewed fighting, given the probable loss of life, destruction of physical infrastructure—much of it rebuilt after the second intifada—and the likely reimposition of comprehensive controls on movement within the West Bank would compound their doubts. Another violent uprising could also strain an already fraught U.S.-Israeli relationship and pit the United States against its European allies at a time when their cooperation on a range of other important issues is required. At this stage, relations between Washington and Jerusalem are likely to remain turbulent owing to differences over issues—Iran's regional role and nuclear ambitions and the peace process—regarded as strategic by one or both sides. The gap between increasingly anti-Israeli European public opinion and European governments' tolerance for Israeli policies is widening. Israeli actions to suppress an uprising in the West Bank would be assessed internationally as very different from Israel's periodic confrontations with Hamas in Gaza. Unlike Hamas, the PA has rejected violence; its success in the United Nations is a sign of growing legitimacy. Several European governments have recognized Palestinian statehood and others are likely to follow. In the context of a third uprising, European leaders would try to narrow the gap between their policy and European public opinion by intensifying international, multilateral, and bilateral diplomatic pressure on the United States to rein in Israel's response. Regional states, particularly Qatar and Turkey, which have long been accused of supporting Hamas, could also undermine efforts to resolve the crisis. Finally, heightened insecurity in Israel could increase congressional opposition to the P5+1 agreement on Iran's nuclear program. Preventive Options A range of policy options is available to help avert a major uprising. These options aim to address the various developments and risk factors that make an uprising more likely. Renew hope in and progress toward a two-state solution. The United States could signal that it intends to resume the search for a path forward on a two-state solution. However, conditions for another round of negotiations might well be unripe, given the Israeli government's skepticism about Palestinian interest in a deal, and Palestinian mistrust of Israeli intentions. The space to reactivate talks might simply be too narrow for a statement of intention to be credible, especially given the unsettled state of bilateral relations, in part because of this very issue. Anarchic or brittle conditions on Israel's borders, burgeoning Jihadist activity, and Iranian assertiveness have lowered Israel's risk tolerance—probably also the Palestinian Authority's—and have further reduced interest in renewed talks. Failure or lack of progress in negotiations could increase the risk of violence. Persuade the Palestinian Authority and Israel to desist from potentially provocative actions. Washington has long tried this with only varying degrees of success. Specifically, the United States could continue to insist that Palestinian leadership avoid provocative actions, especially in the United Nations or through incitement at home, while condemning acts of violence directed against Israelis. Israel could be urged to enforce preexisting rules for access to the Temple Mount/Haram al-Sharif, avoid settlement construction activities in areas that are especially sensitive such as Silwan, scale back or refrain from house demolitions, and pursue investigation and prosecution of settler provocateurs. The United States could encourage both sides to devise stabilizing themes for dissemination via social media and discourage verbal attacks through the application of existing legal sanctions. The United States could also try to broker agreement between the two sides identifying specific provocative actions they would avoid and coordinate steps they would take should tensions escalate. Support Palestinians with economic, political, and security assistance. The United States generally tries to dissuade Israel from withholding tax revenues, which, from an Israeli perspective, is one of the few nonviolent sanctions available to deter Palestinian provocations. Washington could continue to discourage financial coercion based on the risks flowing from Palestinian economic collapse. Through diplomatic efforts and the direct involvement of the U.S. Security Coordinator for Israel and the Palestinian Authority, Washington could continue to help both sides' security services maintain close cooperation while encouraging donors to step up financing, training, and equipping of Palestinian security forces and urging Israel to expedite such assistance. Help counter external provocations. To the extent it is not already doing so, the United States could increase its support to Israeli, Palestinian, and Jordanian intelligence and security services to identify and interdict jihadist threats to stability in the West Bank. Mitigating Options If renewed large-scale violence does erupt, the U.S. objective should be to achieve a cease-fire as quickly as possible to preserve lives and infrastructure, establish arrangements that reduce the potential for renewed crisis, and preserve space for a resumption of final-status negotiations. This will be difficult because of competing pressures on both the Israelis and Palestinians to escalate. The Israeli government will want to reestablish deterrence through punitive action and demonstrate to the Israeli public that it is responding to security threats. Palestinians will want to increase the cost of occupation to Israel and internationalize the conflict, bringing external pressure on the Israeli government. In addition, Israel will control the ground and therefore determine whether and how third parties can intervene. And in a West Bank uprising, Jordan would not have the leverage on the PA that Egypt enjoyed over Hamas during the 2014 Gaza conflagration to accede to a cease-fire arrangement acceptable to Israel. Alongside constraining domestic political dynamics on both sides and the momentum of large-scale military operations, these factors will make a swift cease-fire harder to achieve. As for other interested actors, Arab governments now caught up in Syria and concerned about Iranian regional aggression would likely avoid direct involvement beyond symbolic diplomatic or rhetorical condemnation of Israel. Jordan and possibly Egypt might attempt to press the Palestinian leadership to agree to a swift cease-fire, but the PA might not have the requisite influence on Palestinian combatants. Most west European governments would oppose an Israeli military campaign in the West Bank and could urge UN action that could conceivably lead to sanctions against Israel. By default, primary responsibility for containing the situation would fall to the United States, which would work closely with both sides to arrange a cease-fire. Judging from Israel's reluctance to work with Secretary of State John Kerry during the 2014 Gaza war, however, U.S. efforts might not bear fruit until the two sides conclude that the marginal return on hostilities has begun to diminish. Given these unpropitious conditions, the United States would have a range of options, where the impact of the intervention would likely be inversely proportional to its feasibility: Limited diplomatic involvement. At the low end of the spectrum, the United States could urge restraint and affirm the objective of a timely cease-fire but avoid getting dragged into the crisis directly. This would likely entail working with and through other multilateral actors—the United Nations and the European Union—and/or through other states that wield a degree of influence on both sides, such as Egypt in the Gaza conflict of 2014 and Jordan in the wake of the Temple Mount crisis in November 2014. By working through others, U.S. diplomatic resources can be employed without squandering prestige in search of a swift resolution that may not be attainable. At the higher end of this spectrum, the White House could dispatch a presidential envoy to present options for winding down the fighting and consolidating a cease-fire. By virtue of real-time, high-level access in Washington, this envoy could authorize incentives the parties might request to facilitate a cease-fire. Direct involvement. Under this approach, the United States would essentially lead and orchestrate efforts to bring an end to the violence, including defining an acceptable end state, mediating directly between the parties, and mobilizing outside actors in the service of the U.S. approach. This could conceivably involve the offer of a limited U.S.-North Atlantic Treaty Organization (NATO) military presence to play a monitoring role and dispute resolution along the lines proposed by French Foreign Minister Hubert Vedrine in 2002 during the second intifada, or proposed by then U.S. National Security Advisor James L. Jones in 2009. Establish third-party control of the security situation in the West Bank. The UN Security Council, with U.S. backing and consent of the parties, could authorize a limited monitoring and/or interposition force to separate combatants on both sides and assist the PA in restoring and maintaining civil order. Such a force would also assume responsibility for, or contribute to, the reconstitution of Palestinian security forces and the resumption of a train-and-equip program. Even assuming NATO agrees to carry out this mission and Israel is persuaded that outside intervention is in its interest, negotiating the scope of the mission and forming and deploying the force would require substantial lead time. Moreover, expectations of a strongly adverse domestic reaction would probably deter the administration from voting for such a resolution. Thus, despite the theoretical utility of such a force and therefore the need at least to consider the option, such a deployment would have to be regarded a real-world impossibility. Create a UN- or coalition-centered initiative to restore administrative infrastructure in the West Bank. Given the likelihood that combat operations in the West Bank would result in the destruction of much of the PA's administrative infrastructure, a rapid multilateral effort to rebuild it would be essential to the stabilization of the situation once a cease-fire has been consolidated. Support a UN Security Council resolution (UNSCR) that establishes the framework for an eventual peace agreement. European diplomatic and material support would hinge on U.S. backing for a UN Security Council resolution, like UNSCR 242, that establishes the parameters of a final-status accord and shapes a renewed push for a peace agreement. U.S. support for even a very general resolution would be perceived by Israel and its supporters in Congress as a dramatic departure from the customary U.S. position, which stipulates that final-status issues must be resolved solely through negotiation between the parties. The most durable approach to the problem of renewed West Bank violence—short of swift acceptance on both sides of the need for a final-status accord entailing a high level of Israeli-Palestinian security cooperation—would be some sort of international deployment of troops. Yet, in the event of the PA's demonstrated incapacity, Israeli officials, who have already expressed deep skepticism about the PA's ability to counter threats to Israeli interests, would oppose measures to delegate responsibility to third parties on the ground that such actions would constrain Israel's ability to react rapidly and decisively to threats. Accordingly, any effort to protect civilians or facilitate military-to-military dispute resolution by a third party would have to reflect a serious, long-term commitment—based on strong consensus—to build and sustain Israel's confidence in such measures and marshal the necessary forces. This would require a commitment of top-tier, professionalized military forces from NATO countries to be credible. NATO already deploys fifty-five thousand personnel worldwide and is upgrading its capabilities in light of Russia's recent provocations in Ukraine. It is highly improbable that parliaments would be willing to commit their national forces to such a complex challenge. Recommendations The United States should focus, in the near term, on the full range of preventive measures: Tamp down provocative actions on both sides. Washington has been only intermittently successful on this score. Nonetheless, the Israeli government has frequently been self-deterred from carrying out actual building in sensitive areas and from actions that would inflict serious long-lasting damage to the Palestinian economy. Likewise, the PA continues to be deterred from serious provocation by the harm that renewed conflict would inflict on the West Bank and on the legitimacy of the PA itself. The United States should reinforce the two sides' tendency toward restraint in tense circumstances through public statements and private messages highlighting the risk of escalation to their respective interests. At the same time, the United States should encourage Israeli and Palestinian leaders to agree on a code of conduct to avoid provocative actions, as former U.S. Middle East Envoy Dennis Ross has suggested. Help preserve Palestinian economic health, political stability, and security capabilities. President Abbas's commitment to a UN strategy, lack of confidence in U.S. diplomacy, and growing fatigue makes cooperation difficult. Moreover, certain Palestinian actions could jeopardize existing U.S. financial support for the PA even as European funding has declined. But the United States should capitalize on European symbolic actions in favor of Palestinian statehood by pressuring capitals to substantially increase their economic assistance to the PA. Washington should also ask Arab donors to increase and honor their pledges, avoiding problematic donors such as Qatar in favor of the United Arab Emirates. These donors harbor their own skepticism about the PA and Israeli policy—and are already fully occupied with Syria—but they might be receptive to this proposal nonetheless, given the stakes entailed by renewed fighting in the West Bank. Help counter external provocations. Some governments might be reluctant to dilute their focus on the Islamic State or al-Qaeda threats elsewhere, especially in Europe, the United States, the Persian Gulf, or Jordan, which are higher-priority targets for jihadists. Given the escalatory potential for a jihadist attack against Israel emanating from the West Bank, however, security services should be sufficiently motivated to devote as much attention as they can to this threat. Signal a return to negotiations. The salience of bread-and-butter issues, the spotlight on Iran, and systemic skepticism about Palestinian intentions will probably continue to blunt Israeli public interest in the peace process. In addition, U.S. rejection of the Jordanian-Palestinian UNSCR in January 2015 and a temporary European reluctance to criticize Israel in the wake of the Charlie Hebdo massacre, respectively, will likely suggest that U.S. and European pressure is not an immediate concern for Israel. Yet clear but low-key official statements that signal continued U.S. concern and an intention to renew negotiations would reassure Palestinians that they have not reached the end of the road, even if the way forward is presently blocked. In the event of major unrest in the West Bank, mitigating efforts will have to conform to the tight constraints set by the attitudes of the parties as well as the downturn in U.S. relations with Israel and the PA, in addition to the fact that European partners are preoccupied with Russia's behavior and other distractions closer to home. The following actions could help mitigate the consequences: Urge a halt to the fighting via high-level U.S. coordination with both sides. Given the bilateral tensions over Secretary Kerry's mediation efforts during the most recent Gaza conflict, prospects for high-level diplomacy in this scenario are somewhat clouded. Nevertheless, there is no substitute for sustained and intensive involvement by the White House, secretary of state, senior U.S. military commanders, and the Central Intelligence Agency director, who interact regularly with the Israel Defense Forces, Mossad, and Military Intelligence Directorate counterparts. In preparation, the White House should consider appointing a Middle East envoy sooner rather than later. Convoke relevant outside actors. Tensions surrounding the Temple Mount/Haram al-Sharif in 2014 were defused in part by the involvement of King Abdullah II of Jordan in trilateral talks with the United States and Israel. The United States should begin informal discussion now with the king on how Jordan could help in defusing major hostilities in the West Bank. If these mitigating options fail to secure a cease-fire and withdrawal of Israeli forces, the United States should consider the following steps: Table a UNSCR that urges the two sides to cease hostilities, establishes the parameters of a final-status accord, and calls for a new round of final-status negotiations under U.S. auspices. If the mitigating steps described above failed to secure a cease-fire and withdrawal of Israeli combat forces from the West Bank, Washington should attempt to leverage the fighting to lay the basis for renewed diplomacy grounded in the observable reality that Israel's control of the West Bank had become unsustainable in the absence of large-scale military operations. The most effective platform would be the UN Security Council. Israel would strongly object as it views the United Nations with suspicion and has argued, with U.S. support, that UN action cannot substitute for direct negotiations between Israel and the PA. The possibility of UN involvement, however, could dispose the Israeli government toward cooperation with efforts to deescalate the situation on the West Bank. If not, and the Security Council were to proceed with a resolution, it would be essential that the United States maintain tight control over the drafting and final text of a UNSCR to protect Israel's security. The difficulties involved in this approach cannot be minimized: despite tacit U.S.-Israeli agreement on certain territorial issues, Israeli and Palestinian positions on other issues—security, refugees, and Jerusalem—remain resistant to compromise. Moreover, conflict on the West Bank would be as likely to harden positions as to persuade the parties to negotiate. Yet a profound crisis would require a U.S. response that aims to resolve the conflict without jeopardizing Israel's safety. Conclusion The United States has a significant interest in maintaining stability in the West Bank. Widespread violence could further shrink prospects for a two-state solution, strain bilateral relations with Israel, and seriously damage Israel's European relationships. As the United States would inevitably be the primary actor tasked with mitigating a crisis, it would be prudent for the United States to address the risk factors before a major uprising breaks out.

The potential chaos highlighted by a 2011 Council on Foreign Relations (CFR) Contingency Planning Memorandum, "Post-Qaddafi Instability in Libya," has come to fruition. Libya today is in the midst of a civil war—one as confusing as it is ferocious. Atrocities against civilians are mounting. The collapse of the Libyan state and the country's division is possible. This could threaten Libya's remaining oil and gas production and spark new waves of migration to Europe and neighboring countries in North Africa. Libya's transitional road map fell apart in 2012, as the elected parliament and several subsequent governments failed to demobilize, disarm, and reintegrate revolutionary brigades that had fought against the Qaddafi regime. As a result, the brigades aligned with political factions and began to fight each other, killing thousands of Libyans, internally displacing about 400,000 people, and creating a refugee population of one to two million abroad. New Concerns The conflict pits the Dawn coalition, which controls Tripoli and much of western Libya, against the Dignity coalition, which controls parts of Cyrenaica in the east, in particular Beida and Tobruk, as well as parts of Benghazi. But the geographical division is not neat: combatants from Zintan in the west are an important component of the Dignity coalition while Dawn claims the loyalty of some fighters in the east. Source: New York Review of Books. Each coalition has its own self-declared parliament and government, as well as nominal military chiefs. Although the press often associates Dawn with Islamists and Dignity with non-Islamists, both groups have Islamist and non-Islamist support, and the Finance Ministry in Tripoli continues to pay combatants in both coalitions. Egypt and the United Arab Emirates (UAE) provide substantial aid to Dignity, including occasional air strikes on its behalf. Most other countries regard the Dignity-affiliated Beida/Tobruk government as legitimate but want to see a negotiated political settlement. A United Nations (UN) proposal for a national unity government would reinstall the Dignity-affiliated parliament in Tripoli along with a mostly Dawn-affiliate consultative body, but it is still unclear whether either Dawn or Dignity will accept the proposal. In addition to the Dawn and Dignity coalitions, a growing presence of jihadists (especially in Derna and Sirte) greatly complicates the situation. Extremists associated with Ansar al-Sharia and the self-declared Islamic State regard both Dignity and Dawn as enemies. Libya is particularly important for the United States' European Union (EU) allies, both as a gas and oil supplier and as a source of illegal migrants (Libyan and non-Libyan), who are crossing the Mediterranean in unprecedented numbers. As for others in the region, Egypt and Tunisia are hosting large numbers of Libyans, straining their already struggling economies and limited social services. Tuareg fighters returning from Libya have contributed to the ongoing secessionist strife in northern Mali. Policy Implications An escalation of the fighting in Libya will likely result in further radicalization, risking partition and even complete state collapse, with consequences across North Africa and Europe. Were it not for the even greater chaos in Iraq, Syria, and Yemen, where the Islamic State and al-Qaeda-linked forces are more prominent, the United States would be more concerned about the potential for Libya to provide safe haven to international terrorists. Also at risk is Libya's remaining oil production of several hundred thousand barrels per day, as well as its gas supply to Europe, which will be important next winter if Russia cuts off supply to Ukraine, through which most of Europe's Russian supplies of gas flows. UN efforts at a political settlement will be fruitless without strong backing from its members, including support for the peacekeeping forces required to protect a national unity government and restore law and order in major population centers. In the absence of a political settlement, possible scenarios include a win for Dignity, backed by Egypt and the UAE, or fragmentation of the country. A Dignity win would create serious risks of retributive violence, including attacks against civilians. Fragmentation could also further escalate violence, since substantial oil and gas resources would be at stake. While a settlement is being negotiated, local stabilization efforts could relieve parts of Libya from violence, but on the national level it could take time and a great deal of effort. Recommendations As European interests in Libya overshadow those of the United States, the EU should take the lead in helping the country out of its current predicament. Arab countries—including Egypt and the UAE, as well as the more neutral Algeria and Morocco—should also make substantial contributions. Washington's role should be one of encouraging and facilitating UN, EU, and Arab efforts, rather than undertaking a major new initiative. Washington should support, including in a UN Security Council resolution, an inclusive national political solution, which allows the return of a single, legitimate governing authority to Tripoli that is willing and able to fight extremist Islamists. The constitution, prepared with U.S. assistance, should devolve as much authority as possible over other issues to Libya's three regions and twenty-two districts. Washington should support, through the UN or Libyan nongovernmental organizations (NGOs), local stabilization and traditional mediation efforts among tribes, municipal councils, and local militias to end fighting, especially in western Libya. Such UN and NGO efforts should include facilitation of meetings and training as well as visits to other countries (Lebanon, Bosnia, and Albania) that have suffered civil conflict. Washington should encourage Italy and France to form a coalition of the willing to provide peacekeeping forces with a UN mandate in support of a national political settlement, including substantial Arab contributions of police and military personnel. A force of ten to fifteen thousand peacekeepers—more than currently under consideration by the Europeans—would be necessary to protect a national unity government. Washington should support this mission from the air and sea with logistics, intelligence, and air strikes, but without boots on the ground. The United States, Europe, and Arab countries should coordinate to help the Libyan government develop counterterrorism and internal security capabilities. This approach would entail a major effort to disarm, demobilize, and reintegrate militias as well as create effective Libyan forces under civilian control. At least six to eight thousand troops—once envisioned for the now-abandoned Libyan General Purpose Force—would be required, possibly organized on a regional basis. The United States needs to be ready to spend at least the $600 million over eight years targeted for that program. 

Introduction As major powers increasingly rely on digital networks for critical services, the number of plausible network attacks, accidents, or failures that could trigger or exacerbate an international crisis will increase. The likelihood and severity of such a destabilizing event will also grow as long as norms of appropriate behavior in cyberspace are underdeveloped, timely and convincing attribution of attacks remains difficult, and the number of cyber-capable actors increases. Preparing for or responding to such a crisis is complicated by ambiguity in cyberspace, primarily regarding responsibility and intent. Ambiguity about who is responsible for a cyberattack exacerbates the risk that countries amid a geopolitical crisis will misattribute an attack, unduly retaliate or expand a crisis, or be unable to attribute an attack at all, thereby preventing or delaying a response and weakening their deterrence and credibility. Ambiguity of what is intended complicates a country’s ability to distinguish between espionage operations and activity conducted in preparation for a cyberattack. The United States has strategic interests in preventing and mitigating these risks, given its commitment to global security and overwhelming dependence on networked systems for national security missions, commerce, health care, and critical infrastructure. The longer it takes to implement preventive and mitigating steps, the greater the likelihood of unnecessary military conflict in and outside of the cyber domain. The Contingencies Cyberattacks are increasing in frequency, scale, sophistication, and severity of impact, including their capacity for physical destruction. China, Iran, North Korea, and Russia have demonstrated an ability to conduct destabilizing cyber activity. Such actions—whether for destructive purposes, intelligence collection, or economic espionage—are designed to evade network defenses and can involve various means of deception to thwart attribution. Recent incidents have shown that U.S. adversaries can no longer assume they will be able to conceal their identities in cyberspace, but cybersecurity experts still lack agreed-upon standards for attribution; evidence for a credible and convincing attribution can take a long time to compile; and malicious actors continue to develop new means of obscuring responsibility. Moreover, unlike many cyber operations designed to exfiltrate large amounts of data, destructive cyberattacks can be made to operate with limited communication between the malware and controller, offering fewer forensic details to establish responsibility. Even when an attacker can be identified, public attribution will remain as much a political challenge as a technical one, given that competing allegations of responsibility will likely follow any public accusation. Without corroborating signals or human intelligence—which, if it exists, officials may be reluctant or slow to disclose—computer forensic data may be incomplete or too ambiguous to convince a skeptical public. Should a major cyberattack occur over the next twelve to eighteen months, or even beyond that period if sufficient preventive and mitigating steps are not taken, public pressure to respond could outpace the time needed to credibly attribute responsibility and, if desired, build an effective coalition to support a response. Over the same time period, ambiguity regarding the intent of cyber operations will also remain a challenge, leaving policymakers uncertain about whether malware discovered on a sensitive system is designed for espionage or as a beachhead for a future attack. The United States could face several plausible crises over the next twelve to eighteen months that would be complicated by the risks of ambiguity in cyberspace. These include destructive insider threats, remote cyber operations that threaten trust in financial institutions, and cyberattacks by foreign nations or nonstate groups against critical infrastructure systems that cause widespread panic and loss of life, or similar attacks against a U.S. ally. National Security Agency (NSA) Director Admiral Michael Rogers warned in late 2014 that he expects U.S. critical infrastructure—assets essential to the function of a society and economy, such as water supply systems, electric grids, and transportation systems—to be attacked, noting that multiple foreign nations and groups already possess the ability to shut down a U.S. power grid and several others are investing in the capability. Attacks like the publicly unattributed January 2015 cyberattack that severely damaged a German steel mill suggest the ability to bring about physical destruction through cyber means may be proliferating quickly. Of particular concern would be the proliferation of these capabilities among terrorist groups, which currently possess limited technical skills but destructive intent. As the number of cyber-capable adversaries grows, so too does the number of critical targets, especially as industrial control systems move to web-based interfaces and more common operating systems and networking protocols. The implications of any crisis will depend on the current geopolitical context; the type of networks that fail; and the extent of economic damage, physical destruction, or human costs that result directly from network failure or its cascading effects on public health, communication and financial networks, and the economy. A successful cyberattack against one or more critical infrastructure systems could endanger thousands of lives, halt essential services, and cripple the U.S. economy for years. Two plausible factors that could exacerbate such a crisis are intentional and inadvertent ambiguity. Intentional Ambiguity Over the past two years, Iran and North Korea have appeared most willing to conduct destructive and disruptive cyberattacks against U.S. and foreign targets while attempting to conceal responsibility. Tactics have included data wipes, destruction of computer hardware, and denial-of-service attacks. Russia and China have exhibited some of the most advanced capabilities, and actors in both countries have been linked to disruptive attacks during regional tensions. Actors in South Asia and the Middle East have also conducted operations in regional conflicts that could quickly entangle U.S. interests. During a crisis involving the United States or an ally, any one of these countries could conduct cyber operations that risk further destabilization. As the rate of operations grows, so too could the challenge of attribution, with each incident exposing tools and techniques that can be repurposed. Cyber activities that could not be promptly attributed have already appeared in several conflicts. Though most have rarely elevated beyond nuisance, others have caused significant damage or threatened escalation. In 2008, Russia-based actors launched a wave of attacks against Georgian targets, and similar malware appeared in operations against Ukraine in 2014. Japanese networks are frequently targeted, including during heightened Sino-Japanese territorial tensions and sensitive anniversaries, with origins reportedly traced to China. North Korean cyber actors are suspected of having conducted destructive operations that compromised South Korea’s national identification system—damage that may cost more than $1 billion and over a decade to repair. In 2014, U.S. officials blamed North Korea for destructive attacks against Sony Pictures Entertainment, an American subsidiary of the Japanese company Sony. North Korean officials deny the country’s role in these attacks and will likely seek to similarly obscure their hand in attacks during future crises to deter or delay a potential American or South Korean response. U.S. officials suspect Iran’s involvement in a 2012 cyberattack against two energy firms, one in Saudi Arabia and another in Qatar, that destroyed data and crippled thirty thousand computers, possibly in retaliation for alleged U.S. cyber operations, and to demonstrate an ability to conduct similar attacks against U.S. targets. U.S. financial firms subsequently suffered tens of millions of dollars in losses resulting from Iranian denial-of-service attacks launched in retaliation for economic sanctions. In 2014, Iran became the first country to carry out a destructive cyberattack on U.S. soil when it damaged the network of Las Vegas Sands after its chairman advocated a nuclear strike against the country. Inadvertent Ambiguity Due to the difficulty of determining whether certain activity is intended for espionage or preparation for an attack, cyber operations run the risk of triggering unintended escalation. Espionage malware that could be reprogrammed to gain control of networks, such as BlackEnergy, which has been discovered on critical infrastructure networks, may be viewed by victims as one update away from becoming an attack tool capable of crippling energy supplies, water-distribution and -filtration systems, or financial transactions. Security scans of networks intensified amid heightened geopolitical tensions could reveal such malware and prompt fears of an imminent attack, even if the malware was implanted for espionage purposes long before the crisis began. The difficulty of predicting a cyber operation’s effects and the interdependency of networked systems increase the risks that an operation will inadvertently spill over onto sensitive systems or cause unintended effects. One example of ambiguity and the risk of misperception is the 2010 discovery on Nasdaq servers of malware similar to a cyber tool reportedly developed by Russia’s Federal Security Service. Initial assessments maintained that the malware was capable of wiping out the entire stock exchange. Only later was it shown to be less destructive, according to media accounts. Such ambiguities during periods of heightened geopolitical tensions pose significant escalatory risks. Information security experts have raised similar concerns about other Russia-linked activity and questioned whether aspects of the activity are intended to insert offensive capabilities into critical infrastructure systems for future use. Ambiguity also arises in the case of “worms”—self-replicating malware that seeks out other computers to infect. Worms can spread so pervasively that their origin and intent can be difficult to infer from known victims. One worm, Conficker, spread to millions of computers and disrupted military communications in several European countries. Its creator and purpose remain unknown. Warning Indicators Indicators of activity with the potential to create or exacerbate an international political crisis include leadership statements of an intent to conduct or permit computer network operations against foreign networks; evidence of that intent, including research and development, budgetary allocations, or organizational changes, such as the creation of offensive cyber forces; the express or tacit acceptance of parastatal hackers; and a demonstrated capability to conduct computer network operations, including cyber-espionage and cyber operations against domestic targets. Tactical warning indicators resemble traditional conflicts, such as changes in the alert status of military units and an increase in crisis-related rhetoric. Indicators unique to cyber operations include increased efforts to probe foreign networks and an uptick of activity in online hacker forums discussing foreign targets and tools, techniques, and procedures appropriate for operations against them. Implications for U.S. Interests First, cyberattacks will eventually be part of every nation’s military strategy. The United States depends on information communications technologies for critical military and civilian services far more than its strategic rivals or potential adversaries. U.S. officials have noted an increase in computer network operations targeting state, local, and privately operated critical infrastructure­­, some of which have the potential to cause considerable harm to operations, assets, and personnel. Second, ambiguity in cyberspace elevates the risk that a significant cyber event amid a geopolitical crisis will be misattributed or misperceived, prompting a disproportionate response or unnecessary expansion of the conflict. Such an escalation would impair the United States’ prominent role and interest in global security and its commitment to international law. Third, U.S. officials’ ability to respond swiftly and effectively to cyberattacks is complicated by the difficulty of timely public attribution and ambiguity over what type of cyberattack would trigger a right to self-defense or security commitments to strategic partners. A failure to confidently attribute an attack or determine whether such activity constituted an attack could limit U.S. response options. Such confusion, uncertainty, and delay could weaken deterrence and the credibility of U.S. assurances, trigger a misperception of U.S. commitment, and undermine a U.S.-led coalition. Preventive Options Unilateral and bilateral steps offer the most immediate path for preventing and mitigating risks of ambiguity. Diverse interests and challenges that inhibit verification limit the likelihood and effectiveness of a comprehensive international agreement in the near term. The United States has two broad sets of policy options. The United States could enhance deterrence by strengthening defenses, building and supporting more resilient networks, and bolstering the capacity and credibility of U.S. retaliatory threats. Improve cyber defenses, elevate the role of the private sector, and support research. Government agencies and the private sector, which owns and operates the majority of critical networks on which the United States relies, should be encouraged to build and operate better defenses. Congress has considered several competing pieces of legislation to establish a legal framework that would encourage sharing of best practices and vulnerabilities between the public and private sectors. The disclosure of significant cybersecurity failures would expand awareness of threats and successful defenses, reduce duplicative efforts, improve the quality of cybersecurity products, and support market mechanisms to develop network security, such as the cybersecurity insurance market. Intensify testing of national cyber defenses. The Department of Homeland Security, the intelligence community, and relevant state, local, and private actors could expand national training exercises to clarify responsibilities and demonstrate capabilities, such as the CyberStorm series. Cyber exercises can showcase resiliency and improve incident response, and should include disaster-response operators to simulate health and safety issues that could accompany a major attack. Improve real and perceived attribution. A credible retaliatory threat will depend on perceptions of U.S. attribution capabilities. To showcase this capability, U.S. officials could expand intelligence collection against potential adversary cyber programs and increase public or government-to-government disclosures of intrusions. Intelligence, defense, and law enforcement officials could develop standards of attribution confidence that can be used to recommend levers of national power, including judicial, economic, diplomatic, intelligence, and military tools, as well as network actions, such as slowing or blocking Internet traffic to and from U.S. and allied networks. Modeled on legal burdens of proof, these standards could shorten the time it takes for U.S. agencies to recommend response options. U.S. officials could also support efforts to reduce anonymity on the Internet, including adjustments to the design, distribution, and authentication of Internet protocol (IP) addresses, but such reforms would come at too great a cost to free expression. Clearly define and enhance the role of the Cyber Threat Intelligence Integration Center (CTIIC) to ensure effective planning, coordination, and assignment of cyber operations. Congress can enhance U.S. cyber posture by codifying CTIIC’s role in integrating intelligence for the director of national intelligence and serving as an interagency forum to coordinate roles and responsibilities. The special assistant to the president and cybersecurity coordinator essentially serves as an interagency coordinator, but his or her portfolio is expansive and staff is small. An enhanced CTIIC, on the other hand, could ensure united efforts and report operational issues directly to the White House; these measures could improve operational awareness and guard against inadvertent escalation. Promote greater public clarity on U.S. cyber strategy and doctrine. Uncertainty over what amounts to a use of force in cyberspace can weaken deterrence if potential adversaries misperceive thresholds for retaliation. National security officials can reduce risks of miscalculation by more clearly defining how the United States perceives “use of force,” “armed attacks,” “aggression,” and activity below those thresholds. Some uncertainty is unavoidable to ensure flexibility in the context of an attack, but more clarity would promote stability by shaping expectations of behavior. Make good on (and use of) retaliatory threats. U.S. deterrence rests on credible assurances that the United States will retaliate strongly against perpetrators—both in and outside of cyberspace. When responsibility can be established, the White House could inflict costs on the offender that also have a deterrent effect on other potential adversaries. This could include an expanded offensive cyber capacity that provides policymakers with a wider range of options, but because operations in cyberspace may be noticed only by adversary network operators, they will likely have greater effect as part of a broader campaign that includes responses outside of the cyber domain, including use of the recently announced sanctioning authority targeting malicious cyber actors. The United States could establish responsible cyber precedents and norms. Intensify ongoing diplomatic efforts to promote the development of shared norms and expectations. Consensus on controversial issues relating to how international law applies to state behavior in cyberspace is unlikely in the near term. The diversity of national interests and verification challenges makes efforts to build cyber norms through formal treaties especially challenging. Given the risk of inaccurate attribution in cyberspace, however, countries should recognize a high threshold for what merits a forceful retaliation and remain mindful that the benefits of international communications technology come with vulnerabilities and defensive burdens. U.S. efforts to build such a shared understanding could include operational restraint; continued diplomatic work in the UN Group of Governmental Experts on international information security; confidence-building measures, such as joint cyber exercises that standardize bilateral attribution, mitigation, and data-sharing procedures; and the expansion of bilateral consultative mechanisms. Further clarify roles and responsibilities in the cyber domain. Congress could take several steps to elevate the role of diplomacy in U.S. cyber policy, better integrate cyber capabilities into military strategy and doctrine, ensure effective oversight, and signal the important distinction between cyber espionage and other types of cyber operations. These steps include establishing an assistant secretary of state for Internet and cyberspace affairs and ending the current policy that places a single official in charge of both the NSA and U.S. Cyber Command. A reallocation of responsibilities would further distinguish Title 10 (national defense) and Title 50 (covert) operations and help generate precedents of responsible state practice for each. Enhance support for foreign efforts to combat cybercrime. International cooperation is essential to combat illicit cyber activity from nonstate actors, such as terrorist networks, criminal groups, and patriotic hackers. Greater resources for international programs of the Department of Justice (DOJ) and streamlining how foreign officials receive DOJ assistance in cyber investigations would reinforce the norm of mutual assistance and pressure foreign governments to do likewise. Mitigating Options Establish or use a crisis-management group with allies and countries hosting affected networks. The same elements of ambiguity that can trigger a crisis can also exacerbate one. Because defensive cyber operations, which may be appropriate during an ongoing attack, can involve activity on information networks located in other countries and appear offensive in nature, the public or private messaging of a U.S. response will be vital to prevent crisis escalation or expansion. Such crisis-management groups should include top national security and diplomatic officials, and cyber officials from other countries’ computer emergency response teams, to build a foundation of familiarity and trust among relevant actors that would be called on in the wake of a major attack. Work with potential adversaries to prevent misperception of U.S. cyber activity. Given varying structures of cyber forces within the security agencies of potential adversaries, a U.S. signal sent by cyber means during a crisis may not reach national leaders. U.S. national security officials could establish or expand bilateral crisis-communication channels with foreign counterparts to issue warnings, request assistance, or open a dialogue about state involvement in a perceived attack. Pressure states unwilling to stop or support investigations of cyberattacks. In cases where the United States cannot attribute a cyberattack, it has levers short of force both in and outside of the cyber domain. Countries whose networks are used in a multistage attack could be given notice that a failure to stop it or to support an investigation is a breach of state responsibility that could result in adjustments to network traffic, diplomatic condemnation, or other sanctions. Such threats increase incentives to conduct cooperative forensics, develop mitigation measures, and make their information infrastructure a less attractive path for hostile computer network operations.  Recommendations Prospects for a comprehensive international solution to the risks posed by ambiguity in cyberspace are limited at this time, and some technical fixes that would aid attribution by limiting anonymity online would come with too great a social cost. Instead, a strategy that focuses on fortifying U.S. networks, building a more credible deterrent, and demonstrating responsible state practice offers the best path forward. The United States should improve the security and resilience of its networks and fortify the credibility of retaliatory capacity. Congress should pass legislation that facilitates real-time information sharing within and between the private and public sectors. Implementation of this information-sharing program is expected to cost $20 million over five years, according to the Congressional Budget Office. Congress should build on the February 2015 executive order designed to promote information sharing among private actors by offering tax incentives or grants to companies that join and support the work of information-sharing and analysis organizations—sector- or region-specific hubs that facilitate the exchange of cyber-threat data and cybersecurity best practices. Congress should help reduce critical vulnerabilities by expanding support for the new National Cybersecurity Federally Funded Research and Development Center (FFRDC); creating or incentivizing bug bounty programs for critical systems; adjusting criminal and civil laws, such as the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act, to enable and encourage responsible security research; and mandating robust cybersecurity requirements as a condition for federal-procurement eligibility to drive the commercial market for secure products. The Department of Defense (DOD) should expand efforts to improve cyber defense capabilities, information-assurance responsibilities, and research and development. DOD officials estimate this to cost $5.5 billion annually. Joint training exercises in the combatant commands ($456 million requested by DOD for 2016) should include cyber threats that could impede global access and operations to improve DOD mission resilience, support the development of best practices to share with critical infrastructure operators, and generate data to help avoid costly adjustments to hardware, firmware, and other fixes in later development stages. The Office of the Director of National Intelligence (ODNI) should expand signals and human intelligence collection against potential adversary cyber programs, as well as accelerate the intelligence community’s production and release of actionable cybersecurity information to vital information network and critical infrastructure operators. U.S. intelligence officials should also identify, in advance, types of classified data that could be shared publicly in the event of an incident to avoid a lengthy interagency declassification process that would delay a timely public attribution. When possible and appropriate, DOD officials should highlight U.S. involvement in offensive cyber operations against states, terrorist groups, and other illicit actors to fortify the credibility of U.S. retaliatory capacity among potential adversaries. Greater transparency into offensive cyber operations, as well as the doctrine underlying them, would also reinforce emerging norms in cyberspace by demonstrating responsible state practice and supporting U.S. efforts to overcome the skepticism of its commitments to shared interests and values in cyberspace that emerged in the wake of unauthorized disclosures of U.S. cyber activity. The United States should elevate diplomacy, clarify doctrine, and ensure clarity between intelligence and military cyber operations. Congress should create a Department of State (DOS) Bureau of Internet and Cyberspace Affairs to demonstrate that the United States gives as much attention to diplomatic policy options as it does military ones. The bureau should retain a direct reporting line to the secretary for threats, operations, and related strategic considerations. Congress should also make the NSA director a Senate-confirmed position eligible for civilians. Missions other than intelligence should be shifted to other appropriate entities, including U.S. Cyber Command and the combatant commands. ODNI should more frequently review intelligence priorities, operations, and targets to prevent unintended escalatory cyber events. The reviews should also clarify the chain of command and congressional oversight of Title 10 and Title 50 cyber operations. The director of CTIIC should facilitate reviews and broaden operational awareness among national security officials. DOD should further clarify doctrine related to cyber-effects operations to provide greater transparency into U.S. operations, reduce risks of miscalculation, and clarify response options. The United States should intensify diplomacy in concert with like-minded nations to promote the development of shared norms and expectations of appropriate behavior in cyberspace. DOS should expand formal dialogues with partners and potential adversaries to share views on appropriate behavior in cyberspace, including prohibitions against operations that damage critical infrastructure or computer emergency-response agencies, as well as affirmative norms, such as mutual assistance in investigations or efforts to counter ongoing attacks. The White House should publicly outline for less cooperative states the possible range of political-economic levers, including adjustments to network traffic, criminal sanctions, diplomatic condemnation, and U.S. Treasury actions that the United States could use to hold countries accountable for failing to stop harmful activity conducted from or through their networks. The United States should improve responsiveness to foreign requests for assistance in cyber investigations. Congress should increase support for the DOJ’s Computer Crime and Intellectual Property Section, National Security Division, Office of International Assistance, and Federal Bureau of Investigation to bolster prosecutorial efforts and keep pace with the growing number of foreign requests for support. DOJ estimates this to cost $722 million. Congress should support DOJ efforts to provide prompt support to cyber investigations including creating an online system to process requests. DOJ estimates this to cost $24.1 million. Conclusion Attacks against the diverse and growing number of vulnerabilities on critical U.S. networks will pose a significant risk of triggering or aggravating a crisis for years to come. Though the cyber threat cannot be eliminated, implementing the recommendations above would put the United States on a course to better manage its risks and promote stability. The United States should act now to enhance its cyber defense and deterrence, support the growth of shared norms, and improve the processes through which attacks are mitigated and investigated. The longer the United States delays taking these steps, the harder it will be to prevent and mitigate a crisis. Deterrence failures and misperceptions occur routinely in international relations, but a renewed focus now would significantly reduce the risk of an unnecessary crisis or escalation.