The Oxford Essential Dictionary of the US Military defines deterrence as “the prevention from action by fear of the consequences. Deterrence is a state of mind brought about by the existence of a credible threat of unacceptable counteraction.” From this, readers can deduce that deterrence is a state of mind and a product of rational decision-making.

Basing security policy on either of these assumptions is foolhardy. It is challenging to calibrate deterrence. This requires distinguishing enough deterrence, where credible fear of counteraction keeps the peace, from too much deterrence, where credible fear of an opponent’s motives can lead to a preemptive attack.

First, some practical examples. Returning to October 7, 2023, it is possible to say Israeli deterrence failed. Since 1948 Israel has sought to maintain a level of strength and preparedness sufficient to prevent its enemies from planning and executing attacks, using the threat of overwhelmingly force to maintain deterrence against its enemies.

The first major sign of trouble with this approach came in 1968, months after Israel’s defeat of its Arab neighbors in the Six-Day War, when Egypt began preparing a response. This came in October 1973 with Operation Badr, the attack which kicked off the Yom Kippur War. Similarly, Hamas began planning its 2023 attack immediately after a major defeat nine years before in the Gaza War of July–August 2014.

In both cases, deterrence failed years before the actual attacks. Israel’s overwhelming military superiority simply delayed the inevitable response to a situation its adversaries saw as absolutely unacceptable. Israel, overconfident in its deterrent capability, discounted the danger when intelligence assets began to report trouble. Thus, a single-minded reliance on deterrence actually led to future conflict.

So much for recent practice. On the theoretical side, scholars and practitioners alike have sought to chart the proximate triggers of war. The Athenian general Thucydides offered a multi-dimensional explanation in his History of the Peloponnesian War. He believed conflict resulted from three factors: Phobos (fear), kerdos (self-interest), and/or doxa (honor or reputation).

Deterrence, as we have seen, relies on threats of force which induce phobos, and therein lies a huge problem: it ignores the crucial elements of self-interest and honor or reputation. Thucydides named phobos as a principal trigger for conflict, even as definitions of deterrence, the current paradigm for conflict prevention, cite its reliance on instilling phobos. As the French might say, not only does deterrence fail in practice, but even worse, it does not work in theory.

Nuclear Deterrence and Global Devastation 

The shortcomings of conventional deterrence are well documented. Then there is its younger brother, nuclear deterrence. The story there is much simpler. Recent research on nuclear winter has lowered estimates of the megatonnage of nuclear detonations needed to trigger the phenomenon. Significant global effects leading to the starvation of over a billion people could be triggered by the use of as few as one hundred “small” Hiroshima-sized (total 1.5 megatons) explosions over urban targets.

This is extraordinarily bad news for the nuclear weapons priesthood, which has been chanting slogans of escalation dominance in government ears since the 1960s. The only rational nuclear deterrence that can be relied upon, it now seems, is self-deterrence, where a conflict which seems unwinnable by conventional means is now far more likely to appear unthinkable in nuclear terms.

Seeking a Realistic, Effective Alternative

Eliminating all nuclear weapons is clearly a necessary part of the journey towards lasting peace. But focusing on particular weapons is miscasting the problem and thus misunderstanding the nature of the solution. The world needs a transition away from the deterrence-based para bellum paradigm, the idea that achieving peace requires constant preparation for war, toward a new way of looking at conflict. This article proposes a radically different paradigm, Trinitarian Realism, which rests upon three principal assumptions.

First, in a concept borrowed from the Christian Trinity, one’s individual confession (peccavi) is important, but the collective and universal confession (peccavimus) is crucial in international peacebuilding. All need to recognize that each has sinned and fallen short, that no one comes to the table, any table, anywhere, with completely clean hands. Second, readers must truly grasp Carl von Clausewitz’s “remarkable trinity” in war, combining the irrational (war moves a citizenry to violence, hatred, and enmity); the non-rational (commanders face “the play of chance and probability”); and the über-rational (governments attempt to “subordinat[e war] as an instrument of policy”).

This guarantees wholly unknowable results. As Nassim Nicholas Taleb points out, “What is surprising is not the magnitude of our forecast errors, but our absence of awareness of it. This is all the more worrisome when engaging in deadly conflicts; wars are fundamentally unpredictable (and we do not know it).” Finally, that the July 16, 1945, Trinity event at White Sands, New Mexico, the first nuclear explosion, introduced a global catastrophic risk arising from the multiple and wide-ranging ecological effects of nuclear winter.

A transition away from deterrence can begin by not reflexively demonizing anyone with whom there is a serious disagreement. Softening morality projections and focusing judgment on a better understanding of complex collective emotions is also helpful. We can do this with far greater humility, including recognition that we will get our assessments wrong.

Writing of diplomatic historian and Christian apologist Herbert Butterfield, political scientist Paul Sharp provided the bare bones of a three-dimensional replacement for deterrence which we call strategic compassion: “Butterfield’s writings on Christianity and international relations suggest…the moral principles of self-restraint [as antidote for fear/phobos], empathy [honor/doxa] and charity [self-interest/kerdos] upon which an effective diplomacy should be based.”

Finally, we believe that nations must abandon their attachment to nuclear deterrence postures for the reasons outlined above and must accept the eradication of all nuclear weapons—before they eradicate all of us.

Paul Ingram is a Research Affiliate and former Academic Programme Manager with the Centre for the Study of Existential Risk (CSER) at Cambridge University. Edmond E. (Ted) Seay III is a retired Foreign Service Officer with 26 years’ experience in arms control, disarmament, and nonproliferation. His final assignment was as principal arms control advisor to US NATO Permanent Representative to the North Atlantic Council Ivo Daalder.

Deconstructing Deterrence was originally published on Global Security Review.

Maritime ports authorize customs clearance and are involved in regulatory checks, ensuring compliance with national and international law. Ports perform most of these functions digitally. Maritime ports are now under serious threat of malicious cyberattacks that can disrupt and compromise port operations worldwide.

Industry is deeply interconnected, and a cyberattack on one major port can send shockwaves through global trade networks. Consider a scenario where a major port, responsible for handling millions of cargo containers, suddenly halts operations due to a cyberattack. Cranes freeze, logistics systems collapse, and cargo ships are left stranded at sea. This is not a hypothetical scenario; it is a real and escalating threat to global trade.

The maritime industry, long seen as the backbone of international commerce, now faces an urgent cybersecurity crisis. Ports are no longer just about cranes and cargo; they have evolved into digital ecosystems reliant on interconnected networks, automation, and artificial intelligence. As ports become smarter, they are also becoming more vulnerable. Cybercriminals are increasingly exploiting these vulnerabilities, causing financial losses, operational disruptions, and even national security risks.

Maritime cyberattacks are no longer rare occurrences, they are becoming alarmingly frequent. In 2023, a ransomware attack crippled more than 1,000 vessels by targeting a software provider used across the shipping industry. The attack forced the shipping industry to shut down its ShipManager system, affecting global supply chains. A year earlier, the Port of Lisbon suffered a cyberattack that took its website offline for days, with the ransomware group LockBit claiming responsibility and alleging that it had stolen financial reports, contracts, and ship logs.

In Germany, a 2022 cyberattack on two oil companies disrupted fuel shipments, forcing Shell to reroute supplies and exposing the vulnerabilities of critical maritime infrastructure. The 2017 NotPetya ransomware attack, which paralyzed Maersk and caused an estimated $300 million in damage, remains one of the most devastating cyberattacks in shipping history.

Ports are among the most attractive targets for cybercriminals. The motives behind these attacks vary as some hackers seek financial gain, while others aim to steal sensitive trade-related data, and some may even use cyberattacks as part of hybrid warfare.

The economic consequences are staggering, from ransom payments and insurance hikes to delays that can ripple across global supply chains. Beyond financial losses, cyber threats to ports pose serious security risks. For example, a well-coordinated cyberattack on a major port could disrupt military logistics, cripple trade networks, or even manipulate cargo data to facilitate smuggling and illicit trade.

Hackers carry the potential for unauthorized intrusion into ports’ digital networks and interrupt ports’ routine operation through malicious software attacks. The workforce involved in port management may be trapped into revealing sensitive data by clicking on malicious links. The hackers can also disrupt digital networks that regulate critical port infrastructure, such as cranes, pumps, and valves. Supervisory control and data acquisition (SCADA) systems can come under cyber threats disrupting routine functions. Nonstandard computing hardware like sensors, actuators, or appliances that transmit data from the network wirelessly are vulnerable to data theft.

Hackers can steal data such as cargo manifests, crew information, and financial records. They can also manipulate data, such as altering cargo manifests, or manipulate navigation systems. Hackers can also steal intellectual property, such as trade secrets or proprietary software.

Another pressing issue is supply-chain security. Ports rely on a complex web of third-party vendors for logistics, software, and cargo management. If one vendor is compromised, the entire port system could be at risk.

Hackers can also use unmanned aerial vehicles (UAVs) for surveillance means or to attack port infrastructure, such as damaging equipment or disrupting power supplies. Ports may be exposed to cyberattacks through third-party suppliers, such as logistics providers or maintenance contractors. Ports may be exposed to cyberattacks through cargo and containers, which may contain malicious devices or software.

Cybersecurity in the maritime sector is often treated as an afterthought. Many ports still operate with outdated software and weak security protocols, making them easy targets. Given the critical role of ports in the global economy, the widening cybersecurity gap is a growing challenge. Strengthening port security necessitates urgent regulatory mechanisms, some of which are proposed below.

Regulatory Mechanisms

To mitigate the growing cyber threat, ports should adopt internationally recognized cybersecurity frameworks. First, ports should adhere to the rules and protocols of the International Maritime Organization’s (IMO) Maritime Cyber Risk Management Guidelines, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and ISO 27001 standards. Implementing these frameworks will help establish clear security protocols and ensure that ports are prepared to defend against cyberattacks.

Second, network security should be reinforced by segmenting information technology (IT) and operational technology (OT) systems, preventing malware from spreading across critical infrastructure. Regular penetration testing and vulnerability assessments can further identify weak points before attackers do.

Third, investing in cybersecurity training for port workers is equally crucial. Many cyberattacks exploit human error—phishing e-mails, weak passwords, and social engineering attacks remain among the most common entry points for hackers. A well-trained workforce can serve as the first line of defense against these threats.

Fourth, leveraging artificial intelligence and machine learning for threat detection can enhance ports’ ability to identify cyber risks before they escalate into full-scale attacks. Artificial intelligence (AI)–led systems can monitor network activity in real time, flagging suspicious behavior and predicting potential breaches before they happen. In this regard, the strict security assessments of third-party vendors and blockchain-based cargo tracking can enhance transparency and reduce the risk of supply-chain cyberattacks.

Fifth, beyond prevention, ports should also be prepared to respond effectively to cyber incidents. For this, establishing cyber incident response teams (CIRT) can ensure that ports have trained professionals ready to mitigate and recover from cyberattacks swiftly.

Sixth, regular cyber drills and crisis simulations should be conducted to test response plans. This ensures that when an attack occurs, the damage is minimized, and recovery is swift.

Seventh, international collaboration to deal with these threats is essential. Governments, port authorities, and private stakeholders should work together to share intelligence, standardize security protocols, and invest in collective defense mechanisms.

Public-private partnerships can play a key role in funding advanced cybersecurity infrastructure, while international regulatory bodies like the IMO must enforce stricter cybersecurity mandates across the industry. Finally, as ports transition into smart ports, powered by the internet of things (IoT), AI, and automation, cybersecurity should be at the forefront of maritime security strategies. Emerging technologies like quantum computing and zero trust architecture will play a crucial role in strengthening digital defenses, but ports should remain vigilant. The very technologies designed to enhance security could also introduce new vulnerabilities if not properly managed.

Cybersecurity is no longer just a technical issue; it is a fundamental pillar of modern port management. If cybersecurity continues to be treated as an afterthought, the next major cyberattack could bring global trade to a standstill. Ports are the lifelines of the world economy, and securing them is not just about protecting data, it is about safeguarding the stability of international commerce and national security.

Maryyum Masood is working as a Research Officer & Associate Editor at the Center for International Strategic Studies (CISS) Islamabad. She is an MPhil scholar in the Department of Strategic Studies at the National Defense University (NDU) Islamabad.

Rizwana Abbasi is an Associate Professor of Security Studies at the National University of Modern Languages, Islamabad, a non-resident Fellow of the Center for International Strategic Studies (CISS), Islamabad, and a Visiting Fellow at the Central European University of Austria.

Cybersecurity Framework for Maritime Port Management was originally published on Global Security Review.