Given increases in the ability and willingness of various actors to target a nation's critical infrastructure, David Gompert and Hans Binnendijk have argued that the United States should use cyber operations to "amp up the power to coerce." This is a reasonable objective, but it ignores the conventional wisdom about cyber coercion that says it doesn't work. A major component of successful coercion is detailing the pain your enemy may endure. Communicating that capability in the cyber realm is likely to induce your enemy to "patch" the vulnerability you were hoping to exploit. How can actors ever coerce targets with cyber weapons if threatening them effectively neutralizes their utility?

"A key component of our framework entails distinguishing between two qualitatively different types of secrecy in the cyber domain. The first — the use of secrecy at the planning and execution stages of an attack — is often a technical prerequisite for success. The second type of secrecy — whether to claim credit for an attack privately or publicly — is a political decision. While many factors plausibly drive credit-claiming or credit-shirking behavior, two in particular stand out as significant: (1) whether target compliance is the objective; and (2) whether the perpetrator is a state or a non-state actor."