Cyber security has evolved from a technical discipline to a strategic, geopolitical concept. The question for national security thinkers today is not how to protect one or even a thousand computers, but millions, including the “cyberspace” around them. Strategic challenges require strategic solutions. This article considers four nation-state approaches to cyber attack mitigation: 1) Technology: Internet Protocol version 6 (IPv6); 2) Doctrine: Sun Tzu’s Art of War; 3) Deterrence: can we prevent cyber attacks?; 4) Arms control: can we limit cyber weapons? These threat mitigation strategies fall into different categories. IPv6 is a technical solution. Art of War is military. The third and fourth strategies are hybrid: deterrence is a mix of military and political considerations, while arms control is a political/technical approach. Technology and doctrine are the most likely strategies to provide short-term improvement in a nation’s cyber defense posture. Deterrence and arms control, which are more subject to outside political influence and current events, may offer cyber attack mitigation but only in the longer-term.