- What are the rules?
- Who are the combatants?
- Role of civilians
- Governments need civilian help
- What’s at stake?
- Conclusion
Over the last decade, cyberattacks have evolved from isolated incidents of hacking into highly coordinated campaigns targeting critical infrastructure, government systems, and private enterprises.
What once was considered the realm of hackers or rogue actors is now increasingly recognized as a tool of geopolitical strategy used by nation-states.
In 2025, cyberwarfare will be an essential component of modern military doctrine, with its implications stretching far beyond the digital realm.
This article explores the evolving landscape of cyberwarfare, its implications for national security, and the measures being taken by the United States to defend against these threats.
Related resources
Cyberwarfare involves attacks and counterattacks between nation-states using cyber tools and techniques. The key difference between cyberwar and cybercrime lies in the objectives and resources of the combatants, though the weapons and scale can be quite similar. Both nation-state conflicts and cybercrime often use similar methods, such as malware and DDoS attacks, to cause disruption.
Innocent civilians often become targets in cyberwar, with cyberattacks aimed at damaging infrastructure, stealing information, and spreading fear. For example, during Russia’s 2022 invasion of Ukraine, DDoS attacks were used against Ukrainian banks, government services, and humanitarian efforts.
Cyberwar in its strictest sense refers to using technological weapons to disable an enemy’s digital infrastructure, communications, and weaponry. However, it also includes psychological manipulation and propaganda, which have been historically used in wartime and are now amplified through digital platforms and social media. Information warfare is a significant aspect, as seen in Russia’s one-sided narrative fed to its citizens about the West, shaping public opinion and justifying actions.
Cyberwarfare’s impact extends beyond military targets, affecting everyday life due to the digitization of society. It shares similarities with terrorism in that battle lines are blurred, and combatants are often anonymous. The aim is frequently to create pressure on the opposing government by harming its citizens, making cyberwarfare a complex and far-reaching threat.
What are the rules?
In modern kinetic warfare, some rules define acceptable behavior, even when killing one another. The Geneva Conventions, for example, are treaties and protocols that establish international legal standards for humanitarian treatment in war.
While not always followed, these conventions help to limit wartime atrocities and protect innocent noncombatants.
Targeting civilian populations with bombs and missiles is generally considered a war crime, although there seems to be no universally accepted prohibition for using cyberweapons against civilians.
Nation-states cry foul when bad actors from another country use cyber tools to destroy their cyber assets. Yet, they look the other way when cyberattacks against their adversaries originate from within their geographical boundaries.
Who are the combatants?
In a cyberwar, it is difficult to know who your enemy is. Because cyber-attack attribution is complex, nations often hide behind plausible deniability.
Governments that conduct or condone offensive cyber operations believe that the target of their attack will be unable or unwilling to retaliate without positive attribution—the ability to prove who initiated the attack.
International law lacks a definition for reasonable or legitimate cyber attack attribution. And even if attribution were a simple matter—which it decidedly is not—the issue of knowing who your enemy is would still be complex.
In most instances, civilian companies own and operate a nation’s cyberinfrastructure. Governments also rely on civilian experts and companies to protect against cyberattacks, but does that make these commercial entities legitimate targets or enemy combatants?
The role of civilians
Civilians play a unique role during a cyberwar. Not only are civilians targeted, but they can also participate in offensive actions sanctioned by their government and otherwise.
Leveling military operations against noncombatants is prohibited under international agreements, but like with terrorism, civilian targets are often victims of cyber warfare.
Volunteers and hacktivists can get involved in cyberwar and muddy the strategic waters. Attacks and saber-rattling claims from civilian groups that in a kinetic war would not be considered combatants leave plenty of room for nation-state adversaries to claim a defensive necessity to attack non-military targets.
Because attribution is so tricky, attacks from hacktivist groups can easily be misattributed to nation-state adversaries, upsetting plans and strategies put in place by military leaders.
U.S. government leaders have expressed concern over recent threats of cyberattacks against Russia from civilians. Knowing who is on the battlefield is essential to waging a successful campaign, kinetic or cyber.
Civilians on both sides of Russia’s war against Ukraine have threatened to use their cyber skills to influence the outcome. The decentralized international activist and hacktivist group Anonymous has claimed responsibility for several attacks against Russia and Russian businesses in response to the war.
The Russia-based ransomware gang Conti said it would strike at the critical infrastructure of any country that attacks Russia.
The Wall Street Journal’s David Uberti wrote on February 28, 2022, “An “IT army” created by the Ukrainian government urged more than 200,000 followers on its Telegram channel Monday to attempt to take down the website of the Moscow Exchange.
Thirty-one minutes later, the channel’s administrators shared a screenshot suggesting the exchange’s website had been knocked offline.” Websites for the Russian Foreign Ministry as well as a critical state-owned bank were also knocked offline by loosely organized groups of volunteer hackers.
Governments need civilian help
Governments, including the United States, want civilians to be involved in cyber warfare, but not too involved. Unlike the government’s unique ability to amass an arsenal of military weapons, they rely heavily on businesses for the expertise and technologies needed to defend against cyberattacks.
The US Government’s offensive cyber capabilities are primarily concentrated in the 780th Military Intelligence (MI) Brigade (Cyber), which conducts cyberspace operations supporting military objectives.
While it would be uncharacteristic of the US Military to rely on civilians for offensive support, many offensive cyber weapons are commercially produced defensive tools repurposed for offensive objectives.
For example, a defensive network scanner could also be used to find vulnerabilities in an adversary’s systems and facilitate the injection of malware.
Commercial businesses understand their critical role in defending their customers and their customers’ governments against cyberattacks. Protectorate is a unique and controversial role for companies to assume.
Some people worry that competing financial interests may influence a commercial entity’s ability to make such grave decisions.
Microsoft Corp. President Brad Smith said in a blog post in February 2022,
“One of our principal and global responsibilities as a company is to help defend governments and countries from cyberattacks. Seldom has this role been more important than during the past week in Ukraine, where the Ukrainian government and many other organizations and individuals are our customers.”
Illustrating the critical role that private companies play in modern warfare, Smith continued, “Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure.
We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success.”
Speaking before the Business Roundtable’s CEO Quarterly Meeting on March 2022, President Biden said,
“And I would respectfully suggest it’s a patriotic obligation for you to invest as much as you can in making sure … that you have built up your technological capacity to deal with … cyberattacks: first, to protect your own companies; second, … as providers of critical services that Americans rely on, from power to clean water; and finally, your role you can play in helping secure every American and every American’s privacy.“
Reminding his audience, at this meeting with CEOs, that they too share in the vulnerabilities of a cyberwar, Biden said that Russia could conduct malicious cyber activity against the US “as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners.”
The Kremlin immediately dismissed Biden’s warning to US companies, saying on March 22 that Russia “does not engage in state-level banditry.”
However, the current crisis in Ukraine is not the first time Russia has deployed cyber weapons to augment a kinetic war, and US cybersecurity experts widely believe that Russia sponsors several cyber threat actors that regularly attack US interests.
Writing for the Modern War Institute at West Point in 2018, Capt. Sarah P.. “Sally” White said the August 2008 war between Russia and Georgia “was remarkable for its inclusion of a series of large-scale, overt cyberspace attacks that were relatively well synchronized with conventional military operations.
Conducted by an army of patriotic citizen hackers, the cyber campaign consisted of distributed denial of service (DDoS) attacks and website defacements that were similar in nature but different in method to what had occurred in Estonia the year prior.”
What’s at stake with cyberwarfare?
Because cyberwarfare is used to augment kinetic war, it is difficult to isolate the costs and adverse effects caused by the enemy’s cyber capabilities alone. When the effects of a cyberattack result in the advancement of an invading army, such as we currently see in Ukraine, the cost is the loss of innocent lives and freedom.
Cyber attacks, be they of the cyberwar or cybercrime variety, are extremely expensive for businesses and individuals. A data breach compromising 1-10 million records—not unusual by today’s standards—costs $50 million on average.
The 2022 Cyber Attack Statistics, Data, and Trends report from IT MSP Parachute indicates cybercrime cost the global economy about $1 trillion last year.
In addition to banks, government services, and food supply chains, critical infrastructure providers are sure targets during a cyberwar.
CEO of Duke Energy Corp., Lynn Good, recently told the Wall Street Journal, “We have been in a state of preparedness that is very heightened, monitoring everything, sharing information in a way that is really important for a moment like this.”
Duke Energy is headquartered in Charlotte, North Carolina, and provides electricity and natural gas to customers in several US states.
Attacking the supply chains necessary for civilians to survive or evacuate and hindering humanitarian groups attempting to render aid are tactics reminiscent of tribal and regional wars in recent years in the Middle East.
Regarding what is occurring in Ukraine, Brad Smith noted that Microsoft is especially concerned about recent cyberattacks on civilian digital targets, including the financial sector, the agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises.
Much is at stake with cyberwarfare. When used as a force multiplier for an attacking army, it can cripple a target’s ability to communicate, move goods and services, and survive harsh weather conditions.
Conclusion
To effectively counter the confluence of rising geopolitical instability, the widespread availability of sophisticated cyber weaponry, and the escalating attacks on vital infrastructure, the United States must adopt a forward-thinking and flexible approach.
This necessitates a strong emphasis on improving threat intelligence capabilities, reinforcing defensive measures, strategically investing in advanced technologies such as AI, and building strong collaborative relationships between the public and private sectors, as well as with international allies, to safeguard national security and economic stability in the digital age.
Frequently asked questions
Cyberwarfare refers to the use of digital attacks by nations or organized groups against information systems to cause harm or disruption. This can range from hacking government databases to disabling critical infrastructure.
While traditional warfare involves physical confrontations using armed forces, cyber warfare targets digital assets and systems. It can lead to real-world consequences without direct physical combat.
State-sponsored hackers, intelligence agencies, and organized cybercrime groups are the primary actors. These entities often possess sophisticated tools and techniques to launch cyberattacks on a large scale.
Nations can protect themselves from cyber threats by developing a comprehensive national cybersecurity strategy, investing in advanced threat detection and response systems, conducting regular cybersecurity drills and simulations, collaborating internationally for threat intelligence sharing, and educating the public and private sectors about potential threats.
Yes. Attacks targeting critical infrastructure like power grids, water supply systems, or transportation networks can cause real-world disruptions and damage.
Beyond potential service disruptions, cyber warfare can lead to data breaches, financial losses, and reduced trust in digital platforms. Businesses might also be targeted as collateral in larger geopolitical conflicts.
Sources
- DDoS attacks against Ukrainian banks article | From CNBC.com in Apr 2025
- Digital technology and the war in Ukraine blog | From Microsoft in Apr 2025
- Russia Cyber Threat Overview and Advisories | From CISA in Apr 2025
- Cyber Attack Statistics data and trends | From IT MSP Parachute in Apr 2025