Cyberwarfare is a series of attacks and counter-attacks between nation-states using offensive and defensive cyber tools and methodologies. The only appreciable difference between cyberwar and other cybercrime is the objective of the combatants and potentially their resources.
Unlike the comparison of kinetic war and violent street crime, where the types of weapons and scale of the conflict are also factors, the weapons and scale of cyber warfare are pretty similar to that of cybercrime. There are no cyber weapons reserved only for nation-state conflict, and cyber criminals rarely hold any capability in reserve.
In this guide
- What are the rules?
- Who are the combatants?
- Role of civilians
- Governments need civilian help
- What’s at stake?
Innocent folks without much personal power to influence the conflict are often the targets of cyberwar. The same malware and DDoS attacks used to steal information and extort money are used to attack wartime enemies. Coinciding with Russia’s 2022 invasion of Ukraine, they used DDoS attacks against Ukrainian banks disabling websites and ATMs and a host of other essential government and humanitarian services.
In the strictest sense, cyberwar includes only the use of technological weapons deployed to disable and destroy an enemy’s cyberinfrastructure, communications, and digital weaponry, thereby degrading their warfighting capabilities. But in a broader definition, combat on the digital front includes much more than that.
Popaganda has always been used to undermine the support of enemy governments. Cyberspace is increasingly used as a tool for psychological manipulation and information warfare. The internet and social media have only heightened the effectiveness of wartime propaganda. This type of cyberwarfare has been used extensively by many nations for decades.
Information cyberwar is used against the enemy and one’s own citizens. In answer to a question from the Washington Post about what has been happening inside Russia, Russian American filmmaker Maxim Pozdorovkin said, “I don’t think Americans fully understand what’s been fed to Russians about the US and the West for literally the past decade. It’s been an information war—a totally one-sided information war—and it has been waged so fully and artfully that it’s made a lot of what’s happening now preemptively possible.”
The digitization of nearly every facet of life on our planet means that cyberwar can have far-reaching consequences for everyone. Cyberwarfare is not limited to one government’s military attacking an opposing military force; it is more akin to terrorism in many ways. Battle lines are unclear, and the identity of combatants is often unknown. Harming the adversary’s citizens to create pressure on the opposing government is often the aim.
What are the rules?
In modern kinetic warfare, some rules define acceptable behavior, even when killing one another. The Geneva Conventions, for example, are treaties and protocols that establish international legal standards for humanitarian treatment in war. While not always followed, these conventions help to limit wartime atrocities and protect innocent noncombatants.
Targeting civilian populations with bombs and missiles is generally considered a war crime, although there seems to be no similar universally accepted prohibition for using cyberweapons against civilians. Nation-states cry foul when bad actors from another country use cyber tools to destroy their cyber assets. Yet, they look the other way when cyberattacks against their adversaries originate from within their geographical boundaries.
Who are the combatants?
In a cyberwar, it is difficult to know who your enemy is. Because cyber-attack attribution is complex, nations often hide behind plausible deniability. Governments that conduct or condone offensive cyber operations believe that the target of their attack will be unable or unwilling to retaliate without positive attribution—the ability to prove who initiated the attack.
International law lacks a definition for reasonable or legitimate cyber attack attribution. And even if attribution were a simple matter—which it decidedly is not—the issue of knowing who your enemy is would still be complex. In most instances, civilian companies own and operate a nation’s cyberinfrastructure. Governments also rely on civilian experts and companies to protect against cyberattacks, but does that make these commercial entities legitimate targets or enemy combatants?
The role of civilians
Civilians play a unique role during a cyberwar. Not only are civilians targeted, but they can also participate in offensive actions sanctioned by their government and otherwise. Leveling military operations against noncombatants is prohibited under international agreements, but like with terrorism, civilian targets are often victims of cyber warfare.
Volunteers and hacktivists can get involved in cyberwar and muddy the strategic waters. Attacks and saber-rattling claims from civilian groups that in a kinetic war would not be considered combatants leave plenty of room for nation-state adversaries to claim a defensive necessity to attack non-military targets.
Because attribution is so tricky, attacks from hacktivist groups can easily be misattributed to nation-state adversaries, upsetting plans and strategies put in place by military leaders. US Government leaders have expressed concern over recent threats of cyberattacks against Russia from civilians. Knowing who is on the battlefield is essential to waging a successful campaign, kinetic or cyber.
Civilians on both sides of Russia’s war against Ukraine have threatened to use their cyber skills to influence the outcome. The decentralized international activist and hacktivist group Anonymous has claimed responsibility for several attacks against Russia and Russian businesses in response to the war. The Russia-based ransomware gang Conti said it would strike at the critical infrastructure of any country that attacks Russia.
The Wall Street Journal’s David Uberti wrote on February 28, 2022, “An “IT army” created by the Ukrainian government urged more than 200,000 followers on its Telegram channel Monday to attempt to take down the website of the Moscow Exchange. Thirty-one minutes later, the channel’s administrators shared a screenshot suggesting the exchange’s website had been knocked offline.” Websites for the Russian Foreign Ministry as well a critical state-owned bank were also knocked offline by loosely organized groups of volunteer hackers.
Governments need civilian help
Governments, including the United States, want civilians to be involved in cyberwarfare, but not too involved. Unlike the government’s unique ability to amass an arsenal of military weapons, they rely heavily on businesses for the expertise and technologies needed to defend against cyberattacks.
The US Government’s offensive cyber capabilities are primarily concentrated in the 780th Military Intelligence (MI) Brigade (Cyber), which conducts cyberspace operations supporting military objectives. While it would be uncharacteristic of the US Military to rely on civilians for offensive support, many offensive cyber weapons are commercially produced defensive tools repurposed for offensive objectives. For example, a defensive network scanner could also be used to find vulnerabilities in an adversary’s systems and facilitate the injection of malware.
Commercial businesses understand their critical role in defending their customers and their customer’s governments against cyberattacks. Protectorate is a unique and controversial role for companies to assume. Some people worry that competing financial interests may influence a commercial entity’s ability to make such grave decisions.
Microsoft Corp. President Brad Smith said in a blog post on February 28, “One of our principal and global responsibilities as a company is to help defend governments and countries from cyberattacks. Seldom has this role been more important than during the past week in Ukraine, where the Ukrainian government and many other organizations and individuals are our customers.”
Illustrating the critical role that private companies play in modern warfare, Smith continued, “Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure. We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success.”
Speaking before the Business Roundtable’s CEO Quarterly Meeting on March 21, 2022, President Biden said, “And I would respectfully suggest it’s a patriotic obligation for you to invest as much as you can in making sure … that you have built up your technological capacity to deal with … cyberattacks: first, to protect your own companies; second, … as providers of critical services that Americans rely on, from power to clean water; and finally, your role you can play in helping secure every American and every American’s privacy.”
Reminding his audience, at this meeting with CEOs, that they too share in the vulnerabilities of a cyberwar, Biden said that Russia could conduct malicious cyber activity against the US “as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners.”
The Kremlin immediately dismissed Biden’s warning to US companies, saying on March 22 that Russia “does not engage in state-level banditry.”
However, the current crisis in Ukraine is not the first time Russia has deployed cyber weapons to augment a kinetic war, and US cybersecurity experts widely believe that Russia sponsors several cyber threat actors that regularly attack US interests.
Writing for the Modern War Institute at West Point in 2018, Capt. Sarah P. “Sally” White said the August of 2008 war between Russia and Georgia “was remarkable for its inclusion of a series of large-scale, overt cyberspace attacks that were relatively well synchronized with conventional military operations. Conducted by an army of patriotic citizen hackers, the cyber campaign consisted of distributed denial of service (DDoS) attacks and website defacements that were similar in nature but different in method to what had occurred in Estonia the year prior.”
What’s at stake with cyberwarfare?
Because cyberwarfare is used to augment kinetic war, it is difficult to isolate the costs and adverse effects caused by the enemy’s cyber capabilities alone. When the effects of a cyberattack result in the advancement of an invading army, such as we currently see in Ukraine, the cost is loss of innocent life and freedom.
Cyber attacks, be they of the cyberwar or cybercrime variety, are extremely expensive for businesses and individuals. A data breach compromising 1-10 million records—not unusual by today’s standards—costs $50 million on average. The 2022 Cyber Attack Statistics, Data, and Trends report from IT MSP Parachute indicates cybercrime cost the global economy about $1 trillion last year.
In addition to banks, government services, and food supply chains, critical infrastructure providers are sure targets during cyberwar. CEO of Duke Energy Corp., Lynn Good, recently told the Wall Street Journal, “We have been in a state of preparedness that is very heightened, monitoring everything, sharing information in a way that is really important for a moment like this.” Duke Energy is headquartered in Charlotte, North Carolina, and provides electricity and natural gas to customers in several US states.
Attacking the supply chains necessary for civilians to survive or evacuate and hindering humanitarian groups attempting to render aid are tactics reminiscent of tribal and regional wars in recent years in the Middle East. Regarding what is occurring in Ukraine, Brad Smith noted that Microsoft is especially concerned about recent cyberattacks on civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises.
Much is at stake with cyberwarfare. When used as a force multiplier for an attacking army, it can cripple a target’s ability to communicate, move goods and services, and survive harsh weather conditions.
Cyberwarfare is at once the technological attack on critical digital systems and cyberspace propaganda. It is used to weaken a population’s resolve and ability to fight while simultaneously crippling critical infrastructure and communication.
Unlike any previous period in the history of warfare, governments are highly reliant on commercial businesses for technical expertise and tools to detect, defend and fight cyber adversaries. Cyberwarfare is not a stand-alone wartime strategy; rather, it is ancillary aggression designed to weaken and confuse the enemy.