cyber war essay

Programs submenu

Regions submenu, topics submenu, postponed: a complete impasse—gaza: the human toll, is it me or the economic system changing chinese attitudes toward inequality: a big data china event, new frontiers in uflpa enforcement: a fireside chat with dhs secretary alejandro mayorkas.

• Abshire-Inamori Leadership Academy
• Aerospace Security Project
• Africa Program
• Americas Program
• Arleigh A. Burke Chair in Strategy
• Asia Maritime Transparency Initiative
• Asia Program
• Australia Chair
• Brzezinski Chair in Global Security and Geostrategy
• Brzezinski Institute on Geostrategy
• Chair in U.S.-India Policy Studies
• China Power Project
• Chinese Business and Economics
• Defending Democratic Institutions
• Defense-Industrial Initiatives Group
• Defense 360
• Defense Budget Analysis
• Diversity and Leadership in International Affairs Project
• Economics Program
• Emeritus Chair in Strategy
• Energy Security and Climate Change Program
• Europe, Russia, and Eurasia Program
• Freeman Chair in China Studies
• Futures Lab
• Geoeconomic Council of Advisers
• Global Food and Water Security Program
• Global Health Policy Center
• Hess Center for New Frontiers
• Human Rights Initiative
• Humanitarian Agenda
• Intelligence, National Security, and Technology Program
• International Security Program
• Japan Chair
• Kissinger Chair
• Korea Chair
• Langone Chair in American Leadership
• Middle East Program
• Missile Defense Project
• Project on Critical Minerals Security
• Project on Fragility and Mobility
• Project on Nuclear Issues
• Project on Prosperity and Development
• Project on Trade and Technology
• Renewing American Innovation Project
• Scholl Chair in International Business
• Smart Women, Smart Power
• Southeast Asia Program
• Stephenson Ocean Security Project
• Strategic Technologies Program
• Wadhwani Center for AI and Advanced Technologies
• Warfare, Irregular Threats, and Terrorism Program
• All Regions
• Australia, New Zealand & Pacific
• Middle East
• Russia and Eurasia
• American Innovation
• Civic Education
• Climate Change
• Cybersecurity
• Defense Budget and Acquisition
• Defense and Security
• Energy and Sustainability
• Food Security
• Gender and International Security
• Geopolitics
• Global Health
• Human Rights
• Humanitarian Assistance
• Intelligence
• International Development
• Maritime Issues and Oceans
• Missile Defense
• Nuclear Issues
• Transnational Threats
• Water Security

Evolving Cyber Operations and Capabilities

Photo: Syda Productions/Adobe Stock

Table of Contents

Report by James Andrew Lewis and Georgia Wood

Published May 18, 2023

Available Downloads

• Download the Full Report 2271kb

Most networks can be breached, and most software has exploitable flaws. This can give unparalleled advantage to attackers, but the situation in Ukraine suggests that an energetic and thorough defense can prove more than adequate in matching this advantage. The Ukraine experience can guide decisions on cyber defense, and it suggests that adequate cyber defense will require different approaches, involve new actors, and be complex for nations to construct and coordinate. As part of the UK National Cyber Security Centre’s efforts to shape debate and discussion around cybersecurity issues, this collection of essays examines the war in Ukraine, with a view to the wider debate around the role and value of cyber capabilities.

These essays explore different aspects of defense and resilience—including the actors that contribute to it—and identify lessons that Western countries can draw from the Ukrainian experience to build robust, collective cyber resilience. This includes the power of partnerships, whether in responding to cyberattacks or ensuring the continuation of vital services amidst conflict, and the unprecedented coalition of government, multinational, industry, and civil society actors whose efforts have enabled a stronger Ukrainian defense. The essays provide a deeper understanding of the use of cyber operations in the war—and how democratic countries should, in light of this, prepare their cyber defenses and resilience, whether within or outside of a conflict.

This report is made possible by the generous support from the UK National Cyber Security Centre. 

James Andrew Lewis

Georgia Wood

Programs & projects.

The Andrea Mitchell Center for the Study of Democracy

Search form.

Making Cyber Warriors Emerge: Maintenance, Innovation and the History of Cyber Operations

This essay is adapted from rebecca slayton, “ what is a cyber warrior the emergence of u.s. military cyber expertise, 1967–2018 ,” texas national security review 4, no 1 (2021): 62-96..

On May 4, 2018, U.S. Cyber Command was elevated from a sub-unified command under U.S. Strategic Command, making it America’s 10th unified combatant command. At a ceremony marking this change, Deputy Secretary of Defense Patrick Shanahan described the command’s challenge as strengthening “our arsenal of cyber weapons, cyber shields and cyber warriors.” [1]

Shanahan’s words evoke the image of a traditional warrior, fighting with weapons and a shield. And yet, cyber “warfare” differs dramatically from traditional combat. [2] Cyber warriors typically work at desks, and without substantial physical risk. Furthermore, while missiles, drones, combat aircraft, and other high technology have all changed how militaries fight and what it means to be a warrior, the technologies with which cyber warriors work are not unique to the military. [3] Every major civilian organization today also relies on complex computer networks and experts who defend them. While some cyber warriors attack adversary computer networks, many spend their time focused on defensive work that differs very little, if at all, from that of civilian computer security experts. Indeed, the U.S. Defense Department has leveraged the civilian U.S. National Initiative on Cybersecurity Education workforce framework to build its own cyber workforce. [4] For that matter, the Department of Defense uses civilian contractors for both offensive and defensive cyber operations.

So, how did this field of work come to be recognized as a form of warfare? The pioneers of this new field have argued that the rise of military cyber operations was a necessary response to a series of “wake-up calls” that came in the form of computer network intrusions, by both real adversaries and penetration testers, in the 1990s and 2000s. [5] Journalists and scholars have reinforced this narrative, arguing that technological changes created new risks and necessitated organizational innovations. [6]

While these accounts have made valuable contributions to historical understanding, they are incomplete in two significant ways. First, they largely bracket questions about the origins of technological change, treating the rise of technological vulnerability and threat as an exogenous shock to the U.S. military. But the U.S. military did not simply respond to the new vulnerabilities and threats that attended the rise of computer networking. It also actively drove the development of new technological capabilities as it pursued various functional advantages, such as increased efficiency in logistics systems and operational advantages in network-centric warfighting. [7] The vulnerabilities associated with military computer networking were created not only by flawed commercial technology, but also by practices internal to the Department of Defense. These include the decentralized pursuit of new networking technologies, a lack of strong security standards, and a lack of security training and a security culture among the communications and computing personnel charged with deploying computer systems. [8]

Second, the history of military cyber operations is not just about innovation, but also about the growing importance of mundane maintenance work, such as training users, patching software, and strengthening passwords. [9] Contrary to a substantial body of scholarship on the sources of military innovation, I argue that innovation is not always an unmitigated good. [10] As the Defense Department incorporated innovations in microcomputers and networking into its information systems in the 1980s, its vulnerability to computer network attack grew substantially. [11] These vulnerabilities dramatically increased the need for new kinds of sociotechnical repair and maintenance.

The histories we tell about cyber operations matter, because they shape the status granted to various kinds of work, incentives for doing that work well, and ultimately the technologies that emerge from that work. Today, the vast majority of cyber operations consists of maintaining network security rather than innovating or using new cyber “weapons.” Maintainers mitigate the myriad vulnerabilities that could undermine military networks and the operations that they enable. Yet maintainers are the lowest status workers in cyber operations, and the least likely to be regarded as “warriors.” And evidence suggests that security maintenance has been granted insufficient priority. For example, in 2019, the Defense Department’s inspector general concluded that the Defense Department had not consistently remediated vulnerabilities discovered by cyber red teams, in part because they failed to prioritize remediation and recognize the potential impact of vulnerabilities on the military’s mission. [12]

Nonetheless, the work of maintaining security has been difficult to elevate to the same priority as warfighting. In the 1990s and early 2000s, key leaders in intelligence, communications, and warfighting communities struggled to persuade decision-makers that any computer network operations should be treated as a kind of warfighting, because military culture has historically treated information-related work such as intelligence, computing, and communications as a warfighting support function, something lower in status than warfighting itself. [13] All of the services’ career fields explicitly distinguish between warfighting and warfighting support, and traditional warfighting experience has often been a prerequisite for professional promotion. The most senior commanders lead warfighting rather than warfighting support units, and organizational hierarchies empower warfighting commands over warfighting support.

In this context, elevating the status of cyber expertise entailed challenging organizational hierarchies that made cyber experts subordinate to traditional warfighters. For example, it meant empowering cyber experts and organizations to effectively issue commands to warfighting units, directing them to remediate vulnerabilities in their computer networks. It also involved reorganizing well-established military specializations, such as signals intelligence, electronic warfare, and communications, around cyber infrastructure and operations. Perhaps most importantly, it meant establishing new career paths through which cyber experts might advance to the highest levels of command.

Military leaders made their case for elevating cyber expertise in a variety of ways. For example, they developed concepts of cyber operations that were analogous to well-established concepts of kinetic operations. They also conducted exercises that revealed the potential impact of cyber operations on military warfighting and gathered data that highlighted a steady increase in intrusions that might have gone completely unnoticed if not for the work of cyber experts.

These and related activities succeeded in establishing cyber operations as a type of warfighting, but some kinds of skills, knowledge, and ability were more readily seen as warfighting than others. In particular, threat-focused activities like offensive operations, intrusion detection, and incident response, which were first developed within signals intelligence units, were most easily viewed as warfighting. By contrast, vulnerability-focused activities such as password management, software patching, and other forms of technology maintenance, which were primarily the responsibility of communications units, were slow to be as a kind of warfighting.

Today, the distinction between threat-focused and vulnerability-focused activities can be found in joint doctrine, which outlines three primary missions for cyberspace operations. The first mission, offensive cyber operations, is unique to the military. U.S. law prohibits civilian organizations from conducting offensive cyber operations unless they are operating under military authority. The second mission, defensive cyber operations, responds to threats that have already breached Defense Department networks. Some of these activities, including incident response, intrusion detection, and network monitoring, are very similar to defensive work within major corporations, civilian government, and other non-military organizations.

The third mission, Department of Defense Information Network (DODIN) operations, focuses on mitigating vulnerabilities. It includes “actions taken to secure, configure, operate, extend, maintain, and sustain [Defense Department] cyberspace and to create and preserve the confidentiality, availability, and integrity of the DODIN.” Like defensive cyber operations, these activities are commonplace in non-military organizations. Furthermore, by virtue of their focus on mitigating vulnerabilities rather than attacking adversaries, they have struggled to gain the status of warfighting. In an effort to cast its work as warfighting, Joint Force Headquarters-DODIN describes its mission with the phrase “Fight the DODIN,” not “secure,” “maintain,” or “sustain” the DODIN. [14] Joint doctrine seems to recognize the risk that such operations might be held in lower regard, noting that “although many DODIN operations activities are regularly scheduled events, they cannot be considered routine, since their aggregate effect establishes the framework on which most DOD [Department of Defense] missions ultimately depend.” [15]

Although joint doctrine does not formally prioritize any one of these three missions over the others, the personnel assigned to offensive or defensive cyber operations tend to have greater warfighting status, and thus greater prestige and opportunities, than do personnel assigned to DODIN operations. And yet, DODIN operations are also the first line of defense, without which defensive cyber operations would become impossible. Without a defense of computer networks, the modern military simply could not function with any level of confidence.

The low status accorded to the work of mitigating vulnerabilities itself shapes the technologies with which the military fights. In September 2015, the chairman of the Joint Chiefs of Staff and the secretary of defense launched a Cybersecurity Culture and Compliance Initiative, noting that “roughly 80 percent of incidents in the cyber domain can be traced to three factors: poor user practices, poor network and data management practices, and poor implementation of network architecture.” [16] One month later, the commander of Cyber Command and the Defense Department chief information officer went further by creating a Cybersecurity Discipline Implementation Plan, arguing that Defense Department networks were “not defendable.” [17] They noted “an unacceptable number of unpatched vulnerabilities,” and gave commanders and supervisors responsibility for verifying that “all servers and network infrastructure devices” were compliant with the Information Assurance Vulnerability Alert process. Finally, consistent with Defense Department directives for information assurance training, the Defense Information Systems Agency in 2015 launched the Cyber Awareness Challenge training program to reinforce “best practices” among service members, civilians, and contractors. [18]

However, in 2020, the U.S. Government Accountability Office identified significant shortcomings in the implementation of each of these three programs. [19] These shortcomings partly reflect the sheer difficulty of maintaining security in a complex socio-technical system with legacy equipment. But they also reflect the military’s continued tendency to view maintenance as warfighting support, something lower in status than warfighting itself.

By establishing DODIN operations as a kind of warfighting, along with offensive and defensive cyber operations, the Defense Department has sought to raise the status of vulnerability remediation and those who manage it. But ultimately, vulnerabilities cannot be completely eliminated by even the most expert of cyber forces. Rather, the complete elimination of vulnerabilities would require a transformation of everyday users — individuals who are not cyber experts but nonetheless can compromise systems by careless practices. Recognizing this problem, some officials have sought to frame everyday computer network users as warfighters.

In 2009, the Air Force began advocating the “Rise of the Cyber Wingman” philosophy, outlining 10 principles that all Air Force personnel should observe, and arguing that “every Airman is a defender in cyberspace.” [20] By 2012, the Marines had come to consider “every Marine a cyber warrior” and instituted a cyber security training regimen analogous to its well-known mantra, “every Marine a rifleman.” [21] A recent critical review of Navy cyber security, commissioned by the secretary of the Navy after multiple breaches, concluded that the “workforce is generally uneducated in cybersecurity, largely complacent,” and tends to see cyber security “as an ‘IT issue’ or ‘someone else’s problem.’” [22] As a result, the review explained, “cybersecurity is undervalued, and often used as a bill-payer within programs of record.” [23] It proposed that the Navy inculcate an “Every Sailor a Cyber Sentry” mindset. [24] And a recent article entitled “Every Warrior a Cyber Warrior” argues for improving Army cyber security education because “every U.S. Army soldier must be ready to fight on the digital battlefield.” [25] Whether these metaphors will ultimately be persuasive, however, remains to be seen.

Acknowledgements : I thank many of the early “cyber-warriors” for interviews that informed my research, as well as two anonymous reviewers and the editors of Texas National Security Review for improving the article from which this essay was adapted. This essay is based upon research supported by the National Science Foundation under Grant No. 1553069.

[1] Jim Garamone, “Cybercom Now a Combatant Command, Nakasone Replaces Rogers,” DOD News , May 4, 2018, https://www.defense.gov/Explore/News/Article/Article/1512994/cybercom-now-a-combatant-command-nakasone-replaces-rogers/.

[2] I am using terms such as “cyber warfare” and “cyber warrior” colloquially. I do not mean to imply that what they do qualifies as “war” as war is understood in international law. The term “cyber warrior” has been used broadly to refer to a wide range of career specializations within the military.

[3] For discussion of the warfighting identity of missileers, see George L. Chapman, "Missileer: The Dawn, Decline, and Reinvigoration of America's Intercontinental Ballistic Missile Operators," master's thesis, Air University, 2017, https://apps.dtic.mil/dtic/tr/fulltext/u2/1045804.pdf . On drones and warfighting, see P. W. Singer, Wired for War: The Robotics Revolution and Conflict in the 21st Century (New York: Penguin Press, 2009) and Hugh Gusterson, Drone: Remote Control Warfare (Cambridge, MA: MIT Press, 2016). Air Force pilots continue to be the butt of jokes implying that they are not tough enough, as compared to marines. For example, see Mark Thompson, "Petraeus Zinger Wounds Air Force Egos," Time , Aug. 21 2009, http://content.time.com/time/nation/article/0,8599,1917841,00.html .

[4] William Newhouse et al., National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework , National Institute of Standards and Technology, Publication 800-181, August 2017, https://doi.org/10.6028/NIST.SP.800-181 . The framework consists of seven broad functions, 33 areas of work, and 52 work roles. Each of the work roles consists of specific tasks and requires specialized knowledge, skills, and abilities. Altogether, the framework lists 1,007 tasks, 630 kinds of knowledge, 374 kinds of skills, and 176 abilities.

[5] See, for example, “Security in Cyberspace,” Hearings Before the Committee on Governmental Affairs, U.S. Senate, 104th Congress, 2nd Session, 1996 and “Department of Defense Authorization for Appropriations for Fiscal Year 2001 and the Future Years Defense Program, Part 5: Emerging Theats and Capabilities,” Senate Armed Services Committee, 106th Congress, 2nd Session, 2000. Jason Healey, A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 , Kindle ed. (Vienna, VA: Cyber Conflict Studies Association, 2013) and Gregory J. Rattray, Strategic Warfare in Cyberspace (Cambridge, MA: MIT Press, 2001).

[6] The most comprehensive account can be found in {White, 2019 #4352}. See also Fred Kaplan, Dark Territory: The Secret History of Cyberwar (New York: Simon & Schuster, 2016); Thomas Rid, Rise of the Machines: A Cybernetic History (New York: W.W. Norton & Company, 2016); Myriam Dunn Cavelty, Cyber-security and Threat Politics: US Efforts to Secure the Information Age (New York: Routledge, 2007); Michael Warner, "Cybersecurity: A Pre-history," Intelligence and National Security 27, no. 5 (2012), https://cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/1136012/notes-on-military-doctrine-for-cyberspace-operations-in-the-united-states-1992/ ; and "Notes on Military Doctrine for Cyberspace Operations in the United States, 1992-2014," updated Aug. 27, 2015.

[7] The development of the internet through the Defense Advanced Research Projects Agency is the most obvious example of military-driven innovation, but it is by no means an isolated example. The U.S. military’s influence on the computer industry waned in the 1980s as other significant market segments emerged, but it remained the largest U.S. government computer consumer.

[ 8 ] This conclusion has been reiterated in numerous reports on military cybersecurity. See, for example, Task Force Report: Resilient Military Systems and the Advanced Cyber Threat , Department of Defense Science Board, 2013, 65, https://nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-081.pdf ; Department of Defense Cybersecurity Culture and Compliance Initiative , Department of Defense, (September 2015), 1, https://dod.defense.gov/Portals/1/Documents/pubs/OSD011517-15-RES-Final.pdf ; and A Review and Assessment of the Department of Defense Budget, Strategy, Policy, and Programs for Cyber Operations and U.S. Cyber Command for Fiscal Year 2019 , Committee on Armed Services, House of Representatives, 115th Congress, 2nd Session, (2018), 7.

[9] David Edgerton, The Shock of the Old: Technology and Global History Since 1900 (London: Profile Books, 2007); Andrew L. Russell and Lee Vinsel, "After Innovation, Turn to Maintenance," Technology and Culture 59, no. 1 (January 2018): 1–25, https://doi.org/10.1353/tech.2018.0004 ; and Rebecca Slayton and Brian Clarke, "Trusting Infrastructure: The Emergence of Computer Security Incident Response, 1989-2005," Technology and Culture 61, no. 1 (January 2020): 173–206, https://doi.org/10.1353/tech.2020.0036 .

[10] The literature on military innovation is vast. Some key works include the following: Barry R. Posen, The Sources of Military Doctrine: France, Britain, and Germany Between the World Wars (Ithaca, NY: Cornell University Press, 1984); Stephen Peter Rosen, Winning the Next War: Innovation and the Modern Military (Ithaca, NY: Cornell University Press, 1991); Kimberly Martin Zisk, Engaging the Enemy: Organization Theory and Soviet Military Innovation, 1955–1991 (Princeton, NJ: Princeton University Press, 1993); Carl H. Builder, The Masks of War: American Military Styles in Strategy and Analysis (Baltimore, MD: Johns Hopkins University Press, 1989); Dima Adamsky, The Culture of Military Innovation: The Impact of Cultural Factors on the Revolution in Military Affairs in Russia, the US, and Israel (Stanford, CA: Stanford University Press, 2010); Williamson Murray and Allan R. Millett, eds., Military Innovation in the Interwar Period (New York: Cambridge University Press, 1998); and Terry C. Pierce, Warfighting and Disruptive Technologies: Disguising Innovation (New York: Frank Cass, 2004).

[11] For example, the number of Defense Department microcomputers expanded from roughly 500 in 1980 to more than 36,000 in 1985. Terminals to use those computers expanded from roughly 9,000 to nearly 68,000. Federal Government Information Technology: Management, Security, and Congressional Oversight , Office of Technology Assessment, 1986. Most of these computers did not have security features built into them. Additionally, the rise of microcomputers and networking expanded the number of users radically and further decentralized control over networks, which itself increased the problems of security management and contributed to vulnerability.

[12] "Followup Audit on Corrective Actions Taken by DoD Components in Response to DoD Cyber Red Team-Identified Vulnerabilities and Additional Challenges Facing DoD Cyber Red Team Missions (DODIG-2020-067)," Department of Defense, Office of Inspector General, March 13, 2020, https://www.dodig.mil/reports.html/Article/2114391/followup-audit-on-corrective-actions-taken-by-dod-components-in-response-to-dod/ .

[13] Several scholars have argued that the cultures of the individual services shape their development and implementation of doctrine. A few key works include Builder, The Masks of War ; Jeffrey W. Donnithorne, Four Guardians: A Principled Agent View of American Civil-Military Relations (Baltimore, MD: Johns Hopkins University Press, 2019); and White, “Subcultural Influence on Military Innovation.”

[14] Jeffrey R. Jones, “Defense Department Cyber Requires Speed, Precision and Agility,” Signal , May 1, 2019, https://www.afcea.org/content/defense-department-cyber-requires-speed-precision-and-agility .

[15] “Joint Publication 3-12: Cyberspace Operations,” Joint Chiefs of Staff, June 8, 2018, II-2–II-3. The definition does exclude “actions taken under statutory authority of a chief information officer (CIO) to provision cyberspace for operations, including IT architecture development; establishing standards; or designing, building, or otherwise operationalizing DODIN IT for use by a commander.” See page II-2.

[16] Department of Defense, Department of Defense Cybersecurity Culture and Compliance Initiative , 1.

[17] DOD Cybersecurity Discipline Implementation Plan , Department of Defense, October 2015, 16, https://dodcio.defense.gov/Portals/0/Documents/Cyber/CyberDis-ImpPlan.pdf .

[18] A revised training directive was issued in November 2015: “Information Assurance Workforce Improvement Program, Incorporating Change 4, 11/10/2015,” Assistant Secretary of Defense for Networks and Information Integration/Department of Defense Chief Information Officer, Dec. 19, 2005, https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/857001m.pdf . The Cyber Awareness challenge training program is described in, “CYBERSECURITY: DOD Needs to Take Decisive Actions to Improve Cyber Hygiene,” Government Accountability Office, April 13, 2020, https://www.gao.gov/products/GAO-20-241 .

[19] Government Accountability Office, “CYBERSECURITY: DOD Needs to Take Decisive Actions to Improve Cyber Hygiene.”

[20] “Rise of the Cyber Wingman,” U.S. Air Force, Nov. 12, 2009, https://www.af.mil/News/Article-Display/Article/118545/rise-of-the-cyber-wingman/ .

[21] Statement of Lt. Gen. Richard Mills in, “Digital Warriors: Improving Military Capabilites for Cyber Operations,” House Armed Services Committee, 112th Congress, 2nd Sess., July 25, 2012, 12, https://www.govinfo.gov/content/pkg/CHRG-112hhrg75668/pdf/CHRG-112hhrg75668.pdf .

[22] Cybersecurity Readiness Review , Department of the Navy, March 2019, 12, https://www.wsj.com/public/resources/documents/CyberSecurityReview_03-2019.pdf?mod=article_inline .

[23] Department of the Navy, Cybersecurity Readiness Review , 12.

[24] Department of the Navy, Cybersecurity Readiness Review , 15.

[25] Christopher J. Heatherly and Ian Melendez, "Every Soldier a Cyber Warrior: The Case for Cyber Education in the United States Army," Cyber Defense Review (Spring 2019): 64, https://cyberdefensereview.army.mil/Portals/6/HEATHERLYMELENDEZ_CDR_V4N1.pdf?ver=2019-04-30-105206-983 .

What is cyberwar? Everything you need to know about the frightening future of digital conflict

What is cyberwar?

Special feature

Cyberwar and the future of cybersecurity.

Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly.

Cyberwarfare refers to the use of digital attacks -- like computer viruses and hacking -- by one country to disrupt the vital computer systems of another, with the aim of creating damage, death and destruction. Future wars will see hackers using computer code to attack an enemy's infrastructure, fighting alongside troops using conventional weapons like guns and missiles.

A shadowy world that is still filled with spies, hackers and top secret digital weapons projects, cyberwarfare is an increasingly common -- and dangerous -- feature of international conflicts. But right now the combination of an ongoing cyberwarfare arms race and a lack of clear rules governing online conflict means there is a real risk that incidents could rapidly escalate out of control.

• Cyberwar: What happens when a nation-state cyber attack kills?

What does cyberwarfare look like?

Just like normal warfare which can range from limited skirmishes to full-on battles, the impact of cyberwarfare will vary by target and severity. In many cases the computer systems are not the final target -- they are being targeted because of their role in managing real-world infrastructure like airports or power grids. Knock out the computers and you can shut down the airport or the power station as a result.

There are plenty of grim cyberwarfare scenarios available. Perhaps attackers start with the banks: one day your bank balance drops to zero and then suddenly leaps up, showing you've got millions in your account. Then stock prices start going crazy as hackers alter data flowing into the stock exchange. The next day the trains aren't running because the signalling stops working, and you can't drive anywhere because the traffic lights are all stuck on red, and the shops in big cities start running out of food. Pretty soon a country could be reduced to gridlock and chaos, even without the doomsday scenarios of hackers disabling power stations or opening dams.

One worst-case cyberattack scenario on the US sees attackers combining outright destructive attacks focused on critical US infrastructure with data manipulation on a massive scale.

Still, there are -- thankfully -- vanishingly few examples of real-world cyberwarfare, at least for now.

Nearly every system we use is underpinned in some way by computers, which means pretty much every aspect of our lives could be vulnerable to cyberwarfare at some point, and some experts warn it's a case of when, not if .

Download all the Cyberwar and the Future of Cybersecurity articles as a free PDF ebook (free TechRepublic registration required)

Why are governments investing in cyberwarfare right now?

Governments are increasingly aware that modern societies are so reliant on computer systems to run everything from financial services to transport networks that using hackers armed with viruses or other tools to shut down those systems could be just as effective and damaging as traditional military campaign using troops armed with guns and missiles.

Unlike traditional military attacks, a cyberattack can be launched instantaneously from any distance, with little obvious evidence of any build-up, unlike a traditional military operation. Such as attack would be extremely hard to trace back with any certainty to its perpetrators, making retaliation harder.

As a result governments and intelligence agencies worry that digital attacks against vital infrastructure -- like banking systems or power grids -- will give attackers a way of bypassing a country's traditional defences, and are racing to improve their computer security.

However, they also see the opportunity that cyberwarfare capabilities bring, offering a new way to exert influence on rival states without having to put soldiers at risk. The fear of being vulnerable to the cyberweapons of their rivals plus a desire to harness these tools to bolster their own standing in the world is leading many countries into a cyber arms race.

• NSA chief: This is what a worst-case cyberattack scenario looks like
• The impossible task of counting up the world's cyber armies
• Cybercrime and cyberwar: A spotter's guide to the groups that are out to get you

What is -- and what is not -- cyberwarfare?

Whether an attack should be considered as an act of cyberwarfare depends on a number of factors. These include the identity of the attacker, what they are doing, how they do it -- and how much damage they inflict.

Like other forms of warfare, cyberwarfare in its purest sense is usually defined as a conflict between states, not individuals. To qualify the attacks really should be of significant scale and severity.

• Inside the secret digital arms race: Facing the threat of a global cyberwar
• Governments and nation states are now officially training for cyberwarfare: An inside look

If cyberwar is best understood as serious conflict between nations, that excludes a lot of the attacks that are regularly and incorrectly described as cyberwarfare.

Attacks by individual hackers, or even groups of hackers, would not usually be considered to be cyberwarfare, unless they are being aided and directed by a state. Still, in the murky world of cyberwarfare there are plenty of blurred lines: states providing support to hackers in order to create plausible deniability for their own actions is, however, a dangerously common trend.

Nation states' conflict is increasingly moving online.

One example: cyber crooks who crash a bank's computer systems while trying to steal money would not be considered to be perpetrating an act of cyberwarfare, even if they come from a rival nation. But state-backed hackers doing the same thing to destabilise a rival state's economy might well be considered so.

The nature and scale of the targets attacked is another indicator: defacing an individual company's website is unlikely to be considered an act of cyberwarfare, but disabling the missile defence system at an airbase would certainly come at least close.

The weapons used are important, too -- cyberwar refers to digital attacks on computer systems: firing a missile at a data center would not be considered cyberwarfare, even if the data center contained government records. And using hackers to spy or even to steal data would not in itself be considered an act of cyberwarfare, and would instead come under the heading cyber espionage, something which is done by nearly all governments.

For sure there are many grey areas here (cyberwarfare is basically one big grey area anyway), but calling every hack an act of cyberwar is at best unhelpful and at its worst is scaremongering that could lead to dangerous escalation.

Cyberwarfare and the use of force

Why the who, what and how of cyberwarfare matters is because how these factors combine will help determine what kind of response a country can make to a cyberattack.

There is one key formal definition of cyberwarfare, which is a digital attack that is so serious it can be seen as the equivalent of a physical attack.

To reach this threshold, an attack on computer systems would have to lead to significant destruction or disruption, even loss of life. This is the significant threshold because under international law, countries are allowed to use force to defend themselves against an armed attack.

It follows then that, if a country were hit by a cyberattack of significant scale, the government is within its rights to strike back using the force of their standard military arsenal: to respond to hacking with missile strikes perhaps.

So far this has never happened -- indeed it's not entirely clear if any attack has ever reached that threshold. Even if such an attack occurred it wouldn't be assumed that the victim would necessarily strike back in such a way, but international law would not stand in the way of such a response.

That doesn't mean attacks that fail to reach that level are irrelevant or should be ignored: it just means that the country under attack can't justify resorting to military force to defend itself. There are plenty of other ways of responding to a cyberattack, from sanctions and expelling diplomats, to responding in kind, although calibrating the right response to an attack is often hard (see cyber deterrence, below).

• In the grey area between espionage and cyberwar
• Russia 'front of the queue' when it comes to hacking, says security minister

What is the Tallinn Manual?

One reason that the legal status of cyberwarfare has been blurred is that there is no international law that refers to cyberwar, because it is such a new concept. But this doesn't mean that cyberwarfare isn't covered by law, it's just that the relevant law is piecemeal, scattered, and often open to interpretation.

This lack of legal framework has resulted in a grey area that some states are very willing to exploit, using the opportunity to test out cyberwar techniques in the knowledge that other states are uncertain about how they could react under international law.

More recently that grey area has begun to shrink. A group of law scholars has spent years working to explain how international law can be applied to digital warfare. This work has formed the basis of the Tallinn Manual, a textbook prepared by the group and backed by the NATO-affiliated Cooperative Cyber Defence Centre of Excellence (CCDCoE) based in the Estonian capital of Tallinn, from which the manual takes its name.

The first version of the manual looked at the rare but most serious cyberattacks, the ones at the level of the use of force; the second edition released tried to build a legal framework around cyberattacks that do not reach the threshold of the use of force .

Aimed at legal advisers to governments, military, and intelligence agencies, the Tallinn Manual sets out when an attack is a violation of international law in cyberspace , and when and how states can respond to such assaults.

The manual consists of a set of guidelines -- 154 rules -- which set out how the lawyers think international law can be applied to cyberwarfare, covering everything from the use of cyber mercenaries to the targeting of medical units' computer systems.

The idea is that by making the law around cyberwarfare clearer, there is less risk of an attack escalating, because escalation often occurs when the rules are not clear and leaders overreact.

The second version of the manual, know as Tallinn 2.0, looks at the legal status of the various types of hacking and other digital attacks that occur on a daily basis during peacetime and looks at when a digital attack becomes a a violation of international law in cyberspace.

• The new art of war: How trolls, hackers and spies are rewriting the rules of conflict
• Did Russia's election hacking break international law? Even the experts aren't sure

Which countries are preparing for cyberwar?

Pretty much every single nation with the money and the skills is investing in cyberwarfare and cyberdefence capabilities. According to US intelligence chiefs, more than 30 countries are developing offensive cyber attack capabilities , although most of these government hacking programmes are shrouded in secrecy. This has lead to concerns that a secret cyber arms race has already begun.

US intelligence briefings regularly list Russia, China, Iran, and North Korea as the major cyber threat actors to worry about. The US has long warned that Russia has a " highly advanced offensive cyber program " and has "conducted damaging and/or disruptive cyber attacks, including attacks on critical infrastructure networks".

The Pentagon has said that China is looking to narrow the gap with the US in terms of cyberwarfare capabilities , and has warned that China has attempted to probe US networks for data useful in any future crisis: "Targeted information could enable PLA [People's Liberation Army] cyber forces to build an operational picture of US defense networks, military disposition, logistics, and related military capabilities that could be exploited prior to or during a crisis," it warned.

• China aims to narrow cyberwarfare gap with US

US cyberwarfare capabilities

However, it's likely that the US still has the most significant cyberdefence and cyberattack capabilities. Speaking in 2016, President Obama said: "we're moving into a new era here, where a number of countries have significant capacities. And frankly we've got more capacity than anybody , both offensively and defensively."

Much of this capability comes from US Cyber Command, which has a dual mission: to protect US Department of Defence networks but also to conduct "full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries".

Admiral Michael Rogers, director of the US National Security Agency and head of US Cyber Command

Cyber Command is made up of a number of what it calls Cyber Mission Force teams.

The Cyber National Mission Force teams defend the US by monitoring adversary activity, blocking attacks, and manoeuvring to defeat them.

Cyber Combat Mission Force teams conduct military cyber operations to support military commanders, while the Cyber Protection Force teams defend the Department of Defense information networks.

By the end of fiscal year 2018, the goal is for the force to grow to nearly 6,200 and for all 133 teams to be fully operational . The US is believed to have used various forms of cyber weapons against the Iranian nuclear programme, the North Korean missile tests and the so-called Islamic State, with mixed results.

Reflecting the increased priority the US is putting on cyberwarfare capabilities in August 2017, President Donald Trump upgraded Cyber Command to the status of a Unified Combatant Command , which puts on the same level as groups such as the US Pacific Command and US Central Command. Other US agencies like the CIA and NSA have cyber espionage capabilities and have in the past been involved with building cyberweapons -- such as the famous Stuxnet worm (see below).

The UK has also publicly stated that it is working on cyber defence and offence projects , and has vowed to strike back if attacked in this manner. In April 2018 the director of GCHQ confirmed that cyberattacks by British intelligence services supported operations against the terror group ISIS.

• British spies waged cyber campaign against ISIS, says GCHQ chief

https://www.zdnet.com/article/british-spies-waged-cyber-campaign-against-isis-says-gchq-chief/ What do cyberweapons look like?

Imaging the smartest hackers with the biggest budgets aiming to break the biggest systems they can; that's what the high end of cyber weapons can look like -- projects involving teams of developers and millions of dollars. But there are very, very few of these. In general the tools of cyberwarfare can vary from the incredibly sophisticated to the utterly basic. It depends on the effect the attacker is trying to create.

Many are part of the standard hacker toolkit, and a series of different tools could be used in concert as part of a cyberattack. For example, a Distributed Denial of Service (DDoS) attack was at the core of the attacks on Estonia in 2007.

Other standard hacker techniques are likely to form part of a cyberattack; phishing emails to trick users into handing over passwords or other data which can allow attackers further access to networks, for example. Malware and viruses could form part of an attack like the Shamoon virus, which wiped the hard drives of 30,000 PCs at Saudi Aramco in 2012.

According to the Washington Post, after revelations about Russian meddling in the run up to the 2016 US Presidential elections, President Obama authorised the planting of cyber weapons in Russia's infrastructure . "The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race," the report said.

Ransomware and cyberwarfare

Ransomware, which has been a constant source of trouble for businesses and consumers, may also have been used not just to raise money but also to cause chaos. Perhaps one of the most unexpected twists recently has been the use of weaponised ransomware to destroy data. The US, UK and a number of other governments blamed Russia for the NotPetya ransomware outbreak which caused havoc in mid-2017, with the White House describing the incident as 'the most destructive and costly cyberattack in history. ' While the attack was most likely aimed at doing damage to computer systems in Ukraine it rapidly spread further and caused billions of dollars of damage, reflecting how easily cyber weapons can get beyond the control of their makers.

• Blaming Russia for NotPetya was coordinated diplomatic action
• 'Russian military behind NotPetya attacks': UK officially names and shames Kremlin
• NotPetya cyber attack on TNT Express cost FedEx $300m
• NonPetya ransomware forced Maersk to reinstall 4000 servers, 45000 PCs

Cyberwarfare and zero-day attack stockpiles

Zero-day vulnerabilities are bugs or flaws in code that can give attackers access to or control over systems, but which have not yet been discovered and fixed by software companies. These flaws are particularly prized because there will likely be no way to stop hackers exploiting them. There is a thriving trade in zero-day exploits that allow hackers to sidestep security: very handy for nations looking to build unstoppable cyber weapons. It is believed that many nations have stock piles of zero day exploits to use for either cyber espionage or as part of elaborate cyber weapons. Zero day exploits formed a key part of the Stuxnet cyberweapon (see below).

One issue with cyber weapons, particularly those using zero-day exploits is that -- unlike a conventional bomb or missile -- a cyber weapon can be analysed and even potentially repurposed and re-used by the country or group it was used against.

One good example of this is shown by the WannaCry ransomware attack , which caused chaos in May 2017. The ransomware proved so virulent because it was supercharged with a zero-day vulnerability that had been stockpiled by the NSA, presumably to use in cyber espionage. But the tool was somehow acquired by the Shadow Brokers hacking group (quite how is extremely unclear) which then leaked it online. Once this happened other ransomware writers incorporated it into their software, making it vastly more powerful.

This risk of unexpected consequences mean that cyber weapons and tools have to be handled -- and deployed -- with great care. There is also the further risk that thanks to the hyper-connected world we live in that these weapons can spread and also cause much greater chaos than planned, which is what may have happened in the case of the Ukrainian NotPetya ransomware attack .

What is Stuxnet?

Stuxnet is a computer worm that targets industrial control systems , but is most famous for most likely being the first genuine cyber weapon, in that it was designed to inflict physical damage.

It was developed by the US and Israel (although they have never confirmed this) to target the Iranian nuclear programme. The worm, first spotted in 2010, targeted specific Siemens industrial control systems, and seemed to be targeting the systems controlling the centrifuges in the Iranian uranium enrichment project -- apparently damaging 1,000 of these centrifuges and delaying the project, although the overall impact on the programme is not clear.

Stuxnet was a complicated worm, using four different zero-day exploits and likely took millions of dollars of research and months or years of work to create.

Is cyberwarfare escalation a concern?

There is a definite risk that we are at the early stages of a cyberwar arms race: as countries realise that having a cyberwarfare strategy is necessary they will increase spending and start to stockpile weapons, just like any other arms race. That means there could be more nations stockpiling zero-day attacks, which means more holes in software not being patched, which makes us all less secure. And countries with stockpiles of cyber weapons may mean cyber conflicts are able to escalate quicker. One of the big problems is that these programmes tend to be developed in secret with very little oversight and accountability and with mirky rules of engagement.

What are the targets in cyberwar?

Military systems are an obvious target: preventing commanders from communicating with their troops or seeing where the enemy is would give an attacker a major advantage.

Special report: Cyberwar and future of cybersecurity

You can download our full special report as a PDF in magazine format. It's free to registered ZDNet and TechRepublic members.

However, because most developed economies rely on computerised systems for everything from power to food and transport, many governments are very worried that rival states may target critical national infrastructure. Supervisory control and data acquisition (SCADA) systems, or industrial control systems -- which run factories, power stations and other industrial processes -- are a big target, as Stuxnet showed.

These systems can be decades old and were rarely designed with security as a priority, but are increasingly being connected to the internet to make them more efficient or easy to monitor. But this also makes these systems more vulnerable to attack, and security is rarely upgraded because the organisations operating them do not consider themselves to be a target.

• The spy on the corner of your desk: Why the smart office is your next security nightmare

A short history of cyberwar

For many people, 2007 was when cyberwar went from the theoretical to the actual.

When the government of the eastern European state of Estonia announced plans to move a Soviet war memorial, it found itself under a furious digital bombardment that knocked banks and government services offline (the attack is generally considered to have been Russian hackers; Russian authorities denied any knowledge). However, the DDoS attacks on Estonia did not create physical damage and, while a significant event, were not considered to have risen to the level of actual cyberwarfare.

Another cyberwarfare milestone was hit the same year, however, when the Idaho National Laboratory proved, via the Aurora Generator Test , that a digital attack could be used to destroy physical objects -- in this case a generator.

The Stuxnet malware attack took place in 2010, which proved that malware could impact the physical world.

Since then there has been a steady stream of stories: in 2013, the NSA said it had stopped a plot by an unnamed nation -- believed to be China -- to attack the BIOS chip in PCs, rendering them unusable. In 2014, there was the attack on Sony Pictures Entertainment, blamed by many on North Korea, which showed that it was not just government systems and data that could be targeted by state-backed hackers.

Perhaps most seriously, just before Christmas in 2015, hackers managed to disrupt the power supply in parts of Ukraine , by using a well-known Trojan called BlackEnergy . In March 2016, seven Iranian hackers were accused of trying to shut down a New York dam in a federal grand jury indictment.

Nations are rapidly building cyber defence and offence capabilities and NATO in 2014 took the important step of confirming that a cyberattack on one of its members would be enough to allow them to invoke Article 5 , the collective defence mechanism at the heart of the alliance. In 2016, it then defined cyberspace as an "operational domain" -- an area in which conflict can occur: the internet had officially become a battlefield .

Cyberwar and the Internet of Things

Big industrial control systems or military networks are often considered the main targets in cyberwarfare but one consequence of the rise of the Internet of Things may be to bring the battlefield into our homes.

"Our adversaries have capabilities to hold at risk US critical infrastructure as well as the broader ecosystem of connected consumer and industrial devices known as the Internet of Things," said a US intelligence community briefing from January 2017. Connected thermostats, cameras, and cookers could all be used either to spy on citizens of another country, or to cause havoc if they were hacked. Not all IoT devices are in homes; hospitals and factories and smart cities are now filled with sensors and other devices which means that the real-world impact of an IoT outage could be widely felt.

How do you defend against cyberwarfare?

The same cybersecurity practices that will protect against everyday hackers and cyber crooks will provide some protection against state-backed cyberattackers, who use many of the same techniques.

That means covering the basics: changing default passwords and making passwords hard to crack, not using the same password for different systems, making sure that all systems are patched and up-to-date (including the use of antivirus software), ensuring that systems are only connected to the internet if necessary and making sure that essential data is backed up securely. This may be enough to stop some attackers or at least give them enough extra work to do that they switch to an easier target.

Recognising that your organisation can be a target is an important step: even if your organisation is not an obvious target for hackers motivated by greed (who would hack a sewage works for money?), you may be a priority for hackers looking to create chaos.

However, for particularly high-value targets this is unlikely to be enough: these attacks are called 'advanced and persistent'. In this case it may be hard to stop them at the boundary and additional cybersecurity investments will be needed: strong encryption, multi-factor authentication, and advanced network monitoring. It may well be that you cannot stop them penetrating your network, but you may be able to stop them doing any damage.

At a higher level, nations and groups of states are developing their own cyber defence strategies. The European Union recently announced plans to work on a cyber defence plan which it will invoke if it faces a major, cross-border cyberattack, and plans to work with NATO on cyber defence exercises. However, not all nations consider such planning to be a particularly high priority.

More broadly, to prevent cyberwar incidents, countries need to talk more: to understand where the boundaries lie and which kinds of behaviour are acceptable. Until that is done there is always the risk of misunderstanding and escalation.

What is cyber deterrence?

Just as nations attempt to deter rivals from attacking in conventional weapons, so countries are developing the concept of cyber deterrence to help to prevent digital attacks from occurring in the first place -- by making the cost of the attack too high for any potential assailant.

One way of doing that is securing and hardening their own computer systems so that is becomes very hard -- and very expensive -- for any attacker to find weaknesses. Thanks to the swiss-cheese nature of so many computer systems the attackers will still have the advantage here.

The other option is to impose costs on the attackers through sanctions, criminal investigations or even the threat of striking back. Most recently the US in particular has been attempting to create deterrence through a policy of naming-and-shaming, in particular using indictments to name particular individuals it believes are responsible for carrying out state-backed cyber attacks.However, as hackers (from all nations) continue to poke and pry at the computer systems of their rivals, it would seem that cyber deterrence is at best a work in progress.

• Can Russian hackers be stopped? Here's why it might take 20 years https://www.zdnet.com/article/russian-election-meddling-continues-says-us-so-why-cant-it-be-stopped/
• Russian election meddling continues, says US: So why can't it be stopped?

What is cyber espionage?

Closely related but separate to cyberwarfare is cyber espionage, whereby hackers infiltrate computer systems and networks to steal data and often intellectual property. There have been plenty of examples of this in recent years: for example the hack on the US Office of Personnel Management, which saw the records of 21 million US citizens stolen , including five million sets of fingerprints, was most likely carried out by Chinese state-backed hackers.

Perhaps even more infamous: the hacking attacks in the run up to the 2016 US Presidential elections and the theft of emails from the Democratic National Committee: US intelligence said that Russia was behind the attacks .

The aim of cyber espionage is to steal, not to do damage, but it's arguable that such attacks can also have a bigger impact. Law scholars are, for example, split on whether the hacks on the DNC and the subsequent leaking of the emails could be illegal under international law .

Some argue that it mounts up to meddling in the affairs of another state and therefore some kind of response, such as hacking back, would have been justified; others argue that it was just below the threshold required.

As such the line between cyberwarfare and cyber espionage is a blurred one: certainly the behaviour necessary is similar for both -- sneaking into networks, looking for flaws in software -- but only the outcome is different; stealing rather than destroying. For defenders it's especially hard to tell the difference between an enemy probing a network looking for flaws to exploit and an enemy probing a network to find secrets.

"Infiltrations in US critical infrastructure -- when viewed in the light of incidents like these -- can look like preparations for future attacks that could be intended to harm Americans, or at least to deter the United States and other countries from protecting and defending our vital interests," then- NSA chief Rogers said in testimony to the US Senate .

Cyberwarfare and information warfare

Closely related to cyberwarfare is the concept of information warfare; that is, the use of disinformation and propaganda in order to influence others -- like the citizens of another state.

This disinformation might use documents stolen by hackers and published -- either complete or modified by the attackers to suit their purpose. It may also see the use of social media (and broader media) to share incorrect stories.

While Western strategists tend to see cyberwarfare and hybrid information warfare as separate entities, some analysts say that Chinese and Russia military theorists see the two as closely linked . Indeed it is possible that Western military strategists have been planning for the wrong type of cyberwar as a result.

What are cyber wargames?

A member of the Locked Shields Green Team during the cyber defence exercise.

One of the ways countries are preparing to defend against cyberwarfare is with giant cyber defence wargames, which pit a 'red team' of attackers against a 'blue team' of defenders.

Some of biggest international cyber defence exercises, like the NATO-backed Locked Shields event , can see as many as 900 cybersecurity experts sharpening their skills. In Locked Shields, the defending teams have to protect small, fictional, NATO member state Berylia from mounting cyberattacks by rival nation Crimsonia.

It's not just the technical aspects of cyberwarfare that are tested out; in September 2017 European Union defence ministers also took place in a table-top exercise called EU Cybrid , designed to test their strategy and decision making in the face of a major cyberattack on the European Union military organisations. The game aimed to help develop guidelines to be used in such a real-life crisis, and was the first exercise to involve politicians at such a senior level.

When will cyberwar take place?

Some argue cyberwar will never take place; others argue cyberwar is taking place right now. The truth is of course somewhere in the middle.

Beyond the famous example of Stuxnet pure cyberwar operations will remain extremely rare, but already the concept has become absorbed into the broader set of military options that exist, just like other new technologies, such as submarines and aircraft, in the past.

It's possible that cyber weapons may also become a more common feature of low intensity skirmishes between nations because they are capable of causing confusion and chaos but not (too) much damage. But it's unlikely that a war would ever be fought purely with digital weapons because they are too expensive and hard to control and of limited impact.

That doesn't mean cyberwarfare is irrelevant -- rather that some kind of cyberwarfare capability will be part of pretty much every military engagement from now on.

Read more on cyberwarfare

• The undercover war on your internet secrets: How online surveillance cracked our trust in the web
• Why the CIA's iOS, Android and Windows hack stockpile puts zero-day hoards in the spotlight
• From malware to cyber-spies, the 15 biggest threats online, ranked
• Russian hackers target critical infrastructure and democracy, warns UK
• The hackers that never went away: Brace for more state-backed attacks, leaks and copycats this year
• US intelligence: 30 countries building cyber attack capabilities
• Cyberwar: The smart person's guide (TechRepublic)

What is artificial general intelligence?

A new moveit vulnerability is igniting hacking attempts. companies should patch asap, delete yourself from the internet with the best online data removal services.

• SUGGESTED TOPICS
• The Magazine
• Newsletters
• Managing Yourself
• Managing Teams
• Work-life Balance
• The Big Idea
• Data & Visuals
• Reading Lists
• Case Selections
• HBR Learning
• Topic Feeds
• Account Settings
• Email Preferences

What Russia’s Ongoing Cyberattacks in Ukraine Suggest About the Future of Cyber Warfare

• Stuart Madnick

And how organizations around the world can prepare

For years, Ukraine has been a proving ground Russian for cyber weapons. As companies and countries watch the latest chapter of the Russian war in Ukraine unfold, they should take heed of the conflict’s online front — and think about how to prepare if (and more likely when) it spills over Ukraine’s borders. While some attacks, such as those are infrastructure, are nearly impossible for companies to prepare for, there are steps that they should take as a matter of course: make sure software is up to date and patched, check that you have effective and up-to-date malware and antivirus software, and ensure that all important data is backed up in a safe location.

Between 1946 and 1958, the Bikini Atoll, in the North Pacific Ocean, was used as a testing ground for 23 new nuclear devices that were detonated at various spots on, above, or beneath it. The point of the tests was primarily to understand (and, in many cases, show off) how these new weapons really worked — and what they were capable of. The era of nuclear testing may now be over, but the age of cyber warfare is just beginning. And for Russia, the war with Ukraine has been likely serving as a live testing ground for its next generation of cyber weapons.

• Stuart Madnick  is the John Norris Maguire (1960) Professor of Information Technologies in the MIT Sloan School of Management, Professor of Engineering Systems in the MIT School of Engineering, and Director of Cybersecurity at MIT Sloan (CAMS): the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity. He has been active in the cybersecurity field since co-authoring the book Computer Security in 1979.

Partner Center

• Latest Latest
• The West The West
• Sports Sports
• Opinion Opinion
• Magazine Magazine

Inside a future cyberwar: What will cyber warfare really be like?

From the cold war to the code war — here’s the science nonfiction of a future cyberwar, by aspen pflughoeft.

The page takes a second to load. Or doesn’t load at all. Instead, an error message pops up onscreen: the connection timed out. Page after page, none load.

Bank website? Down. Online retailer? Down. News site? Down. Government webpage? Down. Vaccine appointment system? Down. A while later, all the sites load properly.

The lights flicker and the power goes off. The heat shuts off too. It’s December and cold. Around the city, the electricity grid goes down.

The blackout lasts an hour, maybe six hours. The power comes back on.

The backup safety system for monitoring chemicals at a manufacturing plant runs unnoticed in the background. The system gives no security warnings and sends no alerts. A routine maintenance check finds that the backup system was not actually functioning.

At another manufacturing plant, a machine with a spinning centrifuge has this repeated glitch. The centrifuge will spin so fast that it spins out of control, torn apart by the force. The IT team finally identifies the issue and the machine stops spinning out of control.

Technological issues like these seem, well, unsurprising. Technology fails. Chalk the issues up to the finicky nature of the internet, to some glitch somewhere along the line.

But all of these incidents have happened before, reported Wired . And none of them were run-of-the-mill technological issues.

These issues were caused by cyberattacks .

Targeted and intentional, cyberattacks are becoming increasingly frequent, increasingly dangerous and increasingly hybrid, reported Wired .

Cyberattacks may happen online but their consequences don’t stay online. They pose real-world threats. As cyberattacks intensify, the world is pushed closer and closer toward cyber warfare — a newish type of warfare for which global society remains unprepared.

The landscape of conflict has changed.

Cyberattacks and cyberwar: The dystopian future that happened yesterday

“Let’s start from the most important beginning point: This isn’t a conversation about the future,” Joseph Steinberg, a cybersecurity expert, told to Deseret News. “These are things that are already happening on a regular basis whether people realize it or not.”

“Cyberwarfare is something that involves a computer-based attack against another computer that causes some sort of real-world repercussion,” said Steinberg.

The example of websites not loading en masse? That’s the result of a common cyberattack called a distributed delay of service, or DDoS. Hackers overload website servers with fake requests so that real requests to load the page cannot be processed. The result? The site goes down completely.

A DDoS cyberattack like this in the Eastern European country of Estonia marked the start of “ Web War 1 ” back in 2007, reported Wired.

THE INTERNET IS DOWN! THE WORLD IS ON FIRE! 😭 — Young Water Gunn (@Tangwes) July 15, 2021

The centrifuge spinning out of control? The U.S. and Israel led that cyberattack against Iranian nuclear facilities beginning in 2009 but the attack wasn’t identified until 2010, per Wired. The attack, later known as Stuxnet , became the first cyberattack designed to cause physical damage. The cyberattack delayed Iran’s development of nuclear technology.

The cyberattack that caused an electricity blackout? That’s happened twice so far.

The first time, in December 2015, Russian hackers disrupted the electricity of 225,000 Ukrainian civilians for about six hours. Similarly, in 2016, Russian hackers disrupted the power grid of Ukraine’s capital Kyiv for about one hour, per Wired .

Taking out backup safety systems? That cyberattack happened in a Saudi Arabia oil refinery in 2017. The malicious code aimed to silently disable the last-ditch safety systems that warn about dangerous conditions like a temperature build-up or a gas leak, reported Wired.

The company found the hack before an explosion or gas leak occurred, but the alternative could have been deadly.

The vaccination appointment systems going down? That happened in Italy in early August and prevented people from scheduling their COVID-19 vaccines , reported CNN .

“The cyberattacks we saw earlier this year? That’s not even the tip of the iceberg — that’s the cold air coming off the tip of the iceberg,” said Steinberg, the cybersecurity expert. “The cyberattack that directly causes people to die — it’s going to happen — that’s when we hit the tip of the iceberg.”

“We’ve slipped into permanent warfare,” said Jason Healey , a Columbia researcher and cybersecurity expert, per the New York Magazine . “There is no winning this war.”

“Some people think cyberwar won’t be violent — that’s not true,” said Steinberg. “There are real-world repercussions to cyberattacks and it’s only going to get worse.”

Inside a future cyberwar

In conventional physical warfare, international parties have agreed on the rules of a fair fight, the lines too cruel to cross and the tactics too inhumane to use.

That’s not the case for cyberwarfare. In the cyberworld, there are no ground rules. There are no traditional borders. And there is no clarity.

“What is cyberwar? What is legal cyberwarfare? What is a war crime in cyberwarfare? There is no clear definition and that’s part of the issue,” said Steinberg. “All the rules of warfare — you don’t target civilians and things like that — in the cyberworld, it’s not clear where these things stand.”

And cyberwar may not target just the military. Cyberattacks could strike “water distribution systems, financial systems, gas pipelines, hospitals — perhaps even combined with a mass-casualty physical attack,” said Wired .

These civilian sectors remain particularly vulnerable to cyberattacks because their systems tend to be “out of date, poorly maintained, ill-understood, and often unpatchable, “ reported Foreign Policy .

And worse still, not all cyberattacks will even have a physical target like these critical service sectors. That’s where cyberespionage comes in.

“Cyberespionage is going on all the time,” said Steinberg. Like cyberattacks, cyberespionage could have military or civilian targets. It could look like stolen military equipment plans or close monitoring of foreign citizens of interest.

“The person who’s going to be president in 30 years or 50 years, they’re posting all sorts of information in online media that may or may not be useful to an adversary,” said Steinberg.

Cyberespionage could inform cyberattacks targeting such individuals.

But the target could also be the entire public. Cyberattacks could manipulate public opinion before elections through online campaigns, targeted advertising and realistic “deep fake” videos of candidates or world leaders, reported Foreign Policy .

After all, there are no ground rules in the cyberworld — and even just one cyberattack could be too much.

“Even if we’re the superpower from offensive and defensive positions, other entities could get one or two or 10 or a small percentage of attacks and we’re not capable of stopping 100% of it,” explained Steinberg. “If someone is weaker but can get one attack through, then they can cause massive damage.”

Behind the scenes of a future cyberwar

Say all of these cyberattacks happen. Does that mean we’re in a cyberwar? Well, maybe, but maybe not. Once again, there’s no clear line.

Assigning responsibility for cyberattacks gets incredibly complicated incredibly quickly. In the recent case of vaccination systems going down — was the attack led by a group of teenagers opposed to vaccines? Or was the attack led by professional state-sponsored actors that wanted to interrupt Italy’s health care system?

Because of proxy servers and other methods of erasing the assailant’s digital footprint, it’s hard to know for sure, reported Foreign Policy .

“There’s also plausible deniability,” explains Steinberg. “No one admits to doing it.”

But this lack of certainty around the party responsible for a cyberattack does not stop entities from cyberattacking back and creating a cycle of escalation, per Foreign Policy.

“We could stumble into a war that neither side wants because of the feeling that you have to retaliate,” said Amy Zegart , a cyberwarfare expert at the Hoover Institution and Stanford professor, per The New Yorker .

“We don’t understand escalation in cyberspace,” said Zegart.

Physical lockdown is one thing, Cyber-lockdown will be the next thing. — Mikael (@mikael_jibril) February 26, 2021

Preventing a future cyberwar

This is science fiction turned science nonfiction. And cyberattacks we’ve seen so far?

“You want to call it the tip of the iceberg or the cold air coming off? This is nothing compared with what could happen if we don’t address these issues,” said Steinberg. “People are going to have to be more careful online because your computer could be used for an attack.”

To protect yourself and those you’re digitally connected to from cyberattacks, Steinberg recommends not using public Wi-Fi for sensitive tasks, avoiding risky downloads in emails or on websites, backing up your data often, following proper password guidelines, and using some sort of security software.

“We’re only as strong as our weakest link,” said Homeland Security Secretary Alejandro Mayorkas , per ABC News, “because everything is connected. The vulnerability of one can become the vulnerability of many.”

And when it comes to cyberwar, we are all vulnerable because there are no ground rules in the cyberworld. That’s why many cybersecurity experts have begun pushing for a Digital Geneva Convention or some other global treaty to establish the go and no-go zones of cyberwarfare, reported Wired.

“Because this is a real threat and it’s not the future,” said Steinberg. “This is not a theory. This is not paranoia. It’s the world we live in.”

Cyber War Forthcoming: “It Is Not a Matter of If, It Is a Matter of When.”

A new security climate which encompasses threats beyond the realm of conventional warfare has brought about new challenges and new questions for strategy analysts. One question at the heart of the contemporary and complex security landscape remains; will cyber war take place or is it merely a sophisticated extension of sabotage, subversion and espionage? All three of which, as Thomas Rid (2012) emphasises, are certainly not new. The essay will stand in agreement with Rid by arguing that indeed, cyber war has not taken place in the past. However, it will proceed to argue that cyber war will take place in the future because cyber-attacks are likely to eventually meet the criterion necessary to constitute warfare. Thus, to claim otherwise as Rid has, is outdated, an ‘overly restrictive’ interpretation of what war is (Whetham, 2016. P.61) and underestimates the technological advancement in cyberspace. The essay will carry the idea that ‘it has not happened yet, but it will’ forward by cross-examining five crucial points which are as follows.

Firstly, it will argue against Rid where he claims that there is no force or direct violence involved in cyber-attacks that would render them acts of war.  Secondly, it will tackle the most complex issues of all which are attribution, declaration and anonymity. Thirdly, it will challenge Rid’s distinction between sabotage and warfare by re-defining these boundaries and examining the Stuxnet attack as a plausibility probe by means of the equivalent-effects and Schmitt tests. Fourthly, it will argue that cyber-attacks do not need to be potentially lethal or involve physical injury or death to be considered acts of war. Lastly, it will argue that some cyber-weapons will have the capacity to damage all three areas which constitute the paradoxical trinity which can generate a strategic paralytic effect and ‘compelour opponent to fulfil our will’ (Clausewitz and Heuser, 2008, p.13). In summary, the essay will argue that cyber war will take place by dissecting and challenging Rid’s journal article and employing the work of scholars such as Amit Sharma, John Stone and David Whetham who constructed credible counter-arguments.  As James Cartwright stated, an act of war is “in the eye of the beholder’’ (Nakashima, 2012). Thus, it is of initial importance to attach a definition to what will be meant by warfare in the following essay. Like Rid, the essay will agree that an act of war has to meet the following criteria which were outlined by Clausewitz; firstly, the act has to be inherently violent, secondly, it has to be instrumental and finally it has to be political (Rid, 2012, p.7). It will also agree with Rid and argue that we should not categorise all acts of cyber hostility as an act of war, such as cyber-espionage and subversion, because this blurs the boundaries between war and non-war and risks war becoming a hodgepodge notion. However, it will diverge from Clausewitz and Rid’s idea that the employment of maximum force to produce violence is necessary and argue against this. It will also argue that human lethality is not necessary for acts of force to fall under the rubric of war because violence also entails damage to physical property and psychiatric injury (Whetham, 2016, p.61). Thus, the broad definition and interpretation of what is considered war will be an amalgamation of both Sun Tzu and Clausewitz’ ideas, as opposed to maintaining a narrow focus on one theorist’s ideas. As Amit Sharma (2010, p.64) noted, 

Cyber warfare derives the essence of both of these great military theorists, as it is warfare that is capable of compelling the enemy to do your will by inducing strategic paralysis to achieve desired ends, and this seizing of the enemy is done almost without any application of physical force. 

After all, the reason that Rid’s argument is an outdated and uses an ‘overly restrictive’ (Whetham, 2016, p.1) interpretation of what war is, is because the entirety of his journal article rests on the foundation of Clausewitz. This essay does not wish to belittle the significance of Clausewitz’ work, but it would be wrong to claim that Clausewitz’ ideas do not need to be modified to fit the current security climate. After all, a lot has changed since 1832 – specifically the emergence of cyber-weapons which has simultaneously decreased the idea that maximum force is desirable and gave Sun Tzu’s ideas of minimal force and deception (Sun Tzu and Griffith, 1963, p.77) a new lease of life. To begin, it is important to show how cyber war will take place in the future by demonstrating that acts of limited force can translate into inconceivable violence, rather than synonymising the two terms. As John Stone rightly noted, ‘the fundamentals of war were never considered properly because strategy as a discipline was very pragmatic but had nothing to offer by way of clarification for important terms such as ‘force’ and ‘violence’ (Stone, 2012, p.104). However, clarification is necessary in order to argue that cyber-war will take place. Limited force (providing it produces a violence), combined with instrumentality and being political can indeed fall under the rubric of war. This is where Sun Tzu’s ideas are particularly relevant because he wrote that ‘to seize the enemy without fighting is the most skilful’ (Griffith, 1963, p.77) which is applicable to cyber-attacks since it  could  be possible to subjugate the enemy without the deployment of conventional armed forces and minimal force. Nonetheless, it has been demonstrated through Stuxnet and fictional cyber-attack scenarios that cyber-attacks have and  could  meet the criteria necessary to constitute an act of war and compel the enemy to fulfil its will through minimal force, whilst simultaneously encapsulating the art of war where the wise warrior avoids the battle (Griffith, 1963), – at least, conventionally. Therefore, Rid is incorrect to state that because the force necessary to conduct a cyber-attack is limited that cyber-attacks cannot conjure enough violence to be considered acts of war.  This point can be further reinforced because whilst Clausewitz makes it clear that force is the pivotal point of war, he never quantifies how much force is necessary for it to qualify as an act of war. Clausewitz merely states that maximum force is desirable to gain the upper hand in a conflict (Clausewitz and Heusser, 1976, p.14). However, in cyberspace that is not applicable because gaining the upper hand can actually be achieved through minimal force and bloodshed. This is primarily because acts of force which are as small as tapping a keyboard can translate into mass violence; injuring (physically or mentally) or killing people and/or physical objects along the way (Stone, 2013, p.107). In addition, the idea that minimal force can gain the upper hand is heightened by the deceptive nature of cyber-attacks and the fact that they are generally not declared but rather the attacker ‘attacks him where he is unprepared and appears when he is unexpected’ (Griffith, 1963, p.89), which can amplify damage and thus chances of victory. In brief, Rid is mistaken to synonymise and conflate the terms ‘violence’ and ‘force’ in order to make his case because small force  could  cause inconceivable violence.   This naturally leads the essay to show that despite difficulties in attribution, cyber war  could  still take place. The fact that cyber-attackers often appear when the opponent is unprepared and when he is unexpected leads to the most complex issues of all which are attribution, anonymity and the absence of declaration. It is argued by Rid that cyber war cannot take place in the future because ‘history does not know acts of war without eventual attribution’ (Rid, 2011, p.8). Rid’s reasoning behind this is that without being able to attribute an attack to another state, the attacked state does not know how or in which geographical location to conduct a counter-attack. However, although history does not know acts of war without eventual attribution, the future might because it seems that this  will be  a new, challenging facet of what will be defined as war (Stone, 2013, p.105). Indeed, it is possible that due to the changing character of war, there will be an inability to ever definitively attribute an act of war to another actor in cyberspace. However, this does not mean that the act does not constitute an act of war. Where an act of war meets the criteria outlined earlier in the essay, namely; the act is inherently violent, political and instrumental, then ‘matters of openness and attribution are not germane to any attempt at distinguishing between war and sabotage’ (Stone, 2013, p.106).  To build on this, questions that have proven difficult for strategy scholars are; firstly, how can it be a war if it takes weeks, months or even years to eventually attribute it to another actor? Secondly, could a response be considered a counter-attack or simply punishment beyond a certain threshold? Firstly, Clausewitz never attaches a time limit to the word ‘eventual’ when he is discussing attribution which is incredibly vague and open to interpretation. Thus, regardless of whether it takes days, months or even years to for the attack to be attributed to the auspices of a government – the act  could  still be rendered an act of war because ‘eventually’ holds no actual time limit and is open to the interpretation of the reader. In response to the second question posed to strategy scholars, ‘Under the Law of Armed Conflict and Article 51, it is not made clear what degree of certainty in identification is required to justify a response’ (Farwell and Rohozinski, 2011, p.35). Therefore, the law of armed conflict and article 51 should ideally be modified in order to make matters clearer for states for if and – more appropriately –  when  they are devastated by a cyber-attack.  Diverging from the previous point, in order to show that cyber war will take place, it is important to cross-examine Rid’s failure to properly distinguish between what is sabotage versus an act of war in literary terms. Rid argues that any ‘deliberate attempt to weaken or destroy an economic or military system’ where ‘things are the prime targets, not humans’ (Rid, 2012, p.16) is sabotage and thus cannot be considered warfare. However, the distinction in Rid’s analysis rests solely upon the fact that the damage cannot merely affect physical property but should injure or kill people on at least one side of a conflict. This is where Rid is mistaken because a violence, as defined in the Oxford English Dictionary, need not necessarily kill or injure people (Stone, 2013, p.104). Rather, an inherently violent act can solely cause damage to physical property. A violent act could even cause no damage at all because the mens rea has to only be for the commission of the act, and thus the actual result is insignificant. This misunderstanding of the essence of the word ‘violence’ is clearly why Rid believes that the Stuxnet attack on the Iranian enrichment plant can squarely fit within what is defined as sabotage as opposed to recognising that the Stuxnet case was a deeply contestable one which does not squarely fit within the bracket of sabotage. Rid’s failure to recognise Stuxnet as an act that transcends sabotage can be credibly opposed by the fact that first and foremost; the act was political in that as David Clemente (2010) said ‘it is of such complexity it could only be a state behind it’ (Beaumont, 2010) and more specifically, a ‘cyber superpower’ was behind it (Rid, 2012, p.19). Secondly, it was instrumental in that Stuxnet had a means and ends because it effectively forced Iran to accept the offender’s will of a delayed Iranian nuclear programme (Zetter, 2014). And ultimately, it was violent because it was the first instance of a physically destructive cyber weapon which damaged centrifuges (Zetter, 2014). To further reinforce the idea that Stuxnet was not a merely grand version of sabotage, it is crucial to examine it via two key indicators which are as follows. Firstly, the Stuxnet attack qualifies as an act of war under the equivalent-effects test because it is comparable to a kinetic attack and has ‘the effect of a cruise missile or a commando raid’ (Wedermyer, 2012, p.20). The equivalent-effects test is important for categorisation purposes because it is one of the primary ways to distinguish between an act of mere hostility and an act of war. As Lewis (2011) noted, ‘no damage or no casualties, means no attack’ which is why, as Rid stated, cyber-espionage cannot be considered an act of war. This is because there is hostile activity in cyberspace such as cyber-espionage, ‘but it stays below the threshold of an attack’ (Lewis, 2011). However, Stuxnet is different because it did cause physical damage akin to a kinetic attack. Another way to demonstrate that Stuxnet could potentially be considered an act of war in the future is the fact that it largely satisfies the Schmitt test criteria because it caused ‘physical damage to the Iranian nuclear infrastructure, was highly invasive, its damage was quantifiable, and it was almost certainly created under the auspices of a national government’ (Wedermyer, 2012, p.21). All things considered, one question remains; if the United States (US) and Israel conducted a commando raid against the Iranian nuclear facility, would it be considered an act of war or merely sabotage because it did not kill anybody? It is likely that it would be considered an act of war or more specifically, be akin to a covert operation conducted by the Special Forces. Although this contestable cyber-attack has not caused a cyber-war, it certainly demonstrates how cyber war  could  take place in the future. Thus, whilst Rid (2012, p.20) states that Stuxnet has taken computer sabotage to an entirely new level, he is detracting from the fact that this is not simply a new level of sabotage. Furthermore, it is important to note that cyber-attacks  can  be considered acts of war if they transcend the realm of physical harm to people and property and only affect the psychological wellbeing of people; causing psychiatric injury. Therefore, by ‘demanding that physical violence is required seems to be an overly restrictive interpretation of an “act of war,” just as it would be to limit the definition of “assault” in a domestic jurisdiction’ (Whetham, 2016, p.61). To elaborate on this point, ‘’in the UK the legally accepted definition of assault does not require physical harm to be satisfied’’ (Whetham, 2016, p.61). Psychiatric injury can, in certain cases, be classed as Actual Bodily Harm (ABH) and therefore, damage and harm does not necessarily have to be physically visible for it to be considered an act of force or violence. To summarise, violence should not be restricted to the bounds of physical damage but rather should be extended to psychiatric injury which is not visible. With that in mind, if a cyber-attack achieves the desired policy outcome through a means of psychiatric injury which subsequently compels the adversary to fulfil its will – surely Clausewitz would have considered this an act of war? Clausewitz (1989, p.92) states that to obtain a single victory, ‘we will employ no more strength than is absolutely necessary’ so this must suffice, on the condition that it compels the enemy to fulfil its will.  Moreover, it is important to challenge Rid’s idea that cyber war will not take place by challenging one contradictory statement. Rid is careful to outline the difference in immediacy and directness between a kinetic attack such as a drone attack compared with a possible future cyber-attack and states that where potential cyber-attacks are concerned, ‘the causal chain that links somebody pushing a button to somebody else being hurt is mediated, delayed, and permeated by chance and friction’ (Rid, 2011, p.9). Although, Rid states that despite this, they  could  still be considered an act of war if, say, a derailment, caused by logic bombs crashed a train or caused air traffic systems and their backups to collapse (Rid, 2012, p.9) and thus resulted in a number of injuries and deaths. However, if he can recognise that this  could  happen then he cannot credibly dismiss the idea that cyber war will take place. It is likely that Stuxnet is not where cyber-weaponry advancement ends. As I write this essay, people are probably researching the next physically destructive weapon which could produce an equivalent effect or a apply combat power simultaneously at the strategic, operational, and tactical levels of war to paralyse an adversary’s ability to function. States’ cyberspace is becoming increasingly vulnerable due to the ever-increasing technological advancements that are occurring. Therefore, to claim that cyber war will not take place could result in a failure to respond appropriately due to a ‘lack of a harmonised framework to effectively respond to the challenges posed by this incident’ (Trimintzios, et al. 2015, p.16).  Finally, it is important to demonstrate how cyber-war could happen in the future through the notion of trinitarian warfare. The trinity is composed of three tendencies which are as follows; the government, the people – including the economy – and the defenders of the state; all of which are considered crucial to keep the cogs of the state turning (Sharma, 2010, p.64). Individually, each component of the trinity is resilient enough to recover from challenges posed by adversaries because it can rely on another one of the components in the trinity to resuscitate it. However, ‘when all of the three components are destroyed together or in conventional terms are subjected to parallel warfare, ‘cascade effect’ is generated to induce a strategic paralytic effect on the nation’ (Sharma, 2010, p.64) which catapults the state into a state of turmoil and tumult. It is now the case that all three tendencies heavily rely on technology, particularly in modern states, which can be supported by Jeremy Corbyn recent proposal that Wi-Fi should be free at the point of use because it is an essential, basic utility as opposed to a luxury (Walker, et al. 2019). This dependence on cyberspace certainly exposes the vulnerabilities of all three tendencies to parallel warfare. This is currently evident in the COVID-19 pandemic as a successful cyber-attack on the health service infrastructure and communications technology  could  induce a strategic paralytic effect on the UK. To further emphasise this point, the Titan Rain attacks on Estonia and Georgia were not successful acts of war because they were tactical in nature and were targeting individual components of the trinity, as opposed to applying power simultaneously at the strategic, operational, and tactical levels of war and thus impacting all three components of the trinity (Sharma, 2010, p.68). Therefore, for cyber-attacks to be considered acts of war, they should cause equivalent damage to a kinetic attack and for them to be particularly successful at subjugating the adversary, they should be conducted using the paradigm of parallel warfare (Sharma, 2010, p.67). All things considered, whilst previous cyber-attacks have not been successful acts of war, this does not imply that they will not be in the future and thus cyber-war  could  take place in the future.  In conclusion, it is clear that although cyber war has not yet happened, it is likely to happen in the future. This is primarily because some cyber-attacks can fulfil the criteria necessary to constitute an act of war which is as follows; inherently violent, political and instrumental. It is also the case that small acts of force – such as the tap of a keyboard (Stone, 2013, p.107) – can cause inconceivable violence. As for the incredibly difficult issue of attribution and declaration, although history knows no act of war without eventual attribution, the future of war  could  pose an unprecedented challenge to the world where there never is definitive attribution. Moreover, violence caused by an attacker does not have to be lethal but can be extended to the damage of physical property and psychiatric injury. One specific plausibility probe that was discussed in the essay and reinforces the argument that cyber war will take place is the Stuxnet attack on the Iranian nuclear facility which gave the world foresight into what could take place but on a larger, more sophisticated scale in the future. Finally, cyber-attacks have the potential to induce a ‘cascade effect’ where all components of the trinity are damaged and thus seize the enemy through strategic paralysis. It is no longer a question of if cyber war will take place but rather a question of when it will take place.   Bibliography Beaumont, P. (2010). Stuxnet worm heralds new era of global cyberwar. The Guardian. Accessed on: 3 rd May 2020. Available at: https://www.theguardian.com/technology/2010/sep/30/stuxnet-worm-new-era-global-cyberwar. Clausewitz, C, Heusser, B, Howard, M. and Paret, P. (2008).  On War . Oxford: Oxford University Press, 2008. Farwell, J. & Rohozinski, R. (2011) Stuxnet and the Future of Cyber War, Survival, 53:1, 23-40, DOI: 10.1080/00396338.2011.555586  Lewis, A. J. (2011). Cyber Attacks, Real or Imagined, and Cyber War. Accessed on: 5 th  May 2020. Available at:  https://www.csis.org/analysis/cyber-attacks-real-or-imagined-and-cyber-war .  Nakashima, E. (2012). ‘When is a cyberattack an act of war?’ The Washington Post. Accessed on: 2 nd  May 2020. Available at:  https://www.washingtonpost.com/opinions/when-is-a-cyberattack-an-act-of-war/2012/10/26/02226232-1eb8-11e2-9746-908f727990d8_story.html .  6. Rid, T.   (2012). Cyber War Will Not Take Place, Journal of Strategic Studies, 35:1, 5-32, DOI: 10.1080/01402390.2011.608939. Sharma, A. (2010). Cyber Wars: A Paradigm Shift from Means to Ends. Strategic Analysis, 34:1, 62-73. Accessed on: 27 th  April 2020. Available at: https://www.tandfonline.com/doi/pdf/10.1080/09700160903354450?needAccess=true. Sun Tzu, The Art of War, trans. Samuel B. Griffith. (1963). Oxford University Press, Oxford, 1963, p. 77.  Stone, J. (2013) Cyber War  Will  Take Place!, Journal of Strategic Studies, 36:1, 101-108. Accessed on: 27 th April 2020. Available at: DOI:  10.1080/01402390.2012.730485 . Trimintzios, P., Ogee, A., Gavrila, R. and Zacharis, A. (2015). European Union Agency for Network and Information Security. On Cyber Crisis Cooperation And Management. Accessed on: 1 st  May 2020. Available at: DOI: 10.2824/948513.  Whetham, D. G. (2016). “Are We Fighting Yet?” Can Traditional Just War Concepts Cope with Contemporary Conflict and the Changing Character of War? Accessed on: 28 th  April 2020. Available at: DOI: 10.1093/monist/onv029.  Walker, P. et al. (2019). Labour’s free broadband plan fires up the election battle. The Guardian. Accessed on: 4 th  May 2020. Available at:  https://www.theguardian.com/technology/2019/nov/15/free-broadband-essential-uk-compete-john-mcdonnell-labour-policy-openreach .  Wedermyer, L. J. (2012). The Changing Face of War: The Stuxnet Virus and the Need for International Regulation of Cyber Conflict. Accessed on: 1 st  May 2020. Available at: https://digitalcommons.law.msu.edu/cgi/viewcontent.cgi?article=1206&context=king. Zetter, K. (2013). Legal experts: Stuxnet Attack on Iran was Illegal ‘Act of Force’. Wired. Accessed on: 3 rd May 2020. Available at:  https://www.wired.com/2013/03/stuxnet-act-of-force/ . 

Written at: University of Leicester Written for: Dr Robert Dover Date written: May 2020

Further Reading on E-International Relations

• The Potential Impact of Cyber Capabilities on Future Strategy
• Global Cybersecurity Governance Is Fragmented – Get over It
• The Metaphysical “On War”: Is Clausewitz Still Relevant in the 21st Century?
• The Problem of Cyber Attribution Between States
• There Is No Attribution Problem, Only a Diplomatic One
• Rethinking Warfare Concepts in the Study of Cyberwar and Security

Please Consider Donating

Before you download your free e-book, please consider donating to support open access publishing.

E-IR is an independent non-profit publisher run by an all volunteer team. Your donations allow us to invest in new open access titles and pay our bandwidth bills to ensure we keep our existing titles free to view. Any amount, in any currency, is appreciated. Many thanks!

Donations are voluntary and not required to download the e-book - your link to download is below.

The Soft Cyber Underbelly of the U.S. Military

Footage beamed live around the world on social media showed paragliders armed with automatic weapons swooping from the sky, terrorists on motorcycles flooding through gaps in a vaunted defensive line, and civilians massacred and dragged from their homes to serve as hostages. A hail of rockets threatened to overwhelm the defensive systems that protect millions of Israelis. 1

Not visible were the hackers who eroded the ability of the country’s security organizations to provide warning and took advantage of civilian safety apps to install malware, not to mention the years of reconnaissance they conducted through the personal devices of Israelis. The 7 October Hamas attacks on Israel were notable for many reasons, one of which was their integrated employment of the information environment before, during, and after. 2

Hamas’s attacks demonstrate the kinds of asymmetric and nontraditional cyber threats in the information environment that must be addressed to keep U.S. forces secure. While until recently nonstate actors were not generally associated with cyber capabilities, such actors can affect advanced militaries with increasing effectiveness as they gain access to better tools and skills. Furthermore, the integrated attacks illustrate the effects of attacks on individuals within a force unprotected in cyberspace. They demonstrate that the capabilities are a real and growing threat to Marines and sailors operating around the world.

This deserves close examination, given the information warfare–related strategies from the Department of Defense (DoD) and Department of the Navy released in fall 2023. 3 The documents speak to the importance the United States places on the information environment and the tools needed to fight and win there. The 2023 Annual Threat Assessment of the U.S. Intelligence Community highlights the growing cyber threat major strategic competitors pose. While a strategic focus on countering state capabilities is reasonable, the recent events in Israel and Gaza offer a reminder of the need to look more deeply at strategy through the lens of asymmetric and transnational actors such as terrorist groups.

Recognizing the threat is an excellent first step, but concrete actions must follow to improve the cyber resiliency of U.S. forces. These steps should include improved cybersecurity training, the proliferation of DoD-approved tools that service members can safely access and employ to keep themselves safe, and expanded use of antivirus (AV) protection. Marines and sailors carry devices in their pockets on a near-constant basis that are connected to the rest of the world. In this way, they also create a direct access line for adversary cyber operations. Failing to address the vulnerabilities these devices and connections create would be negligent and leave military systems at risk.

Catphishing and Jailbreaks

Hamas used cyber capabilities to complement air and ground actions during its attacks. Approximately 12 minutes after Hamas launched the initial rocket salvo, cybersecurity firms detected distributed denial of service (DDoS) attacks aimed at shutting down websites that provide rocket alerts to Israeli civilians. 4

On the day of the attacks, hackers hijacked billboards to push terrorizing messages and bombarded phones in Israel with threats via text messages. 5 In the days that followed, other groups began attacking sites and services connected to the conflict. Some cyberattacks exploited code issues in apps to send fake rocket alerts, intercept requests, and expose servers. Counterfeit versions of those apps allowed hackers to collect sensitive data from users. 6 One pro-Palestinian hacker group, Ghosts of Palestine, claimed to have attacked Israeli organizations including the Ministry of Foreign Affairs and Ben Gurion Airport. 7

While it is unclear how much direct control Hamas had over the hacking groups behind these attacks—possibly they were merely hacktivists joining in a larger conflict—the level of coordination at least suggests a close working relationship. Regardless, Hamas used advanced cyber capabilities in an impressively coordinated fashion. This capability did not emerge overnight. Over the past decade, Hamas developed a sophisticated cyber capability that racked up some impressive wins. Hamas began its cyber operations in 2013, using phishing tactics that included pornographic videos, relying on people’s reluctance to report threats given the nature of the videos. 8 Since at least 2017, Hamas has been using fake dating profiles to lure Israeli Defense Force (IDF) personnel into downloading images containing malware and allowing Hamas operatives to snoop through phones to gain information on IDF weapons, units, and facilities. 9

During the 2018 FIFA World Cup tournament, Hamas created an app to exploit fan interest in the games. It was supposed to let users track results, but it also contained malware targeting IDF personnel. 10 This allowed Hamas to control the cameras and microphones of phones remotely, gaining information on IDF troops, bases, equipment, and operations. Hamas-associated hackers have proven adept at using social engineering on popular messaging apps such as WhatsApp to elicit information. 11 Hacked IDF devices appear to have provided much of the strikingly detailed intelligence on weapon platforms and facilities that made the 7 October attacks so successful. 12

The IDF has not taken Hamas’s cyber activities lightly. It correctly sees them as a serious component of the threat picture. In May 2019, the IDF bombed the headquarters of Hamas cyber operations in response to an attempted widespread cyberattack. 13 It followed this up in 2021 by striking Hamas cyber facilities in Gaza, such as storage facilities and hideouts for cyber operators, and targeting operators themselves. 14

Nothing New Under the Microprocessor

Advanced cyber tools and “zero-day” exploits are being sold to the highest bidders. 15 Tools once the sole domain of organizations such as the National Security Agency now find their way into the hands of rogue states, criminal groups, and terrorist organizations through a thriving gray market. Cartels in Mexico employ powerful Pegasus spyware from Israeli company NSO and other cyber tools to intimidate the cartels’ own personnel as well as journalists and activists. 16

Terrorist groups have employed cyber tactics to conduct or support operations for many years. In 2009, Iranian-backed Shiite militants in Iraq hacked U.S. MQ-1 Predator feeds, gaining the same access U.S. operators had. 17 Starting in 2012, hackers from the Syrian Electronic Army group hacked accounts associated with media companies, using the platforms to promote their preferred narratives of the Syrian civil war and spread disinformation. 18

Perhaps the most consequential hack happened in 2013 when Syrian operatives gained access to the Associated Press Twitter account, from which they tweeted there had been an explosion at the White House. Although quickly debunked, it caused the U.S. stock market to tumble briefly—a real albeit temporary economic effect. In January 2015, ISIS-affiliated hackers briefly took over the U.S. Central Command Twitter account. 19 Although embarrassing, the action’s military value was limited because control was quickly restored, and it did not appear to support the group’s actions in any other domain.

Integrating cyber action as part of a more extensive military campaign is difficult. Following Russia’s 2022 invasion of Ukraine, many experts pointed to Russia’s seeming inability to sequence cyber effects to support or complement actions on the ground or in the air despite supposedly possessing some of the world’s most sophisticated cyber capabilities—and years of practice with them in Ukraine after the 2014 annexation of Crimea. 20

While the scope and scale of Hamas’s cyber integration during its attacks were not as impressive as what an actor such as the U.S. military potentially could achieve, they still bear watching. Notably, Hamas did not need to penetrate secure IDF networks to gather the intelligence required; it went after the larger and softer attack surface of IDF personnel, targeting them in their pockets, where the Israeli cybersecurity establishment was not protecting them. This should serve as a warning: Other groups will increase their cyber capabilities to target militaries’ large, soft cyber underbellies for future operations. 

All kinds of actors across the globe do not distinguish between those actively engaged in conflict and those at home scrolling. Bad actors will target Marines, sailors, and their families as service members deploy abroad, conducting espionage and degrading unit capabilities wherever they are able.

Enhancing Personal Capacity

Line of effort no. 1 in the Department of the Navy’s cyber strategy recognizes that cybersecurity training must be improved. 21 Human error is the number one vector for cyberattacks on an organization, and the Marine Corps and Navy workforces are as big, diverse, and juicy a target (if not more so) as any other organization’s. 

While improvements in the annual DoD Cybersecurity Awareness Challenge over the past several years are welcome, the program still falls short. 22 First, the training needs to build on itself, bringing new skills and awareness each year. Instead, the training is viewed as, at best, a rote chore, or, more commonly, as a nuisance to be clicked through as quickly as possible. It can be hard for many to engage with abstract “What if?” scenarios, even if users are deeply aware of how critical brilliance in the cyber basics ought to be. However, presenting service members with real threats and tactics being used against them would likely result in a much higher level of engagement: “What techniques are Russian groups using against Ukrainians? How did Israeli soldiers get compromised by Hamas-affiliated cyber groups?” It is human nature to be more interested in something that has an obvious potential effect on your life. Making clear the linkage between the concepts currently taught—spearfishing links, VPNs, and so forth—and how adversaries are using them to target U.S. users would improve the connections service members make.

In conjunction with improved training, the Department of the Navy should work closely with the Cybersecurity and Infrastructure Security Agency and commercial providers to generate lists of effective cybersecurity tools available to service members to use on their personal devices and incorporate those tools into training. 23 It is not enough to tell Marines and sailors that images downloaded from dating apps might contain malware if there is no readily available tool they can reach for to protect themselves. These should include VPN services that allow safer connections as they travel abroad for missions and shore leave. The tools come in numerous varieties; however, a poor understanding of their capabilities and limitations can leave service members vulnerable. A simple toolkit and a basic knowledge of when and how to apply it can go a long way toward hardening the cyber security of the force.

Another prospective easy win would be providing antivirus protection. If you were to brief any commanding officer that the majority of his or her troops lacked personal protective equipment (PPE) for their jobs, he or she would be profoundly concerned. Government-furnished devices all come with commercial antivirus software because of their perceived criticality to setting a defensive baseline. A simple but effective improvement would be to have everyone use antivirus on all their devices, personal ones included. Anecdotal evidence, however, suggests that service members’ personal computers and mobile devices do not possess sufficient “cyber PPE.”

The Defense Information Systems Agency offers a “home-use program” in which service members get one free year of McAfee antivirus protection on one device. 24 This is a good start, but many people have multiple devices, and a majority will go without coverage after the first year. Many Marines and sailors know how important this software is, but they may be unwilling or unable to pay the annual fees to maintain the service across personal devices. Antivirus protection should be provided to all service members for free as an element of their issued protective equipment. This would set a new baseline of protection at home and deployed, decreasing the cyber attack surface. It undoubtedly would be costly, taking into account the scale of the Department of the Navy, but leaving such a large vulnerability almost certainly would prove far more costly in the future.

As the Adversary Moves, So Must We

It is impossible to make cyberspace 100 percent safe or expect 100 percent compliance with best practices. Even if every Marine and sailor were to become a fully certified cybersecurity expert, they are still human and will make human mistakes. But mitigating the size and depth of the present security vulnerability is worth substantial investment. Believe the adversaries who are more than happy to exploit the connections in a service member’s pocket for military gain: It is worth the time and resources to improve cybersecurity for the masses. Given the crucial role cyber plays in the information environment, it is critical to protect that space by improving the training given to all service members, providing real tools for them to use to protect themselves, and furnishing some basic cyber PPE.

1. Daniel Byman, Emily Harding, and Michael Leiter, “Hamas’ October 7 Attack: The Tactics, Targets, and Strategy of Terrorists,” Center for Strategic and International Studies, 7 November 2023.

2. MWI Podcast, “Understanding Hamas—From Tactics to Strategy,” West Point Modern War Institute, 14 November 2023.

3. Summary of the 2023 Cyber Strategy of the Department of Defense (Washington, DC: Department of Defense, September 2023); Department of Defense, “DOD Announces Release of 2023 Strategy for Operations in the Information Environment,” 17 November 2023; and Department of the Navy, “The Department of the Navy Releases Inaugural Cyber Strategy,” 21 November 2023.

4. Omer Yoachimik and Jorge Pacheco, “Cyber Attacks in the Israel-Hamas War,” The Cloudflare Blog , 23 October 2023.

5. Colin Demarest and Tzally Greenberg, “‘Hacktivists’ Join the Front Lines in Israel-Hamas War,” C4ISRNet, 31 October 2023. 

6. Blake Darche, Amen Boursalian, and Javier Castro, “Malicious ‘RedAlert—Rocket Alerts Application’ Targets Israeli Phone Calls, SMS, and User Information,” The Cloudflare Blog , 13 October 2023. 

7. Sam Sabin, “Hackers Make Their Mark in Israel-Hamas Conflict,” Axios, 10 October 2023.

8. Simon P. Handler, The Cyber Strategy and Operations of Hamas: Green Flags and Green Hats (Washington, DC: Atlantic Council, November 2022), 12–13.

9. MWI Podcast, “What Was Hamas Thinking?” West Point Modern War Institute, 23 October 2023.

10. Handler, The Cyber Strategy and Operations of Hamas . 

11. “Hamas Using WhatsApp to Hack Israel Soldiers,” Middle East Monitor, July 2019.

12. Michele Groppi and Vasco da Cruz Amador, “Technology and Its Pivotal Role in Hamas’s Successful Attacks on Israel,” Global Network on Extremism and Technology , 20 October 2023.

13. Judah Ari Gross, “IDF Says It Thwarted a Hamas Cyber Attack during Weekend Battle,” Times of Israel , 5 May 2019; and Israel Defence Force, twitter.com/IDF/status/1125066395010699264 , 5 May 2019.

14. Eviatar Matania and Lior Yoffe, “Some Things the Giant Could Learn from the Small: Unlearned Cyber Lessons for the U.S. from Israel,” Cyber Defense Review , Winter 2022.

15. A “zero-day” exploit is a computer vulnerability that is unknown to security researchers or computer companies, meaning they have had zero days of notification to fix the issue.

16. Cecile Schilis-Gallego and Nina Lakhani, “‘It’s a Free-for-All’: How Hi-Tech Spyware Ends Up in the Hands of Mexico’s Cartels,” The Guardian, 7 December 2020; and Alan Feuer and Emily Palmer, “An I.T. Guy’s Testimony Leads to a Week of Cyber Spy Intrigue in El Chapo Trial,” The New York Times , 13 January 2019.

17. Mike Mount and Elaine Quijano, “Iraqi Insurgents Hacked Predator Drone Feeds, U.S. Official Indicates,” CNN, 17 December 2009.

18. J. Dana Stuster, “Syrian Electronic Army Takes Credit for Hacking AP Twitter Account,” Foreign Policy , 23 April 2013.

19. David C. Gompert and Martin C. Libicki, “Decoding the Breach: The Truth About the CentCom Hack,” RAND Corporation, 3 February 2015.

20. Gavin Wilde, “Cyber Operations in Ukraine: Russia’s Unmet Expectations,” Cyber Conflict in the Russian-Ukraine War (Washington, DC: Carnegie Endowment for International Peace, December 2022). 

21. 2023 Cyber Strategy (Washington, DC: Department of the Navy, November 2023), 5-6. 

22. Department of Defense, “ Cyber Awareness Challenge 2024. ” 

23. CISA has a list of free cybersecurity tools online, ranging from basic to advanced. However, these tools are not well advertised and training on how to employ them is lacking. See www.cisa.gov .

24. Defense Information Systems Agency, “ Antivirus Home Use Program (AV HUP). ”

Major W. Stone Holden, U.S. Marine Corps

Major Holden is assigned to Marine Air Group 29, helping to ensure rotary-wing support to Marine air-ground task forces. He previously served at U.S. Southern Command, working in security cooperation and collection management billets as well as managing a variety of projects that implemented cutting-edge technological solutions to address a range of threats.

Related Articles

Defensive Cyber Warfare Lessons from Inside Ukraine

Preparing the U.S. Cyber Force for Extended Conflict

The Changing Character of Cyber Warfare

View the discussion thread.

Receive the Newsletter

Sign up to get updates about new releases and event invitations.

You've read 1 out of 5 free articles of Proceedings this month.

Non-members can read five free Proceedings articles per month. Join now and never hit a limit.

Review Essay 17 on Cyber War Will Not Take Place 8 min read

W ith Cyber War Will Not Take Place , Thomas Rid has written an important volume at a critical juncture of the cyber-conflict debate. In a rush to articulate a new threat after the end of the Cold War, the demise of regional powers in the Middle East and North Africa (such as Syria, Iraq, and Libya, making Israel more secure), and the near total rejection of the Global War on Terror, the next threat to materialize appears to be cyber war. This is the impression one might get if engaging the current security discourse. Both the United Nations and United States have argued that the threat of cyber warfare is greater than the danger of terrorism, a striking reversal barely ten years after 9/11. Yet, as Rid notes (along with others in this developing literature), the threat of cyber warfare often is overstated and near nonexistent. [1] Building on an article in Journal of Strategic Studies (2012) , Rid argues, very forcibly, that cyber war will not take place. [2]

H- Diplo | ISSF Review Essay (No. 17)

H-diplo/issf editors: james mcallister and diane labrosse h-diplo/issf web and production editor: george fujii commissioned for h-diplo/issf by james mcallister, thomas rid. cyber war will not take place . london: hurst & company, 2013. isbn: 9781849042802 (paperback, £14.99)., reviewed by brandon valeriano , university of glasgow published by h-diplo/issf on 10 october 2013 pdf- https://issforum.org/issf/pdf/re17.pdf.

His argument is based on logic and a careful engagement of what the term ‘war’ really means. Defining terms is important in this exercise. He defines war in the manner of Carl von Clausewitz and posits that it is an act of force and violence used in order to obtain a political objective. Since cyber war does not include violence or force in its conduct, it is tough to argue that cyber war will take place because the tactic rarely can breach the gap between violations of information and data, on one hand, and physical harm, on the other. Of course, one can make the argument that this breach can happen. The influential Tallinn Manual that evaluates customary international legal standards as they apply to cyber technologies points out that a pacemaker can be a target of hackers and even suggests this could be a legal step taken by a state. [3] At the recent Black Hat 2013 conference, it was demonstrated that smart cars can be taken over remotely, the same fear was put forth for the 787 Dreamliner plane when software flaws were pointed out. [4] Yet, these dangers are hypothetical; to make the leap from the hypothetical to the actual is perhaps disingenuous or, as some might argue, dangerous.

Overall, Rid’s argument is nuanced. When Rid asserts that cyber war will not take place, he is speaking of something very specific – warfare in conventional terms. “Most cyber attacks are not violent and cannot sensibly be understood as a form of violent action” (12). Of course there will be cyber battles, but it is not at all clear that cyber security will dominate the international affairs landscape in the future. Rid notes that the cyber attacks that have happened in the past (specifically in Estonia and Georgia) have been very minor in terms of their impact. The rush to push the threat to the top of the security agenda in some ways makes the issue a self-fulfilling prophecy in that if the threat is overstated, then states will overreact to the fear and build their own cyber armies. This would then provoke the security dilemma and push the other side to react. Because of this process, a careful evaluation of the cyber threat is critical at this juncture.

Another important aspect of the book is its coverage of cyber weapons. By defining cyber weapons on a spectrum, Rid is able to carefully classify each tactic according to its actual usage and practices. A potential limitation of this discussion is that it is not detailed enough. There is room here, and a need, to educate non-cyber practitioners about the details of cyber actions.

The rest of the book covers many important issues in the cyber debate. Rid notes that the oft-stated attribution problem is a political, not a technical, problem. This is an important insight that many in the cyber community seem to miss. He also discusses the actual content of cyber attacks which are generally espionage or sabotage activities. Understanding the tactic in this manner pushes us away from frames of warfare and towards applications of defense and internal resiliency. Since governments have dealt with espionage and sabotage as long as humans have organized as collective enemies, why should cyber tactics be treated as something new when they are the continuation of age-old practices?

The main flaw of the book is simply that Rid does not take his argument beyond the context of war to examine the nature of cyber conflict in general. In the preface to the book he sets this question up by suggesting that cyber attacks are making conflicts less violent. This is an interesting and important hypothesis that needs more engagement. To be fair, this request does not reflect Rid’s goal and perhaps goes beyond the bounds of this book. He has also addressed this question in other places – see his recent article in Foreign Policy entitled Cyber Sabotage is Easy where he engages the issue of a lack of sabotage operations. [5] In this volume he could have gone further, but here he sticks to a cohesive argument, develops it, and executes in a well written and easy to grasp style. In this context, Cyber War Will Not Happen is a foundational text in the cyber security field.

Rid’s volume is an important piece of evidence in the cyber-conflict debate. Any responsible scholar should use this volume to counter the divergent perspective contained in the Clarke and Knake volume Cyber War , perhaps the most widely read tome in the field. [6] We are witnessing the development of a new strain of security research. This developing area differs different from past tactics that have been engaged in the security discourse such as nuclear warfare, terrorism, and counterinsurgency in that skepticism seems early on to have developed from the academic perspective. Rid’s volume advances this perspective through a careful engagement of the term and the limitations of the practice of cyber war. Perhaps this is a positive development. Possibly we have learned our lessons from past failures to fully explore the implications and contexts of the security discourse before rushing to action in the policy sphere. There are many threats to society, and to meet them effectively we must fully dissect and engage those that would seek to articulate emerging threats on the landscape without challenge. In a rush to push the cyber threat, we might be missing more critical issues such as the consolidation of Arab Spring democracies (Egypt), mass-migration in the context of ongoing conflicts (Syria), and energy security (the post-Soviet States). It is likely that the cyber threat is overstated; Rid’s volume is the first shot fired against those would seek to make cyberspace the realm of conflict.

Brandon Valeriano (Ph.D. Vanderbilt University, 2003) is a Senior Lecturer at the University of Glasgow in the Department of Politics and Global Security. Dr. Valeriano’s main research interests include investigations of the causes of conflict and peace as well as the study race/ethnicity from the international perspective. Ongoing research explores interstate rivalry, classification systems of war, arms buildups, cyber conflict, popular culture and foreign policy, and Latino foreign policy issues.  Dr. Valeriano has published over two dozen articles and book chapters in such outlets as the Journal of Politics , International Studies Quarterly, International Interactions, Third World Quarterly, and Policy Studies Journal .  He recently published a book on the origins of rivalry ( Becoming Rivals , Routledge 2012) and a book on China, Tibet, and Hollywood (Palgrave, 2012).  He is currently wrapping up production on two more books (one that empirically examines cyber conflict) and preparing a book length exploration of Latino International Politics.

© Copyright 2013-2015 The Authors. This work is licensed under a  Creative Commons Attribution-NonCommercial-NoDerivs 3.0 United States License .

[1] Others working from the skeptical or logical standpoint include: Erik Gartzke, “The Myth of Cyberwar: Bringing War on the Internet Back Down to Earth,” forthcoming, International Security, 2013; Clement, Guitton, “Cyber insecurity as a national threat: overreaction from Germany, France, and the UK?” European Security , 2013, 22 (1): 21-35; Brandon Valeriano and Ryan C. Maness, “The Fog of Cyberwar: Why the Threat Doesn’t Live Up to the Hype.” Foreign Affairs, November 2012. http://www.foreignaffairs.com/articles/138443/brandon-valeriano-and-ryan-maness/the-fog-of-cyberwar?page=show# .

[2] Thomas Rid, “Cyber War Will Not Take Place” Journal of Strategic Studies 2012, 35(1): 5-32.

[3] Michael Schmitt, “The Tallinn Manual on the International Law Applicable to Cyber Warfare.” NATO Cooperative Cyber Defence Center for Excellence. New York and London: Cambridge University Press, 2013.

[4] Black Hat 2013, http://securitywatch.pcmag.com/security/314164-black-hat-2013-hacking-home-security-systems-cars-nsa .

[5] Thomas Rid, (2013) “Cyber-Sabotage is Easy.” Foreign Policy , http://www.foreignpolicy.com/articles/2013/07/23/cyber_sabotage_is_easy_i_know_i_did_it

[6] Richard A. Clarke and Robert K. Knake. Cyber War: The Next Threat to National Security and What to Do About It. New York: Harper Collins, 2010.

Share this:

Privacy overview.

Cyber Warfare Essays

Cyber-induced political mayhem, the global misinformation battlefield, popular essay topics.

• American Dream
• Artificial Intelligence
• Black Lives Matter
• Bullying Essay
• Career Goals Essay
• Causes of the Civil War
• Child Abusing
• Civil Rights Movement
• Community Service
• Cultural Identity
• Cyber Bullying
• Death Penalty
• Depression Essay
• Domestic Violence
• Freedom of Speech
• Global Warming
• Gun Control
• Human Trafficking
• I Believe Essay
• Immigration
• Importance of Education
• Israel and Palestine Conflict
• Leadership Essay
• Legalizing Marijuanas
• Mental Health
• National Honor Society
• Police Brutality
• Pollution Essay
• Racism Essay
• Romeo and Juliet
• Same Sex Marriages
• Social Media
• The Great Gatsby
• The Yellow Wallpaper
• Time Management
• To Kill a Mockingbird
• Violent Video Games
• What Makes You Unique
• Why I Want to Be a Nurse
• Send us an e-mail

The cyber war against Israel has escalated: How much is it costing us?

The ceo of the national cyber defense authority, gabi portnoy, spoke with maariv and referred to the war on the technological front: "the amount of cyber attacks since october 7 has tripled".

What is the current state of the cyber field in Israel?

How did the war affect the cyber field?

How are iran's cyber capabilities manifested, what is the solution.

An official website of the United States government

Here's how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

• The Attorney General
• Organizational Chart
• Budget & Performance
• Privacy Program
• Press Releases
• Photo Galleries
• Guidance Documents
• Publications
• Information for Victims in Large Cases
• Justice Manual
• Business and Contracts
• Why Justice ?
• DOJ Vacancies
• Legal Careers at DOJ
• Our Offices

Archived Press Releases

Archived News

Para Notícias en Español

Related Content

The former president of Honduras, Juan Orlando Hernández, 55, also known as JOH, was sentenced today to 540 months in prison and 60 months of supervised release for cocaine importation...

A federal jury in Greensboro, North Carolina, convicted a Florida man today for his lead role in an international conspiracy to break into U.S. citizens’ homes, violently kidnap and assault...

Julian P. Assange, 52, the founder of WikiLeaks, pleaded guilty today to conspiring with Chelsea Manning, at that time a U.S. Army intelligence analyst, to unlawfully obtain and disclose classified...