Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state. In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or nation-states, especially for strategic or military purposes and cyberespionage.
- viruses, computer worms and malware that can take down water supplies, transportation systems, power grids, critical infrastructure and military systems;
- denial-of-service (DoS) attacks, cybersecurity events that occur when attackers take action that prevents legitimate users from accessing targeted computer systems, devices or other network resources;
- hacking and theft of critical data from institutions, governments and businesses; and
- ransomware that holds computer systems hostage until the victims pay ransom.
Objectives of cyberwarfare
According to Cybersecurity and Infrastructure Security Agency (CISA), the goal of those engaged in cyberwarfare is to “weaken, disrupt or destroy the US.” To achieve their goals, “national cyber warfare programs are unique in posing a threat along the entire spectrum of objectives that might harm US interests,” says CISA.
Increasingly, cybercriminals are attacking governments through their critical infrastructure, including transportation systems, banking systems, power grids, water supplies, dams, hospitals and critical manufacturing.
The threat of cyberwarfare attacks grows as a nation's critical systems are increasingly connected to the internet. Even if these systems can be properly secured, they can still be hacked by perpetrators recruited by nation-states to find weaknesses and exploit them.
APT attacks on infrastructure can devastate a country. For example, attacks on a nation's utility systems can wreak havoc by causing widespread power outages, but an attacker with access to hydropower grids could also conceivably cause flooding by opening dams.
Cyberattacks on a government's computer systems can be used to support conventional warfare efforts. Such attacks can prevent government officials from communicating with one another; enable attackers to steal secret communications; or release employee and citizen personal data, such as Social Security numbers and tax information, to the public.
Nation-state-sponsored or military-sponsored attackers might also hack the military databases of their enemies to get information on troop locations, as well as what kind of weapons and equipment they're using.
DoS attacks, which continue to increase around the world, are expected to be leveraged for waging cyberwarfare. Attackers are using distributed denial of service (DDoS) attack methods to hit government entities with massive sustained bandwidth attacks, and at the same time infecting them with spyware and malware to steal or destroy data. These attacks may inject misinformation into the networks of their targets to create chaos, outages or scandals.
What does cyberwarfare look like?
Just like normal warfare which can range from limited skirmishes to full-on battles, the impact of cyberwarfare will vary by target and severity. In many cases the computer systems are not the final target -- they are being targeted because of their role in managing real-world infrastructure like airports or power grids. Knock out the computers and you can shut down the airport or the power station as a result.
Why are governments investing in cyber warfare right now?
Governments are increasingly aware that modern societies are so reliant on computer systems to run everything from financial services to transport networks that using hackers armed with viruses or other tools to shut down those systems could be just as effective and damaging as traditional military a campaign using troops armed with guns and missiles.
Unlike traditional military attacks, a cyberattack can be launched instantaneously from any distance, with little obvious evidence of any build-up, unlike a traditional military operation. Such as attack would be extremely hard to trace back with any certainty to its perpetrators, making retaliation harder.
What is -- and what is not -- cyber warfare?
Whether an attack should be considered as an act of cyber warfare depends on a number of factors. These include the identity of the attacker, what they are doing, how they do it -- and how much damage they inflict.
Like other forms of warfare, cyberwarfare in its purest sense is usually defined as a conflict between states, not individuals. To qualify the attacks really should be of significant scale and severity.
- Inside the secret digital arms race: Facing the threat of a global cyberwar
- Governments and nation states are now officially training for cyberwarfare: An inside look
If cyberwar is best understood as serious conflict between nations, that excludes a lot of the attacks that are regularly and incorrectly described as cyberwarfare.
Attacks by individual hackers, or even groups of hackers, would not usually be considered to be cyber warfare, unless they are being aided and directed by a state. Still, in the murky world of cyber warfare there are plenty of blurred lines: states providing support to hackers in order to create plausible deniability for their own actions is, however, a dangerously common trend.
Cyberwarfare and the use of force
Why the who, what and how of cyberwarfare matters is because how these factors combine will help determine what kind of response a country can make to a cyberattack.
There is one key formal definition of cyberwarfare, which is a digital attack that is so serious it can be seen as the equivalent of a physical attack.
To reach this threshold, an attack on computer systems would have to lead to significant destruction or disruption, even loss of life. This is the significant threshold because under international law, countries are allowed to use force to defend themselves against an armed attack.
It follows then that, if a country were hit by a cyberattack of significant scale, the government is within its rights to strike back using the force of their standard military arsenal: to respond to hacking with missile strikes perhaps.
So far this has never happened -- indeed it's not entirely clear if any attack has ever reached that threshold. Even if such an attack occurred it wouldn't be assumed that the victim would necessarily strike back in such a way, but international law would not stand in the way of such a response.
That doesn't mean attacks that fail to reach that level are irrelevant or should be ignored: it just means that the country under attack can't justify resorting to military force to defend itself. There are plenty of other ways of responding to a cyberattack, from sanctions and expelling diplomats, to responding in kind, although calibrating the right response to an attack is often hard (see cyber deterrence, below).
- In the grey area between espionage and cyberwar
- Russia 'front of the queue' when it comes to hacking, says security minister
What is the Tallinn Manual?
One reason that the legal status of cyberwarfare has been blurred is that there is no international law that refers to cyberwar, because it is such a new concept. But this doesn't mean that cyberwarfare isn't covered by law, it's just that the relevant law is piecemeal, scattered, and often open to interpretation.
This lack of legal framework has resulted in a grey area that some states are very willing to exploit, using the opportunity to test out cyberwar techniques in the knowledge that other states are uncertain about how they could react under international law.
More recently that grey area has begun to shrink. A group of law scholars has spent years working to explain how international law can be applied to digital warfare. This work has formed the basis of the Tallinn Manual, a textbook prepared by the group and backed by the NATO-affiliated Cooperative Cyber Defence Centre of Excellence (CCDCoE) based in the Estonian capital of Tallinn, from which the manual takes its name.
The first version of the manual looked at the rare but most serious cyberattacks, the ones at the level of the use of force; the second edition released tried to build a legal framework around cyberattacks that do not reach the threshold of the use of force.
Aimed at legal advisers to governments, military, and intelligence agencies, the Tallinn Manual sets out when an attack is a violation of international law in cyberspace, and when and how states can respond to such assaults.
The manual consists of a set of guidelines -- 154 rules -- which set out how the lawyers think international law can be applied to cyber warfare, covering everything from the use of cyber mercenaries to the targeting of medical units' computer systems.
Please like, Share and Comments
Please like, Share and Comments