Cyberwarfare: Overview
Cyberwarfare refers to the organized acts by one state or non-state actor to attack the computer systems of another country, often with the intent to access sensitive information or disrupt critical infrastructure. As nations increasingly rely on digital systems for essential services like military operations, telecommunications, and power supply, the threat of cyberwarfare has garnered notable attention from governments and security experts. The evolution of technology has led to a significant rise in cybercrime, which can escalate to cyberwarfare when state-sponsored and aimed at another nation’s assets. Controversy surrounds the definitions of cyberwarfare, as some experts argue it should be tightly linked to traditional warfare, while others point out overlaps with cyberespionage and cyberterrorism.
Historical incidents, such as the 2007 cyberattack on Estonia and subsequent attacks during conflicts involving Russia, exemplify the complexities and impacts of cyberwarfare. The increasing sophistication of attacks, highlighted by significant breaches of U.S. military and government systems, emphasizes the ongoing debate over defensive versus offensive strategies in cybersecurity. The classification of certain cyber activities as acts of war continues to provoke discussion, particularly in light of recent events such as election interference and international conflicts where cyber operations play a crucial role. As technological advancements continue to shape the landscape of conflict, the implications of cyberwarfare will remain a significant concern for global security.
Cyberwarfare: Overview
Introduction
Cyberwarfare is generally understood as the act of one state (or, sometimes, an organized non-state actor) attacking the computer systems of another nation. For as long as people have been using computer systems, their opponents have been attacking those systems to try to gain access to sensitive data or cause disruption. While institutions have suffered billions of dollars in economic loss due to various forms of computer crime, an increasing concern for government is the threat to life and limb posed by vulnerabilities in the computer systems controlling basic national assets, from military information to transportation networks, telecommunications, and the power grid.
With the increasing reliance of both public and private infrastructure in the United States on computer systems, the threat of cyberwarfare has received significant attention in the US government and press. This attention generally increases whenever a particularly severe cybersecurity breach is made public. Most experts agree that cyberwarfare poses a serious threat to both public and private interests, and suggest that more resources should be devoted to improving system security. However, there is also much debate over the best ways to address the threat in general, including whether defensive or offensive strategies should be emphasized. This debate is heightened by the fact that the definition and interpretation of the term "cyberwarfare" itself has been subject to controversy. Some experts argue that the term should only be used in close association with traditional warfare, while others recognize complex overlap with cyberespionage, cyberterrorism, cybercrime, and other related concepts.
Understanding the Discussion
Antivirus software: Software designed to scan a computer system, identify potential computer viruses and other malware, and remove those programs from the computer.
Computer virus: A generic term for a malicious and self-replicating program placed on a computer without the user’s knowledge or consent.
Cyberspace: The concept of a virtual space created by the internet, where all online activity takes place. The relationship between a user's activity in cyberspace and their real-world physical location is subject to much debate, especially in terms of legal implications. This in turn contributes to controversy in defining and identifying cyberwarfare.
Cyberwarfare: Typically, organized attempts by one country to compromise the computer networks of another, especially with the goal of disrupting basic systems such as the military, telecommunications, transportation, or finance. Under some definitions, such attacks can also be carried out by organized, militant non-state actors. However, other experts contest the validity of the term "cyberwarfare," arguing that most activity classified as such is too different from the definition of "warfare."
Denial-of-service (DoS) attack: An attack on a computer system, usually a website, intended to render it unusable.
Dual-use technologies: Items or systems that have civilian applications but can also be used for military purposes, and therefore often present particular regulatory and security challenges. In the context of cyberwarfare, the internet and many other associated technologies can be considered dual-use.
Hacker: A member of a computer programming subculture focused on understanding the intricate details of computer systems and networks using unconventional methods. Hackers sometimes use their skills for illicit purposes, such as gaining access to secure networks and stealing information.
History
Ever since computers have been able to communicate with one another, people have been finding ways to subvert this connectivity. Computer viruses, self-reproducing programs that spread from computer to computer and disrupt their operations to varying degrees, predate the existence of the internet and are perhaps the most common computer security threat. Other forms of computer crime (or cybercrime) can include hacking, or circumventing computer security measures, either for fun or to steal information, such as financial data or government secrets. Computer networks can also simply be prevented from operating effectively, as in a denial-of-service (DoS) attack, in which a network is flooded with so many bits of information that it either slows down or crashes completely. Cybercrime grew rapidly in both frequency and sophistication alongside technological advances in the early twenty-first century, especially the proliferation of the internet and mobile devices.
Activity usually considered cybercrime is generally understood to become cyberwarfare when it is sponsored by a state government and directed against the assets of another state. Some experts also broaden the definition of cyberwarfare to include activities by highly organized non-state actors, such as international terrorist groups. In common usage, cyberwarfare can involve espionage, as when government computer systems are infiltrated to steal military or other secrets, or it can involve an attempt to disrupt the flow of information or the operation of computer systems. However, some commentators dispute these interpretations, arguing that just as terrorism and espionage are distinct from traditional warfare, cyberterrorism and cyberespionage should be considered distinct from cyberwarfare.
Regardless of controversy over definitions, the popular conception of cyberwarfare steadily gained attention in the twenty-first century. An international incident widely considered an example of cyberwarfare took place in 2007, when the internet infrastructure of Estonia was brought to a near standstill—including the temporary shutdown of government, banking, and media websites—by a DoS attack believed to have been orchestrated by the Russian government. The attack took place during a heated disagreement between Russia and Estonia over the relocation of a World War II–era Soviet war memorial in Estonia. The following year, during the armed conflict between Russia and Georgia over South Ossetia, similar DoS attacks of allegedly Russian origin were reported.
Many other countries, including the United States, were targeted by less high-profile cyberattacks that some experts suggested could be classified as cyberwarfare. By most accounts, the threat grew exponentially through the 2000s. In 2006, the Pentagon reported around 6 million attempts to break into its computer systems. By 2008, that number had increased to 360 million. While it is not clear how serious all those efforts were, whether they were all state-sponsored, or how many were successful, several later confirmed security breaches of classified US military data drove increasing public scrutiny of the issue.
For example, in 2009, intruders gained access to information about the US military’s $300 billion Joint Strike Fighter aircraft project. It was later learned that the perpetrators—believed to be Chinese—hacked into the computers of the contractors who were working on the aircraft designs. Also in 2009, there were reports that hackers had broken into the US Air Force’s air traffic control system to gain secret information about the location of US fighter jets. While it is not clear that anything was done with this information, the report again left government officials and the general public feeling uneasy with the level of cybersecurity in place for such sensitive systems. It was again believed that these attacks originated in China, but many cybersecurity experts noted that it can be very difficult to determine exactly where a cyberattack originates because of the "borderless" nature of cyberspace and the relative ease of disguising one’s true location. This difficulty also contributed to ongoing debate over whether such incidents should truly be characterized as cyberwarfare or are better seen as espionage—especially since the US and China were not at war and the security breaches did not lead to a declaration of war.
Along with controversy over terminology, some observers suggested the idea of cyberwarfare was being inappropriately sensationalized. Computer security had grown into a multibillion-dollar industry, and many contractors in the information technology field stood to make huge amounts of money from government and corporate spending on defense of their data and file infrastructure. While experts agreed that cyberattacks represented a very real and growing problem, some expressed concerned that companies who stand to profit from fearmongering could be exaggerating the threat of an all-out cyberwar. Others drew parallels to the Cold War, when the United States and the Soviet Union were involved in an expensive arms race, as each country tried to prepare itself for the attack it believed the other could launch. Skeptics then saw a shady connection between public fears and company profits.
Despite such skepticism, the concept of cyberwarfare continued to gain influence, both in the public imagination and in government policy. US cyberwarfare doctrine evolved rapidly along with the issue itself. Often, this raised issues surrounding government transparency, interagency cooperation, and international law—especially regarding the offensive component of cyberwarfare. In 2008, for example, US military officials determined that a website set up by the CIA and the government of Saudi Arabia to entrap terrorists was, in fact, posing a threat to US troops in the region. Despite the objections of the CIA and the Saudis, the Department of Defense launched a cyberattack that disabled the website, which it said was helping rather than hindering terrorist activity. The attack disrupted servers in Saudi Arabia, Germany, and Texas, illustrating yet another common issue in cyberwarfare: the difficulty of restricting the damage of an attack to the intended target.
In 2009, the United States Cyber Command (USCYBERCOM) was established, with the mission of protecting US military computer networks and disrupting enemy actions in cyberspace. It became fully operational in May 2010 and worked to refine US cyberwarfare doctrine and policy. Cyber Command was exclusively tasked with military operations, while the defense of US civilian information infrastructure remained the job of the Department of Homeland Security (DHS). In 2008, DHS established the National Cybersecurity Center, charged with protecting US government communication and information networks. Also under DHS was the slightly broader National Cyber Security Division.
While there continued to be much focus on protecting the US from cyberwarfare, in the 2010s there was also increasing discussion of US government involvement in cyberattacks. For example, the highly advanced Stuxnet computer worm that disrupted Iran's nuclear program in 2010 was widely suspected to have been developed at least in part by US authorities. In 2013, the leaks from whistleblower Edward Snowden revealed extensive cyberespionage operations by US government organizations, including the CIA and National Security Agency (NSA), which many observers suggested could be characterized as cyberwarfare. These offensive operations generated considerable ethical and legal controversy, while also furthering debate over the definition of "cyberwarfare" and its connection to traditional warfare. Meanwhile, the administration of US president Barack Obama released its International Strategy for Cyberspace in 2011, in which it stated that cyberattacks against the US could be met with any response deemed necessary, including military action as a last resort.
Various cyberattacks against the US continued to make headlines through the 2010s, and prominent examples believed to be linked to foreign intelligence services kept cyberwarfare in the public eye. For example, the 2014 hack of the Sony Pictures film studio was speculated to have been supported by North Korea, although the country denied any involvement. Other American companies that faced massive data breaches included Paypal and Twitter. The US government was also directly targeted, notably including a 2015 hack of the US Office of Personnel Management (OPM) that compromised over 21 million personal records. While some experts continued to question whether such incidents should be described as cyberwarfare, most agreed that cyberattacks posed a unique, major threat with consequences that increasingly blurred the lines between the military and civilian sectors.
Cyberwarfare Today
National cybersecurity once again made headlines in 2016, when the US intelligence community found that the Russian government used various methods to interfere in the 2016 US presidential election campaign, favoring Republican candidate Donald Trump and damaging Democratic candidate Hillary Clinton. The complex nature of the interference operation meant it was essentially impossible to quantify its actual impact on voting, but Trump's eventual narrow victory further stoked outrage among many Americans. Although Trump and some other Republicans downplayed or even denied the interference, tensions between the US and Russia escalated sharply as more evidence emerged in late 2016 and early 2017. Before leaving office, President Obama initiated new sanctions against Russia in direct response to reports of election tampering.
Russia remained a key focus of American concerns over cyberwarfare over the following years. In February 2018, a federal grand jury indicted the Russian government's propaganda organization, the Internet Research Agency, two other firms, and more than a dozen Russians on charges of election tampering. That same month, the US and the United Kingdom blamed Russia for the so-called NotPetya malware attack, which disrupted systems around the world in 2017 but was considered especially targeted against Ukraine.
The US also continued to develop its own offensive cyberwarfare capabilities, although the secretive nature of such work meant few details were officially made public. In 2018, the Trump administration reversed Obama-era guidelines on conducting cyberattacks, a move seen as intended to increase military response capability and also potentially deter opponents. In mid-2019, the US Cyber Command reportedly infiltrated Russian electrical utilities and implanted potentially disruptive malware. It was believed that the US also conducted cyberattacks against an Iranian intelligence organization that US officials suspected was responsible for planning attacks against US oil tankers.
In December 2020 it was first publicly reported that hackers had breached multiple US government systems, in some cases gaining access for months. The incident was initially known as the SolarWinds hack, after one of the software companies whose systems were exploited in the attacks, but it was later found that the scope of the breaches was much larger and involved multiple exploitations. US government officials and independent experts surmised that the cyberattackers were backed by Russian authorities (although Trump publicly suggested China may have been responsible instead). The incident was one of the largest known examples of cyberespionage, and several US politicians and media outlets characterized it as an act of war. After taking office in 2021, the administration of President Joe Biden pledged to continue investigating the breach and respond accordingly, and that April further sanctions were instituted against Russia. However, the incident once again raised debate over the distinction between cyberwarfare and other cyber activities, as well as the appropriate response.
That debate continued to play into US discourse over cyberwarfare in the 2020s. Some contend that an offensive strategy could be an effective deterrent to would-be attackers and a useful tool for pursuing foreign-policy objectives, while others argue for a defensive strategy that seeks to protect the nation's infrastructure first and foremost. Meanwhile, several conflicts around the world demonstrated the importance of cyber operations in real combat situations. The 2022 Russian invasion of Ukraine brought new attention to Russia's longstanding cyberattacks and influence campaigns against other countries, while both Russian and Ukrainian forces made heavy use of cyberwarfare. The Israel-Hamas war that broke out in October 2023 also drew attention to cyberattacks, including the growing impact of artificial intelligence (AI) in such efforts.
These essays and any opinions, information, or representations contained therein are the creation of the particular author and do not necessarily reflect the opinion of EBSCO Information Services.
Bibliography
Barnes, Julian E. and Thomas Gibbons-Neff. "US Carried Out Cyberattacks on Iran." The New York Times, 22 June 2019, www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html. Accessed 22 Feb. 2021.
Bateman, Jon, et al. "What the Russian Invasion Reveals About the Future of Cyber Warfare." Carnegie Endowment for International Peace, 19 Dec. 2022, carnegieendowment.org/2022/12/19/what-russian-invasion-reveals-about-future-of-cyber-warfare-pub-88667. Accessed 2 May. 2024.
Bing, Christopher. "REFILE-EXCLUSIVE-US Treasury Breached by Hackers Backed by Foreign Government—Sources." Reuters, 13 Dec. 2020, www.reuters.com/article/usa-cyber-treasury-idUSL1N2IT0I8. Accessed 22 Feb. 2021.
Clarke, Richard A. and Robert K. Knake. Cyber War: The Next Threat to National Security and What to Do About It. New York: HarperCollins, 2010. Print.
Cournoyer, Caroline. "US Sanctions Russians for Cyberattacks on Power Grid and Election Meddling." Governing, 16 Mar. 2018, www.governing.com/archive/tns-russia-water-electric-energy-grid-cyber.html. Accessed 22 Feb. 2021.
Danks, David, and Joseph H. Danks. "The Moral Permissibility of Automated Responses during Cyberwarfare." Journ. of Military Ethics 12.1 (2013): 18–33. Print.
Fung, Brian. "Biden Administration Says Investigation into SolarWinds Hack Is Likely to Take 'Several Months.'" CNN Politics, 17 Feb. 2021, www.cnn.com/2021/02/17/politics/solarwinds-hack-investigation/index.html.
Gorman, Siobhan, August Cole, and Yochi Dreazen. "Computer Spies Breach Fighter-Jet Project." Wall Street Journal Dow Jones, 21 Apr. 2009. Web. 6 Nov 2015. http://online.wsj.com/article/SB124027491029837401.html.
James, Randy. "A Brief History of Cybercrime." Time. Time, 1 June 2009. Web. 6 Nov. 2015. http://www.time.com/time/nation/article/0,8599,1902073,00.html.
Liff, Adam P. "Cyberwar: A New ‘Absolute Weapons’? The Proliferation of Cyberwarfare Capabilities and Interstate War." Jour. of Strategic Studies 35.3 (2012): 401–28. Print.
Miller, Steven E. "Cyber Thrats, Nuclear Analogies? Divergent Trajectories in Adapting to New Dual-Use Technologies." Carnegie Endowment for International Peace, 16 Oct. 2017, carnegieendowment.org/2017/10/16/cyber-threats-nuclear-analogies-divergent-trajectories-in-adapting-to-new-dual-use-technologies-pub-73413. Accessed 2 May. 2024.
Morozov, Evgeny. "Battling the Cyber Warmongers." Wall Street Journal Dow Jones, 8 May 2010. Web. 6 Nov 2015. http://online.wsj.com/article/SB10001424052748704370704575228653351323986.html.
Nakashima, Ellen. "Dismantling of Saudi-CIA Web Site Illustrates Need for Clearer Cyberwar Policies. Washington Post. Washington Post, 19 Mar. 2010. Web. 6 Nov. 2015. http://www.washingtonpost.com/wp-dyn/content/article/2010/03/18/AR2010031805464%5Fpf.html.
Schmidt, Eric, and Jared Cohen. "Cyberwars: We Must Prepare Ourselves for the Wars of the Future." Time, 26 Dec. 2016, p. 25 Academic Search Ultimate. http://search.ebscohost.com/login.aspx?direct=true&db=asn&AN=120303830&site=ehost-live&scope=site. Accessed 5 Jan. 2017.
"Significant Cyber Incidents." Center for Strategic & International Studies, www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents. Accessed 2 May. 2024.
Volz, Dustin. "Trump, Seeking to Relax Rules on US Cyberattacks, Reverses Obama Directive." The Wall Street Journal, 15 Aug. 2018, www.wsj.com/articles/trump-seeking-to-relax-rules-on-u-s-cyberattacks-reverses-obama-directive-1534378721. Accessed 2 May. 2024.