Cyberwar – typically called cyber warfare – is using cyber attacks against an enemy. Most often, the term is used to describe one country or ideological group attacking another country or group in a large-scale, targeted attack. The goal can vary – from simple information gathering to disrupting vital computer systems, causing chaos, and more.
Cyber warfare is used as sabotage, espionage, propaganda, and even economic warfare. There are countless different ways cyber warfare can be used to harm the victim of the attacks. This type of attack isn’t uncommon either – almost all of the major powers of the modern world have (or still are) engaged in it. The US, UK, Russia, China, Iran, Israel, and North Korea are among the countries utilizing cyber warfare as a strategy.
In each case, the strategies and goals of the attacks are different. Attacks against China, for example, often focus on counter-propaganda, while those against Russia frequently aim to disrupt vital services and information flow. The countries mentioned above have active units of experts in the field dealing with offensive and defensive operations.
Tip: Despite the name cyber war, cyber warfare isn’t generally considered a ‘real’ act of war. It can cause real damage, and people can and have died because of it. The concept is usually viewed somewhat ambiguously by experts and not considered ‘proper’ warfare. This is mainly because attacks tend to be highly targeted and small in scale compared to a conventional kinetic war. They also don’t usually last as long nor take up as many resources.
The Threat Actors
To engage in cyber warfare, cybersecurity experts are needed. Different types of cyber attacks require different kinds of experts and knowledge to be executed – and naturally, both sides of any cyber conflict will constantly work to try and stay ahead of each other. While major nations employ such experts in an official capacity, cyber warfare isn’t necessarily simply a matter of employment. Cyber attacks by skilled cyber criminals can be just as devastating and triumphant. Sometimes, those attacks are made for ideological reasons, such as domestic, international, or environmental terrorism – but also often with more straightforward goals, such as theft and personal gain.
A large part of (at least successful) cyber warfare is disinformation – all players have a strong interest in keeping their secrets and gaining access to those of other players. As such, operations are usually only revealed after the fact and often not at all. This leads to relatively little generally available information on the subject. This is often to the detriment of the security of systems used by civilians.
If a hacker group has a reliable exploit that can be used for strategic operations, they’re not likely to disclose it to the organization responsible for resolving the issue. This is even the case if the affected system is primarily civilian and the hacker group is a nation-state with a level of the remit to protect civilians. A nation only discloses vulnerabilities they know once another unfriendly actor has discovered them. Often these issues are only fixed because a cyber security firm detects the intrusion.
Many nation-states have some cyber operations departments, even relatively small ones. Countries generally considered to have top-tier cyber capabilities include the US, UK, Russia, China, Iran, Israel, and North Korea. Each of these groups tends to act in ways that help to bolster their economic, political, or even military positions. North Korea tends to specialize in attacks that can generate income, such as ransomware, to bypass international sanctions.
Israel and Iran often primarily focus on attacks against each other or against the various groups they object to. China has historically focussed on corporate espionage, though in the past decade, it has switched to a more traditional espionage role and started taking advantage of its powerful manufacturing sector to perform supply chain attacks. Russia often wields disinformation or propaganda-oriented attacks, though it, too, performs a lot of espionage. The US and the UK have strong and broad capabilities, including highly targeted attacks and extensive information-gathering techniques.
Non-nation-state threat actors may or may not be aligned with a nation-state. They are generally referred to as state-sponsored if they are aligned with a state. State-sponsored threat actors may but don’t necessarily receive state funding. They may be actively directed by some form of a handler or may be given carte blanche. Russia, for example, often ignores Russian threat actors as long as they don’t affect Russian citizens or interests. However, this policy has been shown to have limits.
Completely independent threat actors are typically significantly less advanced. They are also much more likely to be either criminal or ideologically driven. This can make their actions less predictable from a geopolitical standpoint.
The specific techniques behind each attack vary. Most sabotage-oriented attacks specifically look for software or hardware vulnerabilities in critical systems. This attack may even aim to introduce system vulnerabilities for later exploitation. Espionage actions typically revolve around compromising devices or communication systems. Typically, this involves targeting high-value targets or seeking a way to access high-value systems. Economic cyber acts aim to benefit the attacker monetarily and are primarily criminal in origin. Anything goes; anything that can be used or sold is considered fair game by threat actors in this plane. Propaganda acts tend to be either overt counter-propaganda or more subtle disinformation campaigns.
Most cyber warfare actions tend to be subtle, up until a point. In the digital realm, there is very little value in bringing in the cyber equivalent of “door kickers.” As systems can be disconnected from the Internet or even power if needed. Outside of DDoS attacks, there aren’t very many classes of “loud” cyber attacks. Most attacks involve exploiting a weakness you’ve already found that the adversary doesn’t know about.
A small but growing number of attacks also involves actively introducing vulnerabilities in what’s known as a supply chain attack. This means that most cyber war options are rare, valuable and easily lost if wasted. A real-world comparison would be like a gun that can only ever fire one bullet and is typically useless after that.
Many attacks still, unfortunately, take the form of publicly known vulnerabilities. While military systems tend to be more strictly hardened, critical national infrastructure is often not as secure as you might hope or think.
A cyber war is the concept of war or war-like actions taken in cyberspace. Cyber actions certainly have their place within traditional warfare. You’ll unlikely see any instances of a “war” purely fought in cyberspace outside esports. Many of the cyber weapons are heavily tailored to target specific adversaries. Even those that are not are likely to become quickly ineffective once used and may become useless at any point. This is because, unlike traditional weapons, which work, albeit with some counterplay in the form of armor systems, cyber weapons aren’t generic. You can’t just build a “cyber gun” and then point it at a system, and it’s hacked; it just doesn’t work that way.
Cyber weapons need to exploit specific vulnerabilities. Either subtly inject those vulnerabilities yourself into a supply chain attack or use ones you find opportunistically. This means that cyber war is a constant cyber arms race. The concept is even more difficult because threat actors must not necessarily be nation-states. Even worse, it’s often quite challenging to determine precisely who is responsible. For example, if an attack comes from a Russian IP address, was it directed by the Russian government, a random Russian hacker, or a hacker from somewhere else that proxied the attack through a hacked Russian device?