Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state. In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or nation-states, especially for strategic or military purposes and cyberespionage.
Although cyberwarfare generally refers to cyberattacks perpetrated by one nation-state on another, it can also describe attacks by terrorist groups or hacker groups aimed at furthering the goals of particular nations. It can be difficult to definitively attribute cyberattacks to a nation-state when those attacks are carried out by advanced persistent threat (APT) actors, but such attacks can often be linked to specific nations. While there are a number of examples of suspect cyberwarfare attacks in recent history, there has been no formal, agreed-upon definition for a cyber "act of war," which experts generally agree would be a cyberattack that directly leads to loss of life.
Cyberwarfare can take many forms, including:
- viruses, computer worms and malware that can take down water supplies, transportation systems, power grids, critical infrastructure and military systems;
- denial-of-service (DoS) attacks, cybersecurity events that occur when attackers take action that prevents legitimate users from accessing targeted computer systems, devices or other network resources;
- hacking and theft of critical data from institutions, governments and businesses; and
- ransomware that holds computer systems hostage until the victims pay ransom.
Types of cyberwarfare attacks
Increasingly, cybercriminals are attacking governments through their critical infrastructure, including transportation systems, banking systems, power grids, water supplies, dams, hospitals and critical manufacturing.
The threat of cyberwarfare attacks grows as a nation's critical systems are increasingly connected to the internet. Even if these systems can be properly secured, they can still be hacked by perpetrators recruited by nation-states to find weaknesses and exploit them.
APT attacks on infrastructure can devastate a country. For example, attacks on a nation's utility systems can wreak havoc by causing widespread power outages, but an attacker with access to hydropower grids could also conceivably cause flooding by opening dams.
Cyberattacks on a government's computer systems can be used to support conventional warfare efforts. Such attacks can prevent government officials from communicating with one another; enable attackers to steal secret communications; or release employee and citizen personal data, such as Social Security numbers and tax information, to the public.
Nation-state-sponsored or military-sponsored attackers might also hack the military databases of their enemies to get information on troop locations, as well as what kind of weapons and equipment they're using.
DoS attacks, which continue to increase around the world, are expected to be leveraged for waging cyberwarfare. Attackers are using distributed DoS attack methods to hit government entities with massive sustained bandwidth attacks, and at the same time infecting them with spyware and malware to steal or destroy data. These attacks may inject misinformation into the networks of their targets to create chaos, outages or scandals.
Examples of cyberwarfare
Perhaps the earliest instance of a nation waging cyberwar was the Stuxnet worm, which was used to attack Iran's nuclear program in 2010. The malware targeted SCADA (supervisory control and data acquisition) systems, and was spread with infected USB devices; while the United States and Israel have both been linked to the development of Stuxnet, neither nation has formally acknowledged its role.
Nation-state actors are believed to be behind many other cyberwarfare incidents. For example, in March 2014, the Russian government allegedly perpetrated a distributed denial-of-service attack that disrupted the internet in Ukraine, enabling pro-Russian rebels to take control of Crimea.
Then in May 2014, three days before Ukraine's presidential election, a hacking group based in Russia took down Ukraine's election commission's system, including the country's backup system. However, Ukrainian computer experts were able to get the system up and running before the election. The cyberattack was launched to wreak havoc and damage the nationalist candidate while helping the pro-Russian candidate, who ultimately lost the election.
Hackers associated with the government of North Korea were blamed for the 2014 cyberattack on Sony Pictures after Sony released the film The Interview, which portrayed the North Korean leader Kim Jong-un in a negative light.
During its investigation into the hack, the FBI noted that the code, encryption algorithms, data deletion methods and compromised networks were similar to malware previously used by North Korean hackers. In addition, the hackers used several IP addresses associated with North Korea.
A 2015 attack on the German parliament, suspected to have been carried out by Russian secret services, caused massive disruption when the attack infected 20,000 computers used by German politicians, support staff members and civil servants. Sensitive data was stolen, and the attackers demanded several million euros to clean up the damage.
Although a group of Russian nationalists who wanted the government of Berlin to stop supporting Ukraine claimed responsibility, members of the Russian intelligence were also reported to be involved.
Also in 2015, cybercriminals backed by the Chinese state were accused of breaching the website of the U.S. Office of Personnel Management to steal data on approximatey 22 million current and former employees of the U.S. government. Chinese cybercriminals have been implicated in the theft of U.S. military aircraft designs, an incident that caused then-president Barack Obama to call for a treaty on cyberarms control.
On a cold winter's day in December 2016, more than 230,000 customers in Ukraine experienced a blackout, the result of remote intrusions at three regional electric power distribution companies. The attack was suspected to originate from Russia. The perpetrators flooded phone lines with a DoS attack and also used malware to attack and destroy data on hard drives at the affected companies. While the power was restored within hours, it took months for the companies to restore full functionality to the control centers that had been attacked.