Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state. In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or nation-states, especially for strategic or military purposes and cyberespionage.
Although cyberwarfare generally refers to cyberattacks perpetrated by one nation-state on another, it can also describe attacks by terrorist groups or hacker groups aimed at furthering the goals of particular nations. It can be difficult to definitively attribute cyberattacks to a nation-state when those attacks are carried out by advanced persistent threat (APT) actors, but such attacks can often be linked to specific nations. While there are a number of examples of suspect cyberwarfare attacks in recent history, there has been no formal, agreed-upon definition for a cyber "act of war," which experts generally agree would be a cyberattack that directly leads to loss of life.
Cyberwarfare can take many forms, including:
- viruses, computer worms and malwarethat can take down water supplies, transportation systems, power grids, critical infrastructure and military systems;
- denial-of-service (DoS) attacks, cybersecurity events that occur when attackers take action that prevents legitimate users from accessing targeted computer systems, devices or other network resources;
- hacking and theft of critical data from institutions, governments and businesses; and
- ransomwarethat holds computer systems hostage until the victims pay ransom.
Objectives of cyberwarfare
According to Cybersecurity and Infrastructure Security Agency (CISA), the goal of those engaged in cyberwarfare is to “weaken, disrupt or destroy the US.” To achieve their goals, “national cyber warfare programs are unique in posing a threat along the entire spectrum of objectives that might harm US interests,” says CISA. These threats range from propaganda to espionage and serious disruption with loss of life and extensive infrastructure disruption. A few examples of threats include:
- Espionage for technology advancement. For example, the National Counterintelligence and Security Center (NCSC) in its 2018 Foreign Economic Espionage in Cyberspace report notes that China’s cybersecurity law mandates that foreign companies submit their technology to the Chinese government for review and that Russia has increased its demand of source code reviews to approve of foreign technology sold in their country. In 2018, the US Department of Justice charged two Chinese hackers associated with the Ministry of State Security with targeting intellectual property and confidential business information.
- Disruption of infrastructure to attack the US economy or, when attacked by the US, to damage the ability of the US to continue its attacks. For example, by controlling a router between supervisory control and data acquisition (SCADA) sensors and controllers in a critical infrastructure, such as the energy sector, an enemy can attempt to destroy or badly damage energy plants or the grid itself.
Cyber attacks are also used to sow discord to destabilize government. For example, according to Report On The Investigation Into Russian Interference In The 2016 Presidential Election, by Special Counsel Robert S. Mueller, III, Russia’s Internet Research Agency “used social media accounts and interest groups to sow discord in the U.S. political system through what it termed ‘information warfare.’ The campaign evolved from a generalized program designed in 2014 and 2015 to undermine the U.S. electoral system, to a targeted operation that by early 2016 favored candidate Trump and disparaged candidate Clinton.”
Types of cyberwarfare attacks
Increasingly, cybercriminals are attacking governments through their critical infrastructure, including transportation systems, banking systems, power grids, water supplies, dams, hospitals and critical manufacturing.
The threat of cyberwarfare attacks grows as a nation's critical systems are increasingly connected to the internet. Even if these systems can be properly secured, they can still be hacked by perpetrators recruited by nation-states to find weaknesses and exploit them.
APT attacks on infrastructure can devastate a country. For example, attacks on a nation's utility systems can wreak havoc by causing widespread power outages, but an attacker with access to hydropower grids could also conceivably cause flooding by opening dams.
Cyberattacks on a government's computer systems can be used to support conventional warfare efforts. Such attacks can prevent government officials from communicating with one another; enable attackers to steal secret communications; or release employee and citizen personal data, such as Social Security numbers and tax information, to the public.
Nation-state-sponsored or military-sponsored attackers might also hack the military databases of their enemies to get information on troop locations, as well as what kind of weapons and equipment they're using.
DoS attacks, which continue to increase around the world, are expected to be leveraged for waging cyberwarfare. Attackers are using distributed denial of service (DDoS) attack methods to hit government entities with massive sustained bandwidth attacks, and at the same time infecting them with spyware and malware to steal or destroy data. These attacks may inject misinformation into the networks of their targets to create chaos, outages or scandals.
Additional examples of cyberwarfare
Perhaps the earliest instance of a nation waging cyberwar was the Stuxnet worm, which was used to attack Iran's nuclear program in 2010. The malware targeted SCADA (supervisory control and data acquisition) systems, and was spread with infected USB devices; while the United States and Israel have both been linked to the development of Stuxnet, neither nation has formally acknowledged its role.
Nation-state actors are believed to be behind many other cyberwarfare incidents. For example, in March 2014, the Russian government allegedly perpetrated a distributed denial-of-service attack that disrupted the internet in Ukraine, enabling pro-Russian rebels to take control of Crimea.
Then in May 2014, three days before Ukraine's presidential election, a hacking group based in Russia took down Ukraine's election commission's system, including the country's backup system. However, Ukrainian computer experts were able to get the system up and running before the election. The cyberattack was launched to wreak havoc and damage the nationalist candidate while helping the pro-Russian candidate, who ultimately lost the election.
Hackers associated with the government of North Korea were blamed for the 2014 cyberattack on Sony Pictures after Sony released the film The Interview, which portrayed the North Korean leader Kim Jong-un in a negative light.
During its investigation into the hack, the FBI noted that the code, encryption algorithms, data deletion methods and compromised networks were similar to malware previously used by North Korean hackers. In addition, the hackers used several IP addresses associated with North Korea.
A 2015 attack on the German parliament, suspected to have been carried out by Russian secret services, caused massive disruption when the attack infected 20,000 computers used by German politicians, support staff members and civil servants. Sensitive data was stolen, and the attackers demanded several million euros to clean up the damage.
Although a group of Russian nationalists who wanted the government of Berlin to stop supporting Ukraine claimed responsibility, members of the Russian intelligence were also reported to be involved.
Since then, a Malware Analysis Report (MAR) issued by the Department of Homeland Security (DHS) and the FBI identified two malware codes, HOPLIGHT and ELECTRICFISH, released by North Korea.
Also in 2015, cybercriminals backed by the Chinese state were accused of breaching the website of the U.S. Office of Personnel Management to steal data on approximately 22 million current and former employees of the U.S. government. Chinese cybercriminals have been implicated in the theft of U.S. military aircraft designs, an incident that caused then-president Barack Obama to call for a treaty on cyberarms control.
On a cold winter's day in December 2016, more than 230,000 customers in Ukraine experienced a blackout, the result of remote intrusions at three regional electric power distribution companies. The attack was suspected to originate from Russia. The perpetrators flooded phone lines with a DoS attack and also used malware to attack and destroy data on hard drives at the affected companies. While the power was restored within hours, it took months for the companies to restore full functionality to the control centers that had been attacked.
In 2016, 2017 and again in 2018, variations of malware known as Shamoon struck businesses in the Middle East and Europe. McAfee’s Advanced Threat Research concluded that the Iranian hacker group APT33, or a group masquerading as APT33, is likely responsible for these attacks.
On August 2, 2017, President Trump signed into law the Countering America’s Adversaries Through Sanctions Act (Public Law 115-44) (CAATSA), imposing new sanctions on Iran, Russia, and North Korea.