The generally accepted definition of cyberwarfare is the use of cyber attacks against a nation-state, causing it significant harm, up to and including physical warfare, disruption of vital computer systems and loss of life.
However, there has been some debate among experts regarding what acts specifically qualify as cyberwarfare. While the United States Department of Defense (DOD) states that the use of computers and the internet to conduct warfare in cyberspace is a threat to national security, why certain activities qualify as warfare, while others are simply cybercrime, is unclear.
Although cyberwarfare generally refers to cyber attacks perpetrated by one nation-state on another, it can also describe attacks by terrorist groups or hacker groups aimed at furthering the goals of particular nations. While there are a number of examples of suspected cyberwarfare attacks in recent history, there has been no formal, agreed-upon definition for a cyber act of war, which experts generally agree would be a cyber attack that directly leads to loss of life.
What kinds of cyber weapons are used in warfare?
Examples of acts that might qualify as cyberwarfare include the following:
- viruses, phishing, computer worms and malware that can take down critical infrastructure;
- distributed denial-of-service (DDoS) attacks that prevent legitimate users from accessing targeted computer networks or devices;
- hacking and theft of critical data from institutions, governments and businesses;
- spyware or cyber espionage that results in the theft of information that compromises national security and stability;
- ransomware that holds control systems or data hostage; and
- propaganda or disinformation campaigns used to cause serious disruption or chaos.
What are the goals of cyberwarfare?
According to the Cybersecurity and Infrastructure Security Agency, the goal of cyberwarfare is to "weaken, disrupt or destroy" another nation. To achieve their goals, cyberwarfare programs target a wide spectrum of objectives that might harm national interests. These threats range from propaganda to espionage and serious disruption with extensive infrastructure disruption and loss of life to the citizens of the nation under attack.
Cyberwarfare is similar to cyber espionage, and the two terms are sometimes confused. The biggest difference is that the primary goal of a cyberwarfare attack is to disrupt the activities of a nation-state, while the primary goal of a cyber espionage attack is for the attacker to remain hidden for as long as possible in order to gather intelligence. The two activities are often used together. For example, cyber espionage can be used to build intelligence that helps a nation-state prepare for declaring a physical or cyber war.
What are the types of cyberwarfare attacks?
The threat of cyberwarfare attacks grows as a nation's critical systems are increasingly connected to the internet. Even if these systems can be properly secured, they can still be hacked by perpetrators recruited by nation-states to find weaknesses and exploit them. Major types of cyberwarfare attacks include the following.
In recent years, cybercriminals have been attacking governments through critical infrastructure, including such entities as transportation systems, banking systems, power grids, water supplies, dams and hospitals. The adoption of the internet of things makes the manufacturing industry increasingly susceptible to outside threats.
From a national security perspective, destabilizing critical digital infrastructure inflicts damage on vital modern services or processes. For example, an attack on the energy grid could have massive consequences for the industrial, commercial and private sectors.
Cyber attacks that sabotage government computer systems can be used to support conventional warfare efforts. Such attacks can block official government communications, contaminate digital systems, enable the theft of vital intelligence and threaten national security.
State-sponsored or military-sponsored attacks, for example, may target military databases to get information on troop locations, weapons and equipment being used.
Cybercriminals hack computer systems to steal data that can be used for intelligence, held for ransom, sold, used to incite scandals and chaos, or even destroyed.
The Center for Strategic and International Studies (CSIS) maintains a timeline record of cyber attacks on government agencies and defense and high-tech companies, as well as economic crimes with losses of more than $1 million. In CSIS timelines dating back to 2006, many of the recorded cyber incidents involve hacking and data theft from nation-states.
Historical examples of cyberwarfare attacks
Bronze Soldier -- 2007
In 2007, the Estonian government moved a Bronze Soldier, a painful symbol of Soviet oppression, from the center of Tallinn, the capital of Estonia, to a military cemetery on the outskirts of the city.
In the following months, Estonia was hit by several major cyber attacks. This resulted in many Estonian banks, media outlets and government sites being taken offline due to unprecedented levels of traffic.
The Stuxnet worm -- 2010
The Stuxnet worm was used to attack Iran's nuclear program in what is considered one of the most sophisticated malware attacks in history. The malware targeted Iranian supervisory control and data acquisition systems and was spread with infected Universal Serial Bus devices.
Edward Snowden -- 2013
Edward Snowden, a former Central Intelligence Agency consultant, leaked details of the U.S. National Security Agency's cyber surveillance system. He attributed this act to ethical concerns about the programs he was involved with, which he says were ignored. The incident raised corporate and public awareness about how the advance of technology infringes on personal privacy and coined the term the Snowden effect.
DDoS attack in Ukraine -- 2014
The Russian government allegedly perpetrated a DDoS attack that disrupted the internet in Ukraine, enabling pro-Russian rebels to take control of Crimea.
Sony Pictures -- 2014
Hackers associated with the government of North Korea were blamed for a cyber attack on Sony Pictures after Sony released the film The Interview, which portrayed the North Korean leader Kim Jong Un in a negative light.
The Federal Bureau of Investigation found that the malware used in the attack included lines of code, encryption algorithms, data deletion methods and compromised networks that were similar to malware previously used by North Korean hackers.
The U.S. Office of Personnel Management -- 2015
Cybercriminals backed by the Chinese state were accused of breaching the website of the U.S. Office of Personnel Management and stealing the data of approximately 22 million current and former government employees.
The U.S. presidential election -- 2016
The "Report on the Investigation into Russian Interference in the 2016 Presidential Election," by Special Counsel Robert Mueller, determined that Russia engaged in informational warfare to interfere with the U.S. presidential election.
The Mueller report found that Russia used social media accounts and interest groups to disrupt the political climate in the U.S. using what it called "information warfare." The operation began with discrediting the electoral system in 2014 to more explicit activities designed to benefit candidate Donald Trump in the 2016 election, according to the report.
China's Ministry of State Security -- 2018
In 2018, the U.S. Department of Justice charged two Chinese hackers associated with the Chinese government's Ministry of State Security with targeting intellectual property and confidential business information.
Since 2010, the Cooperative Cyber Defence Centre of Excellence, part of the North Atlantic Treaty Organization, has conducted annual war games to increase preparedness and evaluate countermeasures to defend nations against cyber attacks.
On Aug. 2, 2017, President Trump signed into law the Countering America's Adversaries Through Sanctions Act (Public Law 115-44). This law imposed new sanctions on Iran, Russia and North Korea to help prevent acts of cyberwarfare and strengthen the U.S. information security program.
The National Defense Authorization Act for 2021 includes 77 cybersecurity provisions, among other appropriations and policies for DOD programs and activities. It is considered a significant piece of cybersecurity legislation.