Professional Documents
Culture Documents
Cyberwar: The What, When, Why, and How
Cyberwar: The What, When, Why, and How
Cyberwar: The What, When, Why, and How
C
yberwar is insidious, invisible to most, two threshold requirements have been identified when
and is fought out of sight. It takes place nation-states assess the consequences and their poten-
in cyberspace, a location that cannot be tial response. First, what is the threshold for consider-
seen, touched, nor felt. Cyberspace has ing a cyber-event an act of war or comparable to the
been defined as the fifth domain of war [1]. We can use of force? Second (which will not be addressed in
see the physical instruments, such as computers, rout- this article), what is the threshold between tactical and
ers, cables, however these instruments interact in a vir- strategic applications of cyberattacks [2]?
tual and unseen realm. This facilitates a reach that can This evolution of war is particularly important when
extend from one part of the world to attacks on public or addressing cyberwar, which can include both kinetic and
private sector entities in another part of the world, while non-kinetic activities. Kinetic activities are associated
perpetrator remains unknown in a legally with motion. In the military arena, this
provable sense. The defining questions for typically includes armed attacks, bombs
life in the 21st century may be: what is Cyberwar is dropping, etc. Non-kinetic cyberwar
cyberwar? Will we know it when we see actions are typically directed towards tar-
it? If so, what do we do in response?
insidious and geting any aspect of an opponent’s cyber
The lack of precision in the terminol- is fought out systems such as communications, logis-
ogy helps to cloud the issue. Terms such of sight, invisible tics, or intelligence. When used in con-
as cybercrime, cyberespionage and cyber- to most. junction with a kinetic battle, non-kinetic
attack are often used interchangeably. We cyber activities can include disruption of
speak of hackers, cybercriminals, and an opponent’s logistical supply chain or
cyberterrorists as if they were identical. In many cases, diversion of essential military supplies. Other types of
they may be, or at least they may be closely related. non-kinetic cyber activity can include the destabilization
The term cyberwar has been used in a variety of differ- of a government’s financial system, interference with a
ent contexts. Since war itself is generally considered as government’s computer systems, or infiltrating a com-
a military enterprise, cyberwar has often been linked puter system for the purposes of espionage. The ongoing
to a conceptual framework associated with traditional debate discusses the extent to which these non-kinetic
notions of warfare. These notions generally involve activities should be considered as cyberwarfare when
force, physical harm, and violence. In this work, we they are not associated with an actual physical battle.
examine the challenges this definition presents in a 21st
century cyber-connected and cyber-dependent world, How Can Cyberwar Be Defined?
and we propose an expanded conceptual framework for Efforts have been made to address the definition of
cyberwar. cyberwar. The recently completed Tallinn Manual on
Underlying factors, such as the level of activity or International Law Applicable in Cyberwarfare [3] was
behavior involved in cyberwar, and how many or what developed at the request of the North Atlantic Treaty
type of cyberattacks it takes for it to be defined as a Organization (NATO) and the Cooperative Cyber
cyberwar, become important. In recognizing the role Defense Center of Excellence (CCD-COE). The dif-
that cyberattacks will play in future military conflicts, ficulty is that nation-states and non-state actors do not
always follow laws when it comes to war. More impor-
Digital Object Identifier 10.1109/MTS.2014.2345196
tantly, increases in asymmetrical warfare, and the expo-
Date of publication: 17 September 2014 nentially evolving nature of the Internet, tend to make
As Part of
Non-Kinetic Battle As Part of Traditional
Cyberattack
Kinetic Battle
Attacks On
Electrical Grids
Targeting
Opponent’s “War Fighting”
Systems
Attacks On
Financial Institutions
Targeting
Military
Government Websites
Logistical Systems
Attacks On
Other Critical Infrastructure/ Military
Including Private Sector Intelligence Systems
Businesses
attacks in cyberspace more prevalent. In this type of [2]. This approach to cyberwar has been adapted by
environment, the impact of a Law of Cyberwarfare, as those who view cyberattacks in military campaigns
a regulatory mechanism, may therefore be limited. The as a motive to target an opponent’s communications,
Tallinn Manual defines cyberwar as a cyberattack, in intelligence, as well as other Internet or network-
either an offensive or defensive cyber operation, that based logistic operations [4]. The linkage of cyberwar
is reasonably expected to cause death to persons, dam- with the use of force and armed conflict may be the
age, or cause destruction to objects. Excluded from current prevailing position in some international sec-
this definition, are psychological cyber-operations tors. However, it fails to take into account the extent
or cyberespionage [3]. A major drawback with this of non-physical damage that can be inflicted through
definition is its use of the term cyberattack, which is cyberspace in a world that is becoming increasingly
often synonymous with cyberwar and with the accom- networked, up to and including nuclear facilities.
panying narrow definition of cyberwar. For example, The Geneva Center for the Democratic Control
it excludes cyber-operations designed to destabilize a of Armed Forces (DCAF) adopted a more inclusive
nation-state’s financial system, since the attack did not definition of cyberattacks in its DCAF Horizons
directly result in death or physical destruction. 2015 Working Paper. This definition distinguishes
Traditionally, violence has been viewed as a nec- between state-sponsored and non-state-sponsored
essary correlate of a cyberattack, placing cyberwar cyberattacks, and also includes cybervandalism,
within the context of an armed conflict. The focus cybercrime, and cyberespionage within its defini-
was the equivalence of the effects of a cyberattack to tion of cyberattacks [1]. The DCAF defines cyber-
the effects of an armed attack using physical means war as warlike conduct conducted in virtual space
(Continued)
greater resources in terms of weapons, money, and been previously overlooked as merely cybercrimi-
troops. Imagine a drone, not only intercepted, but nals. As noted by many, including Richard Clarke,
also then re-routed back towards its originator. Fewer former National Coordinator for Security, Infrastruc-
resources are required, but yet, on the other hand, ture Protection, and Counterterrorism for the United
increased specialized training is required. Cyberat- States, cybercriminals can become rental cyberwar-
tack for hire is a lucrative business for those who have riors [8]. This easy transition from cybercriminality
Table III
Recent Cyberattacks on Critical Infrastructure
in Iran’s nuclear centrifuge facility that was suc- the agencies or contractors of its own, or another
cessfully targeted by Stuxnet. The danger for highly government
industrialized countries is that their computerized crit- ■■ Government against another Government’s criti-
ical infrastructure makes them vulnerable to similar cal infrastructure (non-kinetic battle)
attacks. The United States has one of the most devel- ■■ Criminally inspired hackers versus individual
IEEE-SSIT E-Newsletter
The IEEE-SSIT e-newsletter is delivered to all SSIT
members three times per year via email, and is a key
member benefit. Please send newsletter submissions
and contributions to:
deepakmathur@ieee.org.