Cyberwar: A Guide

At its core, cyber warfare is the use of digital attacks by one country or nation to disrupt the computer systems of another with the aim of create significant damage, death or destruction.

What does cyber warfare look like?

Cyberwar is still an emerging concept, but many experts are concerned that it is likely to be a significant component of any future conflicts. As well as troops using conventional weapons like guns and missiles, future wars will also be fought by hackers using computer code to attack an enemy's infrastructure.

Governments and intelligence agencies worry that digital attacks against vital infrastructure, like  banking systems or power grids, will give attackers a way of bypassing a country's traditional defences.

And unlike standard military attacks, a cyber-attack can be launched instantaneously from any distance, with little obvious evidence in the build-up, and it is often extremely hard to trace such an attack back to its originators.

Modern economies, underpinned by computer networks that run everything from sanitation to food distribution and communications, are particularly vulnerable to such attacks, especially as these systems are in the main poorly designed and protected.

The head of the US National Security Agency (NSA) Admiral Michael Rogers said his  worst case cyber-attack scenario would involve "outright destructive attacks", focused on some aspects of critical US infrastructure and coupled with data manipulation "on a massive scale".

Shutting down the power supply or scrambling bank records could easily do major damage to any economy. And some experts warn it's a case of when, not if.

What is the Definition of Cyber-Warfare?

Whether an attack should be considered to be an act of cyberwarfare depends on a number of factors. These can include the identity of the attacker, what they are doing, how they do it, and how much damage they inflict.

Like other forms of war, cyber-warfare is usually defined as a conflict between states, not individuals. Many countries are now building up military cyber-warfare capabilities, both to defend against other nations and also to attack if necessary.

Attacks by individual hackers, or even groups of hackers, would not usually be considered to be cyber-warfare, unless they were being aided and directed by a state.

For example, cyber-crooks who crash a bank's computer systems while trying to steal money would not be considered to be perpetrating an act of cyber-warfare, even if they came from a rival nation. But state-backed hackers doing the same thing to destabilise a rival state's economy might well be considered so.

The nature and scale of the targets attacked is another indicator: defacing a company website is unlikely to be considered an act of cyberwarfare, whereas disabling the missile defence system at an airbase would certainly come close.

And the weapons used are important too: cyber-war refers to digital attacks on computer systems: firing a missile at a data center would not be considered cyber-warfare. Similarly using hackers to spy or even to steal data, cyber-espionage, would not in itself be considered an act of cyber-warfare but might be one of the tools used.

Cyber-warfare and the use of force

How these factors combine matters because they can help determine what kind of response a country can make to a cyberattack.

There is one key definition of cyber-warfare, which is a digital attack that is so serious it can be seen as the equivalent of a physical attack.

To reach this threshold, an attack on computer systems would have to lead to significant destruction or disruption, even loss of life.

This is a significant threshold because under international law states are permitted to use force to defend themselves against an armed attack.

It follows then that, if a country were hit by a cyber-attack of significant scale, they would be within their rights to strike back using their standard military arsenal: to respond to hacking with missile strikes.

So far this has never happened, indeed it's not entirely clear if any attack has ever reached that threshold. That doesn't mean that attacks which fail to reach that level are irrelevant or should be ignored: it just means that the country under attack can't justify resorting to military force to defend itself.

There are plenty of other ways of responding to a cyber-attack, from sanctions and expelling diplomats, to responding in kind, although calibrating the right response to an attack is often hard.

What is the Tallinn Manual?

One reason that definitions of cyber-warfare have been blurred is that there is no international law that covers cyber-war, which is what really matters here, because it is such a new concept.

That doesn't mean that cyber-warfare isn't covered by the law, it's just that the relevant law is piecemeal, scattered, and often open to interpretation.

This lack of legal framework has resulted in a grey area: in the past some states have used the opportunity to test out cyber-war techniques in the knowledge that other states would be uncertain about how they could react under international law.

More recently that grey area has begun to shrink. A group of law scholars has spent years working to explain how international law can be applied to digital warfare. This work has formed the basis of the Tallinn Manual, a textbook prepared by the group and backed by the NATO-affiliated Cooperative Cyber Defence Centre of Excellence (CCDCoE) based in the Estonian capital of Tallinn, from which the manual takes its name.

The first version of the manual looked at the rare but most serious cyberattacks, which rose to the level of the use of force; the second edition released earlier this year looked at the legal framework around cyber-attacks, which  do not reach the threshold of the use of force, but which take place on a daily basis.

Aimed at legal advisers to governments, military, and intelligence agencies, the Tallinn Manual sets out when an attack is a  violation of international law in cyber-space, and when and how states can respond to such assaults.

The manual consists of a set of guidelines, 154 rules, which set out how the lawyers think international law can be applied to cyberwarfare, covering everything from the use of cyber-mercenaries to the targeting of medical units' computer systems.

The idea is that by making the law around cyber-warfare clearer, there is less risk of an attack escalating, because escalation often occurs when the rules are not clear and leaders overreact.

ZD Net:

You Might Also Read:

The Stage Is Set For Cyber War:

US Steps Up Its Cyberwar Capability:

Russian General Brags About Cyberwar Successes:

« Millions of Instagram Users Hacked
S. Africa’s Model For Cybesecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Crypsis

Crypsis

Crypsis was built based on a shared vision of creating a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

TrustGrid

TrustGrid

Trustgrid is a pioneer and leader in secure, cloud-native software-defined connectivity.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

InterSec Inc.

InterSec Inc.

InterSec Inc. is a cybersecurity company that offers a variety of services to small and medium-sized businesses including CMMC Compliance, Program Management, Governance, & Cybersecurity.

Security Awareness Special Interest Group (SASIG)

Security Awareness Special Interest Group (SASIG)

The Security Awareness Special Interest Group (SASIG) addresses the human aspects of security and fraud prevention in an initiative to improve trust and confidence in the online environment.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.

Cyber Guru

Cyber Guru

Cyber Guru is an effective cybersecurity awareness training platform, enabling organisations to increase their resistance to cyber-attacks by changing employee behaviour.

NetBird

NetBird

NetBird combines a WireGuard-based overlay network with Zero Trust Network Access, providing a unified platform for reliable and secure connectivity.