Cyberwarfare

Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state. In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or nation-states, especially for strategic or military purposes and cyberespionage.

Although cyberwarfare generally refers to cyberattacks perpetrated by one nation-state on another, it can also describe attacks by terrorist groups or hacker groups aimed at furthering the goals of particular nations. It can be difficult to definitively attribute cyberattacks to a nation-state when those attacks are carried out by advanced persistent threat (APT) actors, but such attacks can often be linked to specific nations. While there are a number of examples of suspect cyberwarfare attacks in recent history, there has been no formal, agreed-upon definition for a cyber "act of war," which experts generally agree would be a cyberattack that directly leads to loss of life.

Cyberwarfare can take many forms, including:

• viruses, computer worms and malware that can take down water supplies, transportation systems, power grids, critical infrastructure and military systems;
• denial-of-service (DoS) attacks, cybersecurity events that occur when attackers take action that prevents legitimate users from accessing targeted computer systems, devices or other network resources;
• hacking and theft of critical data from institutions, governments and businesses; and
• ransomware that holds computer systems hostage until the victims pay ransom.

Objectives of cyberwarfare

According to Cybersecurity and Infrastructure Security Agency (CISA), the goal of those engaged in cyberwarfare is to “weaken, disrupt or destroy countries.” To achieve their goals, “national cyber warfare programs are unique in posing a threat along the entire spectrum of objectives that might harm national interests. These threats range from propaganda to espionage and serious disruption with loss of life and extensive infrastructure disruption.  A few examples of threats include:

• Espionage for technology advancement. For example, the National Counterintelligence and Security Center (NCSC) in its 2018 Foreign Economic Espionage in Cyberspace report notes that China’s cybersecurity law mandates that foreign companies submit their technology to the Chinese government for review and that Russia has increased its demand of source code reviews to approve of foreign technology sold in their country. In 2018, the US Department of Justice charged two Chinese hackers associated with the Ministry of State Security with targeting intellectual property and confidential business information.

Disruption of infrastructure to attack the nation states or, when attacked by a country, to damage the ability of that country to continue its attacks. For example, by controlling a router between supervisory control and data acquisition (SCADA) sensors and controllers in a critical infrastructure, such as the energy sector, an enemy can attempt to destroy or badly damage energy plants or the grid itself.

Cyber attacks are also used to sow discord to destabilize government. For example, according to Report On The Investigation Into Russian Interference In The 2016 Presidential Election, by Special Counsel Robert S. Mueller, III, Russia’s Internet Research Agency “used social media accounts and interest groups to sow discord in the U.S. political system through what it termed ‘information warfare.’ The campaign evolved from a generalized program designed in 2014 and 2015 to undermine the U.S. electoral system, to a targeted operation that by early 2016 favored candidate Trump and disparaged candidate Clinton.”

Types of cyberwarfare attacks

Increasingly, cybercriminals are attacking governments through their critical infrastructure, including transportation systems, banking systems, power grids, water supplies, dams, hospitals and critical manufacturing.

The threat of cyberwarfare attacks grows as a nation's critical systems are increasingly connected to the internet. Even if these systems can be properly secured, they can still be hacked by perpetrators recruited by nation-states to find weaknesses and exploit them.

APT attacks on infrastructure can devastate a country. For example, attacks on a nation's utility systems can wreak havoc by causing widespread power outages, but an attacker with access to hydropower grids could also conceivably cause flooding by opening dams.

Cyberattacks on a government's computer systems can be used to support conventional warfare efforts. Such attacks can prevent government officials from communicating with one another; enable attackers to steal secret communications; or release employee and citizen personal data, such as Social Security numbers and tax information, to the public.

Nation-state-sponsored or military-sponsored attackers might also hack the military databases of their enemies to get information on troop locations, as well as what kind of weapons and equipment they're using.

DoS attacks, which continue to increase around the world, are expected to be leveraged for waging cyberwarfare. Attackers are using distributed denial of service (DDoS) attack methods to hit government entities with massive sustained bandwidth attacks, and at the same time infecting them with spyware and malware to steal or destroy data. These attacks may inject misinformation into the networks of their targets to create chaos, outages or scandals.