Warfare is no longer about soldiers and spies in faraway lands. Global conflict and proxy wars have received a digital upgrade. Our daily reliance on technology places everyone unwittingly on the front lines, while our personal data and our trust in digital systems are under constant threat.
Events like the attacks on Ukraine’s power grid and the global havoc wreaked by the NotPetya malware — which in 2017 weakened companies across the globe, from SMEs to giant corporations — are prime examples of this new era where cyber offensives are designed to disrupt everyday life and further political agendas.
Last year at NATO’s Cyber Defense Pledge Conference, NATO Secretary General Jens Stoltenberg boldly claimed that “cyber is now a domain of operations equal to those of land, sea, air and space.”
As the global conflict landscape sadly expands, cyber-attacks have emerged not just as a supplement to physical conflict but as a critical battleground in its own right, often preceding or running parallel to conventional warfare.
Digital Battlefields: The Rise of Cyber Warfare
Cyber warfare enables the usual suspects, predictably consisting of state actors, rogue nations, and shadowy groups, to wage wars of a different kind through hacking, malware, and denial-of-service attacks. These attacks threaten the foundations of society, targeting essential services and critical infrastructure like energy grids, transportation systems, and healthcare facilities.
Keyboard warriors can inflict chaos, economic turmoil, and even loss of life without having to set foot on the battlefield.
Government war rooms are heading the same way. In a tale that seems straight out of Dr. Strangelove, the world witnessed the birth of its first cyber weapon, Stuxnet.
This digital creation was the brainchild of American and Israeli intelligence, emerging onto the scene in 2010, though its roots likely go back to 2005. Its mission? To secretly throw a wrench in Iran’s plans to build nuclear weapons.
Imagine the tension of a movie scene: high-level officials in the White House, under Presidents Bush and Obama, grappling with a tough decision. They faced a dire choice: risk a possible war if Israel attacked Iran’s nuclear facilities or try something never done before — use a cyber weapon to quietly disrupt those plans.
This moment set the scene for invisible lines of code to have as much power as traditional military might. It was a decision that would change the way we think about conflict, showing that sometimes the most impactful weapons aren’t ones we can see or touch.
Examples that highlight this new reality can be found in North Korea’s financially motivated attacks and cryptocurrency thefts to support military and nuclear ambitions.
Further incidents like the 2013 South Korea Logic Bomb attack and the 2014 breach of Sony Pictures serve as stark reminders of this evolving threat landscape. But more recently, it’s the war in Ukraine that is showcasing how technology is changing the battlefield.
The Escalation of Cyber Warfare from Ukraine to the World
The New Yorker described the Ukraine conflict as the world’s “first TikTok war,” while the Economist called it the “most viral” social media war. With this rapid expansion, there also looms a significant concern about the security of emerging technologies from automation, the Internet of Things (IoT), and artificial intelligence (AI).
Cyber warfare is no longer a distant concept relegated to science fiction; it’s a palpable reality, reshaping the contours of global conflict and how we navigate our digitized world.
The Ukraine conflict has undoubtedly transformed the cyber threat landscape. For a good read, Google’s study, called “Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape” (PDF), is worth exploring.
The report highlights the unprecedented role of cyber operations and reveals a marked increase in cyber activities by Russian government-backed attackers.
These activities include a strategic shift towards Ukraine, intensification of destructive attacks on Ukrainian infrastructure, increased spear-phishing targeting NATO countries, and sophisticated cyber operations furthering multiple Russian objectives.
In 2022, Russia escalated its targeting of Ukrainian users by 250% compared to 2020. During the same timeframe, the targeting of users in NATO member countries surged by over 300%.
Attack and Counterattack
In a counter-attack maneuver, the Ukraine Cyber Programme was initiated by the UK to serve as a bulwark against the intensifying cyber threats faced by Ukraine following Russia’s invasion. This covertly mobilized program leverages world-leading expertise and technology to fortify Ukraine’s cyber defenses, particularly safeguarding the government and its critical national infrastructure.
Through incident response support, it combats destructive cyber attacks, including those from malware like Industroyer2, effectively barring hostile actors from accessing vital war-related information.
Additionally, the program enhances network protection, curtails unauthorized access, and reinforces infrastructure resilience against future cyber onslaughts. A suite of advanced cybersecurity tools, including firewalls, DDoS protection, and forensic capabilities, form a critical part of this initiative, ensuring the integrity of Ukraine’s digital infrastructure amidst the escalating cyber conflict. However, the global impact of cyber warfare was about to be revealed.
Eight thousand miles away from the battlefield in Ukraine, the Prime Minister of Australia disclosed that the nation was facing cyber attacks targeting various government agencies and businesses. These assaults, attributed to a competent state-backed entity, underscored the global reach of cyber warfare.
Meanwhile, Iran and Israel found themselves locked in a rising tide of digital skirmishes, with cyberattacks aimed at government websites, water supply systems, and shipping ports, marking a new phase in their long-standing conflict.
Worldwide Web of Conflict: Global Cyber Implications of the Israel-Hamas War
Unlike the Russian-Ukrainian conflict, where a shift in focus towards third-party nations took months, in the Israel-Hamas war, cyber groups have swiftly transitioned to new targets following statements of solidarity with Israel. Countries like the United States, France, India, and Italy have seen a notable rise in cyber activities against them.
The attacks included DDoS attacks and website defacements with minimal impact. But they targeted various entities, from national infrastructure to individual political figures’ digital assets, serving as a disruption and signaling the hacktivists’ presence in the global conversation.
The digital landscape now mirrors geopolitical tensions, with hacktivist groups adapting their strategies to reflect global developments. While direct damage from these attacks has been relatively contained, their persistence and evolving nature highlight the need for robust cybersecurity measures.
Nations and organizations are urged to recognize the interplay between physical conflicts and their digital counterparts and to adopt proactive cyber defense strategies.
Crossing the Line: When Do Cyber Attacks Become Acts of War?
However, the application of international law remains a contentious issue, especially regarding classifying cyber attacks as acts of war. The ongoing Ukraine conflict, with substantial cyber operations from Russian state organs and proxies targeting Ukrainian infrastructure, is a prime example.
Despite these aggressive actions, they haven’t been officially deemed acts of war, even by Western adversaries. This ambiguity isn’t exclusive to Russia; other nations like the US and Israel have also undertaken cyber operations during peacetime, often justifying them as necessary and proportionate.
Consequently, countries often interpret offensive cyber actions on a case-by-case basis, leading to various responses. While there’s a general agreement that a cyber attack resulting in significant loss of life could be seen as an armed attack, the threshold for labeling cyber operations as acts of war is still high and often subject to interpretation after the event. This flexible approach, while perhaps beneficial from a policy standpoint, may undermine the normative and deterrent effects of international law in cyberspace.
Worryingly, the Armis State of Cyberwarfare and Trends Report: 2022-2023 reveals concerning insights into global organizational preparedness and perceptions towards cyberwarfare. Alarmingly, one-third of international organizations appear indifferent or unconcerned about cyberwarfare’s impact, potentially leaving critical security gaps.
More than three out of five (64%) IT and security professionals surveyed concur with the statement that the war in Ukraine has intensified the threat of cyber warfare.
Our digital landscape, now a mirror to geopolitical upheavals, demands awareness and active participation from every nation, every organization, and every individual. As cyberattacks transcend government targets to infiltrate every aspect of our society, it becomes evident that this battle is not confined to the echelons of power but is a shared struggle for security and privacy.
Collectively, we must recognize that our actions, alliances, and choices in the digital domain have far-reaching consequences. The call for vigilance for international cooperation in cybersecurity is not just a defensive strategy; it is a proactive step towards safeguarding our collective future.
The shadow of cyberwarfare forever changes international relations and global politics. In this new reality, our commitment to building resilient digital defenses and nurturing a culture of cybersecurity collaboration is not just a prudent choice; it is an indispensable pillar for the preservation and prosperity of our digital destiny. This is the call of our times, and we must answer with unwavering resolve and unity.