When is a Cyber Attack an Act of Cyber War?

What is a cyber warfare attack exactly, and what is it that separates it from a garden variety cyber attack?  When does a cyber attack cross the line into actual warfare?  Is it a cyber attack launched by a nation-state or other political or quasi-political entity against the resources of another nation-state?  What separates cyber war from actual armed conflict?  The answers are surprising.

I recently read a great article by Luther Martin in the ISSA Journal titled Cyberwarfare and International Law.  His article looked at the concept of cyber war in ways I have not seen discussed, and it launched me into a bit more reading and research on the subject.

The first surprising nugget is this sad fact: 153 countries are engaged in convential armed conflict somewhere in the world, according to the Global Peace Index 2016 report by the Institute for Economics & Peace.  Warfare is all too common, and as nations move from conventional armed warfare to cyber warfare, this is likely to increase.

Cyber weapons are attractive because they are relatively cheap to develop compared to conventional weapons systems such as rifles, grenades, rockets, tanks, fighter aircraft, or battleships, submarines, and aircraft carriers.  In the cyber realm, small countries can afford the same cyber arms of a much larger rival, and can easily deploy equivalent teams of cyber combat forces.  As in so many other realms, information technology and the Internet levels the playing field and allows for small and nimble forces to successfully compete with larger countries.

Cyberwar offers greater plausible deniability, since there is little physical evidence, and tracing a cyber operation back to its true source can be difficult to do with a high degree of certainty.

Another advantage is that a successful cyber attack against something like a national banking system or electrical utilities does not generally create the same physical destruction, casualties and deaths that conventional weapons would when deployed against the same targets.

Many counties have developed military cyber war capabilities, and this includes cyber offensive and cyber defensive operations. Cyber war attacks can be used independently, or to support conventional armed military operations.  Cyber war units, such as the US Cyber Command, are also usually tasked with defensive objectives.  This includes preventing cyber attacks against critical infrastructure, reduce national vulnerability to cyber attacks, and limiting damage and reducing recovery time from cyber attacks.

Between 2009 and 2012, NATO cyber war experts wrote the Tallinn Manual on the International Law Applicable to Cyber Warfare to define what kinds of cyber attacks do and do not constitute an act of war.  They qualified certain cyber attacks as “armed attacks” based on the results.  If a cyber attack had the same destructive outcome as a similar conventional military operation, then it would be classifies as an act of war.  Not many cyber attacks would qualify under that definition.

“This report outlined international laws which are considered applicable to the cyber realm. The manual includes a total of ninety-five “black-letter rules” addressing cyber conflicts.  The Tallinn Manual has worked to provide a global norm in cyber space by applying existing international law to cyber warfare. The manual suggests that states do not have sovereignty over the internet, but that they do have sovereignty over components of the internet in their territory.” – Wikipedia

Three are different types of cyberwar threats:

  • Espionage – Espionage is not generally considered an act of war, and is assumed to be ongoing between many countries. Often reconnaissance can be a prelude to war.  Occasionally an particular incident rises to a high enough level to be consider a war-like attack.
  • Sabotage against civilian and military targets
    • including denial of service attacks against business and government websites..
    • attacks against electrical power distribution and other critical infrastructure.
    • Against the Internet itself, and supporting protocols such as DNS.
  • Propaganda campaigns, including propaganda designed to influence national elections in other countries.
  • Military cyber attacks against battlefield command and control assets, air defense and radar systems of an enemy army.
  • Hacktivism – Although not undertaken by a military agency, hacktivist exploits by groups such as Anonymous, LulzSec, and the Lazarus Group, and information releases like those of Bradley (Chelsey) Manning and Edward Snowden can achieve the disruptive or even destructive power necessary to rise to the level of warfare.
  • Private Sector – Attacks like the one against Sony Corp, which was attributed to North Korea, not only released confidential emails, other information, and unreleased movies, actually caused the physical destruction of hard drives and other systems. The attack against Panamanian law firm Mossack Fonseca  and the release of the Panama Papers had impacts on highly placed political figures around the world.

On Monday we will take a look at the history of cyber warfare incidents and see where this trend is leading us.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts


Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.