The growing cloud of cyberwarfare


Cyberwarfare might seem like a threat of the future, but the reality is that cyberwarfare acts, that have the power to disrupt normal life as we know it and cause destruction in the physical world, are a present danger. In today’s world, which is more dependent on technology than ever, a few lines of code could be used by rogue states to cause severe damage and weaken foreign governments, and can therefore be used to perpetrate acts of war.

Cyberwarfare in numbers

  • Over 500 cyberwarfare documented attacks since 2009
  • Between 2009-2018 there has been a 440% increase in global cyberwarfare attacks
  • Nearly 35% originated in China or Russia
  • 26,3% targeted the US
  • 27% of all attacks targeting the US have occurred in 2018


Given these evidences, we can understand why cyberwarfare is often referred to as “the fifth dimension” of a war, together with land, sea, air and space. A new “battlespace”.


What is cyberwarfare

The term cyberwarfare is understood as the use of cyberattacks against a nation-state, with the aim of weakening it, causing disruption of essential computer systems, physical destruction, and even loss of life. In order to be considered cyberwarfare, these attacks typically need to be carried out by another nation-state, but it can also include cyberattacks launched by terrorist groups, and hackers seeking to further the political goals of a nation-state.

Cyberwarfare however, is still a grey area, and experts are engaging in an ongoing debate regarding an all-encompassing definition of the term. Whether an attack is considered a form of cyberwarfare or simply a cyberattack depends on a range of factors, including who launched the attack, what the attack involved, how it was carried out, and the extent of the damage. Understanding who launched the attack is already in itself an arduous tasks, especially considering that rogue states often offer resources and support to independent hackers to attack a specific target, to give the nation plausible deniability. 


Targets in cyberwarfare

Acts of cyberwarfare are directed towards nation-states’ computer systems, however these are usually not the ultimate targets. In modern societies computer systems run everything from real-world infrastructure like dams, power grids and airports, to food and transport networks, and financial services. By targeting the computer systems that control and operate these vital infrastructures and services, nation-states can create severe disruption and physical destruction to another nation.

As more and more systems that are vital to the functioning of a nation are connected to the internet, the possibility of destructive cyberwarfare becomes increasingly daunting. This is especially the case when Supervisory Control and Data Acquisition Systems, in addition to the systems of power stations and other industrial processes, are old and have not been designed with cybersecurity in mind. Similarly, smart cities, which integrate Information and Communication technology and the Internet of Things to optimise efficiency in city operations and services, present a real risk when it comes to cyberwarfare. Relying on a central technological hub to control vital infrastructure can mean that a nation-state or a state-sponsored hacker can paralyse a whole city, with devastating consequences.


Type of attacks and tools used in cyberwarfare

The tools used in cyberwarfare can range from being extremely sophisticated to very common and frequently used by regular hackers, like DDoS attacks, which target critical services, and overload the system with traffic data, making it inaccessible to legitimate users. This type of attack was used in 2007 against Estonia, after the country decided to move a Soviet war memorial, causing protests from the Russian government. The DDoS attack targeted banks, newspaper and government websites for three weeks, and was eventually traced back to Russia, with suspicious of Kremlin involvement, which Russia denied. This type of attack can also be used as a diversion, to distract nation-states from other malicious cyber activity.

Other tools used in cyberwarfare include spear phishing and phishing attacks, and social engineering techniques to steal usernames and passwords, and gain access to the targeted systems. Malware, worms and viruses can also be used in cyberwarfare to infect nation-state’s systems. It was the software worm Shamoon that in 2012 caused severe disruption to Saudi Aramco, the Saudi Arabian Oil Company, after which over 30,000 computers were paralysed for two weeks. The attack however did not aim to disrupt the oil giant alone, but the Saudi economy as a whole, and was carried out by the terrorist group ‘Cutting Swords of Justice’, in response to the crimes the Saudi government had committed in the past.

Ransomware can also be a tool used in cyberwarfare, just as NotPetya was used in 2017 to target government offices, public institutions, supermarkets, businesses and banks all over Ukraine. While ransomware usually encrypts data found on computer systems for financial gain, NotPetya was identified as a state-sponsored Russian attack masquerading as a ransomware. It is thought that the aim was to create havoc across Ukraine’s economy and infrastructure, but the attack then spread to other countries including Denmark, India, and the US, causing billion of dollars in damages.

The tools mentioned above can be used for cyberwarfare threats, including the sabotage and destabilisation of a nation-state. This is done by targeting the computer systems, and consequently the vital services and infrastructure that people rely on in their day-to-day life. Cyberwarfare acts however can sometimes include what are defined as ‘soft threats’, like espionage and propaganda. Propaganda, which is now more than ever being spread via digital systems, can play an important role in controlling the public perception on important political, social and religious topics. Online censorship and the manipulation of information through social media or fake news website, can greatly influence trust in one’s own government, and in aspects like elections and political views, and can therefore be said to qualify as a form of psychological warfare. Propaganda was used by Russia during the 2016 US presidential election, with the aim of harming Hillary Clinton’s campaign, in favour of candidate Donald Trump. A statement made by the White House explains how this cyberwarfare act aimed to undermine US trust in democracy and the election process.

Espionage is considered a soft threat as well, as it typically does not result in physical damage. When however, nation-states engage in cyber espionage, and information which is critical to national security and stability is compromised, this might worsen relations between nations, and might lead to a physical retaliation attack. The supply chain attack carried out by hackers backed by the Russian government in 2020, targeted the American software company SolarWinds, which develops and maintains network monitoring tools used by government agencies and large scale businesses. The hack compromised thousands of businesses and organisations worldwide, including NATO, the European Parliament, Microsoft, and the UK Government, and led to the breach of at least 7 US federal agencies, including the Department of Homeland Security, the Department of Defence, and the Nuclear Security Administration. While some experts consider this attack to be cyber espionage rather than an aggressive cyberwarfare act, the attack led the US to impose severe sanctions on Russia, and worsened the already tense relation between the two.


Cyberwarfare capabilities around the world

All countries that have the money and skills for it, are investing in their cyberwarfare capabilities, both for offence and defence strategies. Among the countries known to be developing cyberwarfare capabilities are the US, Russia, China, North Korea, Iran, the UK, France and Israel, although according to US intelligence over 30 countries are developing their cyberwarfare capabilities. The US is thought to have the most advanced defence and attack capabilities when it comes to cyberwarfare. In 2010, the US alongside Israel, who however denies involvement, created an extremely sophisticated computer worm name Stuxnet aimed at targeting the industrial control systems of the Iranian nuclear programme. In particular, the worm targeted the systems that control the centrifuges for the enrichment of Uranium, damaging over 1,000 centrifuges and therefore setting back Iran’s nuclear project. Stuxnet used 3 zero-day exploits, and potentially cost millions of dollars and years of work to create. This is considered the first cyber tool created with the specific purpose of inflicting physical damage.

Even though nation-states are developing their cyberwarfare capabilities, it is not likely that a war carried out solely in the digital environment will happen anytime soon. The risk of hybrid warfare however, understood as the combination of military and non-military, covert and overt means including cyberattacks, economic disruption, and disinformation, is much higher. Cyberwarfare acts could therefore be used in conjunction to traditional physical and military acts, to disrupt the normal functioning of a nation, and weaken it before a traditional attack.

According to experts we are already in a cyber arms race, with nation-states investing more and more to strengthen their cyberwarfare strategy. One of the most troublesome aspects is the secrecy of these programmes, coupled with a vague definition of what cyberwarfare really is, and ambiguous rules of engagement.

Hence, these programmes are created with little to no accountability and oversight, making the threat of cyberwarfare even more serious. In the meantime, the NATO Cooperative Cyber Defence Centre of Excellence organises annual war games to allow specialists from NATO states to refine their skills and prepare for the possibility of cyberwarfare.

Reference list

Related news

Russia-Ukraine hybrid war ! White Blue Ocean
Russia-Ukraine: cyberwarfare timeline

Cyber attacks against Ukraine have been a component of the Russian strategy since before the military invasion of the country. Already in mid-January, following the failure of diplomatic de-escalation tactics, over 70 Ukrainian websites, including governmental websites like the Ministry of Foreign Affairs, Ministry of Education, and the Cabinet of Ministers, were defaced and taken offline.

Read more
Killnet: the pro-Russia threat group targeting Western countries

Many threat actors have taken side in support of either Russia or Ukraine since the beginning of the invasion in February 2022. One of these hacktivist groups is Killnet, which pledged its support to Russia. Following the Russian invasion of Ukraine, the group, initially founded as a cyber gang, rather than a hacktivist collective, declared that Killnet would now be used as a name to describe the groups’ hacktivist activity in support of Russia.

Read more
How to tidy up a data-irresponsible past

The world has never been more interconnected than at the present time, through devices like smartphones, laptops, and The risks of IoT devices, that create, collect, transmit, process, analyse, copy and store unprecedented amounts of data. This has led to concerns on how much control users have over their own data, and what level of privacy they can maintain when navigating online. Read more...

Read more
Cyber Security Risks of the Metaverse
Cyber Security Risks of the Metaverse

As more people enter the metaverse, whether it's through virtual reality or other forms of immersive technology, there are a growing number of cybersecurity risks that individuals and businesses need to be aware of.

Read more
Top 5 Ransomware Attacks of 2022 | White Blue Ocean
Top 5 Ransomware Attacks of 2022

Ransomware attacks show no signs of slowing down. Discover 5 of the most severe attacks that occurred in 2022.

Read more
Quishing – Phishing just got an upgrade
Quishing – Phishing just got an upgrade

QR codes have become very popular in recent years and can be used for many purposes. Cybercriminals exploit them to lure users into sharing a variety of personal information such as credentials and financial data. As the number of quishing attacks continues to grow, it is important to know how to protect.

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!