When the U.S., U.K. and France attacked Syria in April to punish the government for its alleged use of chemical weapons, there was concern about possible retaliation on a very different battleground. Syria’s patrons, Russia and Iran, are among the world’s leading practitioners of cyberwarfare, or state-sponsored attacks on computer networks and the myriad activities they guide. So far, there have been no public reports of cyberattacks specifically designed as retribution against the coalition that struck Syria. Then again, it’s hard to know when and where cyberwarfare occurs, and by whom.
1. What is cyberwarfare?
Generally speaking, the term is applied to a cyberattack that has the backing of one nation with the intent of hurting another. “Although there is no clear doctrinal definition of ‘cyberwarfare,’” the U.S. Congressional Research Service said in a 2015 report, “it is typically conceptualized as state-on-state action equivalent to an armed attack or use of force in cyberspace that may trigger a military response.”
2. What forms can it take?
Any of the most common methods of cyber misconduct, including infecting a computer system with malware, holding it hostage with ransomware, disabling it with a flood of messages (a so-called denial of service attack) or hacking data for the purpose of espionage. A more extreme example might be a cyberattack that aims to sabotage, say, the test launching of missiles. Real-life examples include Russia’s manipulation of social media to sway Western elections, most notably the 2016 U.S. presidential vote, and the so-called Stuxnet worm, said to have been developed by the U.S. National Security Agency and Israeli intelligence, that sabotaged Iranian nuclear centrifuges starting in 2009.
3. Why all the worry?
If influencing elections seems relatively tame, consider what full-blown cyberwarfare could mean: the complete and prolonged shutdown of a power grid (something that has struck Ukraine twice, presumably at the hands of Russia cyberwarriors); the wipeout of data centers by malware that overheats circuits; the scrambling of bank records to cause financial panic (a 2013 attack froze three major South Korean banks); interference with the safe operations of dams and nuclear plants; or blinding of radar and targeting systems of fighter jets. A March alert from the Department of Homeland Security and Federal Bureau of Investigation warned that Russian government cyber actors have targeted “government entities and multiple U.S. critical infrastructure sectors,” including energy, water and aviation.
4. Who are the combatants?
In addition to Russia and the U.S., nations with active cyberwarfare programs are thought to include China, Israel, the U.K., Iran and North Korea.
5. Is cyberwarfare waged by actual soldiers?
Sometimes. The U.S. and other large countries have established cyberwarfare units, which conduct intelligence-gathering operations and support military missions. But the Russian “troll farms” that are accused of meddling in the 2016 U.S. elections are separate entities that engage in what’s known as information warfare — the art of manipulating the opinions of members of the public or people in power. These can be actors who are working independently of a government agency or as contractors who are able to maintain arms-length distance (for deniability reasons) from their sponsoring organizations. North Korea’s notorious hacker army is believed to have begun as part of the military. Its specialty, somewhat uniquely, is earning money for the ruling regime.
6. How do cyberwarriors raise money?
In North Korea’s case, the methods range from the theft of bank-card data to much larger schemes. North Korea’s hackers are suspected to have been behind the theft of $60 million from Taiwan’s Far Eastern International Bank in October 2017. And the U.S. said North Korea was behind the May 2017 WannaCry cyberattack that froze thousands of computer systems around the world, including at many corporations and the U.K.’s National Health Service, demanding $300 in bitcoin from each victim to remove the encryption. It’s unclear how much these attackers collected.
7. Aren’t attacks on civilians supposed to be off-limits?
The traditional form of international conflict — between armies firing bullets and bombs — is guided by rules of war that date back centuries and are meant to reduce civilian suffering. Terrorist attacks meant to kill and scare civilians could be considered the polar opposite of that. Cyberwarfare sits somewhere in the middle. In 2013, a think tank affiliated with the North Atlantic Treaty Organization published a 282-page manual that attempts to apply existing law to cyberwarfare — defining which targets are off-limits (schools and hospitals, for example) and under what circumstances a country can respond to a hack attack with military force. But as the Tallinn Manual (named for the Estonian capital, where the think tank is based) itself notes, it “is not an official document” and “must be understood only as an expression of the opinions of two international groups of experts as to the state of the law.”
8. Can anything be done to limit cyberwarfare?
In April, dozens of technology companies including Microsoft Corp. and Facebook Inc. agreed they will “not help governments launch cyberattacks against innocent citizens and enterprises.” Their so-called Cybersecurity Tech Accord was likened to a digital version of the Geneva Conventions, the international agreements that guide humanitarian treatment during war.