A worm, a virus, and a trojan horse. What do they all have in common? They are all vital parts of the invisible war that is being waged; the war that has infiltrated the networks of the electronic world as we know it. From the homes of citizens throughout the world and their personal electronic devices, to the vast government networks of states — this war is cyberwar, and there are no rules.
The pivotal moment that began the battle in cyberspace came in 2009 with the creation of a malware, which is software designed with malicious intent, called Stuxnet by the United States to attack the networks of other state enemies. Stuxnet shifted the global battlefield to cyberspace because states were now able to attack their enemies with the click of a mouse or the implementation of a code. The playing field was leveled; you didn’t need an army to wage war.
The majority of the global public seems relatively unaware of what is occurring behind closed doors, on computer networks, and even personal devices. But cyberwarfare is the new reality of global conflict — and you need to care.
Firstly, cyberwar is inherently secretive.
There are no military troops being deployed to foreign countries, no physical trainings — cyberwar can be waged in a dark office, in the back of a building, with only the light of the computer screen showing any signs of action. To carry out military attacks, governments such as the U.S. must get approval through the checks and balances system from other branches of government. Cyberattacks on the other hand need no approval, they are cheap, easy, and only require the knowledge of a career hacker(s) to get the job done. Plus, the cyberattacks that have occurred have rarely made global news headlines or caused a societal outcry. Thus governments can hire hackers and attack foreign enemies with little to no public detection.
States hire non-state actors to do their dirty work.
Russia and China are the biggest perpetrators of this behavior. Who do they hire? Hackers — “an elite collective of well-trained and highly ambitious people spending large parts of their lives in front of computer monitors” (Sigholm, 15). Hacker’s intentions can be malicious or benevolent, but either way, cyberwar has created the profession of the professional hacker. Hiring non-state actors to carry out cyberattacks removes the imperative for state’s to take responsibility for their actions — they can hack into entire government databases without relatively any fallout.
An incredibly disturbing example of this occurred in December 2009 with a massive hacking operation coined Operation Aurora, where Chinese hackers shut down numerous company serves at Google, infecting them with worms and viruses, along with hacking into, “at least 34 American companies and institutions with links to the U.S. Administration, including suppliers to the Pentagon and even some members of the U.S. Congress” (Hjortdal, 10). The program used to carry out Operation Aurora was traced back to a freelance hacker, but it was discovered that the commands given to launch the attacks were given by Chinese officials in Beijing.
Given the implications of attacks such as Operation of Aurora, it’s obvious that the risk of release of classified government information is monumentally high. The reality is that government secrets, plans, and information fall into the hands of foreign actors with malicious intent constantly. Our new global cybersphere makes it possible for virtually anyone to engage in cyberwarfare, thus every citizen with a computer, smartphone, or any kind of personal information online is at risk to be a victim of cyberattacks.
Cyberattacks can cause severe physical damage.
Cyberwar isn’t solely classified through actors gaining access to private information, it includes large physical damage implications as well. Stuxnet, the malware created by the U.S. in cooperation with the Israeli government, was able to infect multiple computers and control systems in an Iranian nuclear facility, issuing the command to destroy a handful of nuclear centrifuges in the facility. In retaliation against the U.S., Iran hacked into the U.S. power grid in 2013, specifically the Bowman Avenue Dam in Rye, New York. Although Iran’s attack did not cause any physical damage, it could’ve if they would’ve issued the command to release flood gates or disrupt electricity. The fact that an enemy state had the full ability to strike the U.S. at their own will should evoke fear.
Global powers are relatively unprepared for this kind of warfare.
Russia and China lead the world currently in preparedness to engage in cyberwarfare. Russia’s intelligence agency’s active budget fluctuates between $3-4 million dollars, with employee numbers ranging around 15,000 — not including the non-state hackers they hire outside of the government (Ajir and Vailliant, 72). A leaked FBI report found that China had, “developed a “cyber army” comprising 30,000 military cyber spies plus 150,000 spies hired from the private sector” (Hjortdal, 11). These numbers are steadily increasing, making it difficult for the U.S., one of the three major power players in cyberwarfare, to keep up. The U.S. needs to massively increase their technological capabilities, along with their cyber workforce as there is no running from the fact that war has changed.
To read more of my research on cyberwarfare click here.
Ajir, Media, and Bethany Vailliant. “Russian Information Warfare: Implications for Deterrence Theory.” Strategic Studies Quarterly 12, no. 3 (2018): 70–89.
Hjortdal, Magnus. “China’s Use of Cyber Warfare: Espionage Meets Strategic Deterrence.” Journal of Strategic Security 4, no. 2 (2011): 1–24.
Sigholm, Johan. “Non-State Actors in Cyberspace Operations.” Journal of Military Studies 4, no. 1 (December 1, 2013): 1–37. https://doi.org/10.1515/jms-2016-0184.