Could the Next War Begin in Cyberspace?

The prospect of a war originating in cyberspace is authentic, warns Aroop Menon, a principal manager at security technology manager Fortanix. In fact, it's already happening, he notes in a recent email interview. "As our reliance on digital infrastructure grows, so does the potential for conflict."  

Cyberwarfare involves destroying, disrupting, or exploiting an adversary’s computer networks. Shawn Janzen, a professor of IT and analytics at American University’s Kogod School of Business, observes that cyberwarfare can come in many guises, including cyberterrorism, cyberespionage, cyberevents, cyberattacks, and so on, with each variant focused on specific cyber actors and activities. All these threats could be viewed as acts of war but are not deemed so legally or politically, he says via email. "Part of this reluctance to officially declare a malicious cyber event as an act of cyberwar stems from the expectation for kinetic military action that directly follows." In other words, conventional warfare. "War is war, no matter the domain," Janzen says. 

To understand what a cyberspace war might look like, we don't need to look much further than the conflicts between Russia and Ukraine, or Israel and Palestine, says Crystal Morin, a cybersecurity strategist at cyber security technology provider Sysdig, in an email interview. "Actors aren't limited to government or military employees, and they don't need to enlist or wear a uniform to support their nation -- they don't even have to live within the country," she explains. "In fact, someone can hinder adversarial war efforts from the comfort of their bed, their desk, or while sipping a latte in their favorite coffee shop -- all they need is the right knowledge and access." 

Related:Why Cyber Resilience May Be More Important Than Cybersecurity

Top Targets 

Attackers will initially seek disruption to critical infrastructure, Janzen says. Beyond government, this includes everything from hospitals and schools to financial institutions -- essentially everything on the CISA's 16 sector and subsector critical infrastructure list. "We're already seeing this regularly with advanced persistent threats (APTs), directly and indirectly, with countries like China, Russia, Iran, and North Korea." 

Infrastructure disruption can lead to a variety of effects, Janzen says, from complete destruction to minor adjustments or even lockout, as in the case of ransomware. "Notably, the Colonial Pipeline situation in 2021 clearly falls in this category, but was declared not a cyber war action." 

Disruption through exfiltration, particularly access to technologies and other types of restricted information, is yet another cyberwar weapon. "These [activities] are typically considered espionage actions, but nonetheless are part of wartime activities," Janzen says. He expects such activities will increase as adversaries seek access to advancements in AI, robotics, manufacturing, and a wide range of industrial technologies -- "advancements that are often kept within private organizations." 

Related:Another Cyberattack on Critical Infrastructure and the Outlook on Cyberwarfare

In a cyberwar, disinformation campaigns will likely be used to spread misinformation and collect data that can be leveraged to sway public opinion on key issues, Janzen says. "We can build very sophisticated security systems, but so long as we have people using those systems, they will be targeted to willingly or unwillingly allow malicious actors into those systems." 

Persistent and Ongoing 

How long a cyberspace war might last is inherently unpredictable, characterized by its persistent and ongoing nature, Menon says. "In contrast to conventional wars, marked by distinct start and end points, cyber conflicts lack geographical constraints," he notes. "These battles involve continuous attacks, defenses, and counterattacks." 

The core of cyberspace warfare lies in understanding algorithms, devising methods to breach them, and inventing new technologies to dismantle legacy systems, Menon says. "These factors, coupled with the relatively low financial investment required, contribute to the sporadic and unpredictable nature of cyberwars, making it challenging to anticipate when they may commence." 

Related:NSA Gives Assessment of Cyber Threats from Russia, China, and AI

Not If, but When 

A cyberattack should be viewed as a matter of when, not if, Janzen says. "Cyber resiliency is particularly important," he advises. "Take positive, intentional action to improve your organization's cybersecurity posture." 

AI makes cybersecurity exponentially more difficult, Janzen says. "We're long past fake CEOs asking for gift cards now that AI can help create convincingly personal email instructions based on scraped data, boosted by deep fake audio and video and malicious data embedded in QR codes." 

Nothing can be done to prevent a war in cyberspace, Morin warns. Cyberwar is inevitable in the evolution of today's tech-based world. "War has existed since the dawn of time, and disagreements between nations for land, resources, and political differences will not cease to exist in the world as we know it," she notes. "All we can do is be prepared, just as we are prepared with military forces and resources if a kinetic war happens."