What Is Cyberwar?

Cyberwar is a term that pops up almost every day in public media. Regardless of its wide use, the term has been poorly explained. What does it mean? What are the principles framing and governing it? How does it fall within the way we think about war? These questions, among several others, will be answered in a five-episode “Cyberwar series” – starting from now.


Cyberwar is a form of confrontation taking place in the cyber-physical reality we live in. The means of warring reside in cyberspace, yet its effects are felt in both cyber and physical worlds. The mergence of cyberspace and the kinetic world adds new aspects to warfare: It can be waged with armed codes, through information bombing, from far away and at an accelerated speed. The decisive factor is often a skilled individual rather than material resources (which is not to say that resources wouldn’t make a difference).


However, not every malevolent or otherwise undesirable move in cyberspace is an act of war. Cyberwar only takes place either in the wider context of an armed conflict or as preparation for it. Purely virtual “war” without material consequences is merely an over-interpretation of activities taking place in cyberspace.


Cyberwar blurs the line between peace and war


It is in the human nature to organize the world around us through dichotomies. If there’s no war, peace prevails. If you don’t need to worry about insecurity, you feel safe. If you didn’t initially attack, you’re acting in self-defence and, eventually, “you’re either with us or against us”. Cyberspace – and cyber warfare as an activity taking place in it – blurs many of the conventional borderlines used for making such distinctions.


The cyber-dimension of warfare brings war close to our everyday lives. The attack surface is something we all are very familiar with and dependent on: our computers and other smart devices, networks and, eventually, us as human beings. Hence acts of cyberwar target the same objects as the numerous cyber-attacks every organisation and individual needs to bear with in the times of peace too. Unlike in conventional warfare fought between state armed forces the legitimate target of cyberwar does not need to be military in nature.


Cyber-conflicts also tend to spill over. Activities are not solely targeted at the opponent but at anything that can raise enough attention and hence, as it is believed, to further one’s cause. Due to the networked nature of cyberspace effects are under nobody’s control. Cyberwar spills over to other countries and into the networks of by-standers, which may complicate the process towards peace. This, as well as the continuous intelligence and propaganda activities that take place outside the conflict setting but contribute to war preparations and maintenance of security, make the differentiation between war and peace in cyberspace impossible. We live in a grey zone in between.


Cyberwar blurs the line between military and civilian


It is not merely the borderline between peace and war that has become blurred. War is now waged in and against entire societies. The main object to be protected in every highly networked nation is its critical infrastructure which is primarily privately owned. Critical infrastructure is the backbone of a modern society and thus, paralysing or destroying its critical nodes would cripple the target society. The effects would be felt in both military and civilian sectors.


Moreover, cyberspace is a multipolar order inhabiting numerous actors with different interests. The state is only one of them and do not hold the monopoly of destructive or threatening force. Due to relatively low barriers of access, wide availability of malicious code, seeming anonymity and reduced decisiveness of material resources, as well as ambiguity revolving around “cyberwar”, many actors are intentionally or unintentionally both offenders and targets in cyber conflict. Because the state cannot provide everyone’s security, organisations and individuals alike have become responsible for their own cyber defences. This enhances the role of companies in contributing to national security which in itself has become a cumulating asset starting from the individual and ending with the transnational arrangements done for enhancing cyber security. The current debate is about whether companies should be granted a legal right to offensive operations too.


How to organise the world around us when conventional borderlines are in flux?


The decisive question we need to answer in the coming years is how to live and create order in a multipolar, cyber-infused world. We are likely to remain in the grey zone between war and peace, yet the borderline between military and civilian will become more porous and, finally, renegotiated. The decisive question may well be who is controlling whose actions – or is not. In this process the state will find its place in the emerging multipolar (cyber)world order as one of the producers of national security.


All contemporary conflicts – and future crises even more so – contain a cyber-element. Building and maintaining national security without taking cyberspace into consideration has become impossible. At least trying to do so is reckless behavior: equal to disregarding, for example, the security of the state’s maritime areas. No single decision-maker would get away with that.

Jarno Limnell

Find Jarno on LinkedIn

Start a conversation with Jarno on Twitter

Read previous content from Jarno