It’s now well understood that many governments see their cyber capabilities as a tool to influence, coerce, deter and disrupt their enemies and rivals. Societies and states today are almost totally dependent on cyberspace to communicate, conduct routine but essential transactions, store information and make critical decisions about policy matters, from the mundane to the strategic. Yet it’s hard for people without deep technical understanding of the technology—your columnist included—to know where to fit these cyber realities into familiar categories for the conduct of national security and international relations.
There’s also a risk of discussing openly how to respond to cyber threats and attacks with the transparency demanded in democratic societies, when the cyber bullies often come from places that are quite good at deception and denial. There isn’t an even playing field to begin to discuss new norms, or global governance for cyberspace. Russia, North Korea, Iran and China are known to have developed advanced cyber capabilities as a form of asymmetric warfare and are not willing to engage in any serious discussion to govern or limit their use.
Often, cyberattacks are short of all-out war. They are used to disrupt and disturb, to be sure, but just to put adversaries on edge, not necessarily to defeat them in some more absolute way. We know now that these disruptive techniques during electoral cycles have in fact shaken the confidence of democratic systems, with long-term consequences we cannot yet grasp. Cyberattacks are also used to gain economic advantage, by stealing technology or data that can erode a company’s or a country’s dominance in a particular economic sector. And they certainly meet the threshold of weapons when used to compromise another country’s defensive or offensive military capabilities.