Cyber Warfare: How the Rules of Conduct Are Changing
Cyber warfare
Date: January 24, 2023

Summary of Key Points

  • Cyber warfare is similar to cybercrime, but it typically involves nation-states (rather than rival corporations or independent hacker groups).
  • Cyber warfare is not currently subject to agreed-upon rules of engagement, which means that organizations in any vertical could potentially become targets.
  • Managed Security Services Providers can help you assess your current posture, identify potential weaknesses, and help you fortify your defenses.

Safeguarding your organization’s digital assets used to feel as simple as hiring a few security guards and making sure all your employees knew to lock up correctly at the end of the day. However, with the internet now crucial to many critical business functions, a robust cybersecurity posture is no longer a want but a need.

As the war in Ukraine has demonstrated, even the nature of war is changing: While fighting was once constrained to the physical world, conflicts are increasingly unfolding on a digital front as well.

See also:

Binary overlaying world map
Via Adobe Stock.

What is Cyber Warfare?

Like cybercrime, cyber warfare involves a cyber attack or series of attacks launched by one party and targeting one or more other parties. However, unlike traditional cybercrime, cyber warfare typically involves nation-states (rather than rival corporations or independent hacker groups) targeting other nation-states or organizations within those rival states to sow confusion and destabilize their enemies.

Cyber warfare may involve:

  • Stealing state secrets (including classified research)
  • Disrupting civil infrastructure
  • Interfering with rival military forces

Stuxnet: The World’s First Digital Weapon

However, cyber warfare is not only a tool of nation-states; it can also be used by terrorist organizations or other non-state actors seeking to further a hostile nation’s goals, including stealing national secrets or damaging critical infrastructure. A well-known example of cyber warfare is Stuxnet, which first surfaced in 2010. U.S. and Israeli intelligence forces used a worm to disrupt uranium refinement OT (Operations Technology) systems across Iran. As a result of the attack, 20% of Iran’s uranium refinement centrifuges, which it uses to create its nuclear arsenal, were destroyed.

Many cybersecurity experts consider Stuxnet to be “the world’s first digital weapon“, and this attack prompted many serious discussions about the fact that, unlike traditional warfare, whose rules of engagement are laid out explicitly in the Geneva Conventions, cyber warfare is not currently governed by any similar constraints.

As such, while specifically targeting a hospital for bombardment during a conflict is considered a war crime, attacking a hospital’s digital infrastructure using cyber warfare is not currently subject to similar rules of engagement.

The War in Ukraine May Signal the Dawn of a New Era for Cyber Warfare

According to many experts, the ongoing war in Ukraine marks a turning point in the history of cyber warfare. Russia’s invasion of Ukraine relies on both traditional military tactics and cyber warfare, which involves using digital tools to sow confusion, disseminate propaganda, damage infrastructure, dismantle government software, and carry out destructive espionage and attacks.

Microsoft’s 2022 Digital Defense Report found that 90% of Russia’s attacks during 2022 targeted NATO member countries, and 48% of those attacks targeted private IT firms based in member countries. As the war continues, Russian state hackers and state-backed organizations will likely continue to use cyber warfare to target Ukraine’s energy, transport, and digital infrastructures, potentially signaling the dawn of a new era in which civil organizations and even private companies are specifically targeted during times of war.

What Makes Cyber Warfare Different From Hacking & Other Forms of Cybercrime?

Cyber warfare is often defined as conducting military operations by virtual means, whereas cybercrime is typically motivated not by military gain but by criminal financial gain, a desire to steal corporate secrets, as a form of activism, or to gain fame or notoriety. Both types of cyber attacks differ from cyber terrorism, defined as using computer technology to engage in terrorism.

In essence, it is what motivates each of these actions that define which category a cyber attack falls under. Cyber warfare is primarily motivated by a desire for military gains, while cyber terrorism is primarily motivated by political ideology, and cybercrime is primarily motivated by a desire for personal gain (either in the form of financial gains or fame). However, the definitions of each of these attacks are not cut and dry, and some types of attacks may fall under multiple categories. Examples include a country engaged in cyber warfare spreading political propaganda to improve their international image and demoralizing their enemies or cyber terrorists engaging in ransomware attacks to fund their operations.

Digital grenade
Via Adobe Stock.

Should My Organization be Concerned About Cyber Warfare?

When it comes to cybersecurity, it is always better to be over-prepared than underprepared. While organizations in some verticals, such as finance, manufacturing, utilities, and healthcare, should take extra precautions due to their increased chances of being targeted, the fact that cyber warfare is not currently subject to agreed-upon rules of engagement, which means that organizations in any vertical could potentially become targets.

Safeguarding Your Organization

This section will discuss what steps all organizations should take to best prepare themselves to face a potential cyber warfare attack.

If your organization has been targeted, please contact our team of experts immediately and consider reading our educational article Hacked? Here’s What to Know (& What to Do Next).

Create an Incident Response Plan

The first thing any organization should do to strengthen their security posture is create an effective incident response plan (IRP). The purpose of an IRP is to provide instructions to your workers on how to identify, respond to, and recover from, a cyberattack.

Your IRP should be a living document that is updated regularly and include:

  • A mission statement
  • Clearly defined roles and responsibilities
  • A list of cybersecurity or cyber warfare incidents that your team is likely to encounter
  • Up-to-date emergency contact information for all relevant parties

For more information on creating an incident response plan, please consider reviewing our educational guide: Guide to Creating an Effective Incident Response Plan.

Familiarize Yourself With Common Forms of Cyberattack

Cyberattacks come in a variety of forms, and what may be unheard of yesterday may become commonplace tomorrow. By keeping up with the latest news in the cybersecurity world, you can help ensure your organization is prepared when disaster strikes.

Common forms of cyberattack include:

  • Brute-Force attacks
  • Phishing and social engineering
  • Credential stuffing
  • Cryptojacking
  • Data breaches
  • DDoS (Distributed Denial of Service) attacks
  • DNS hijacking (also called DNS redirection or DNS poisoning)
  • Drive-by attacks
  • Exploits
  • Malware (including ransomware)
  • Supply chain attacks

For more information on these forms of attack and what motivates attackers, please consider reading our educational articles: Terms & Phrases Used in the Managed IT & Cybersecurity Industries and The Modern Hacker: Who They Are, Where They Live, & What They’re After

Keyboard keys lit up with binary code
Via Adobe Stock

Strengthen Your Digital Fortifications

Securing your network and other digital assets may be daunting, but your MSSP (Managed Security Services Provider) can help you assess your current posture, identify potential weaknesses, and help you fortify your defenses. As part of this process, you should:

Secure Your Network

Something as simple as a well-designed firewall can help significantly improve your defense posture. However, while an ordinary, one-size-fits-all firewall is better than no firewall at all, a managed firewall can provide better protection and more information.

A managed firewall is designed to help you keep tabs on all network activities and send out an alert if it encounters anything suspicious. A managed firewall can also be tailored to meet your organization’s unique security needs and help ensure unauthorized users are kept off your network.

Keep Your Software Up to Date

Something as simple as a software update can mean the difference between a successful attack and a thwarted one. When software companies discover vulnerabilities or problems in their products, they develop and release patches, small snippets of code designed to address the situation.

However, your organization is only protected by security patches if they are installed. Cyber warfare actors and cybercriminals are also more likely to target recently patched software since they know that not all organizations are diligent enough to install the patches immediately.

Protect Your Endpoints

Even the strongest fence is useless if you leave the gate open. If they aren’t properly protected, endpoints such as laptops, tablets, and smartphones can allow unauthorized users to access your network. Safeguarding your endpoints is particularly important in BYOD (Bring Your Own Device) settings, where employers don’t have direct control over all network endpoints.

To improve your security posture, you should ensure that all endpoints that have access to your network use multi-factor or two-factor authentication, have appropriate security software installed, and that all software is kept up to date to ensure you can benefit from all new security patches.

Implement Secure Password Guidelines

Something as simple as implementing secure password guidelines can mean the difference between a secure network and a vulnerable one. To help ensure all team members are using robust passwords, you may want to develop a password policy based on section 5.1.1.1 (Memorized Secret Authenticators) of the NIST’s password guidelines.

Limit Permissions

Access to sensitive areas of your network, such as your security settings and financial records, should be granted on a need-only basis. By not granting more expansive permissions than an employee needs to do their job, you can limit the number of individuals within your organization who have access to sensitive data.

By curtailing access, you can help ensure that if a team member’s username and password become compromised (because, for example, they fell for a phishing scam), those credentials are statistically less likely to grant unauthorized users access to sensitive information. As part of this process, you should also ensure you have a clear offboarding procedure in place for revoking former team members’ credentials so that both former employees and potential cyberattackers can’t use inactive credentials to gain unauthorized access.

Back Up Your Data Regularly

If you are targeted by a ransomware or other type of malware attack, your data may become corrupted or lost. As such, having the ability to roll back to a recent backup can help you avoid service disruptions or other problems. However, any data generated after the last backup is unlikely to be recovered if an incident occurs, which is why it is important to back up all data regularly.

Invest in Regular, Ongoing Security Training

Defending your organization against cyber warfare is everyone’s responsibility. Even the best plan is only useful if everyone understands what it is, why it’s important, and how to implement it effectively. After all, even the most studious and diligent team member won’t be able to follow your cybersecurity and cyber warfare protocols if they don’t know what they are.

To help keep your team in fighting shape, all workers from the CEO downward should receive comprehensive cybersecurity training as part of your onboarding process and undergo regular refresher training. To help ensure your training is effective, all team members should:

You may wish to consider running tabletop exercises as part of your training. Like fire drills, tabletop exercises are designed to give employees a chance to test their cybersecurity and cyber warfare defense knowledge in a safe environment. Team members are presented with a hypothetical scenario, such as a ransomware attack, and then instructed to work as a team and, with the help of your incident response plan, respond to the attack.

Once the scenario is complete, your team can sit down with your Managed Security Services Provider or in-house security team and evaluate their performance while also identifying any deficiencies in your IRP so they can be addressed. Regularly scheduled tabletop exercises can help keep digital security top of mind and ensure all workers are familiar with any changes or updates to the plan.

Stress-Test Your Defenses

Just like the best way to find out if a boat is leaking is to put it in the water, the best way to find out if there are any holes in your security posture is to put it to the test. Pen (penetration) testing involves hiring an ethical hacker to stress-test your security posture by searching for vulnerabilities and then attempting to exploit them to gain access to your network. Once the test is complete, the hacker will sit down with your team and explain what they did, what vulnerabilities they were able to discover and exploit, and what steps they suggest you take to address these security deficiencies. This information can then be used to improve your security posture through actions such as improving your cybersecurity and cyber warfare training, addressing hardware or software deficiencies, or updating company security policies.

Cyber warfare has become a serious threat, and that threat is only predicted to grow. Investing in a robust cybersecurity posture can help safeguard your digital assets and hinder the efforts of cyber warfare attackers targeting your country. Please contact our team today to learn more about which steps your organization should be taking to improve your security.