The Intersection of Physical and Cyber Conflict: The Future of Warfare
Cyber espionage and cyber warfare tactics are critical strategic tools that can be utilized on the battlefield, physically, and in the context of cyber. With the emergence of technology facilitating entirely new means to seek political objectives, there seems to be a never-ending stream of cyber activities varying on where they seem to fit within the gray zone. Both cyber espionage and cyber warfare are critical components of any strategy or conflict and are the future.
Cyber Espionage is the act of conducting espionage activities using cyber means, for example, computers and devices connected to the internet. It is as much about how the information was accessed as the objective of what it will be used for once collected. Just like traditional espionage of the past, collecting intelligence has proven time and again to be valuable and can mean the difference between a victory and a loss, even in the dawn of a new cyber era. An example of cyber espionage would be recent incidents of Chinese hacking targeting (and collecting) large amounts of personal data and records of Americans, as Graff observed, "resulting in a massive, unparalleled espionage advantage" (1). The breach and exfiltration of sensitive information from the United States Office of Personnel Management (referred to as the "OPM" hack) clarified China's motives. China's long-term strategy now involves troves of sensitive US data. As a result, espionage activities have reached an unprecedented level unseen in history. Adams labeled this breach as "the greatest theft of sensitive personnel data in history" (1). With the fallout yet to still be fully recognized, China has nefarious plans for that data that we may not see start to unfold for decades (Graff 3). Notably, Barr made a chilling statement regarding the situation, saying, "This data has economic value, and these thefts can feed China's development of artificial intelligence tools as well as the creation of intelligence targeting packages" (Barr Graff 3). Cyber espionage is the shiny new toy in the toy box, and we cannot expect that it will not be put away anytime soon. However, they are desirable options considering the return on investment of cyber espionage and warfare and the low barrier for entry (cost-wise and infrastructure).
Cyber warfare activities could be described as wartime activities conducted using cyber platforms. For example, it is executing a piece of malicious code (malware) to destroy a power grid or water supply intentionally. It is a direct attack of war conducted over and through the cyber domain. Furthermore, it is helpful to note that wartime strategies still carry lessons from the past; however, technology has dramatically influenced the battlefield and provided new avenues for strikes and access and new fatal weaknesses. Cyber warfare in modern times looks a little different compared to wars of the past in that the beginnings and ends of wars and conflicts are no longer as clearly identifiable. An example of cyber warfare activities would be the hack that occurred during Russias's invasion of Ukraine in February 2022. The attack was a strategic component of the invasion and targeted a Ukrainian satellite internet provider called Viasat (Kan). The attack is a clear act of cyber warfare because the objective was to disrupt Ukraine's communications instead of the outage is caused unintentionally. However, it is essential to note the interrelationship between cyber warfare and cyber espionage; this warfare activity would not have been possible without some form of prior collected intelligence obtained by conducting successful espionage activities. Leading us to the next point, "can there be one without the other"? Is there an interdependency that causes these activities to be mutually exclusive? Yes and no, the relationship is interesting. Cyber warfare activities would be incredibly shortsighted without being informed by intelligence collected through the means of cyber espionage. There would also be a clear disadvantage to any cyber warfare strategy attempting to achieve an objective without the use of intelligence. The relationship, however does not maintain the same level of correspondence when evaluating how cyber warfare affects cyber espionage. Absolutely can cyber espionage be conducted with no cyberwar activities planned or involved; however, the pressure of a looming cyber war could provide pressure that can be leveraged and strategized with. In the example above of the Viasat hack, during the conflict, while the Ukrainian Army was occupied with the current attacks, that would have provided an ideal opportunity to attempt further espionage activities. At the same time, Ukraine was preoccupied with restoring essential services. Thus, cyber espionage can be further enabled by cyber warfare, proving that the relationship can be complementary but not mutually exclusive.
Cyber espionage and cyber warfare possess high-level similarities; both occur "on the wire," so to speak, being that they take place in the cyber domain. Both, even though they are living in the land of 1's and 0s, have the ability to produce and inflict genuine, physical outcomes. Additionally, cyber warfare and cyber espionage are both valuable tools that can be beneficial to cyber and physical warfare strategies alike—both in times of peace and in times of conflict. However, cyber warfare activities have a tendency to fall into the grey zone allowing for unique uses, especially in highly sensitive political situations where a clear act of war could produce undesired results.
The most notable differences between cyber warfare and cyber espionage are the apparent differences in actions. Cyber espionage, by nature, is a collection activity and somewhat passive compared to the scheme of strategic cyber activities. Notably, it is also centered around information and data collection and exfiltration. Even if a cyber espionage activity spilled out into something more than espionage it would likely still be considered to fall within the gray zone. Cyber warfare differs since; theoretically, it begins and ends as warfare. There is an escalation path, but it is not like espionage, where it begins at or below the gray zone and cannot be declared an act of war (per se). Cyber warfare is typically already at a point that the situation has escalated too and would be squarely considered already in the war zone.
Differences are also found in the intentions behind the activities and the subsequent results. In the example of the Viasat hack, it was clear that the attack was leveraged as part of a grander attack strategy that also utilized kinetic warfare. However, the malware used, AcidRain, was found that it could do much more than interrupt Viasat's communications networks. It also had the ability to completely wipe the infected modem's entire file system (that includes everything that makes it function) and "then trigger a reboot, leaving the device inoperable" (Kan 2). Removing the entire file system means that when powering the modem back on, the modem would not have the instructions required to boot up and power on. Essentially rendering them completely useless, it would have been as effective as literally destroying the modems. There is the possibility that the attack did not go as planned; however, it appears that the objective of the attack was to cause disruption and hinder Ukraine's communication ability locally and abroad. If the objective was to destroy Ukraine's systems beyond immediate repair, the option appeared to be there; however, it likely was not acted upon because of the intentions behind the operation.
Similarly, if Russia had access to the Viasat modems where they could load and execute malware, that access could have potentially provided additional means for espionage activities. Nevertheless, from the reports and what is understood of the described incident, no data was exfiltrated during the Viasat event. Thus, the same scenario could have been classified as either an act of cyber warfare or cyber espionage. Although the initial steps and access would have been nearly identical, the intention of the intrusion determined which sort of event it was. If the breach were used just for data theft and not to cause a disruption, then Viasat would not be known as having been attacked; it would have joined the long list of other organizations that have unfortunately found themselves breached by an adversary or opponent.
An additional aspect of this analysis to consider is the practical implications of both activities. As cyberattacks continue to be a central strategic component, the security of those systems becomes even more essential. Introducing new issues and areas of weakness for both the offense and defense, as Schneier and Wheeler stated, "The future of war is cyber war. If your weapons and systems aren't secure, don't… bother bringing them onto the battlefield" (3). Noting the reference to systems as well and not limiting the conversation to only weapons. Systems are as implicated in this scenario and at risk for espionage activities as much as basically anything online does for cyber war and the modern battlefield. By being connected to the internet, nations are finding themselves with a slew of new threats, vulnerabilities, and concerns. No longer is there the geographical elements of space between entities that used to provide some level of privacy and protection. In this relationship, Greenberg observed that cyberwar provides" a new dimension of conflict capable of leapfrogging borders and teleporting the chaos of war to civilians thousands of miles beyond its front" (2). As a result, cyber espionage activities have also found new opportunities for collection and exploitation, the same way cyber warfare activities have and continue to evolve. Both can now, as Greenberg put it, teleport, making the globe (and anywhere with an internet connection) the new battlefield.
Cyber espionage and cyber warfare both provide significant contributions to a given scenario and can both be equally valuable tools. With the emergence of technology, new opportunities and platforms for both have presented themselves. The threat of either can also be as valuable a strategic tool as actually conducting the activity. Additionally, the threat of cyber warfare or cyber espionage can drive the organizations and nations that are listening to increase security and take matters seriously. As we explored, cyber espionage and cyber warfare possess a one-sided dependency. Cyberwar activities are enabled by intelligence gathered through cyber espionage; however, the relationship is not reciprocal. Cyber espionage does not possess any reliance on the act of cyberwar aside from the mere threat of it being a motivator. Mounting pressure can increase espionage activities from all parties involved as well. Through this analysis, it is clear that all things cyber are here to stay, and we can expect the future of war and espionage to continue to occur in cyberspace for generations to come.
Kilcullen, David J. Out of the Mountains: The Coming Age of the Urban Guerrilla. Reprint, Oxford UP, 2015.
Kilcullen, David J. "The City as a System: Future Conflict and Urban Resilience." The Fletcher Forum of World Affairs, vol. 36, no. 2, Dec. 2011.
Kitchin, Rob, and Martin Dodge. "The (in)Security of Smart Cities: Vulnerabilities, Risks, Mitigation, and Prevention." Journal of Urban Technology, vol. 26, no. 2, Informa UK Limited, Dec. 2017, pp. 47–65. https://doi.org 10.1080/10630732.2017.1408002.
Kruijt, Dirk, and Kees Koonings. “The Rise of Megacities and the Urbanization of Informality, Exclusion and Violence.” Megacities, Zed Books Ltd, 2009, https:// doi.org/10.5040/9781350221345.ch-001.
Marighella, Carlos. Minimanual of the Urban Guerrilla. praetorian-press.com, 2011.
Perlman, Janice. "Megacity's Violence and Its Consequences in Rio De Janeiro." Megacities, Zed Books Ltd, 2009, https://doi.org/ 10.5040/9781350221345.ch-003.
