Cyber Warfare Myths Exposed

Cyber operations have become increasingly important in the rapidly evolving modern warfare environment. Despite its growing popularity, many misconceptions exist about its nature and impact.

These myths tend to distort our understanding of cyber operations work with conventional military tactics, their actual costs and complexities, and the diversity of actors involved.

By examining recent examples, we can debunk seven common myths about cyberwarfare and shed light on the realities in this important area.

? Myth 1: Cyberspace is borderless, with no geography

? Reality: Cyberspace is deeply influenced by legal jurisdictions and the physical geography where information assets are hosted, meaning national borders and local laws significantly control and shape the management, monitoring, and accessibility of data.

?? Example: China’s Great Firewall demonstrates the impact of geography and legal jurisdiction in cyberspace. The Chinese government uses its sovereign power to control and censor internet traffic within its borders, blocking foreign websites and regulating the flow of information. This illustrates how national borders and legal frameworks significantly influence the accessibility and use of cyberspace.

? Myth 2: Cyber Operations are independent of traditional warfare

? Reality: Cyber operations are often integrated with traditional military operations to achieve strategic objectives.

?? Example: During the 2008 Russo-Georgian War, Russia launched coordinated cyber attacks against Georgian government websites and news outlets simultaneously with its ground and air assaults. These cyber attacks aimed to disrupt communication, spread disinformation, and create confusion, effectively supporting the physical military invasion. This integration of cyber and traditional warfare demonstrated how cyber attacks can be used to complement and enhance the effectiveness of kinetic military operations.

? Myth 3: Offensive Cyber Operations are always anonymous and unattributable

? Reality: While cyber attacks can be difficult to attribute, sophisticated forensics and Intelligence capabilities have improved attribution.

?? Example: In 2020, the SolarWinds cyber attack was initially detected when cybersecurity firm FireEye discovered a breach in its systems. Through detailed forensic investigation, FireEye and other cybersecurity firms and government agencies attributed the attack to a state-sponsored group known as APT29, or "Cozy Bear," linked to the Russian intelligence agency SVR. The extensive analysis and collaboration between private and public sectors enabled precise attribution, showcasing how advanced techniques and cooperation can successfully identify attackers despite the initial anonymity.

? Myth 4: Cyber Operations is only about data theft and espionage

? Reality: Cyber warfare also includes destructive attacks and information operations that can have significant physical and psychological impacts.

?? Example: In the early days of the 2022 Ukraine invasion, Russian cyber actors deployed a series of wiper malware attacks against Ukrainian targets. One prominent example is the HermeticWiper malware, designed to delete data on infected machines, rendering them inoperable. This attack was aimed at the Ukrainian government and financial institutions, intending to disrupt critical services and sow chaos amidst the ongoing physical invasion. The coordinated use of wipers alongside military actions highlighted how cyber warfare could inflict significant operational and psychological damage, demonstrating that its scope extends beyond traditional data theft and espionage.

? Myth 5: Cyber warfare is a cheap and easy alternative to traditional military action

? Reality: Effective cyber operations require significant technological investment, skilled personnel, and intelligence. They also often complement rather than replace traditional military actions.

?? Example: During the 2019 Israel-Gaza conflict, Hamas attempted to launch cyber attacks against Israeli targets. In response, the Israel Defense Forces (IDF) conducted a physical airstrike against the building housing the Hamas cyber operations unit. This incident underscored the limitations of relying solely on cyber operations; Hamas's cyber capabilities were insufficient to achieve strategic objectives without significant traditional military support. Additionally, Israel's swift kinetic response highlighted the high stakes and the need for robust defenses and countermeasures in both domains, illustrating that cyber warfare requires substantial resources and coordination with traditional military strategies.

? Myth 6: Offensive Cyber Operations have immediate and obvious effects

? Reality: The effects of cyber attacks can be delayed, cumulative, and sometimes not immediately apparent.

?? Example: In 2021, a cyber espionage campaign known as Operation Exchange exploited vulnerabilities in Microsoft Exchange Server, allowing attackers to gain long-term access to networks worldwide. While the initial exploitation was not immediately disruptive, the long-term impact became evident as compromised systems were used for further espionage, data theft, and potentially laying the groundwork for future attacks. Organizations discovered the breaches over time, often months later, and the full extent of the data compromised and the strategic information gained by attackers is still being assessed. This campaign illustrates how the effects of cyber attacks can unfold slowly, revealing significant long-term consequences and vulnerabilities.

? Myth 7: Only state threat actors are capable of significant cyber warfare

? Reality: Non-state actors, including terrorist groups and hacktivists, can engage in significant cyber operations.

?? Example: In the context of the Ukraine-Russia conflict, the hacktivist group Killnet, which emerged in 2022, has conducted several high-profile cyber attacks supporting Russian objectives. Killnet has targeted critical infrastructure and governmental websites in countries perceived as supporting Ukraine. For instance, they launched DDoS attacks against the websites of Lithuanian and Polish government agencies and infrastructure providers, disrupting services and demonstrating the group's capability to execute significant cyber operations. These attacks, often carried out with the tacit support or encouragement of state actors, underscore how hacktivist groups can play crucial roles in cyber warfare, significantly impacting geopolitical conflicts without being formal state actors.

? Myth 8: Offensive Cyber Operation is the decisive “easy button” depicted in action movies.

? Reality: Offensive cyber operations require significant planning, coordination, and often only achieve strategic objectives when integrated with broader military actions.

?? Example: During the 2022 Russian invasion of Ukraine, cyber attacks disrupted communications and infrastructure but failed to achieve strategic objectives without the support of conventional military operations. The resilience and response of Ukrainian cyber defenses highlighted the complexity and limitations of relying solely on cyber operations for decisive outcomes.

? Myth 9: All cyberspace is vulnerable to fire-and-forget “cyber weapons”.

? Reality: Effective Offensive Cyber Operations often require specific targets, reconnaissance, and tailored exploits, rather than one-size-fits-all approaches.

?? Example: The 2012 Shamoon malware targeted the Saudi Arabian oil company Saudi Aramco, specifically designed to wipe data on its corporate network. Despite its devastating impact on Aramco, Shamoon's effectiveness was limited to its intended target and did not cause widespread damage beyond this specific context. This example illustrates that successful cyber attacks often rely on tailored exploits for specific targets, rather than universal "fire-and-forget" weapons.

? Myth 10: Cyber warfare is a silver bullet

? Reality: Cyber operations alone are rarely decisive and are most effective when integrated into a broader strategy.

?? Example: During the 2022 Russian invasion of Ukraine, cyber attacks were a significant component of Russia's initial assault. Russian cyber forces conducted widespread attacks on Ukrainian government websites and critical infrastructure, aiming to disrupt communications and sow chaos. However, these cyber operations did not achieve the strategic objectives on their own. The resilience of Ukrainian cyber defenses, coupled with support from international partners like the EU and NATO, mitigated the impact of these cyber attacks. Meanwhile, the ground invasion and traditional military engagements determined the conflict's progression. This example highlights that while cyber operations can enhance traditional warfare, they are not a standalone solution and must be integrated into a larger, multi-domain strategy to be effective.

Conclusion

As we navigate the complexities of modern conflicts, it is essential to dispel the myths that cloud our understanding of cyber warfare. The integration of cyber operations with traditional military strategies, the challenges of attribution, the destructive potential beyond mere data theft, and the roles of both state and non-state actors illustrate the multifaceted nature of cyber warfare.

Recent events underscore that cyber warfare is not a standalone solution but a crucial component of broader strategic objectives. By recognizing these realities, we can better prepare for and respond to the dynamic threats posed by cyber warfare in today's interconnected world.