This comparative international case study provides a context for considering the evolution of cyber technologies as elements of hybrid warfare, including information operations (IO), capable of killing people, as well as impacting political elections and physical infrastructure (such as power grids and satellite-based communications and weapons systems). Threatened by “autonomous battle networks,” the “Internet of Battle Things” has been considered a domain of modern warfare by the United States since 2011 and by NATO since 2016. Focusing on three historic cyberattacks against three modern democracies—Estonia in 2007, the United States in 2012, and Ukraine during the 2013-2015 conflict—the study shows how computer warfare, first reported in the 1990s, has become integral in warfare for both state and non-state actors—particularly for information warfare waged by proxies to create confusion and manipulate public opinion via satellites that can penetrate national boundaries and firewalls with armies of zombies and botnets.
TopIntroduction
In the context of information operations (IO) and related cyber espionage (Geers, 2015; Unwala & Ghori, 2015; Valeriano, Jensen, & Maness, 2018), as well as what Russian General Valery Gerasimov (2016) described as “hybrid warfare,” this comparative international case study provides an open-source analysis of cyberattacks against three modern and Internet-reliant democracies: Estonia in 2007 (Kozlowski, 2014), the United States in 2012 (Goldman, 2012), and Ukraine during the 2013-2015 conflict (Woehrel, 2015). The analysis is important for historically evaluating the threats that cyber warfare now and in the future may pose to international security (Maigre, 2015; Shackelford, 2009) in light of evolving technologies and doctrines of warfare that have made cyberattacks an integral part of modern warfare (Bachmann & Gunneriusson, 2015) capable of manipulating domestic politics in the United States (Garamone, 2018; Harding, 2016; Miller, 2018; U.S. National Security Agency, 2017) and Europe (Eddy, 2016; Greenberg, 2017b, Segal, 2016; Stelzenmuller, 2017), as well as controlling physical things, such as critical infrastructure power grids (Geers, 2015; Lee, Assante, & Conway, 2016; Shein, 2010; Szoldra, 2016; Volz, 2016), nuclear weapons (Geers, 2015; Herzog, 2011; MacAskill, 2018), space-based weapons systems (Billings, 2015; Gertz, 2014a, 2015), and now people (Barfield, 2015; Claburn, 2018; Diggins & Arizmendi, 2012; U.S. National Security Council, 2017; Wu & Goodman, 2013).
Describing this threat to material things and human life, the United States Department of Homeland Security (USDHS) (2016) stated, “[T]here are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on [national security].” These sectors include: energy, defense, nuclear, transportation, food and agriculture, emergency services, communication, chemical, dams, finance, healthcare, information technology, commercial facilities, and government facilities. NATO has defined the term similarly, stating, “It is our critical infrastructure that makes modern society possible” (Kerigan-Kyro, 2014, p. 1).