tags: [concept, doctrine, intelligence_theory, cyber_warfare, multi_domain_operations] last_updated: 2026-03-21 # [[Cyber Warfare]] ## Core Definition (BLUF) [[Cyber Warfare]] constitutes the deployment of digital attacks by state or non-state actors against the computer systems, networks, and information infrastructure of an adversary. Its primary strategic purpose is to disrupt, deny, degrade, or destroy critical digital and physical assets, thereby imposing strategic costs, degrading operational capabilities, or achieving geopolitical objectives without necessarily crossing the threshold of conventional kinetic conflict. ## Epistemology & Historical Origins The conceptualisation of the digital realm as a theatre of war emerged in the late 20th century alongside the proliferation of the internet. Foundational Western theorists at the [[RAND Corporation]], notably [[John Arquilla]] and [[David Ronfeldt]], prophesied this shift in their 1993 paper "Cyberwar is Coming!", distinguishing it from traditional electronic warfare. The [[United States]] formally institutionalised it as a distinct operational domain—alongside land, sea, air, and space—leading to the creation of [[Cyber Command]] (USCYBERCOM). Conversely, the [[Russian Federation]] and the [[People's Republic of China]] adopted a more holistic epistemological approach. Russian military doctrine integrates cyber operations into the broader concept of [[Information Confrontation]] (Informatsionnoye protivoborstvo), viewing psychological and technical network attacks as inseparable. Similarly, the [[People's Liberation Army]] (PLA) views cyber warfare as a foundational element of [[Intelligentised Warfare]], previously centralising these capabilities within the [[Strategic Support Force]] to seamlessly fuse cyber, space, and electronic warfare into a unified vector of strategic paralysis. ## Operational Mechanics (How it Works) The execution of Cyber Warfare is functionally divided into three interdependent operational pillars, often executed sequentially or in parallel: * **[[Computer Network Exploitation]] (CNE):** The intelligence-gathering phase. Operators infiltrate adversary networks to map topographies, establish persistent backdoors, and silently exfiltrate sensitive data. This is the prerequisite for both espionage and future offensive action. * **[[Computer Network Attack]] (CNA):** The offensive application of force. Operators deploy tailored malicious payloads (e.g., wipers, ransomware, or logic bombs) to manipulate, disrupt, or destroy the target's data, software, or linked physical hardware. * **[[Computer Network Defence]] (CND):** The active and passive protection of indigenous infrastructure. This entails network segmentation, continuous threat hunting, and the patching of vulnerabilities to maintain operational continuity under adversarial fire. * **Target Development & Weaponisation:** Developing capabilities often relies on the acquisition of [[Zero-Day Exploits]]—undiscovered vulnerabilities in software—which are weaponised into specific payloads designed to bypass the adversary's bespoke security architecture. ## Modern Application & Multi-Domain Use **Kinetic/Military:** Integrated into conventional military campaigns to blind and paralyse the adversary immediately prior to kinetic strikes. Cyber operations are deployed to disrupt [[Command and Control]] (C2) nodes, alter the telemetry of early warning radars ([[Suppression of Enemy Air Defences]]), and corrupt the logistical supply chains required to mobilise massed infantry or armour. **Cyber/Signals:** The native execution of the doctrine. State actors target the critical national infrastructure of adversaries—such as financial clearinghouses, telecommunication backbones, and healthcare networks. By holding civilian infrastructure at risk through pre-positioned digital payloads, states achieve [[Cross-Domain Deterrence]], signalling that any kinetic escalation will be met with catastrophic domestic disruption. **Cognitive/Information:** Synergised with [[02 Concepts & Tactics/Cognitive Warfare]] and [[Influence Campaigns]]. Cyber warfare facilitates the manipulation of truth by altering official databases, executing [[Hack-and-Leak Operations]], or hijacking state broadcasting networks. The objective is to fracture societal trust, induce epistemological chaos, and degrade the targeted population's psychological resilience and political will. ## Historical & Contemporary Case Studies **Case Study 1: Attacks on the [[Ukrainian Power Grid]] (2015-2016)** A seminal demonstration of cyber warfare bridging the digital-to-physical divide. Attributed to the Russian military intelligence unit [[Sandworm]], operators utilised spear-phishing to infiltrate Ukrainian energy distribution companies. By deploying the BlackEnergy and subsequently the Industroyer malware, the attackers successfully disconnected substations and disabled backup power supplies, plunging hundreds of thousands of civilians into freezing darkness. This served as a proof-of-concept for the weaponisation of industrial control systems (ICS) to achieve strategic signalling and societal disruption. **Case Study 2: [[NotPetya]] (2017)** An example of the uncontrollable proliferation inherent in state-sponsored cyber weaponry. Originally targeted at [[Ukraine]] via a compromised tax software update, this self-propagating wiper malware, disguised as ransomware, rapidly escaped its intended geographic confines. It devastated the global logistical and financial networks of multinational corporations (e.g., Maersk, Merck), causing an estimated $10 billion in indiscriminate economic damage worldwide. It starkly illustrated the severe risk of collateral damage and the difficulty of containing highly virulent cyber weapons. ## Intersecting Concepts & Synergies **Enables:** [[Asymmetric Warfare]], [[Cross-Domain Deterrence]], [[Information Superiority]], [[Strategic Deception]], [[Economic Warfare]], [[Hack-and-Leak Operations]]. **Counters/Mitigates:** Conventional Military Superiority (by attacking the digital nervous system rather than the physical mass), Geographic Distance, [[Command and Control]] (C2) Cohesion. **Vulnerabilities:** The fundamental weakness of Cyber Warfare is the "Attribution Problem." Due to the easily spoofed nature of digital infrastructure, accurately attributing an attack to a specific state actor is highly complex and time-consuming, which undermines rapid deterrence and complicates retaliation. Furthermore, cyber weapons are often ephemeral; once a [[Zero-Day Exploit]] is used and discovered by the adversary, it can be patched, rendering multi-million dollar offensive capabilities instantly obsolete. Finally, the interconnectedness of global networks introduces immense risk of blowback, where an offensive payload inadvertently damages the initiator's own infrastructure or allied economies.