Thresholds for Cyberwar

Available Downloads

There is a broad range of hostile or malicious action in cyberspace – crime, espionage, attacks, and political action. The identity of those who engage in these actions can be indeterminate, and these activities, at some level, often overlap. This does not justify, however, a similar blurring and imprecision in our discussions of cyber conflict. We can reduce this blurring by disaggregating the different kinds of conflict. This essay focus on the use of the internet or cyberspace for armed conflict, review the utility and use of cyberattack, and considers the behavior of states, their military forces or proxies, and other armed groups in waging cyber war.

Questions persist as to the appropriate framework for considering this new mode of conflict, but to a degree these questions result from weak data, imprecise terminology and a certain reluctance to abandon the notion that cyber conflict is unique and sui generis, rather than being just another new technology applied to warfare. Imprecision in terminology hampers serious discussion of these issues. It is not correct to call every bad thing that happens on the internet “war” or “attack.” The thresholds for war or attack should not be very different in cyberspace than they are for physical activity. We can also focus discussion by defining cyber war as the use of force to cause damage, destruction or casualties for political effect by states or political groups. A cyber attack would be an individual act intended to cause damage, destruction, or casualties. There is a gray area, of course, when we think about disruption, particularly the disruption of services and data, and when this disruption rises to the level of the use of force. The threshold should be very high for calling a disruptive activity an act of war or attack.

James Andrew Lewis
Senior Vice President; Pritzker Chair; and Director, Strategic Technologies Program