The DEFCON Warning System™

Ongoing GeoIntel and Analysis in the theater of nuclear war.  DEFCON Level assessment issued for public notification.  Established 1984.

Tripwire for real war? Cyber’s fuzzy rules of engagement

President Joe Biden couldn’t have been more blunt about the risks of cyberattacks spinning out of control. “If we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence,” he told his intelligence brain trust in July.

Now tensions are soaring over Ukraine with Western officials warning about the danger of Russia launching damaging cyberattacks against Ukraine’s NATO allies. While no one is suggesting that could lead to a full-blown war between nuclear-armed rivals, the risk of escalation is serious.

The danger is in the uncertainty about what crosses a digital red line. Cyberattacks, including those that cripple critical infrastructure with ransomware, have been on the rise for years and often go unpunished. It’s unclear how grave a malicious cyber operation by a state actor would have to be to cross the threshold to an act of war.

“The rules are fuzzy,” said Max Smeets, director of the European Cyber Conflict Research Initiative. “It’s not clear what is allowed, what isn’t allowed.”

The United States and other NATO members have threatened crippling sanctions against Russia if it sends troops into Ukraine. Less clear is whether such sanctions, whose secondary effects could also hurt Europe, would be imposed if Russia were to seriously damage Ukrainian critical infrastructure — power, telecommunications, finance, railways — with cyberattacks in lieu of invading.

And if the West were to respond harshly to Russian aggression, Moscow could retaliate against NATO nations in cyberspace with an intensity and on a scale previously unseen. A major cyberattack on U.S. targets would almost certainly unleash a muscular response. But what of lesser cyberattacks? Or if Russian President Vladimir Putin restricted them to a NATO member in Europe?

Under Article 5 of the organization’s treaty, an attack on any of its 30 members is considered an attack on all. But unclear is what it would take to unleash full-scale cyber retaliation. Or how bad an attack would have to be to trigger retaliation from NATO’s most potent cyber military forces, led by the U.S. and Britain.

Read more at AP News

Leave a Reply

Ongoing Geointel and Analysis in the theater of nuclear war.

© 2024 The DEFCON Warning System. Established 1984.

The DEFCON Warning System is a private intelligence organization which has monitored and assessed nuclear threats by national entities since 1984. It is not affiliated with any government agency and does not represent the alert status of any military branch. The public should make their own evaluations and not rely on the DEFCON Warning System for any strategic planning. At all times, citizens are urged to learn what steps to take in the event of a nuclear attack.