S&P Global Offerings
Featured Topics
Featured Products
Events
S&P Global Offerings
Featured Topics
Featured Products
Events
S&P Global Offerings
Featured Topics
Featured Products
Events
S&P Global Offerings
Featured Topics
Featured Products
Events
Language
Featured Products
Ratings & Benchmarks
By Topic
Market Insights
About S&P Global
Corporate Responsibility
Diversity, Equity, & Inclusion
Featured Products
Ratings & Benchmarks
By Topic
Market Insights
About S&P Global
Corporate Responsibility
Diversity, Equity, & Inclusion
Cyber warfare is a series of digital attacks used by one nation-state to disrupt, damage, or infiltrate the infrastructure of another nation-state. It is a new battlefield for act of war other than, in some cases supplanting the traditional arenas of land, sea, and air in international disputes and geopolitical risks.
Nation-states with substantial financial resources and advanced cyber capabilities are often the primary actors, or sponsors, in cyber warfare. Hacktivist groups, motivated by goals to advance political agendas, are also active players who can significantly alter the geopolitical environment, either directly or indirectly. Other potential actors are cybercriminals and terrorist groups; these are typically driven by self-interest or money, more than by a desire to inflict digital harm on another state, but they can be agents of a nation-state.
Seeing cyber warfare and cyber attacks from a geopolitical perspective allows us to consider the wider picture. In addition to lone hackers and organized groups, nation-states are utilizing this new form of fighting to further their objectives, which might upset the global balance of power.
The main purpose of cyber warfare is to achieve strategic objectives and gain an advantage over other nation-states by using technological attacks. These objectives may be political, economic, military, or social in nature, and various types of cyber warfare tactics are employed to achieve them.
We need to understand the geopolitical goals that drive cyber warfare, because that will help us see how nation-states are using digital tools to achieve their strategic objectives on the world stage. Each of the following tactical approaches can contribute to a nation-state’s overall strategic aims, allowing it to project power, acquire advantages and achieve goals in a complex and ever-changing geopolitical landscape.
Espionage in the cyber domain involves the covert collection of intelligence and sensitive data, such as classified military plans, government secrets, diplomatic communications, and intellectual property, from a target nation-state. From a geopolitical perspective, cyber espionage can shift the balance of power by providing a nation-state with critical insights into an opponent's capabilities, strategies and intentions. It allows states to gain a strategic advantage by anticipating military plans, enabling them to negotiate from a position of strength, and to develop countermeasures.
Sabotage refers to cyber operations aimed at inflicting physical or digital damage on a target nation's infrastructure or assets. The tactics used could range from manipulating or destroying data to disrupting services or damaging physical systems controlled by computers. In a geopolitical sense, cyber sabotage can interfere with essential services, cause economic damage, weaken societal functions and potentially sow panic within the target nation. These are often the same outcomes as traditional, or kinetic, warfare.
The purpose of denial-of-service (DoS) attacks is to overwhelm a target's digital infrastructure, such as its government or financial institution websites, with traffic and make them unusable, or unavailable, for legitimate users. DoS attacks can lead to disruptions in communications, financial transactions and access to information, helping the attacking nation to achieve its geopolitical goals — silencing the opposition, disrupting political processes or weakening the operational capabilities of an adversary during critical times. These attacks can also disrupt essential services and damage public trust, creating a sense of chaos. If they are launched from multiple sources at once, they are termed distributed DoS (DDoS) attacks.
Critical national infrastructure (CNI) attacks target systems and services essential for national security, economic stability and public safety, such as power grids, water supplies, financial systems, transportation facilities and communication networks. Successful CNI attacks can paralyze a target nation’s ability to function, create widespread panic and force political concessions. CNI attacks can serve as a form of asymmetric warfare; this is commonly adopted when military strategies and capabilities between belligerent powers are unequal or significantly different.
Propaganda attacks use digital platforms such as social media and news outlets to spread misinformation and disinformation, influence public opinion, and undermine trust in the target nation’s government. These attacks typically aim to destabilize societies, influence elections, and sway public sentiment in favor of the attacking nation's goals. Propaganda attacks are usually driven by geopolitical motives such as fraying a target nation’s social fabric, weakening democratic processes and creating internal divisions.
Economic disruptions are often caused by a series of cyber attacks that target financial institutions, disrupt key sectors of the economy, cripple stock markets or steal intellectual property to damage a rival nation-state's economy and weaken its global influence. Such attacks can undermine a nation's ability to compete globally. They can also create economic instability and force political leaders to shift their focus from external to internal issues.
S&P Global Market Intelligence
In April 2007, Estonia was targeted by extensive cyber attacks following the relocation of its Bronze Soldier statue, a Soviet-era war memorial. These attacks disrupted government, banking and media systems using DDoS techniques. Estonian government websites, media channels and banks were overwhelmed by traffic due to the attacks, leading to a temporary shutdown. With Russia the suspected orchestrator of the cyber attacks, the incident highlighted the challenges of attribution and heightened tensions between Estonia and Russia. This event prompted NATO to consider cyber warfare as a potential basis for invoking Article 5 — which covers collective defense — and contributed to the establishment of NATO's Cooperative Cyber Defence Centre of Excellence in Tallinn. Since then, cybersecurity has become a critical component of every national defense strategy, and there has been an increased focus on global collaboration to address cyberthreats in the international community.
The Stuxnet attack occurred in 2010 and targeted Iran's nuclear enrichment facilities with the goal of sabotaging centrifuges. It is widely believed to have been a joint effort between the US and Israel, marking the first known instance of a cyber weapon causing physical damage. The incident demonstrated cyber operations’ potential to disrupt critical infrastructure, reshape military strategies, and influence international relations. It emphasized the increasing importance of cyber warfare as a tool for statecraft and sparked global discussions on cybersecurity norms and regulations.
WannaCry was a ransomware assault that happened in 2017. It affected hundreds of thousands of machines in more than 150 nations. The cyber attack targeted Windows system vulnerabilities and had severe unintended consequences, particularly in organizations such as the UK's National Health Service (NHS). WannaCry demonstrated the susceptibility to cyber attacks of essential infrastructure such as healthcare, financial, and government systems. It sparked questions about the role of the state in cyber defense and led to demands for international cybersecurity collaboration. The event emphasized the need for stronger global cybersecurity frameworks to resist future cyber attacks.
The Colonial Pipeline cyber attack in May 2021 disrupted fuel across the US East Coast, affecting millions. Perpetrated by the DarkSide ransomware group, it highlighted vulnerabilities in critical infrastructure and raised concerns about national security and economic stability. The incident underscored cyber attacks’ ability to affect energy security and global markets, prompting calls for enhanced cybersecurity measures and international cooperation. It sparked debates on the role of cyber warfare in state relations and strategies, emphasizing the need for resilience against cyber threats in an interconnected world.
The Microsoft Exchange Server data breach in early 2021 exposed vulnerabilities in on-premises servers globally, affecting tens of thousands of organizations. The cyber attack, attributed to hackers, underscored risks to critical infrastructure and sensitive data. It strained international relations, sparking diplomatic tensions and cybersecurity debates. The incident highlighted the strategic use of cyber operations for espionage and influence, prompting calls for stronger international norms and cooperation in cybersecurity. It also raised awareness about state-sponsored cyber threats and emphasized the need for robust defenses against sophisticated cyber adversaries in an increasingly digital world.
Since annexing Crimea in 2014, Russia has been conducting digital operations against Ukraine. These include disruptive cyber attacks on Ukrainian infrastructure, media and government to destabilize Ukraine, influence public opinion, and support Russia's strategic goals. Such attacks can be used in tandem with conventional offensives to wage hybrid warfare, which blurs the lines between on- and offline conflict. The Russia-Ukraine cyberwar underscores the importance of cybersecurity in modern geopolitics, triggering international condemnation and calls for stronger defense measures and diplomatic responses to state-sponsored cyber aggression.
Cyber warfare has emerged as a potent tool for political coercion and disruption of international trade and economic relations. A cyber attack’s ability to interfere with critical infrastructure or leak confidential data can force concessions or influence policy decisions. This has created a new front for geopolitical maneuvering.
Unlike in traditional warfare, it is easy to obscure or hide the source of a cyber attack. This means acts of cyber warfare can create a climate of suspicion and confusion, leading to misattributions or miscalculations. Nations may struggle to respond effectively for fear of retaliation that would further complicate international relations. The lack of clear rules of engagement on this new battlefield raises concerns about escalation and the potential for a "cyber cold war."
Cyber warfare is reshaping the landscape of geopolitics and national security. Nations must adapt their strategies to defend critical infrastructure, develop attribution capabilities and create international standards to prevent cyber attacks from becoming a catalyst for broader conflict.
From a geopolitical perspective, cyber warfare will likely become increasingly sophisticated, necessitating the integration of advanced cyberrisk management into national security strategies. The growing technological dependency and global interconnectedness of infrastructures are exposing nations, governments, and organizations to systemic cyber threats. As a result, there is higher potential for cyber operations to influence geopolitical outcomes.The frequency and complexity of future cyber attacks are expected to escalate as nation-states enhance their cyber capabilities.
Nation-states are anticipated to continue integrating cyber operations into their traditional military tactics and defense strategies. This integration threatens to blur the lines between peacetime and wartime, as the distinction between a cyber attack and an act of cyber warfare is often unclear.
Attribution of cyber attacks will continue to be challenging as it is easy to obscure identities on the internet. Even if a target nation can pinpoint an attack’s source, determining whether or not the offensive was state-sponsored introduces more levels of complexity.
These factors contribute to a persistent and unruly threat environment. The international community needs to establish global norms and regulations to mitigate the risks and control the impact of cyber warfare.
Cyberthreats will not diminish as various technological advancements evolve and reshape the landscape and capabilities of future cyber warfare and cyber operations. These include AI, quantum computing and continued advanced persistent threats. To stay ahead, nations and organizations must invest in appropriate technologies and develop comprehensive strategies to protect themselves.
Cyber warfare poses significant risks to private sector businesses, potentially leading to substantial operational and financial impacts. According to analysis conducted by S&P Cyber Risk Insights in October 2023, the IT, telecommunications services, media and entertainment, and retail sectors were identified as some of the most vulnerable non-financial sectors to cyber attacks since January 2022.
Data breaches and ransomware attacks were the most common incidents, many of which were conducted through third-party vendors. These attacks resulted in severe operational disruptions and eventually led to financial impacts. For instance, recent cyber attacks against major corporations such as MGM Resorts and Clorox have caused operational disruptions, highlighting the vulnerability of critical business processes.
These incidents emphasize the importance of having robust cybersecurity measures, including comprehensive staff training, enhanced cyber hygiene protocols, and updated response plans. Geopolitical tensions further underscore the need for businesses to invest in advanced cybersecurity to protect against sophisticated cyber threats. Explore cyber risk insights focused on emerging threats, technological innovations, and strategies to strengthen your cybersecurity resilience in the digital age.