Connect with us

Hi, what are you looking for?



Cyber Warfare May be Losing Its Advantage of Deniability

Only time will tell if countries eventually establish proper cyber rules of engagement and punish those who break them

Only time will tell if countries eventually establish proper cyber rules of engagement and punish those who break them

Cyberspace has been added to the fighting doctrine of almost all militaries today and for good reasons. One of the greatest advantages of attacking an enemy state through cyberspace is plausible deniability. Even if in the post-mortem of an attack the researchers are able to attribute it to a specific attacker, the attacker can always deny it, an option that doesn’t exist in clashes that take place in the “real world”. This provides a massive operational leeway to military operations in cyberspace, enabling governments to take actions without risking an all-out war. The low risk of offensive cyber operations translates to decision makers being much more trigger-happy when it comes to approving them. However, the attitude towards nation-state attacks seems to be changing, especially considering that attacks carried out in cyberspace can have kinetic implications in the real world.

Probably the most famous example of a nation state-backed cyber attack that affected the real world is Stuxnet. Attributed to the NSA and the Israeli military, the operation code-named “Olympic Games”, has inserted a malware to the computer network of the Natnaz nuclear facility in Iran, targeting SCADA systems and causing centrifuges used to separate nuclear material to spin out of control. Despite that the attribution was fairly clear and it was known who was most likely behind the attack, there wasn’t a firm response, and the situation did not escalate. This was a good case study for the benefits that cyber attacks have had all these years – it caused real world impact, yet despite being discovered and the likely attribution, there wasn’t an immediate retaliation. 

This incident is in stark contrast to the more recent cyber skirmishes between Iran and Israel, which are still on-going as part of a larger campaign that is currently taking place. In April 2020, six facilities that were a part of Israel’s water infrastructure suffered a cyber attack that was attributed to Iran, succeeding to impact some systems but eventually caused no disruptions to Israel’s water supply. Unlike Stuxnet from a decade earlier, Israel responded and did so in force. According to US officials, Israel was behind a massive cyber attack in May 2020 that disrupted the operations of Iran’s largest sea ports to such an extent that it had to halt its operations, causing large financial damages. A Western official stated that the attack was a retaliation to Iran’s attack on Israel’s water infrastructure. If these claims are true, the attack on Shahid Rajaee port served as a message that cyber attacks would be answered in kind. Apparently, the threat has not deterred the Iranians as two additional attacks against Israel’s water infrastructure have been reported

Retaliation to cyber attacks is not exclusive to Israel and Iran. During the Brussels Summit in June this year, the Heads of State and Government participating in the summit have issued a statement claiming that going forward NATO will consider treating cyber attacks against its members and its allies the same as it will physical attacks. This means that an attack against one member will be considered an attack on all alliance members. Furthermore, the issue insinuates that a military response is not off the table. NATO considers a wide variety of incidents as cyber attacks that may deem a response, including interfering in elections and other democratic processes, disinformation campaigns, as well as turning a bling eye to cyber criminals operating from a certain country’s territory (suggesting this statement was directed at Russia). While claims of retaliation to cyber attacks have been made in the past by others and did not eventually amount to any concrete action being taken, it does help shape public perception and indicate where the wind is blowing.

Cyber attacks have real world consequences and major impact to civilians’ lives. The Colonial pipeline attack serves as a real-world example of that. In Israel’s case, based on the reports, if the attacks on the water infrastructure would have been successful, it may have resulted in Chlorine contamination of the water and an ensued tragedy. We can no longer separate cyberspace and the real world and it seems that more policy makers indeed no longer see them as separate. Retaliation to cyber attacks may add a real cost to what is now low-risk military operations and could eventually remove the finger from the trigger when approving them. That said, it is becoming crucial that any retaliation is directed at the real attacker, which has always been tricky in this space, as well as make sure that civilians on the other side are not to be punished for the decisions of their government. Ever since nation states have entered the game, cyber has become a vastly more complicated subject both technically and at times morally. Only time will tell if countries eventually establish proper rules of engagement and punish those who break them.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...