Cyber Conflicts: Principles of Just War

In this unit we are going to discuss the laws of foreign conflict, or the laws of war. The reason we need to understand is we need to see how they translate when we start talking about cyber warfare. Or how cyber warfare relates to these laws, so that we can start to understand how we can resolve the conflicts which are happening on the internet. There are two distinct domains in which the rights and laws of armed conflict apply in the actions of going to war. In the actions in a war, the principles that govern the right to go to war are also know as jus ad bellum, and the principles that govern the action of war are also known as jus in bello. Laws regarding war conduct are laid out in international law, mostly through what is known as international humanitarian law. International humanitarian law is reference to jus in bello, or acts within a war. International humanitarian law limit the effects of armed conflict and is made up of different laws which makes up a treaty that many of countries have signed. And the most important of which are probably the Geneva Convention Center additional protocols.

International Humanitarian Law is just a set of international agreements, many of which the US is a signatory to. In the US, according to Article 6 of the Constitution, international treaties and laws are part of US laws and therefore should be followed as such. The principle of jus ad bellum, on the other hand, fall under what is known as just war theory and are not necessarily explicitly laid out in international laws. Some jus ad bellum principles present in the Charter of the United Nations. For example, Article 2 states all members shall refrain in their international relations from the threat or the use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the purposes of the United Nations. And article 51 states, nothing in the present Charter shall impair the inherent right of individual or collective self defense if an armed attack occurs against a Member of the United Nations.

There are generally five recognized principals of jus ad bellum, we will cover them here and raise questions about how we may think about these principals in the context of cyber warfare. One reference to the notion that war should be waged by a proper and legitimate authority, following proper processes.

Now in the context of cyber warfare you may ask what is the legitimate authorities of cyber warfare? Cyber warfare is a covert warfare typically conducted by proxies of countries. Are the proxies of nation states legitimate? Would nation states ever agree that the entities committing their tax are the proxies? What if the proxies are operating outside of the country? These are some of the questions which make it challenging to apply that.

The second indicates that war must be waged with right intentions, motivated by just cause. What is a just cause in cyber space? Can a preemptive strike for national interest be justified? Again, an unanswered question. The probability of success must be determined. Efforts that cannot address the situation must be avoided.

Given the complexity of the technologies through which cyber-attack occurs, it is often difficult to make accurate assessment of the probability of success. It will be unclear if a counterattack is effective in deterring a current attack. Therefore, again, hard to apply the principle. Another principle refers to the notion that benefits of war must be proportional or worth the costs encountered, principally casualties. The concept of proportionality is based on assessment of damage, which often takes a long time to do in cyber warfare. Due to the need of immediate reaction, it is difficult to assure proportionality. Also cyber attacks at least up until now, are not usually encountered direct casualties, so I don't know how well it applies. War should, again, be waged as a last resort, only when diplomatic options have been exhausted. With ambiguity and attribution, diplomatic wrangling can often be tedious and long drawn, while need for response has urgency to repose the attack and minimize collateral damage.

So again, it's very hard to manage this. So these are a lot of unanswered questions that we have on how we can apply the international humanitarian law to cyber warfare. And as we go through this course further, we are going to discuss it and try to understand what the nuances of this are and we will debate in different cases as we study along with this. How we can start to understand this problem, how international law can start to apply with the problem of cyber warfare. Thank you.

Cyber Conflicts: Quiz 3 - Cyberwarfare and International Conflicts

This week quiz is also very simple and easy to comprehend and answer. However, if you require any suggestion or help about how to answer do mention in the comment and I will help with that.


1. Since 1999 cyber attacks have caused large-scale injury, loss of life and destruction of property.

• True
• False

2. Identify the item which has NOT been recognized as a mode of cyberwarfare attack and activity.

• Information gathering and espionage
• Disruption of services
• Physical system attacks
• Social media and propaganda
• None of the above

3. The countries who conduct powerful cyber attacks are:

• Russia and China
• China and U.S.
• U.S. and Russia
• All of the above

4. What's the current level of threat of cyber attack of terrorist activity, aka cyber terrorism?

• Cyber terrorism threat has been largely unfounded
• Cyber terrorism threat is somewhat likely
• Cyber terrorism threat is extremely likely and dangerous
• Cyber terrorism often happened in the past but no longer a big issue

5. What's an example of a real event for an activity of non-state actors?

• Citizens in Russia working to attack computers in Estonia
• Bank personel in China using computers to attack Australia
• Groups of thugs in Egypt using cyber attacks on Tunisia
• None of the above

6. There are a defined set of cyber attack characteristics that can clearly identify the different types of actor motivations.

• False
• True

7. A 2009 attack on more than 30 companies including Google and Yahoo stealing intellectual property was attributed to Taiwan. Where were the hackers traced back to?

• Taiwan
• China
• U.S.
• Russia
• Iran

8. ___________ of infrastructure means a failure in one element could cause cascading failures on multiple _____________ infrastructure components.

Choose the BEST set of terms to complete the phrase above:

• interdependence; critical
• association; cyber
• criticality; complex
• internet; cyber
• comparability; internet

9. Techniques for censoring information include the following, except:

• IT blocking
• URL and packet filtering
• Web feed blocking
• DNS filtering

10. __________ are machines connected to the Internet who have been infected by a virus or spyware and may be used by others to cause damage to any computer or networks, including by "denial of service attacks" where multiple __________ can suck up the resources of certain critical computers connected to the Internet.

• Modems, IPs
• Bot nets; bots
• Trojans; viruses
• Computers; spams

Cyber Conflicts: Internet Censorship

Another looming battle that we see is of internet censorship.

When the governments try to control the public internet, a struggle over information content has caused international discord. Some governments are apprehensive about exposing their citizens to offensive material that might be morally, culturally, or politically deleterious. While other government and citizens' groups vociferously advocate free speech. Effective censorship requires multi layered access control, including laws and regulations, technical filtering, physical restrictions, surveillance, and monitoring, warnings as the last, arrests. Laws and regulations include penal codes, anti-terrorism laws, visual media laws, and legislation allowing government access to ISP and telecommunication company information. For instance, the Chinese government deploys firewalls and gateways to prevent access to certain IP addresses. It also performs DNS poisoning of specific websites and imposes harsh penalties on ISPs and organizations that carry content not permitted by Chinese law.

Many other countries also engage in online censorship including Bahrain, Burma, Cuba, Iran, Jordan, Kuwait, Saudi Arabia, the list goes on.

And even Germany and Switzerland censors specific web sites for content. Techniques for censoring information include IP blocking, DNS filtering, routing, url and packet filtering, as well as blocking the web feed. Internet content is also monitored through automated tools and manual inspection to block objectionable pages and ISP cooperation.

Censorship can, however, be circumventing through use of proxy servers, allowing anonymous access to censored material. These servers can be blocked and their use discouraged by government threats to shut down websites.

So there's a fight on the censorship fronts. The large companies sometimes fight back. For example, in 2010 Google threatened to remove its Google dot China search engine and website unless China allowed its search engine to access uncensored information.

Remove its offices from China, cancel media events and delay release of phones with Android operating system. These declarations were in response to a chain of hacker attacks on Google's servers.

And brought out the long growing battle of internet censorship into the open.

Concerning the economic consequences of such actions companies cooperating with governments receive preferential access to rights and contracts, while non cooperating companies can lead to potential harassment and litigation. Google was among the first in around 2006 to willfully abide by the Chinese internet censorship regulation. Despite public disapproval in the US, Google's decision, 2010, to suspend censorship rules in China in response to the attacks and is not only financial based but as retaliation for the espionage. The threat of Google alone may not warrant concern, but combined with other large companies such as Microsoft and Yahoo could pose a greater threat to China's situation than any government action.


The leverage of companies against governments and the influence of individual governments have helped in

in multinationals is generally defined by local circumstances.

The complexity of the issue of government control of information is evident from both the public battle, and it is part communication company in motion and it would to mid 2011. When it had to engage with several countries, including China, India, Russia, Saudi Arabia, and UAE so that they could monitor Blackberry communication, ostensibly for fighting terrorism.

Being a cross border network makes it difficult for RIM, or Research In Motion, the company that makes Blackberry, to comply with conflicting laws in different countries. For example, dealing with a call between US and somebody outside, let's say in China, can become very tricky, where US citizens are protected by US laws. China emphasizes the rights of the government to be able to intercept and monitor communication.

So there are a lot of such contentious issues that we are facing. And we need to face all of these issues as we go forward in the cyber warfare arena. There are several actors which have all independent motivation. There are several attacks that can be launched. But one thing is clear, the strategies of national governments are very strong in developing these cyber arsenals. And there's a cyber going on, and we need to discuss it and debate it and make sure this does not derail the free internet and all that we have come to expect of it. Thank you very much.

Cyber Conflicts: Future Battles - Threats to Critical Infrastructure

The cyber warfare incidents to date have not generated mass panic, and are driven more by citizen groups, rather than the overt government sponsored national campaigns. These past attacks were meant to send a political message. However, future attacks could have serious consequences, pitting nation against nation and requiring political as well as military intervention. One concern shared by all governments is that threat to critical infrastructure through electronic control systems.

The critical infrastructure is an easy target for enemy countries and rogue transnational since groups it is widely distributed geographically and left largely unprotected. The systems and manage water supply, power, oil and transport are all a part of the national critical infrastructure. Each represents different threat levels. The significant interdependencies can lead to unintended consequences during an attack.

The critical infrastructure is also increasingly under the control of SCADA systems. A supervisory control and data acquisition system. Probably through ease of remote monitoring and management. However, increased accessibility correlates with increased vulnerability to breach security. And as SCADA has become more and more homogeneous. The potential of breaches is further exacerbated since a single exploit could be used to attack multiple systems. They draw graphic distribution of critical infrastructure, the government recognizes as inability to protect everything. A key concern is that interdependence of infrastructure elements could mean a failure in a single element could cause devastating widespread damage in multiple critical infrastructure elements. The power grid is one of the most vulnerable including transmission lines, transformers, power stations and suppliers.

In 2009 actually authorities found that many segments of the U.S. power Ggid had experienced and suspected hacker infiltration. Software tools are to be used to disable infrastructure while identified on the machines. Interdependencies in the power grid alone were evident from the blackouts throughout the Northeast US and Canada in August 2003. A failure of a single Ohio power plant led to complete blackout of the Northeast US, along with nearby connected portions of Canadian National Power System.

Given some fragility in the system, we need to be very careful in protecting our critical infrastructure from cyber attacks. In 2008, the US power grid in multiple regions was disrupted purportedly for the purpose of extorting money.

The water supply is another critical infrastructure.

Encompassing both fresh water supply and wastewater collection. The US has more than a 170,000 public water systems, including weather wise dams, wells, aquifers, treatment facilities, pumping stations, aqueducts, and transmission pipelines. Waste collection includes 19,500 sanitary systems and 800,000 miles of sewer lines. In October 2006, an unknown hacker gained control of water filtering plant in Harrisburg, installing software that affect the plant operations. Though the US water supply is well distributed for the country, presenting multiple soft targets.

Interdependencies are weak and the effect of any single attack would be localized affecting at most a few hundred people.

A fail bomb is easily repaired or restarted leading to quick recovery without any serious long term devastating consequences but again the potential is here.

The financial of, the failure of financial institution infrastructure is however, more serious. It could undermine public confidence in financial institutions, as well as the government.

Less clear is how to compare these financial losses to the loss of life or to injury. Not all infrastructure attacks are perceived as equally devastating.

The risk and interdependency analysis are needed to accurately determine the risks. There's a lot of work that needs to be done.

Cyber Conflicts: Cyber Warfare - Types of the Attacks

There are several reported cases of cyber warfare over the past five years that have involved reconnaissance and espionage between countries. And the cyberspace has increasingly become important in US military strategy and tactics, as it is in Russia and China.

And so, we will look at what some of these motivations are for these countries.

And there are several reports attributed to Chinese military officials, specifically discusses the need for China to devise cyber-warfare techniques to target enemy financial network, civilian electricity grids, and telecommunication networks. While installing malware on systems, ahead of launching cyber attacks, in a 2009 investigation by researchers at the University of Cambridge and the University of Toronto, a massive espionage network was discovered originating from China, that it infiltrated at least 1,200 computers in 103 countries, including many embassies, foreign ministries, and government offices, as well as the Dalai Lama's Tibetan exile centers in India, Brussels, London, and New York. In 2009, Chinese hackers reportedly launched an attack that penetrated computers of more than 30 companies, including Google and Yahoo. These attacks were camouflaged by multiple levels of encryption, allowing hackers to operate undetected for long periods of time. Attack vectors including a generic explorer remote code execution exploit were downloaded by email or instant message links. The militia then infected websites, hackers stole intellectual property, gained access to the email messages of human rights activists, and monitored their behavior.

The attacks purportedly came from Taiwan, but were traced back to Mainland China. So assigning attribution is often a very serious challenge.

For instance, let us consider the recent attack where purported attacks from North Korean hackers was done on the Sony studio. The attribution of that was never clear, but it was being attributed by different people to different organizations, including North Korea, including some hacker groups, including Russia, but it's never clear. And there's another example that the Taiwanese hacker could've attacked and purported attacks through electronic media.

But someone in Mainland China was actually responsible for that. So this misattribution is becoming a huge challenge.

In traditional warfare this is different. Where there's warfare between countries, where the enemy's identity is more or less readily discernible, not all attacks aim to disable computing and network infrastructure. And equal devastation is caused by use of social media for propaganda, manipulation of public opinion, and incitement of violence, hatred, and national, nation-state public disharmony. And so, we look at what this propaganda and social warfare can do.

The internet has amplified terrorist effectiveness many fold by enabling distribution of shared ideologies to a much wider population. For example, social networks are employed to foster member kinship, fuel member zeal and to act by propagating ideas about martyrdom and revenge. Public internet allows loosely connected terrorist groups to aggregate, forming larger networks. They're distributed, layered, and more redundant, and consequently more resistant to leadership changes and disruption, and even detection.

The ability to recruit members from population centers for terrorist acts are to be committed, rather than transporting operatives globally, give the terrorists a strategic advantage. That's another consequence of cyber warfare and the internet.

There is evidence that terrorists' reach is widening. And this can be seen from attacks across the globe, in Egypt, India, Indonesia, Pakistan, Russia, Spain, UK and the US. An important element in terrorist fight strategy is mobilizing public opinion. To sustain themselves, terrorist organization need sympathizers to willingly provide resources and logistic support, as well as to perpetrate their crimes.

Terrorist groups are able to launch effective propaganda using the internet, gaining influence over international affairs, including the flow of information, public opinion, and politics. And efforts intended to locate and share terrorist websites have been largely unsuccessful over the last ten years. The websites are able to crop up elsewhere. Counter-narratives are being used extensively to negate terrorist messages but with limited success.

Another source of threats come from sociopolitical groups operating independently or under direct patronage from national governments, which are very large threats. They have large social following and they're used for both propaganda and attacks. For instance, during Israel's great Gaza offensive in the Winter of 2009, a Moroccan based Islamic group hacked into a Israeli registration server and poisoned the routing table of popular domains to reel out users to a page featuring hacker-created anti-Israel messages, rather than launch a typical dos attack. Likewise, following the November 2008 attacks in Mumbai, hackers in India and Pakistan defaced government-sponsored web sites in Pakistan and Indian web sites respectively, throughout one another's national networks. Most such attacks can be categorized in news sensors drawing minimal attention to their respective causes. And affecting only specific government websites that are often quickly resolved.

However, deliberate attacks to disable a critical portion of national government web presence can affect communication between government and the citizens, demoralizing the citizens and destabilizing governments. These attacks reflect an even more disturbing trend with long-term ramification, especially as they links to political conflicts in nations. Within hours of the start of the Russia-Georgia war in 2008, Russian based cyber attackers disabled and defaced Georgian government web sites. The attacks were encouraged and facilitated by a Russian patriotic hacker group called Nashi and launched by seemingly ordinary citizens who could not be probably employed by the Russian government or military. While there is evidence that Russia was the source of the attack, no conclusive proof confirms Russian government involvement.

What was clear is that ordinary Russian citizens participated in the attacks. The hacker groups provided the resources and information to perform the attacks. And a large number of Russian citizens and expats launched them.

A similar attack in May 2007 was launched by Russian hackers against Estonian government websites was response to uprooting of a World War II memorial bronze statue, which was commemorating Russian military losses in the campaign to drive the Germans from the region in World War II. Numbers of attack participants can play an important role in such attacks.

Now, this raises an important question. As the disparity in internet availability is breached between developed and developing countries, countries with larger populations can expect to have a future strategic advantage. China and India, with populations of more than a billion each, will be powerful forces in citizen-led attacks. Ironically, botnets, which are blamed for many recent attacks, will be critical in shifting the strategic cyber warfare balance, as nations attempt to create botnets using resources from other countries to bridge this disparity. As a disparity in internet availability is bridged between developed and developing countries, countries with larger populations can expect to have a future strategic advantage.

The key question that we face, however, is how do we classify these attacks by ordinary citizens participating in these political conflicts? Are they criminals? Are they warriors? Are they patriots? The answer is neither obvious nor easy, but I see this implication in terms of law enforcement and international justice.

And that's something we need to ponder over. And these are the attacks that we have seen, but there's future battle that we need to worry about.

So let's look at some of these.

Cyber Conflicts: Cyber Warfare - Types of the Attacks

There are several reported cases of cyber warfare over the past five years that have involved reconnaissance and espionage between countries. And the cyberspace has increasingly become important in US military strategy and tactics, as it is in Russia and China.

And so, we will look at what some of these motivations are for these countries.

And there are several reports attributed to Chinese military officials, specifically discusses the need for China to devise cyber-warfare techniques to target enemy financial network, civilian electricity grids, and telecommunication networks. While installing malware on systems, ahead of launching cyber attacks, in a 2009 investigation by researchers at the University of Cambridge and the University of Toronto, a massive espionage network was discovered originating from China, that it infiltrated at least 1,200 computers in 103 countries, including many embassies, foreign ministries, and government offices, as well as the Dalai Lama's Tibetan exile centers in India, Brussels, London, and New York. In 2009, Chinese hackers reportedly launched an attack that penetrated computers of more than 30 companies, including Google and Yahoo. These attacks were camouflaged by multiple levels of encryption, allowing hackers to operate undetected for long periods of time. Attack vectors including a generic explorer remote code execution exploit were downloaded by email or instant message links. The militia then infected websites, hackers stole intellectual property, gained access to the email messages of human rights activists, and monitored their behavior.

The attacks purportedly came from Taiwan, but were traced back to Mainland China. So assigning attribution is often a very serious challenge.

For instance, let us consider the recent attack where purported attacks from North Korean hackers was done on the Sony studio. The attribution of that was never clear, but it was being attributed by different people to different organizations, including North Korea, including some hacker groups, including Russia, but it's never clear. And there's another example that the Taiwanese hacker could've attacked and purported attacks through electronic media.

But someone in Mainland China was actually responsible for that. So this misattribution is becoming a huge challenge.

In traditional warfare this is different. Where there's warfare between countries, where the enemy's identity is more or less readily discernible, not all attacks aim to disable computing and network infrastructure. And equal devastation is caused by use of social media for propaganda, manipulation of public opinion, and incitement of violence, hatred, and national, nation-state public disharmony. And so, we look at what this propaganda and social warfare can do.

The internet has amplified terrorist effectiveness many fold by enabling distribution of shared ideologies to a much wider population. For example, social networks are employed to foster member kinship, fuel member zeal and to act by propagating ideas about martyrdom and revenge. Public internet allows loosely connected terrorist groups to aggregate, forming larger networks. They're distributed, layered, and more redundant, and consequently more resistant to leadership changes and disruption, and even detection.

The ability to recruit members from population centers for terrorist acts are to be committed, rather than transporting operatives globally, give the terrorists a strategic advantage. That's another consequence of cyber warfare and the internet.

There is evidence that terrorists' reach is widening. And this can be seen from attacks across the globe, in Egypt, India, Indonesia, Pakistan, Russia, Spain, UK and the US. An important element in terrorist fight strategy is mobilizing public opinion. To sustain themselves, terrorist organization need sympathizers to willingly provide resources and logistic support, as well as to perpetrate their crimes.

Terrorist groups are able to launch effective propaganda using the internet, gaining influence over international affairs, including the flow of information, public opinion, and politics. And efforts intended to locate and share terrorist websites have been largely unsuccessful over the last ten years. The websites are able to crop up elsewhere. Counter-narratives are being used extensively to negate terrorist messages but with limited success.

Another source of threats come from sociopolitical groups operating independently or under direct patronage from national governments, which are very large threats. They have large social following and they're used for both propaganda and attacks. For instance, during Israel's great Gaza offensive in the Winter of 2009, a Moroccan based Islamic group hacked into a Israeli registration server and poisoned the routing table of popular domains to reel out users to a page featuring hacker-created anti-Israel messages, rather than launch a typical dos attack. Likewise, following the November 2008 attacks in Mumbai, hackers in India and Pakistan defaced government-sponsored web sites in Pakistan and Indian web sites respectively, throughout one another's national networks. Most such attacks can be categorized in news sensors drawing minimal attention to their respective causes. And affecting only specific government websites that are often quickly resolved.

However, deliberate attacks to disable a critical portion of national government web presence can affect communication between government and the citizens, demoralizing the citizens and destabilizing governments. These attacks reflect an even more disturbing trend with long-term ramification, especially as they links to political conflicts in nations. Within hours of the start of the Russia-Georgia war in 2008, Russian based cyber attackers disabled and defaced Georgian government web sites. The attacks were encouraged and facilitated by a Russian patriotic hacker group called Nashi and launched by seemingly ordinary citizens who could not be probably employed by the Russian government or military. While there is evidence that Russia was the source of the attack, no conclusive proof confirms Russian government involvement.

What was clear is that ordinary Russian citizens participated in the attacks. The hacker groups provided the resources and information to perform the attacks. And a large number of Russian citizens and expats launched them.

A similar attack in May 2007 was launched by Russian hackers against Estonian government websites was response to uprooting of a World War II memorial bronze statue, which was commemorating Russian military losses in the campaign to drive the Germans from the region in World War II. Numbers of attack participants can play an important role in such attacks.

Now, this raises an important question. As the disparity in internet availability is breached between developed and developing countries, countries with larger populations can expect to have a future strategic advantage. China and India, with populations of more than a billion each, will be powerful forces in citizen-led attacks. Ironically, botnets, which are blamed for many recent attacks, will be critical in shifting the strategic cyber warfare balance, as nations attempt to create botnets using resources from other countries to bridge this disparity. As a disparity in internet availability is bridged between developed and developing countries, countries with larger populations can expect to have a future strategic advantage.

The key question that we face, however, is how do we classify these attacks by ordinary citizens participating in these political conflicts? Are they criminals? Are they warriors? Are they patriots? The answer is neither obvious nor easy, but I see this implication in terms of law enforcement and international justice.

And that's something we need to ponder over. And these are the attacks that we have seen, but there's future battle that we need to worry about.

So let's look at some of these.

Cyber Conflicts: Introduction to Cyberwarfare

Good afternoon. Welcome to the International Cyber Conflicts class. Today we are going to talk about an important topic, the cyber warfare. We have spent the last two decades worrying about cyber crime, how people are coming in and stealing information and stealing financial resources. However, cyber crime has morphed into something much more insidious and potent that we need to pay attention to that is cyber warfare. Instead of individuals launching attacks on the internet for financial gain, countries are launching attacks on each other, or at least planning to launch attacks on each other, or preparing their strategies to launch attacks on each other for political gains and strategic leverage over one another.

So after land, sea, air, and space, cyber is becoming the next frontier of conflict among countries.

The term cyberwar has been used to describe the nation states attacking each other via the internet. This is an important weapon in political conflicts, espionage and propaganda. It's very difficult to detect a priori and is often recognized only after significant damage has already been done.

Gaining offensive capability on the cyber battlefield figures prominently in the national strategies of many countries and is explicitly stated In the doctrines of several of them including China, Russia and the United States.

It is generally understood that they are laying the groundwork for potential cyber conflicts by hacking networks of adversaries and allies alike.

The cyber warfare incidents are increasing, not only among nation states but among terrorists, political and social organizations and cyber transnational groups nobody has control of. One early example of cyber warfare was the 1999 targeting of US government websites by suspected Chinese hackers in the aftermath of the accidental US bombing of the Chinese embassy in Belgrade. Cyber warfare, since then has advanced further. It has morphed. As of mid-2011, there have been several large nuisance attacks, but mainly nuisance attacks, such as website defacements and denial of service, or service disruptions with only occasional incidents of espionage and infrastructure probes. In rare cases, these attacks have caused large scale failures of public Internet. However they have not resulted in large scale injury, loss of life or destruction of property.

Future attacks would involve destruction of information and communication systems, the critical infrastructure and also enhance psychological operations or psycops or psyops as they are called.

Example
The cyber attacks on Estonia in 2007 and Georgia in 2008 are the part of conflict with Russia., hinted at the potential of cyber warfare.

The prospective crippling impact to the critical national infrastructure has established the role of cyber warfare in modern conflicts. Not only Is information flow disrupted, but we can also disable critical infrastructure like power, finance, and water supply.
 
Tools and Motivation
If you compare different modes of attacks on the internet, the tools and techniques for launching attacks in cyber warfare, are the same as in cyber war, cyber crime, or cyber terrorism or hacktivism. However, the motivation differs from more political objectives of cyber warfare to the significant financial incentives of today's cyber crime. In addition, the scale, intention, and consequences can be much more severe for cyberwarfare, because these attacks are much more planned. With many more resources, the nations are attacking each other.

One big fear is that in one of these national attacks it could result in a critical attack by the other country either deservedly or accidentally. The cyberwar landscape is complicated. There's several challenges involved. In data collection, analysis and attribution and in our understanding cyberwarfare incidents.

 
Analyzing Cyber Attacks

Analyzing cyber attacks follows several discrete steps, including attack detection, relevant data collection, chronology determination, damage assessment, identification and remediation of vulnerabilities, and attribution assignment. And each of these steps poses a special challenge. There are disparate sources of data. The privacy laws that make data acquisition difficult, the lack of cross-border treaties for data sharing, use of cloaking techniques to hide identity, and volatile data that can be erased if not gathered promptly. All of that makes tackling cyberwarfare extremely hard.