Reading Time: 6 minutes
Category: Digital Warfare
When we think of war, most of us picture something loud and visible. Tanks rolling through fields, soldiers in uniform, fighter jets in the sky. It’s an image shaped by decades of physical conflict. And one that still holds true in many parts of the world.
But today, some of the most serious attacks do not cause broken buildings or explosions. They start with a single file or piece of code that cause significant damage.
Some of the most serious attacks happening now don’t fit the legal or mental image of an act of war. If it doesn’t look like traditional warfare, how should countries respond?
WHAT COUNTS AS AN ‘ACT OF WAR’?
After World War II, international law tried to define what is considered as an act of war. Treaties like the UN Charter and agreements between military alliances, such as NATO, aimed to draw a clear line. Most of these definitions focus on the use of armed force between countries.
These legal definitions are still important. They shape when a country can respond with force or ask for help from allies. But today’s attacks do not always fit these rules. Cyberattacks, disinformation and supply chain disruptions may not directly look like traditional warfare but they can still cause serious harm to governments, businesses and people’s everyday life. Without a single bomb or soldier in sight.
While some attacks happen in seconds, others build slowly over time. It’s often hard to know who is responsible. And that leaves governments, militaries and companies unsure how to react.
WHAT IS THE ROLE OF CYBER ATTACKS?
Cyberattacks bring a new set of challenges in modern warfare. As the following sections show, cyberattacks are often hidden, hard to measure and even harder to trace. They rarely match the patterns that military laws were written for. And that creates gaps in how we understand and respond.
INTANGIBLE ATTACKS WITH TANGIBLE EFFECTS
Cyberattacks can cause real damage without a single explosion. For example, the NotPetya attack in 2017 caused an estimated $10 billion in global damage. Shipping giant Maersk had to reinstall over 45000 devices worldwide. And the Stuxnet operation in 2010 silently destroyed nearly a thousand nuclear centrifuges in Iran.
But such attacks aren’t always about destroying things. Some attacks cause delay in services, steal data or spread confusion in society. Disinformation campaigns, for example, do not destroy physical systems, but they can disrupt trust in governments, elections or public institutions.
Traditional acts of war, such as missile strikes, are dramatic and visible, and they remain a harsh reality in many parts of the world. On the other hand, cyberattacks often unfold quietly. They complement (not replace) the challenges posed by physical warfare and add new layers of complexity.
The lack of visible destruction may lead to people underestimating the risk of cyberattacks. But in terms of disruption and cost, the effects can be just as serious as physical attacks.
THE USE OF ‘ARMED FORCE’ AND WEAPONS
International law uses phrases like ‘armed force’ or ‘military aggression’ in the context of war. But most digital attacks don’t use traditional weapons or arms. They use digital tools and code instead.
What if someone deletes hospital records or shuts down a power grid? That causes real harm. But is it considered an attack by an armed force?
What makes this more difficult is that many digital tools are legal and widely available. Some are open-source or used for legitimate purposes. A tool that helps one company in testing software can be used by someone else to attack a hospital. Because of this, attackers can use familiar technology in damaging ways. The combination of off-the-shelf technologies and expert knowledge can become a powerful digital weapon. But unlike missiles or tanks, these are hard to regulate.
NO UNIFORMS, NO FLAGS, NO BORDERS
In traditional warfare, it’s often clearer who is fighting who. Soldiers wear uniforms. Countries declare their involvement.
In the digital domain, an attacker could be a government, a criminal group or even a ‘lone wolf’. They can hide their location, impersonate others and leave little evidence. Even if technical clues point to a nation state, it may not be enough for legal or diplomatic action.
Some governments even hire outside hacker groups to do the job for them. These groups may not be officially part of a military, but they act on behalf of a nation. And if they’re caught, the government can deny any link or involvement.
This uncertainty makes it harder for nations to respond. No one wants to retaliate based on guesses or assumptions if they cannot clearly attribute an attack.
THE ROLE OF INDUSTRY IS CHANGING
In the past, nations were the ones in charge of handling their national defense. While companies made products or provided services, they rarely directly dealt with acts of war.
Defense against cyberattacks isn’t just a military job. It has also become a business issue. During the 2021 Microsoft Exchange Server attack, private researchers spotted the threat before many official agencies did. Today, attackers often target companies directly, resulting in companies to be the first-line to detect, report or stop attacks on them. Many initial defenses depend on the private sector where cybersecurity vendors, software developers and Managed Security Service Providers (MSSPs) are playing a central role.
This also means that cyberattacks feel closer to many of us, as they don’t take place on distant front lines. They can affect your workplace, your data, your digital life; making it more personal and harder to ignore.
RETHINKING THE ‘ACT OF WAR’
We need to rethink how we define an act of war in the digital age. Despite various terms defined in international law, military policy and political discussions, cyberattacks often do not match these traditional definitions. While the effects can impact national security, economies and public safety.
In this context, several challenges have been raised. When should digital operations that cause major harm be treated as an act of war? How can international law address cyberattacks that are difficult to attribute?
Discussions continue across the legal, political and defense domains. These conversations are not only about how to define an act of war in cyberspace, but also how to prepare for it and respond when it happens.
This article is the first in a series on ”War in the Digital Age”. It is meant to help organizations and leaders better understand modern security challenges in a global context.The next part of this series will look at how war and defense has changed over time, including what lessons companies can learn from this.
