Skip to Main Content

Contemporary warfare relies on computer networks, systems and components. Cybersecurity is inseparable from the conduct of modern war. From the land-based or airborne sensors transmitting real-time data, to the net-enabled communications systems, to data fusion in command posts for generating situational awareness, capabilities rely on cybersecurity. The supply chain is also a potential vector for cyber attack. Global defence companies develop and deliver new defence products and solutions, and may also be targeted with cyber attacks.

The idea of “competition below the threshold of armed conflict” is the idea that states will use all the tools at their disposal—information, economic, legal and cyber—to compete with other states without using weapons or kinetic action. These operations take place before armed conflict and continue after a conflict starts—as we have seen in 2022—making cybersecurity permanently important. The ubiquity of the cyber threat means we need to take a broader view of how cyber operations impact national defence and national security. This view should include defending against cyber attacks and also investing in response. No defence lasts forever and statistically cyber attacks are eventually successful somewhere. Investing in response is the ‘missing half’ of the cyber defence discussion.

Recent Operations

Attack and defence in the cyber space is an iterative process with a “cat-and-mouse” character. Attackers seek to identify vulnerabilities in network and end-point security, and defenders seek to improve their defences and monitor activity at the perimeter and inside their networks. Cyber defence is an ongoing activity to achieve cybersecurity—though full cybersecurity can never really be achieved. Attackers will seek new ways to try overcoming new defences and security measures, and defenders will always need to iterate and improve.

Cyber operations are central to war and the ongoing war in Ukraine is no exception. The attack-and-defend cycle continues, with an apparent expansion of operations on both sides. Physical destruction of telecommunications networks and infrastructure has escalated along with disruption operations. The destruction of telecommunications nodes and exchanges shrinks the overall size of the network, impacting the cyber environment. However, satellite-based technology has created new opportunity for global connectivity. Satellite-based internet solutions, from commercial operators like SpaceX, have provided Ukrainian forces with much-needed connection to global information flows without the need for permanent ground-based infrastructure. Satellite-based internet relies on a constellation of satellites and ground-based receivers, meaning no permanent ground-based infrastructure for users.i This provides flexibility for connectivity, and for rapid relocation.

Even with a reduced overall network, cyber operations are ongoing. New methods and approaches are being used alongside existing ones. Traditional distributed denial of service (DDOS) attacks have been observed against civilian and government networks, with new types of attacks also being detected and sometimes disrupted. What is not clear is how many attacks have been conducted without being detected. This could include proxy groups conducting attacks on behalf of states or states using their own resources to conduct cyber operations. Proxy attacks serve two functions. First, using proxies lengthens the chain of attribution, obscuring a group’s connection to any cyber attack. Second, it obscures the country of origin, making the clear link to the attacking country harder to identify. The use of non-attributable or less-attributable proxies to conduct cyber-attacks is ongoing and likely to continue.

What Does this Mean for Defence & Security?

The blurring of lines between military and civil targets and the use of deniable or non-attributable proxies means there are more targets and more vectors to protect against. We have seen attacks against civilian infrastructure such as pipelines, and civilian networks such as hospitals in recent years alongside attacks or attempted attacks on government infrastructure. The diffuse nature of the potential targets crosses many levels of authority and control, including national and local governments, large companies, utilities and others. There is no central control over ‘the network’ when there are hundreds of thousands of networks. Humans, with all their ingenuity and fallibility, are responsible for those networks, creating opportunity for social engineering to take advantage of human perception and limitations.

The threat is broader than only government and military networks. Collaboration between government, industry and civil society is important to improving awareness of cyber threats, improving the ability to defend against them and improving the ability to respond to them. At a collective level, there is insufficient investment in training for response to successful attacks. The emphasis is generally on defence, which is vital to preventing attacks. However, there is insufficient investment in things such as exercises and rehearsals. For threats like wildfires, floods and major power outages, governments and businesses invest in measures to protect themselves from disaster and what to do if prevention fails. The same approach should be taken for cyber defence.

A responsive approach doesn’t mean putting the government in charge of all networks within their territory. However, government leadership in defining priorities and presenting best practices and standards is vital to leading the coordination effort on response. The private sector develops the technology for telecommunications and digital spaces, making their role in introducing new technology for cyber defence and cybersecurity central to risk reduction. The private sector is also a key provider of operations centres for monitoring, which are vital to response. Generally speaking, the private sector moves much faster than government and has a solutions-focused approach. Collaboration between government and private sector is vital to improving cyber defence and to rehearsing responses for when cyber defence fails.


The complexity of cyber operations is accelerating—mixing traditional attacks with new ones, mixing civilian and government targets, and leveraging non-attributable or less attributable vectors. This presents a major challenge for governments and the private sector. Collective action is needed to improve our cyber defences through new technology and by rehearsing a response when cyber defence fails. The human dimension presents a potential vulnerability to attacks, but is also an important factor in delivering effective response.

  • i. Christopher Miller, Mark Scott, Bryan Bender, ‘UkraineX: How Elon Musk’s space satellites changed the war on the ground,’ Politico. 8 June 202.