“It’s an act of war that looks like a server outage.” Cyber warfare refers to state-directed offensive operations in cyberspace intended to damage, degrade, deceive, or destroy an adversary’s information systems, critical infrastructure, or military capabilities.
Executive Summary
Cyber warfare occupies a strategic gray zone between intelligence operations and kinetic conflict. Unlike conventional war, it rarely involves formal declarations, visible casualties, or territorial changes — yet its effects can be as consequential as physical strikes on power grids, financial networks, and military command systems. By 2024–2026, the cyber domain has emerged as a permanent theater of great power competition, with the U.S., China, Russia, Iran, and North Korea all maintaining institutionalized offensive cyber programs integrated into broader military and intelligence strategies.
The Strategic Mechanism
Cyber warfare operations fall into several distinct categories:
- Destructive attacks: Malware designed to physically damage industrial control systems (e.g., Stuxnet’s destruction of Iranian centrifuges; Russian attacks on Ukrainian power infrastructure using Industroyer/Blackenergy malware).
- Espionage and intelligence collection: Large-scale intrusions into government and corporate networks to steal classified data, intellectual property, or strategic plans (e.g., China’s Salt Typhoon operation penetrating U.S. telecom infrastructure).
- Disruptive/DDoS operations: Flooding target systems with traffic to degrade availability of government, financial, or media services, often used as a precursor to or accompaniment of kinetic military action.
- Information operations: Manipulating target populations through disinformation, social media interference, and hack-and-leak operations to shape political outcomes.
- Pre-positioning: Quietly embedding malware in adversary critical infrastructure to enable future activation — a form of strategic deterrence through threatened disruption.
Market & Policy Impact
- Critical infrastructure vulnerability: Power grids, water systems, financial clearing networks, and hospital systems are all credible cyber warfare targets, creating systemic tail risks for investors in regulated utilities and financial institutions.
- Insurance and liability uncertainty: The “act of war” exclusion in many cyber insurance policies creates massive uninsured exposure when attacks are attributed to nation-states.
- Defense industry beneficiaries: U.S. and allied government cyber defense spending has grown sharply, benefitting firms with classified cyber contracts (CrowdStrike, Palo Alto Networks, Booz Allen Hamilton).
- Financial system targeting: SWIFT network attacks, central bank heists (Bangladesh Bank 2016), and exchange intrusions by North Korea’s Lazarus Group demonstrate the direct monetization of state cyber capabilities.
- NATO Article 5 applicability: Ongoing debate over whether a sufficiently destructive cyber attack on a NATO member triggers collective defense obligations has created a legal and strategic ambiguity that adversaries actively exploit.
Modern Case Study: Salt Typhoon and U.S. Telecom Penetration (2024–2025)
In late 2024, U.S. authorities confirmed that Salt Typhoon — a Chinese state-sponsored advanced persistent threat (APT) group — had conducted one of the most significant cyber espionage operations in U.S. history, penetrating multiple major American telecommunications providers including AT&T and Verizon. The attackers accessed systems used for court-authorized wiretapping, potentially compromising the identities of intelligence assets and ongoing surveillance operations. The breach was assessed as a pre-positioning operation — maintaining persistent access to critical communications infrastructure — rather than an immediately destructive attack. The Salt Typhoon operation illustrated the defining character of contemporary cyber warfare: patient, quiet, strategically consequential, and calibrated to remain below the threshold of a response that might trigger escalation. It also prompted emergency guidance from CISA and a Congressional push for mandatory telecom security standards.