FeatureCountry vs country cyberwarfare requires significant planning, years if not decades of active espionage by government agencies and government-financed proxy groups, domestic and foreign. Some unplanned actions are operational or secondary targets of opportunity that present themselves during the planned activities. No country does or should not engage without significant pre-planning.
A national-level cyber warfare onslaught can last forever, primary missions can run for years, and some might still be running that could have been started decades ago. Espionage missions require operational funding, these are budgeted at a national level, and funding is pre-allocated for the planned length of the assignment plus some.
Cyberattacks can be launched from a cell phone and could be staffed by proxy groups in dozens of non-aligned counties
As for energy needs, cyberattacks can be launched from a cell phone and could be staffed by proxy groups in dozens of non-aligned counties or run through your local cloud service like AWS and Google, all of which require no energy from the aggressor nation. The bigger the national budget, the more extended actions on objectives run.
A national-level cyber warfare event will include government units, attribution during cyber warfare will be assumed, and proxy groups for distributed workloads. There will also be non-aligned opportunistic groups seeking financial gain from the chaos or creating more confusion because they can.
The bigger the national budget, the more extended actions on objectives run
As for the national apparatus, attacks will be launched from systems sponsored by the aggressor nation, but they seldom are hosted in that nation; they are nearly always distributed throughout non-aligned counties.
More advanced nations deploy a national cyber protection grid, sometimes called a sovereign internet, cutting off all outside and foreign access to a now local domestic only Internet. This level of protection means that any offensive cyber-attack must come from within the isolated local domestic internet.
A national-level cyber warfare event will include government units, attribution during cyber warfare will be assumed
Human assets must be pre-deployed and are at significant risk to life with limited to no support or additional resources. Most nations will rely on private organisations to protect themselves with little to no government support. In contrast, government assets are protected by local network segmentation and, in many countries, cybersecurity contractors and vendors.
In some countries, the government has no power over local service providers to enlist their support. From the point of global providers choosing a side puts them in the fight; this is not worth the risk; it is better if they remain neutral as it protects their self-interest.
There will also be non-aligned opportunistic groups seeking financial gain from the chaos or creating more confusion because they can
In nations with oversight of local service providers, they can enlist them to perform mitigation actions such as traffic dropping and geo-fencing. Geo-fencing will have little effect as a more mature and highly budgeted nation does not attack from their country; they attack from yours.
The technological elements change from country to country based on maturity and budget. There is no default tooling that everyone uses, like battle rifles and tanks. Some will have global deploy action stations and proxies in dozens of non-aligned counties with line signal interception, decryption, and payload injection financed via shell companies. Others might have a shed outback with two guys and an old TI-99.
Because attribution during cyber warfare will be assumed as the offending nation, attacks will not be as advanced or cutting edge nor as stealthily as during espionage missions. They tend to be more direct and overwhelming in noise and volume. The use of distributed denial of service DDoS to crush whole netblock ranges and the use of wiper-style attacks deployed to already breached networks are the most likely.
A national-level cyber warfare onslaught can last forever, primary missions can run for years, some might still be running that could have been started decades ago.
Opinions and comments are of the authors mentioned.
