Some cyberattacks over the past decade have briefly affected state strategic plans, but none has resulted in death or lasting damage. For example, the 2007 cyberattacks on Estonia by Russia shut down networks and government websites and disrupted commerce for a few days, but things swiftly went back to normal. The majority of cyberattacks worldwide have been minor: easily corrected annoyances such as website defacements or basic data theft — basically the least a state can do when challenged diplomatically.
Our research shows that although warnings about cyberwarfare have become more severe, the actual magnitude and pace of attacks do not match popular perception. Only 20 of 124 active rivals — defined as the most conflict-prone pairs of states in the system — engaged in cyberconflict between 2001 and 2011. And there were only 95 total cyberattacks among these 20 rivals. The number of observed attacks pales in comparison to other ongoing threats: a state is 600 times more likely to be the target of a terrorist attack than a cyberattack. We used a severity score ranging from five, which is minimal damage, to one, where death occurs as a direct result from cyberwarfare. Of all 95 cyberattacks in our analysis, the highest score — that of Stuxnet and Flame — was only a three.
To be sure, states should defend themselves against cyberwarfare, but throwing vast amounts of money toward a low-level threat does not make sense.
[blockquote] “To be sure, states should defend themselves against cyberwarfare, but throwing vast amounts of money toward a low-level threat does not make sense.” [/blockquote]
True, but I wouldn’t throw just low-level amounts of money at it either. If this has a useful application in war, then the Russians will have used the Estonia attack as a test only – in other words, it shouldn’t be seen as a reflection of their true capabilities in this area. Not that I am implying there is any reason for future conflict with Russia, just taking up the example given in the article.
If a future conflict occurs with any technologically savvy nation (which I earnestly hope does not happen), that conflict may well open with a strong cyber attack by the other side, much stronger than they have hitherto let on that they are capable of. The object won’t be to kill anyone, but to paralyse vital communications, intelligence and logistics systems.