Basics of Cyber Warfare

By Arturo Torres, Fortinet's FortiGuard Labs Strategist for Latin America and the Caribbean.

Cyber Warfare is typically defined as a set of actions by a nation or organization to attack countries or institutions’ computer network systems with the intention of disrupting, damaging, or destroying infrastructure by computer viruses or denial-of-service attacks.

Cyber warfare involves weaponizing hacking skills to either initiate attacks or prevent different types of cyber attacks. Although hacking started out as localized, relatively modest attacks on certain individuals or systems, as profiteers, organized cyber crime conglomerates, and nation-states have noticed the unique strategic advantage cyberattacks create, more and more notorious attacks have been happening.

In many cases, hackers looking to get the respect of the hacking community have also launched high-profile attacks unilaterally, earning the respect of both cyber criminals and the public.

What Are the Types of Cyber Warfare?


Espionage refers to spying on another country to steal secrets. In cyber warfare, this may involve using a botnet or spear-fishing attack to gain a foothold in a computer before extracting sensitive information.


With sensitive information identified, organizations then need to determine the potential threats presented to this data. This includes third parties that may want to steal the data, competitors that could gain an advantage by stealing information, and insider threats or malicious insiders like disgruntled workers or negligent employees

Denial-of-Service Attack

A denial-of-service (DoS) attack involves flooding a website with fake requests, forcing the site to process those requests, thereby making it unavailable for legitimate users. This kind of attack could be used to cripple a critical website used by citizens, military personnel, safety personnel, scientists, or others to disrupt critical operations or systems.

Electrical Power Grid

Hacking the electrical power grid could give an attacker the ability to disable critical systems, crippling infrastructure and causing the deaths of thousands. Further, an attack on the electrical power grid could disrupt communications, making it impossible to use services like text messaging or telecommunication.


Propaganda attacks involve trying to control the minds or hearts of the people living in or fighting for the targeted country. Propaganda can be used to expose embarrassing truths or to spread lies that cause people to lose faith in their country—or even sympathize with the enemy.

Economic Disruption

Most modern economic systems depend on computers to function. Attacking the computer networks of economic facilities like stock markets, payment systems, or banks can give hackers access to funds or prevent their targets from getting the money they need to live or engage in cyber or other warfare.

How can you stay safe from these threats?

Even though the opportunities presented by cyber war are vast—and likely to inspire new methods of attack—organizations can do a lot to minimize the chance of being impacted by an attack:

  1. Use available tools. It is no coincidence that phishing scams have become popular. Phishing involves an attacker tricking someone into divulging sensitive credentials. Because companies have been using next-generation firewalls (NGFWs), web application firewalls (WAFs), intrusion detection and prevention systems, antimalware, and other tools, stealing login credentials has become a go-to option. Using the latest tools immediately takes your organization off the list of cyberattackers’ low-hanging fruit.
  2. Increase cyber awareness. You can use famous cyberattacks and their methodologies, as well as the most recent cybersecurity statistics, to educate employees about what to look out for. An event does not have to be the biggest cyberattack in history to hurt your organization. If employees know the signs and how to be cyber-responsible, you can significantly reduce the chances of a successful attack.
  3. Segment your networks. Some of the most dangerous cyberattacks were successful only because the networks they targeted were not properly segmented. Keep sensitive data and anything else attractive to cyber criminals separate from the rest of the network and each other. This way, an east-west spread of an attack will do less damage.

As states explore the use of cyber operations and combine their capabilities, the likelihood of physical confrontation and violence as a result of, or part of, a cyber operation increases. It is clear that many countries today have active cyber warfare capabilities for offensive and defensive operations, and they had better be prepared.