Cyberspace has been added to the fighting doctrine of almost all militaries today and for good reasons. One of the greatest advantages of attacking an enemy state through cyberspace is plausible deniability. Even if in the post-mortem of an attack the researchers are able to attribute it to a specific attacker, the attacker can always deny it, an option that doesn’t exist in clashes that take place in the “real world”. This provides a massive operational leeway to military operations in cyberspace, enabling governments to take actions without risking an all-out war. The low risk of offensive cyber operations translates to decision makers being much more trigger-happy when it comes to approving them. However, the attitude towards nation-state attacks seems to be changing, especially considering that attacks carried out in cyberspace can have kinetic implications in the real world.
Probably the most famous example of a nation state-backed cyber attack that affected the real world is Stuxnet. Attributed to the NSA and the Israeli military, the operation code-named “Olympic Games”, has inserted a malware to the computer network of the Natnaz nuclear facility in Iran, targeting SCADA systems and causing centrifuges used to separate nuclear material to spin out of control. Despite that the attribution was fairly clear and it was known who was most likely behind the attack, there wasn’t a firm response, and the situation did not escalate. This was a good case study for the benefits that cyber attacks have had all these years – it caused real world impact, yet despite being discovered and the likely attribution, there wasn’t an immediate retaliation.
This incident is in stark contrast to the more recent cyber skirmishes between Iran and Israel, which are still on-going as part of a larger campaign that is currently taking place.