7.3.4.3 The Effectiveness of Cyber-attacks
The effectiveness of cyber-attacks, and their frequency, has grown with the power of technology and State dependence on networked resources.
Sabotage in the past might have taken the form of destroying key elements of the country’s infrastructure, for example by blowing up a bridge. Unless the attacker is caught, it is difficult to be sure which country was responsible.
Nowadays sabotage can take the form of cyber-attacks. A Guardian article in 2017, Fake news and botnets: how Russia weaponised the web, reported that:
“The digital attack that brought Estonia to a standstill 10 years ago was the first shot in a cyberwar that has been raging between Moscow and the west ever since.”
The attack was a Russian retaliation against Estonia’s removal of a Soviet statue. “Vast “botnets” – networks of captured and linked computers – were attempting to bring down computer systems with automated queries as part of a large DDoS (distributed denial-of-service) attack” which reached 4 million data packets a second at the peak, and “paralysed parliament, shut down banks, and fuelled violence in the streets” before the government was forced to sever the country’s ties to the Internet.
The Estonian example was in 2007. Technology has advanced enormously since then, most recently with the development of artificial intelligence (AI). A UK government study in October 2023, AI could worsen cyber-threats, report warns: it “could even help plan biological or chemical attacks by terrorists”
Part of the effectiveness of cyber-attacks lies in the difficulty of proving who was responsible (although there is strong evidence that the attack on Estonia came from Russia). Attacks can be carried out by malicious individuals, terror networks or government agencies. The target country has no recourse in law because cyber-attacks can be carried out from a remote location and extradition would not be granted.
Defence against cyber-attacks is costly. America’s Information Technology and Cybersecurity Funding in 2024, for example, shows that “The President’s Budget includes approximately $12.7 billion of budget authority for civilian cybersecurity-related activities, an increase of 13 percent over the prior year”. That does not appear to include protection of the nation’s power grid, for example, or other critical infrastructure – so the total cost will be much higher.
This page is intended to form part of Edition 4 of the Patterns of Power series of books. An archived copy of it is held at https://www.patternsofpower.org/edition04/7343.htm.