The average person in the street really doesn't understand the potential damage that Cyberwarfare can unleash on the planet. The problem is that a lot of major companies don't either.
The aim of warfare is most likely to subjugate a country and seize its resources. Using guns and bombs is a messy way of going about doing that and frankly isn't all that cost-effective. Cyberattacks, on the other hand, can achieve many of the same goals with minimal risks.
Let's say you are an oil company and conducting test drills. Every day reports are sent, most likely by email, to head office. Some Chinese hacker has long since worked out the emailer's password and has been monitoring it for several months. One day you find a massive deposit. Almost before that email hits the CEOs inbox several Chinese state-owned companies have raided your companies shares. Now China owns that oil.
That is how easy it is and how sloppy a lot of companies are when it comes to cybersecurity.
Cyberwarfare is not just about the collection of data, which itself is an intel-gathering function. It can also include addition of data, and/or alteration of data.
It can also provide an avenue to compromise or gain control of an asset.
In the above example of the petroleum company, imagine if a cyberware organization targeted the company. Instead of just monitoring the emails regarding test drills however, they decided take a more active hand in things. Things like actively working to compromise company employees so that company data can be manipulated and trade secrets/technology stolen.
The work to compromise employees could range from collecting personal data on employees to find out the state of employees' finances to see who might be susceptible to bribery, or who might have debts which could be purchased and then called in. Or if key employees do not have compromising data which would be useful, cyberwarfare efforts could manufacture and insert such data. There are certain classes of data and activities which in a number of nations, even a credible allegation of possession, creation, distribution, participation or viewing tends to damage if not destroy a person's reputation, not to mention the potential for stiff criminal penalties. The potential for cyber efforts to remotely connect to a device and then upload such content exists. This in turn could be done to either compromise someone into becoming an asset, otherwise they find themselves under investigation and potentially indictment depending on how skilled and thorough the investigating agency is. Or alternatively, the material could be uploaded so that a threat or obstacle to an already compromised person who has been turned into an asset could be removed.
The whole scenario above can get quite disturbing if people look at the big picture potential. Imagine if you will, that an active effort to compromise a petroleum company employee has been successfully carried out, particularly earlier in their career and when they are comparatively young. Then their handlers push them to climb the corporate ladder if they are not already in or near executive-level positions within the energy industry. Once at this level where the asset can influence corporate policy and decisions, efforts are made to groom the person to make the jump into gov't, working in a sector which relates to their work and expertise in the energy industry. This would then essentially give the agency which engaged in cyberwarfare a mole within the gov't of a potential adversary...
thehill.com
www.aspistrategist.org.au
www.stuff.co.nz
/cloudfront-us-east-2.images.arcpublishing.com/reuters/UMHLWRT4WZOYTFYHL7URUCG4OY.jpg)
reut.rs
www.defenseone.com
www.thedrive.com
digital-strategy.ec.europa.eu
www.theguardian.com
siliconangle.com
blog.zositech.com
www.forbes.com