Every second of every day, vicious cyberwars are taking place across the globe. We use the term “cyberwarfare,” yet states are cautious about describing these attacks as acts of war as defined by international law. While John McCain, the late Republican senator from Arizona, referred to the 2014 North Korean attack on Sony Corp. as a “new form of warfare,” then U.S. President Barack Obama was far more muted in his response — calling the attack “an act of ‘cybervandalism.’ ”
Cyberattacks against states have created a new ambiguous space in inter-state relations that lies somewhere between war and peace. A traditional security view that captures war and peace using a binary approach, which identifies only conditions of war or peace, cannot capture the complexities of cyberspace activity. Lucas Kello, a leading theorist of cyber technology and international politics, describes this intermediary condition as one of "unpeace."
In the first place, there is not a clear demarcation between defense and attack in cyberspace. To protect their own cyberspace, states are beginning to implement a form of "forward defense" by embedding their own "implants" in foreign networks that would allow them to attack should the need arise. In 2013, British Defense Secretary Philip Hammond confirmed that his country was "developing a full-spectrum military cyber capability, including strike capability." In 2016, U.S. Secretary of Defense Ashton Carter acknowledged that the United States was "deploying cyber bombs" to combat the military strength of the Islamic State radicals in Syria and Iraq. The U.S. has reportedly devoted four times more personnel to cyber offense in comparison to cyber defense.