Cyberattacks in times of conflict will look different than in peacetime. There are many reasons for that but naturally such points might not be at the center of interest now. Because we are fortunately in peacetime, and because imagining such a qualitative change is not simple. Still, there’s the value of thinking about how things may change, as due to the nature of “cyberspace” such changes may affect many entities in many places, at the same time.

I did a rather devoted study on the topic of cyber conflict at that particular stage while at the ICRC. Since then not that many references of interest appeared. So let's use what we have at disposal.

Let's take advantage of content in the recent US report on China’s armed forces. It contains interesting pointers. I pick the relevant few below, but drop references to any particular countries, keeping it passive.

Intensity and escalation

The intensity of cyberattacks will be shaped according to the “operational needs”. Below cyberattacks are called “low-cost”, because compared to other means they are low-cost. This even though in peacetime we often read about how difficult (in terms of costs) it is for companies to “attract talent”. As for the "retain the option..." it might be a nudge about a situation where after gaining of access to systems it is maintained for the future.

  • ...manage the escalation of a conflict because cyber attacks are a low-cost deterrent. … cyber attack operations aim to target critical military and civilian nodes to deter or disrupt adversary intervention, and to retain the option to scale these attacks to achieve desired conditions with minimal strategic cost...

The nature of operations will be subject to change

Cyberattacks will be shaped. They will differ just prior to, in the early hours/days, and later in the conflict. This is overtly communicated below when speaking of different stages of a conflict, like the “initial stages of conflict”.

The difference will be both in quantity (the number of operations) and quality (what is sought, how, for example, whether the today’s “time wasted” on covering tracks to make attribution difficult would still be pursued).

  • In cyberwarfare, actors may “create disruptive and destructive effects—from denial-of- service attacks to physical disruptions of critical infrastructure— to shape decision-making and disrupt military operations in the initial stages of a conflict by targeting and exploiting perceived weaknesses of militarily superior adversaries
  • targeting command&control and logistics networks to affect an adversary’s ability to operate during the early stages of conflict"

Cyberattacks and cybersecurity would look very different in times of conflict/war than in peacetime. Such insight may be useful to organizations also when there's lack of a conflict going on. Especially to those organizations who are considerable, exposed, are key to internet/software infrastructure, and therefore could likely feel/experience things going awry. This is a very special case of risk assessment of events with low likelihoods and high impacts.