Hybrid Warfare: How Cyber Warfare is Transforming International Relations

In the 1990s, the concept of soft power was introduced as a "gentle" influence strategy, allowing a nation to extend its international reach through non-coercive tools, such as culture, rather than through military or economic power [1]. This concept, introduced by American political scientist Joseph Nye, has since evolved. In 2010, Nye expanded on his original idea by introducing the concept of cyber power, which he defines as “a set of resources tied to the creation, control, and communication of electronic and computer-based information, encompassing infrastructure, networks, software, or human expertise”.

Cyber power has disrupted geopolitical balance by redefining global power dynamics. Amaël Cattaruzza, President of the French National Geography Committee, likens this transformation to a shock as profound as the industrial revolutions of the 19th and 20th centuries. This shift has led to a redistribution of power among actors: Nye points out that "low entry costs, anonymity, and asymmetrical vulnerabilities" [2] enable new actors from civil society to compete with traditional state powers that once dominated the international stage. Tech giants like Google, Amazon, Facebook, and Apple (GAFA), along with their Chinese counterparts Baidu, Alibaba, Tencent, and Xiaomi (BATX), and other digital behemoths like Uber or Booking, are challenging established social hierarchies, contributing to an erosion of governmental influence [3]. Instead of losing power, this evolution prompts states to adapt their strategies to fit into this new digital ecosystem.

A "cyber arms race" is now underway, with numerous states and terrorist groups investing heavily in developing both defensive and offensive cyber capabilities to secure a strategic advantage. This escalation drives the need for large-scale legal regulation, along with a clear understanding of the consequences of a "cyberattack" when it results in tangible physical effects, such as the downing of drones or projectiles [4]. Such attacks, which can be classified as "aggression" under Article 51 of the United Nations Charter, could justify a proportional counterattack under international law, with far-reaching implications.

Over the past two decades, the cyber component in international conflicts has become widespread. In 2007, Estonia faced a massive distributed denial-of-service (DDoS) attack that paralyzed its administrative and banking servers for several days. Russia, the primary suspect, allegedly enlisted the services of botnet operators—networks of compromised computers capable of rendering dozens of Estonian sites inaccessible. This first attack on a state quickly became a case study for governments that would face similar cyberattacks. This event demonstrated that, with relatively limited resources, the activities of an entire country could be disrupted. Although this attack was relatively mild, it marked a turning point.

Cyber warfare has become an unavoidable component of traditional conflicts. Today, every war includes a digital aspect, the boundaries between physical and digital warfare are being blurred due to their similarities. According to Clausewitz, who taught about conventional conflicts, digital warfare requires a deep understanding of the adversary, a thorough analysis of the "terrain" (or "attack surface"), an assessment of power dynamics, and the development of a strategic plan targeting specific objectives [5]. The challenge is to identify and exploit the enemy's vulnerabilities. This form of warfare relies on a combination of intelligence gathering and offensive actions. In this context, states become direct targets, with consequences for their administrative infrastructure, essential services, and populations. This cyber dimension is now omnipresent in conflicts in Europe and the Middle East.

In recent years, cyberattacks have evolved from a mere means of destabilization—exemplified by the Stuxnet worm attack (likely created by an Israeli-American alliance) targeting Iran's nuclear program—to a strategic tool integrated into traditional military conflicts, as seen in the Israeli-Palestinian confrontations. Where cyberattacks were once used sporadically to target specific infrastructure, they have now become a fundamental aspect of conflict, contributing to the hybrid nature of warfare. It is highly likely that cyber operations will be central to future armed conflicts. For example, Naval Group has begun integrating dedicated physical datacenters to protect against cyberattacks.

Although more subtle, cyber warfare can have devastating effects on all facets of a state, directly impacting its government (through strategic influence), its businesses (slowing down operations, industrial espionage), and its population (especially through social media). The NotPetya and WannaCry viruses illustrate this global virulence, affecting Ukraine, European countries, and indirectly, the world at large. These cyberattacks have massive economic impacts, with repair costs estimated at $10 billion and significant ransom demands, as seen in the case of French industry giant Saint-Gobain. Social impacts are also significant. During the winter of 2023 in Ukraine, people could not access payment systems, medical care, or essential services like electricity and heating. National production can also be paralyzed, endangering the economic activity of an entire country.

DDoS attacks have emerged as a formidable weapon in cyber warfare due to the ease of deployment and relatively low resources required to inflict considerable damage. By flooding networks, it can quickly paralyze critical infrastructure, from websites to essential services. The consequences of these attacks extend beyond mere service interruptions, causing a deep societal impact, eroding public trust, and destabilizing the economy.

Between 2021 and 2022, the volume of DDoS attacks targeting Ukraine increased by over 500%. Researcher Brian Krebs has investigated Stark Industries, a hosting company that hacktivists affiliated with pro-Russian groups still use as a proxy to target Western and Ukrainian infrastructure, and which is responsible for numerous attacks. Geopolitical tensions in Europe have significantly contributed to this rise in DDoS attacks, which have surged in frequency, impacting not only nations in direct conflict but also their allies.

The same pattern is evident worldwide. In 2023, attacks against Israeli sites increased by 27% between the third and fourth quarters, with a staggering 1,126% increase for Palestinian sites over the same period. Asia has not been spared, with similar spikes, particularly in Taiwan, where attacks surged by 3,370% between 2022 and 2023. These attacks should be considered in their entirety, as they cause not only technical disruptions but also a generalized loss of confidence, amplifying fear and stress among users. This is particularly true when these offensives are accompanied by disinformation campaigns. The most significant impact of a cyberattack often lies in the reputational damage sustained by the targeted organization, which can have long-term effects on its credibility and functioning.

This overview demonstrates that cyber warfare—through tools like DDoS, ransomware, and data exfiltration—is deployed as a strategy of international destabilization, capable of paralyzing entire nations without a single shot fired.

Politically, cyber warfare is often carried out through the spread of disinformation. This strategy aims, not only to gather strategic intelligence, but also to weaken governments. In response to these threats, governments are establishing specialized departments to combat fake news and information manipulation. For instance, in 2017, France created ComCyber, which includes an "influence" department dedicated to information warfare and combating disinformation.

Economically, certain industries, notably energy, are frequent targets, making cybersecurity a matter of national security. Shutting down a nuclear power plant or stealing sensitive data poses a direct threat to the population and can cripple business activity, disrupting the country's economic and social stability. Other critical sectors, such as financial services, telecommunications, manufacturing, education, and transportation, are also affected by cyberattacks, underscoring their importance in the functioning of national infrastructure.

On a societal level, the population itself becomes both a target and a strategic actor in interstate conflicts, as it is seen as leverage to influence national policies. A CrowdStrike report reveals that the onset of the conflict between Israel and Hamas on October 7, 2023, triggered a wave of hacktivist activity, largely dominated by pro-Palestinian groups. These hacktivists targeted critical Israeli infrastructure, including projectile alert systems, and attempted to extend their operations to countries perceived as supporting Israel.

Cyber warfare has now become an undeniable strategic reality, reshaping geopolitical balance and power dynamics. The rise of cyber power has profoundly transformed influence strategies.

Cyberattacks are now a fully-fledged weapon, increasingly used in traditional conflicts and capable of paralyzing states, critical infrastructure, and businesses [6]. Facing this growing threat, governments must adapt their strategies to preserve their influence in a context where power is increasingly diffused within civil society. Digital supremacy is emerging as a crucial factor in the balance of power—whether political, military, or economic—in an ever more interconnected world.

[1] Joseph Nye, Bound to Lead : The Changing Nature of American Power, New-York, 1990

[2] Belfer Center for Science and International Affairs. Idem

[3] CATTARUZZA, A (2021). Idem

[4] Roche, E. M. (2019). La course au cyber armement. Netcom, 33-1/2, 171-180. https://doi.org/10.4000/netcom.3811

[5] CATTARUZZA, A (2021). Idem

[6] DE MONTENON, P (2020). Idem