Hands of a guy on laptop keyboard

Cyber-armament: a growing trend (Part I)

Published on 20 February 2017
Updated on 07 August 2022

Is cyber-armament a growing trend? What are the main diplomatic responses? And why is the private sector calling for a global political dialogue? This three-part post analyses cyber-armament as a growing trend, and looks at diplomatic and private sector initiatives on tackling cyber-conflicts. It also makes reference to DiploFoundation’s latest report, Towards a secure cyberspace via regional co-operation.


When a power outage amounting to 200 megawatts unexpectedly struck Kiev on Sunday, 18th December 2016, leaving the northern part of the city without electricity at temperatures somewhere below zero, those responsible from Ukrenergo, the national energy company, started investigating a possible cyber-attack. A similar attack, that occurred in Ivano-Frankivsk a year before, had been attributed by some cybersecurity experts to Russian hackers. This was, however, just a continuation of a long list of politically motivated cyberattacks. The list, that started with the 2007 attacks on Estonia (since incidents before this were either not recorded or did not raise such geo-political interest), also includes:

  • Attacks on the Georgian online media and government servers during the conflict between Russia and Georgia in 2008.
  • The Stuxnet attack on the Iranian nuclear facility, Natanz, in 2009, allegedly performed by the US and Israeli governments.
  • Operation ‘Aurora’ conducted in 2010 against US companies, allegedly by Chinese hackers.
  • A cyber-attack against the oil and gas company Saudi Aramco in 2012, confidentially attributed by the US National Security Agency (NSA) to Iran.
  • A cyber-espionage operation ‘Red October’ that penetrated computers in ministries across the world in 2013.
  • The US surveillance project  PRISM disclosed in 2013 by the whistle-blower Edward Snowden.
  • Attacks on Sony servers in 2014, officially attributed by the US government to North Korea.
  • Continuous cyber-attacks between Israel and Palestine with distributed denial of service ( DDoS) attacks increasing in number and volume following ground battles and ceasing during ceasefires.
  • The 2016 attacks against the US Democratic National Committee and the US elections.

While various experts and security companies have competed to analyse the malware codes and attack patterns to discover the culprits, and have often pointed fingers at certain hacker groups possibly connected to governments, in most cases governments themselves restrain from officially attributing cyber-attacks to another state. It is unlikely, however, that criminal hacking groups would have the motive and the resources (including the necessary intelligence in some cases) to perform many of the listed attacks, which opens for speculation that governments might be offering support to those hacker groups, at least.

There is evidence, however, from official documents and media coverage that countries are increasingly investing in both defensive and offensive capabilities. Refer to the Digital Watch interactive map, which  continuously records reports of offensive cyber-capabilities.