of its payload must be accomplished quietly and undetectably—secrecy is often far less important when cyberattack is the mission.
Perhaps the most important point about cyberattack from the standpoint of a major nation-state, backed by large resources, national intelligence capabilities, and political influence is that its cyberattack capabilities dwarf the kinds of cyberattacks that most citizens have experienced in everyday life or read about in the newspapers. To use a sports metaphor, the cyberattacks of the misguided teenager—even sophisticated ones—could be compared to the game that a good high school football team can play, whereas the cyberattacks that could be conducted by a major nation-state would be more comparable to the game of a professional football team with a 14-2 win-loss record in the regular season.
Before considering the basic technology of cyberattack, it is helpful to review a few facts about information technology (IT) and today’s IT infrastructure.
The technology substrate of today’s computers, networks, operating systems, and applications is not restricted to the U.S. military, or even just to the United States. Indeed, it is widely available around the world, to nations large and small, to subnational groups, and even to individuals.
The essential operating parameters of this technology substrate are determined largely by commercial needs rather than military needs. Military IT draws heavily on commercial IT rather than the reverse.
A great deal of the IT infrastructure is shared among nations and between civilian and military sectors, though the extent of such sharing varies by nation. Systems and networks used by many nations are built by the same IT vendors. Government and military users often use commercial Internet service providers. Consequently, these nominally private entities exert considerable influence over the environment in which any possible cyberconflict might take place.