Cyber warfare can be hard to imagine as you can’t rule out any type of cyber warfare, as policymakers think of a lot of scenarios. There have been smaller acts of cyber aggression that have given us an idea of cyber warfare through smaller attacks. It is impossible to rule out any scenarios, even wild ones because there are so much unknown unknowns. Cyber security is difficult to protect as cyber attacks are only getting stronger as they adapt to the changing world. They are setting the pace, where it needs to be cyber deterrence setting the pace. It can be extremely difficult to find the source of an attack because they can give false origins and use remote servers. Although advances have made even tracking down sophisticated hackers, diplomacy may hold back from making allegations. The offense still has the advantage over the defense despite the slow shift as defense grows.
It has become a global norm that cyber war would be limited by the law of armed conflict as major states all agreed, even endorsed in the G-20 summit. However as mentioned before, cyber security is not just protecting against full on cyber war. Cyber attacks can take many forms, just recently the emergency sirens in Dallas were hacked. The hack activated all 156 emergency tornado sirens for 90 minutes in the middle of the night. ((http://www.computerworld.com/article/3187519/security/hack-of-dallas-emergency-sirens-prompts-more-warnings-to-bolster-cybersecurity.html) It was an example of how unprotected our systems are, even if they are not thought of as typical targets. The fight against hacking is ongoing, with constant needs to adaptations to the changing world and the emerging threats it is facing.
While the continuous fight is not an easy one, as the internet is involved in almost all sectors of society. With the massive amount of stakeholders involved, it is difficult to have norms that transcend all of those stakeholders. As different stakeholders need different issues addressed, they need various norms targeted to different areas. Finnemore defined norms are “shared expectations of proper behavior”, becoming internalized when they reach their final step. Although it is hard for the average person to grasp the complex threats in cyber security, thus they have trouble adopting norms because they do not see the outcome of doing so. The cyber norms that we have in the U.S. are not the same norms all over the world, in countries such as Russia and China. Cyber norms would compete, between countries or groups of countries. In the case of Russia and China, they both are a threat to U.S. cyber norms in two distinct ways. In Russia for example, they have built a “troll army” to wage a disinformation campaign in support of their invasion of Ukraine and the Kremlin more broadly. While China employs more straightforward hacking of U.S. government infrastructure and the private sector. They target information in order to steal it, although it is not always clear the purpose of stealing that bit of information. Both countries invest a large amount on hiring hackers, albeit with different purposes. They are some of the biggest threats to cyber security, proving how real it is despite how hard it is for the average citizen to understand. (http://time.com/3928086/these-5-facts-explain-the-threat-of-cyber-warfare/) The lack of norms in the international system to address cyber attacks has left grey areas where the lines of cyber warfare are blurred. In February 2017, Ukraine alleged that Russian hackers had targeted its power grid, financial system and other infrastructure with different viruses in late 2016. Alleging that Russia made 6,500 cyber attacks in November and December of 2016, where one of their hacks successfully knocked out the power grid. This is just one of many allegations of cyber warfare by Russia in Ukraine. (http://www.reuters.com/article/us-ukraine-crisis-cyber-idUSKBN15U2CN)
This is just a funny cartoon about cyber war: