Governments are attacking civilians in a time of peace.
President and Chief Legal Officer Brad Smith of Microsoft in April told the RSA cybersecurity conference about attacks that don't involve tanks and warplanes, but bytes and bots. And they are aimed at our energy grids, our infrastructure, and even our private financial information.
We've increasingly seen reports of cyber incursions, attributed to nation-states, into critical infrastructure and financial systems. We've seen further attempts to affect countries' internal political institutions. Nations are reportedly stockpiling software and network vulnerabilities, to use for espionage or in the event of an internet-enabled conflict.
Even if some claims of cyberwar are overblown — and notions of a looming "cyber-geddon" almost certainly are — the rapid adoption of new technologies as a mechanism of statecraft create ambiguity and give rise to risks that we need to understand. The first step is to be clear about what cyberwar may look like and what governments, institutions, companies and citizens can do about it.