Cyberwarfare vs Cyber Espionage, What is the Difference?

War occurs when states seek goals that clash with the goals of other states and choose to pursue them through violent means.

Cyberwarfare is the attack of another nation’s computer systems with the final goal of damaging or disrupting their infrastructure or warfighting capabilities.

Cyberwarfare is performed in cyberspace. Targets often include computing systems that support critical infrastructure such as power stations, dams, and pipelines. Attackers attempt to gain control of these systems or disable them with the goal of disrupting the target nation’s warfighting capability and to achieve their political goals.

Clear examples of cyberwarfare include the Stuxnet virus that damaged Iranian nuclear energy infrastructure and attacks on Ukrainian and Russian critical infrastructure as part of the ongoing Russo-Ukrainian conflict. Another potential example includes the “Colonial Pipeline Hack” that shutdown critical energy infrastructure on the U.S. east coast. It isn’t completely clear if the attack was state sponsored.

Before we define cyberespionage, we must define espionage. Espionage is the activity of spying on an entity (a state or organization) with the objective of obtaining restricted information.

Cyber espionage is simply espionage performed in cyberspace. Espionage is often referred to as "the world’s second oldest profession”, the first being prostitution. As technology has progressed, so has the profession.

An example of cyberespionage includes a foreign government hacking into a large defense contractor to gain access to Top Secret information such as blueprints for a new fighter jet.

In cyberspace it is often difficult to completely prove which government committed a specific act of cyber espionage. In the cold war era, we would see Soviet and American spies arrested and paraded in front of the cameras, with cyber espionage such spectacles are rare.

Cyberwarfare is the attack of another nation’s computer systems with the goal of damaging or disrupting their infrastructure or warfighting capabilities. Cyberespionage is simply spying in cyberspace.

To help protect America’s Defense Industrial Base from cyber-warfare and cyber-espionage the Pentagon is requiring that contractors who work with Controlled Unclassified Information boost their cybersecurity posture. How is this accomplished?

Companies will have to implement 110 security controls, develop a system security plan, plan of action and milestones document as well as provide an assessment score to the Department of Defense. Eventually companies will need to earn a Cybersecurity Maturity Model Certification.

Lake Ridge offers the Compliance Accelerator solution to help companies meet these new requirements.