Cyberwarfare has been defined as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption", but other definitions also include non-state actors, such as terrorist groups, companies, political or ideological extremist groups, hacktivists, and transnational criminal organizations.
Some governments have made it an integral part of their overall military strategy, with some having invested heavily in cyberwarfare capability. Cyberwarfare is essentially a formalized version of penetration testing in which a government entity has established it as a warfighting capability. This capability uses the same set of penetration testing methodologies but applies them, in the case of United States doctrine, in a strategical way to
Offensive operations are also part of these national level strategies for officially declared wars as well as undeclared secretive operations.
Cyberattacks, where damage or disruption is caused are the main concern.
Cyber espionage, which can provide the information needed to launch a successful attack.
Traditional espionage is not an act of war, nor is cyber-espionage, and both are generally assumed to be ongoing between major powers.
Despite this assumption, some incidents can cause serious tensions between nations, and are often described as "attacks". For example:
Computers and satellites that coordinate other activities are vulnerable components of a system and could lead to the disruption of equipment. Compromise of military systems, such as C4ISTAR components that are responsible for orders and communications could lead to their interception or malicious replacement. Power, water, fuel, communications, and transportation infrastructure all may be vulnerable to disruption. According to Clarke, the civilian realm is also at risk, noting that the security breaches have already gone beyond stolen credit card numbers, and that potential targets can also include the electric power grid, trains, or the stock market.
In mid July 2010, security experts discovered a malicious software program called Stuxnet that had infiltrated factory computers and had spread to plants around the world. It is considered "the first attack on critical industrial infrastructure that sits at the foundation of modern economies," notes The New York Times.