Cyber Weapons: The New ‘Arms Race’?

Cyber Weapons: The New ‘Arms Race’?

The Israeli Ministry of Defence recently confirmed that it has decided to ease its export rules concerning cyber weapons. The new regulation will allow companies and firms to benefit from exemptions regarding export licenses, facilitating the sale of some specific components. These exemptions are granted “under certain conditions related to the security clearance of the product and assessment of the country toward which the product will be marketed”.


As of today, there has been no common agreement on the definition of a cyber weapon at the international level. However, the most commonly used definition, stated in the Tallinn Manual on the International Law Applicable to Cyber Warfare (2013), refers to it as a cyber means of warfare which is “by design, use, or intent capable of causing either (i) injury to, or death of, persons; or (ii) damage to, or destruction of objects, that is, causing the consequences required for qualification of a cyber operation as an attack.” For example, it can refer to malicious software used to “break into electronic devices and monitor online communications”, introducing worms and viruses, Distributed Denial of Service (DDoS) attacks, etc.

At first, cyber means were mainly used for defensive purposes. In response to the development of digitisation, governments invested in cyber capabilities in order to secure their national defence networks and infrastructure. However, as cyber abilities have significantly reduced the military and human costs of warfare, and are easily accessible, both governments and non-state actors are increasingly willing to use them as offensive tools. “Cyberattacks can be as damaging as conventional attacks. (…) [They] are becoming more frequent, more complex and more destructive” highlighted NATO Secretary General Jens Stoltenberg at the Cyber Defence Pledge Conference in London, in May 2019. Within the last years, countries such as the United States and Russia announced the adoption of an offensive cyber doctrine, defining how and when they would use cyber weapons.

NATO Secretary General Jens Stoltenberg at the Cyber Defence Pledge Conference in London, in May 2019.

Within the European Union (EU), only a few Member States are willing to invest in offensive cyber capabilities. Denmark, after the adoption of its Defence Agreement for 2013-2017, expanded its cyber military capabilities in order to be able to conduct both defensive and offensive operations. Most recently, France announced in January 2019 the adoption of an offensive cyber doctrine. In Asia, North Korea has been developing its cyber warfare capabilities since the beginning of the 1990s and is now competing with world powers, leading experts around the globe to question whether it represents a threat as important as their nuclear programme.

As a consequence, the rising demand for offensive cyber tools and systems is predicted to rise as much as 39% by 2027, encouraged by the trend of defence budgets’ increasing around the globe. The most advanced companies in this field are mainly located in the United States, Israel and Europe, such as BAE Systems, Cisco Systems or Israeli Aerospace Industries (IAI). This trend has led cyber experts to call it a ‘cyber arms race’, which is only expected to expand in the near future – as highlighted by the Finnish IT expert Mikko Hypponen, who stated that “we might very well be spending the next 60 years in a cyber arms race.”


On the international stage, the export of technologies related to the cyber domain are mainly regulated through the Wassenaar Arrangement, signed by 42 nations, which aims to regulate the export of conventional arms as well as dual-use goods and technologies. The latter are indeed goods, technologies or software which can be used for both civilian and military purposes. The Arrangement covers the intrusion software or internet surveillance systems among others, asking State parties to limit or regulate the export or transfer of those products. However, important exporter countries, including Israel and China for instance, are still not part of the agreement, and most technologies and components which could potentially be used as cyber weapons are not covered as such by national or international regulations. Furthermore, as most of these technologies can be used for both defensive and offensive purposes, most States are not willing to further limit the export of cyber technologies, which would complicate their access to them.

The use of cyber weapons on targets within a conflict, in a conflict area, or even in peace time, could have disastrous consequences, and their use on the battlefield is now a reality. The introduction of connected technologies within military equipment, the increasing use of satellite connections collecting sensitive data, and their necessity for military planning and operations, have become potential weaknesses when facing the growing cyber threats. Since 2016, cyberspace has been recognized by NATO Member States as a military domain and as the fifth dimension of warfare after air, sea, land, and space, demonstrating the reality and the importance of the threat.

In all, the emergence of a ‘cyber arms race’ is bringing some important changes to defence markets, the conduct of military operations, as well as for the troops on the battlefield. This has also led to the need for better regulations and awareness in order to limit the future consequences.

Written by Solène Baudouin-Naneix, European Defence Researcher at Finabel – European Army Interoperability Centre.


Leave a Reply