TOKYO -- The ransomware attack that briefly shut down a major U.S. pipeline underscores the reality that what happens in cyberspace no longer necessarily stays there.
And as geopolitical tensions mount and countries focus more attention on cyber operations, the risk of an electronic attack escalating into real-world conflict -- and questions about connections to international law -- cannot be ignored.
Hackers generally try to cover their tracks by going through intermediate systems and planting malware on target systems. But certain countries, such as the U.S., boast sophisticated analysis capabilities that can follow the route of an attack back to its source.
Even when an attacker is identified, that information might not be made public right away, for fear that the culprit could change tactics to throw off the pursuers. The victim may even pretend not to have noticed the intrusion and let the hacker keep going in order to study the patterns -- or to follow the trail and send malware in retaliation.
But when an attack deals significant damage, such as in the pipeline hack, the perpetrator's identity may be announced as a warning. The FBI quickly attributed that incident to DarkSide, a suspected Russia-based group.
In 2018 and this past February, the Justice Department announced charges against North Korean hackers allegedly involved in a laundry list of attacks.
And after the Indian commercial hub of Mumbai suffered widespread blackouts last October, an analysis firm later released findings that indicated China had implanted malware into the country's electrical control systems -- a move apparently intended to pressure the government amid a territorial dispute.
So far, the impact of cyberattacks has largely remained relatively minor, such as stealing information or damaging computer systems. But the possibility has emerged of serious harm to people or property: causing a pipeline or factory to explode, for example, or crashing a plane by locking up its controls.
Attacks targeting the Iranian nuclear program have inflicted real damage to equipment and facilities, most notably with the Stuxnet worm discovered in 2010 that reportedly destroyed hundreds of uranium-enriching centrifuges. Israel and the U.S., which aim to keep Iran from acquiring nuclear weapons, are believed to have been responsible.
Given the risk of a devastating cyber offensive by China, Russia or North Korea sometime in the future, Washington has signaled that it will respond to a cyberattack with military force if warranted. Japan and the U.S. have also confirmed that cyberattacks could trigger Washington's obligation to defend Tokyo under their security treaty.
This view on responding to cyber operations with armed force has been backed by the Tallinn Manual, an analysis by American and European legal scholars and experts on how international law applies to cyberwarfare.
The study, first published in 2013 under the auspices of the Tallinn, Estonia-based NATO Cooperative Cyber Defense Center of Excellence, states: "A cyber operation constitutes a use of force when its scale and effects are comparable to non-cyber operations rising to the level of a use of force."
Under the international laws of war, nations have the right to respond to attacks against them with proportional force.
The question of whether to mount a military response to a major cyberattack will be up to political leaders, who must weigh the risk of inviting an armed response that could escalate into all-out war.
The future involvement of artificial intelligence may make it harder to keep cyberwarfare limited to the electronic realm, however.
It has been suggested that countries could incorporate AI into their strategies to potentially knock rival powers off balance with lightning-fast attacks. If an AI not bound by normal human restraint opts for a highly aggressive, destructive cyberattack, the other party may decide to respond with armed force.
The world is quietly moving toward a new phase of cyberwarfare.