What Cyber War Looks Like for Nation-States in the 21st Century

In the 21^st Century, cyber war rarely announces itself with a declaration or explosions or troop movements. It unfolds quietly, inside networks and across supply chains, and within the data that modern societies rely upon to function. For nation-states, cyber conflict has become less of a hostile action in which disruptive tools are deployed to express discontent or punish a state, and more a persistent condition more akin to a shadow campaign waged below the threshold of conventional war. Clausewitz described war as politics by other means; in a similar context, cyber could be described as politics conducted in ambiguity.

Recent conflicts have demonstrated that cyber warfare has dissolved the traditional boundaries of conflict. As opposed to conventional military action, there are no front lines when it comes to cyber warfare, only attack surfaces. Any public and private organizations including critical infrastructure are viable targets for state actors. What’s more, this is not collateral exposure, it is done by design as a means to apply pressure for adversary capitulation and help bring conflicts to quicker resolution. Recent events tied to the 2026 Iran conflict illustrate this paradigm.  Cyber operations were integrated into the opening phase of kinetic strikes, disrupting Iranian command-and-control systems, communications, and sensors before physical attacks began. This coordination underscores an evolution in cyber attacks in military strikes – it is not just a complementary capability, but a co-equal domain in modern warfare.

The implication is clear. modern war planning must now take into account that strategic networks will be degraded before missiles are launched, and that commandeering the adversary information space is necessary before any physical attack. Digital paralysis is not just a hypothetical anymore; it can be instrumental in shaping battlefield outcomes as effectively as firepower if the conditions are right.

One of the defining characteristics of cyber warfare is what has been described as layered ambiguity. In a cyber context, this refers to when states deliberately conceal the role cyber operations play in the broader campaign. That means attribution is more difficult to determine, evidence disclosures are selective at best, and network effects can be indistinguishable from system failure or the result of an accident. The Royal United Services Institute’s analysis of U.S. operations targeting Venezuela highlights this dynamic. Per its report, U.S. officials described “layering different effects” from cyber, space, and conventional forces to “create a pathway” for mission success, while leaving the exact cyber contribution undefined. This wasn’t serendipitous, as much as it was strategic.

Creating ambiguity enables a state to implement escalation control. It allows it to apply pressure without triggering conventional retaliation. It also complicates international response, as adversaries struggle to prove intent or assign blame. When it comes to cyber war, creating uncertainty is to the advantage of the attacker.

The digital domain, and perhaps more concretely, data, defines an important terrain to secure territorial advantage, and a critical requirement for military success. The theft, manipulation, and/or destruction of information has become both a decisive objective, as well as a means of warfare. State-sponsored actors increasingly target data not merely to collect intelligence, but to shape perception and degrade trust. Russian cyber doctrine, for instance, integrates technical attacks with psychological operations in a unified concept of “information confrontation.” The goal is not just to infiltrate systems, but to influence populations and destabilize institutions.

Ukraine’s experience reinforces this convergence. Its “IT Army” mobilized thousands of civilian hackers to conduct distributed attacks, disrupt Russian services, and amplify messaging campaigns. Cyber operations became an instrument for both retaliation and narrative control, blurring the line between military and civilian participation.

Another central feature of modern cyber war is the increasing presence of non-state actors operating alongside, or on behalf of, states. Hacktivists, cybercriminal groups, and loosely affiliated collectives now play a central role in conflict dynamics providing another state resource whether they operate independently or with direction. In the recent Iran conflict, there have been more than 60 pro-Tehran hacktivist groups claiming to execute cyber attacks (e.g., denial-of-service attacks and defacements) across multiple countries. While several of these collectives did not pose a significant threat, or were composed of layered, sophisticated attacks, they contributed toward producing a cumulative effect, contributing to overall disruption and applying psychological pressure on the communities targeted. Such “outsourcing” of cyber conflict represents a fundamental development in how states are leveraging or at least allowing nonstate actors to support their efforts. They gain another resource largely because barrier of their entry is low, tools are readily available, and skillsets can range from the rudimentary to the advanced.

Perhaps the most important development in cyber warfare is to see its integration into military operations, an amazing evolution since the attacks that occurred during Russia’s excursion against Georgia in 2008. Cyber attacks are now fully coordinated with kinetic strikes to maximize their impact. Whether it be Russian attacks against Ukraine’s power grid coinciding with missile strikes, or the U.S. cyber operations in Iran aimed at blinding defenses and disrupting coordination, it’s clear that disruption is not the sole objective, but is compounded with psychological shock. No longer experimental, cyber attacks are embedded in the operational fabric of military action.

The United States’s doctrine of “persistent engagement” recognizes that cyberspace is a domain of uninterrupted competition as opposed to one of periodic conflict. This means that in the current state of affairs the division between war and peace has quickly eroded making cyber operations a year-round engagement. As evidenced by revelations about sustained and quiet cyber espionage activity conducted by China and Russia, some campaigns have been underway years before they have been detected. Adversaries continually probe networks on a daily basis. Some gain entry into high value networks to preposition themselves for extensive espionage, monitoring, or future disruption. This reality is underscored by recent Iranian-linked cyber activity targeting U.S. entities, which disrupted operations and demonstrated the willingness to extend conflict into the American homeland. Such actions are manifestations of an ongoing contest for advantage. There is no “off switch.”

For policymakers, the evolution of cyber warfare presents a series of complex challenges that demand a recalibration of strategy:

• Deterrence Must Be Reimagined. The United States must develop layered deterrence frameworks that combine resilience, offensive capability, and statecraft that pulls in international partners.

• Critical Infrastructure Defense Is National Defense. Strengthening public-private partnerships is not optional; it’s essential. Regulatory frameworks, information sharing, and joint exercises must evolve to reflect this reality. It’s been discussed, it’s been promoted, but there needs to be better measurable results from these ventures.

• Offensive Cyber Capabilities Require Governance. While ambiguity provides strategic advantage it also risks miscalculations. As the United States expands its offensive cyber posture, it must also establish clear authorities, oversight mechanisms, and escalation thresholds.

• Alliances Must Extend into Cyberspace. Cyber conflict is inherently transnational. Therefore, international alliances like NATO must integrate cyber defense and response into their core missions, including collective defense considerations.

Implications for Statecraft   Power Is Becoming More Diffuse. Cyber capabilities enable smaller states/nonstate actors to exert disproportionate influence in geopolitical events, complicating traditional power structures. Secrecy and Signaling. Balancing the demands of deploying effective cyber operations which often rely on stealth, and strategic deterrence which requires signaling capability and intent.   Norms and Laws Lag Behind Reality. Questions of sovereignty, proportionality, and acceptable targets remain unresolved, creating a perpetual gray zone.   Information Dominance Feeds Strategic Dominance. Cyber warfare amplifies the importance of information operations, particularly data manipulation, influence campaigns, and perception management in achieving strategic objectives.

Cyber war in the 21st century is not just about warfare; it’s fully integrated into geopolitical competition. Characterized by ambiguity and persistence, it targets not just systems, but societies. And what has emerged is a form of warfare that may be less visible but it’s by no means less consequential. It is fought in background of conventional strikes, measured in disruptions rather than destruction, and waged continuously in all aspects of everyday life. In this new era, the question is not whether cyber war is occurring; it’s whether governments can navigate through it without stumbling into something far more detrimental.