Increasing digitisation, in all sectors, causes our society to be faced with cybercrime more and more often. The damage done by cybercrime will probably exceed $5.5 billion next year. It is not only criminals interested in your money, but there are also countries that explore ways to take advantage of cyberspace. The situation could be considered a cyber war. However, since there are no clear definitions yet of what is and what is not an act of war in cyberspace, the existence of a cyber war is debatable. What has been done, though, under the supervision of NATO, is the drafting of the so-called Tallinn handbook. This handbook includes 154 lines describing when a cyberattack violates internationally established regulations. Should such an attack occur, the country in question can retaliate.

Currently countries such as Russia, North Korea, Iran and China are already busy developing software to execute cyberattacks. Other, more West-oriented, countries also have cyberattack software. At one time the US, for instance, developed cybersoftware to attack and destroy Iran’s nuclear programme. Naturally, the US has never confirmed this. The US as well as European countries are investing billions of euros every year to ward off
cyberattacks. All this has led to cyberspace being officially recognized by NATO as a domain for acts of war, just like land, sea and air.

One of the best known examples of one country cyberattacking another country is Russia attacking Ukraine’s energy system. Not only was the entire energy network crippled in the first attack, also other sectors were hit. This was 2015. Two years later the Russian attackers returned and did much more damage. Hospitals, banks, airports, transport companies and other public organisations were attacked. And damage was done beyond the confines of
Ukraine, affecting many companies worldwide. The cybervirus called Sandworm created havoc at multinationals such as Maersk, Merck, Saint Gobain, TNT express, Reckitt Benckiser and Mondelez. The damage done was in excess of €9 billion.

What is the difference between a cyberattack and cyberwar? Nobody can put his finger on this. The grey area that now exists gives countries the opportunity to experiment. We see a ticking time bomb and do not know when it will go off for real. The fundamental requirement is that good and adequate international legislation and regulations have to be put in place. The sad thing is that this should have been done already but has still not been done.