Two nuclear-armed powers are fighting right now:
Internet security firms have noted an increase in Cyber War campaigns waged by Indian and Pakistani APTs (Advanced Persistent Threat) operations. APTs are well organized and very active hacker groups that are often created and sustained by governments or major criminal gangs. In this case six Indian APTs (Lucky Elephant, Donot Team, Patchwork Group, Sidewinder Group and two unnamed) and the three Pakistani (Transparent Tribe and two unnamed) have been carrying out large scale and persistent Internet based attacks. All APTs are given a number, as in APT23, and often a name as well. Many APTs stick with criminal activities over a long period, concentrating on stealing money, or information they can sell. The current online conflict between India and Pakistan is unique and deemed a Cyber War for several reasons.
Sure, Pakistan sends in terrorists routinely to attack India. So fighting takes place in the physical world, occasionally spiking to use of conventional forces. But the cyber war is persistent and potentially more than an irritant.
And much as terrorist actions can prompt conventional military responses if the terrorism spikes above the irritant level, I assume cyber war can get serious enough to justify taking the cyber war to the physical realm. As the Israelis did last spring (quoting the linked article):
As part of a larger operation that Israel conducted in response to rocket attacks from Gaza the first weekend in May, the Israeli Defense Forces (IDF) thwarted a Hamas cyber offensive against Israeli targets. Israel’s response did not stop at using digital means to turn back Hamas’ cyber assault. The IDF targeted and demolished a building where the Hamas cyber operatives worked.
Who knows? Perhaps Iran's attack on Saudi Arabian oil facilities was viewed by Iran as a response to our cyber war response to Iran's attack on our drone earlier this year.
As I wrote long ago:
In the past I've noted that we can't get so caught up in the mystique of cyber-warfare that we forget that a JDAM dropped on an office building filled with enemy hackers is probably a more straightforward way of dealing with their offensive efforts than equivalent hacking back at them.
If one side starts losing that cyber war--or suffers a catastrophic loss of life from a particularly effective cyber attack on civilian infrastructure--will the losing side escalate to physical world attacks to balance the scales?
And if they do that, where does the escalation stop before it reaches nuclear weapons?
