US intelligence agencies attribute a record number of significant cyberattacks in the past year to state-sponsored actors from Russia, China, North Korea, and Iran. Targets have included electrical grid control systems, water treatment facilities, financial market infrastructure, and the networks of defense contractors. The attacks are designed to remain dormant until needed, pre-positioning capabilities for potential future conflict scenarios.
The attribution and response framework for state cyberattacks remains poorly defined. International law does not clearly specify when a cyberattack constitutes an act of war, and norms around proportional response are contested. The Biden and Trump administrations both authorized offensive cyber operations as deterrence, but experts disagree about whether such actions reduce or escalate the overall threat environment.
