The development of electronic warfare (EW) techniques and cyber warfare methods, coupled with their increasing use alongside traditional military strategies in armed conflicts, has profoundly transformed the nature of modern warfare.

These technological innovations have introduced a hybrid dimension to conflicts, allowing warfare to be conducted on the physical battlefield and the digital realm. As a result, EW has become a pivotal game-changer, reshaping the rules of modern combat with its transformative impact on conflict dynamics, a trend that nearly all states seek to adopt.

Initially regarded as a highly technical tool with a limited scope, focused primarily on disrupting radar and communication systems, EW has significantly evolved in recent years due to technological advancements. Notably, the merging of EW with cyberattack techniques has made these methods a more potent and destructive force on the battlefield.

This issue was brought to the forefront of the U.S. Congress a decade ago when Leon Panetta, the then director of the CIA, underscored its significance with the following warning, "The next Pearl Harbor we confront could very well be a cyberattack that cripples our power systems, our energy grid, our security systems, our financial systems and our government systems."

It was only a short time before such warnings materialized. In December 2015 and December 2016, the Russian-linked group Sandworm launched cyberattacks on Ukraine's power grid, disabling substations and cutting off electricity to residential areas. Similarly, in August 2022, the Russia-backed group People's Cyber Army launched a large-scale cyberattack on Ukraine's state nuclear energy company, Energoatom.

Vulnerability of critical infrastructure

What makes EW techniques and cyberattacks a true game changer is the growing vulnerability of critical infrastructure to their rapid and efficient development.

Critical infrastructure refers to essential systems such as military assets, energy grids, financial systems and communication networks. These systems are becoming increasingly susceptible to EW and cyberattacks.

The vulnerability stems from the growing integration of physical and digital components, making them susceptible to both cyber and physical attacks. Systems that were once viewed as purely physical targets, with defenses tailored to that purpose, have now become prime targets for cyberattacks and EW methods. This shift has enabled adversaries to inflict wide-scale damage on critical infrastructure beyond traditional physical methods by utilizing electronic and cyber warfare techniques.

While states have taken measures to protect critical infrastructure, these defenses are primarily designed for conventional attacks, leaving a security gap as EW and cyberattacks outpace current safeguards. States must develop comprehensive systems to protect against these modern threats, as EW and cyber techniques can target and paralyze infrastructure, crippling energy grids, communication networks and financial systems, leading to societal and economic disruption.

Not privilege but necessity

In the face of cyberattacks and EW methods, it has become crucial for states to develop more resilient, comprehensive and appropriately tailored defense measures to counter these threats. Integrating these measures into traditional defense doctrines as a fundamental element is essential for maintaining strategic superiority in modern conflicts.

One of the most notable and pioneering frameworks in this regard is the U.S. Critical Infrastructure Security and Resilience program. This initiative addresses both cyber and physical protective measures for the country's critical infrastructure – such as energy, water, transportation, financial systems and communication networks – aiming to minimize vulnerabilities to EW and cyberattacks through public-private sector collaboration.

A key example showcasing the effectiveness of the U.S. Critical Infrastructure Security and Resilience program is the 2021 Colonial Pipeline cyberattack. The largest oil pipeline operator in the U.S. was subjected to a ransomware attack, causing significant disruptions in fuel supply along the East Coast. The quick activation of the program led to a swift restoration of the system, resulting in only minor financial losses.

During the 2020 U.S. elections, various cyberattacks targeted election infrastructure. However, the program significantly minimized their effects. The protective measures bolstered the resilience of critical infrastructure, offering strong defense against cyber threats.

In Türkiye, authorities have recognized the criticality of cyberterrorism as a significant and growing danger in the digital age and are contemplating the establishment of a new independent cybersecurity agency. President Recep Tayyip Erdoğan views the creation of such an institution as a necessity. Foreign Minister Hakan Fidan emphasized the government's awareness of cybersecurity, noting that institutions from the Transport and Infrastructure Ministry to the National Intelligence Organization (MIT) are already engaged in tackling these threats.

Need for new legal frameworks

Another major concern is that existing laws are outdated in the face of advancements in electronic and cyber warfare.

Traditional war laws, created to govern state conflicts in the 19th and early 20th centuries, are inadequate for modern warfare. EW and cyber tactics introduce complexities that surpass these laws. The involvement of often anonymous non-state actors complicates the assignment of responsibility, leading to legal ambiguities.

Moreover, traditional war laws depend on physical attacks to define the start of conflicts, whereas EW and cyberattacks target information systems and disrupt economies. This ambiguity raises questions about when such actions constitute acts of war. Furthermore, the principles of proportionality and distinction – key aspects of war law – are harder to apply, as these attacks often blur the lines between military and civilian targets.

Therefore, it is essential to develop updated legal frameworks that account for the new actors and threats introduced by these technologies. However, traditional laws remain somewhat applicable when EW and cyberattacks can be attributed to states or recognized entities. For instance, Israel's pager attacks on Hezbollah members in Lebanon and Syria violated the distinction between civilians and combatants, with civilian casualties and fear-inducing tactics that could be classified as war crimes under international law.

As EW and cyber warfare redefine the battlefield, nations must urgently adapt their defense strategies and legal frameworks to address these evolving threats. The vulnerabilities of critical infrastructure expose societies to unprecedented risks. Without proactive measures and updated laws, the consequences of cyber warfare could lead to significant destabilization, economic disruption and a new era of conflict.