In April 2007, on the occasion of a diplomatic conflict with Russia, the websites of numerous institutions, companies and media enterprises in Estonia were paralysed for several days. In August 2008, Georgia's institutional sites were attacked by pro-Russian pirates. Each conflict, whether diplomatic or military, is now accompanied by some form of 'information confrontation' which is more or less spontaneous. Even so, is it systematically possible to speak of an 'information war'? It is, in fact, difficult to speak of 'war' when the objective of the attack is purely financial or when the pirates are content with modifying websites to leave some pseudo-patriotic messages. It is also difficult to speak of cyber terrorism, as long as the SCADA (supervisory control and data acquisition) systems, which directly control certain automatisms at the heart of our sensitive infrastructures, are not directly affected.

While it is essential not to tarnish the term 'information war', the boundaries between cyber criminality, cyber terrorism and cyber war are, however, close. The amateur pirate becomes more professional, the professional sells himself and the terrorist takes over the methods used by criminal organisations. The growing interconnection of networks and recourse to standard protocols for reasons associated with cost and interoperability also render sensitive networks increasingly vulnerable. Lastly, the asymmetric aspect (at least in terms of appearance) of the information weapon renders it very attractive to certain states and terrorist groups. Whether it is wanted or not, the information war will therefore become a reality, because the sovereignty of states is directly threatened, just like the 'botnet' [software robot] networks, a sort of fifth column of the internet, to be found at the heart of every substantial attack.

Faced with this threat, a (French) white paper underlined that there was an urgent need for France to equip itself with defensive as well as offensive capacities. A doctrine and operational concepts compatible with national and international law will now have to be developed; these must be politically acceptable and technically suitable. Cyberspace is now a particular battle zone, with a double aspect - both physical and cognitive - giving rise to multiple forms of confrontation: the fight for information, the fight viainformation (psychological war), the fight againstenemy infrastructures. The division of responsibilities is therefore particularly difficult. Undoubtedly, for want of having resolved this thorny issue, the US Department of Defence, which is very advanced on the matter, has just announced that it is signalling a pause in the operational deployment of the US Air Force's Cyber Command.

(*) Guillaume Tissier (gtissier@ceis-strat.com) is head of the Operational Risks Department at CEIS, the European Company for Strategic Intelligence.