Abstract

This report provides a comprehensive analysis of the evolution of modern conflict into the paradigm of hybrid warfare, where traditional boundaries between war and peace have dissolved into a digital "grey zone". It establishes that cybersecurity has shifted from a technical IT concern to a top-tier existential strategic imperative for national defense and global stability. The study examines the mechanisms of this shift across three critical dimensions: technical execution, economic impact, and the resulting legal and political quagmires.

The technical analysis distinguishes between offensive and defensive instruments, highlighting the use of "wiper" malware—such as WhisperGate, IsaacWiper, and Industroyer—designed solely for infrastructure destruction rather than financial gain. The report details the integration of Artificial Intelligence (AI) in automating attacks and generating disinformation, alongside the rise of uncrewed aerial vehicles (UAVs) in coordinated strikes like Ukraine’s "Operation Spider’s Web". Case studies from the conflicts in Ukraine and Israel-Hamas illustrate how these tools are leveraged to sabotage critical infrastructure and exploit societal vulnerabilities.

A primary contribution of this research is the application of complex economic theories to cyber conflict. The "O-Ring Theory" is utilized to demonstrate how globalized supply chains are only as strong as their weakest digital link; a single cyber blockade can drop the value of an entire production chain to zero. Furthermore, the report identifies a "Reverse Romer" effect, where persistent digital insecurity discourages investment and leads to technological regression. The "Dutch Disease" phenomenon is also explored, showing how nations may over-invest in the "Guns" (military) sector at the expense of the "Butter" (consumer) sector, leading to long-term economic vulnerability.

The final section addresses the crisis of accountability in cyberspace. It analyzes the "attribution problem," where the use of proxies and false flags complicates state responsibility under international law. The application of the Tallinn Manual’s rules and the Schmitt Analysis is discussed to determine when a cyber operation constitutes a "use of force". Finally, the report evaluates proactive policy responses, including the EU’s NIS2 Directive and NATO’s recognition that severe cyberattacks may trigger Article 5 collective defense.

The report concludes that the stability of the international order depends on transitioning from reactive measures to proactive governance. This includes "humanizing" cyber warfare through Geneva Convention-style frameworks and enforcing strict security standards to mitigate the "nuclear curse" of modern technology.

Download the full document

Lead Researchers: Cesar Latorre Hernandez, Elie Joe J. Akiki

Senior Researchers: Agustin Plaza de Los Reyes Alvarez, Alberto Martinez Fraile, Michela Salama-Robino, Sarah Maria Y. Chalhoub