There has been a significant setback in diplomacy and transnational collaborations between states to develop comprehensive norms and practices for managing this area. Warmongering rhetoric is being used, which sounds like a return to the Cold War, albeit online. Actors are increasing their online capabilities and capacities and showing off their powers through actions. The United States (US) President Biden has warned that significant cyber attacks would lead to a real conventional war on the ground (Tung, 2021a). This argument is supported by the North Atlantic Treaty Organization (NATO), which has stated that the series of cyber attacks directed at Western states should be considered similar to a threat of armed attacks (Tung, 2021b). The US agencies, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have warned about hacking campaigns tied to the Russian military. In particular, the SolarWinds attack in 2020 demonstrated the impact of supply-chain attacks. The Russian state-sponsored group, Fancy Bear, was subsequently attributed for the attacks on Western states’ public and private entities. In particular, it has caused concerns that SolarWind targets included the US Justice, State, Energy, and Commerce Departments (Corera, 2021; Gagliordi, 2021; Whitaker, 2021). Some of the attributions of attacks have increased tension and harsh verbal exchanges between the different actors. The US, NATO, the European Union (EU), and the United Kingdom (UK) have accused China of being behind the Microsoft Exchange hack. In return, China accused the US of being behind several attacks against China (Janofsky, 2021; Vincent, 2021).

Ransomware groups have intensified their attacks on critical infrastructure (CI) and essential services with a frequency and severity that has surpassed other cybersecurity concerns. Of all the Western states, the US has experienced an unusually high number of ransomware attacks, directly impacting the public. The 2021 attacks on the Colonial Pipeline and the meat plant JBS prompted the US authorities to raise concerns about the attacks originating from Russia. This led to the Western security actors classifying ransomware attacks as a national security threat. The US took this one step further by directly linking ransomware attacks with terrorism (Barnes, 2021; Bing, 2021; Chapple, 2021; Palmer, 2021; Security, 2021).

Politically motivated cyber attacks are not only associated with state, state-sponsored, and state-supported actors. Non-state actors also use the online environment for political protests, affecting public and private entities, services, and infrastructures. In 2020–2021, hacktivists and other political activists conducted several legal and illegal attacks, which caught worldwide attention. Older, established hacktivist groups, like Anonymous, emerged from the shadows along with new groups showing that hacktivism still constitutes a threat online (Molloy & Tidy, 2020). However, new groups have emerged which are more engaged in collecting data troves in the public spare or accessing open-source codes online (Reuters, 2021; Stone, 2020). Contrary to the hacktivist groups, another breed of political actors launched innovative attacks that did not break the law, i.e. Gen Z and K-pop stans (Alexander, 2020; Lorenz et al., 2020).

Cyberspace is now considered a global domain that creates an information environment of independent networks of systems infrastructure, interlinking Internet telecommunication networks, computer systems, and various embedded processors and controllers (Clark, 2010, p. 1; US DoD 2016; NIST, 2020). The online space comprises an ecosystem blending network technologies and online users based on organic technological evolutions. Different technologies coexist and influence each other within the ecosystem, combined with external forces fuelled by social and technological changes. Technological innovations, computer technologies, interconnectivity, and interdependency create immediate changes to the online ecosystem. These changes are based on a fusion of all communication networks, databases, and information sources in a universal context (Cavelty, 2013, p. 108; Lapointe, 2011, pp. 2–3).

The technology used is instrumental in understanding cyberspace. The material and physical aspects, the electronics used in hardware, software, and the applications linked to the actual operative technologies are defining aspects. Equally important are the language, the interpersonal interactions, the use, and the performance (Manning, 2019, p. 291). Global connectivity is linked to various communication pathways where software is used on millions of computers controlling cyberspace’s storage devices and pathways. These computers continually sense the status of interlinked routers, which means that the online traffic does not follow a linear and direct route. Instead, the data are being routed through various global pathways to arriving at a destination only miles away in the shortest time possible (Inglis, 2016, p. 19).