Another example of warlike code is the NotPetya "mock ransomware" attack that devastated Ukrainian businesses. At first, that attack seemed to be a sophisticated ransomware operation — where criminals take control of an organization's network and threaten to erase or encrypt critical data unless they receive a pay-off. However, because NotPetya went straight to damaging systems and deleting data, rather than waiting for a pay-out or stealing data, the malware is viewed by most researchers as a weapon in the ongoing war in Ukraine.

Other famous instances that recur in the cyberwar conversation, like the 2007 cyber attacks against Estonia that were attributed to Russia, or alleged Chinese intellectual property theft in the United States, are really more akin to vandalism and espionage in their methods and effects.

While all those cyberwar and potential-cyberwar examples may seem minor compared with traditional warfare, they are signals of a troubling turn in nations' cyber-statecraft.

First, those attacks — hard to attribute, borderless, and sudden — show how cyber threats erode sovereign power. After all, from the Treaty of Westphalia to the digital age, sovereigns have held some very basic, unchanging attributes. At the very least, those attributes include the ability to secure a nation's borders and to have some modicum of control of the activities within those borders. When an aggressor has the ability to use borderless networks to launch attacks that can't be intercepted or prevented, those attributes and therefore sovereignty itself are called into question.

Second, the use of digital networks to carry out attacks significantly threatens innovation. After all, the internet has been an unparalleled engine for growth. But real or imagined cyber threats use those same networks. The temptation, then, is to limit connectivity or to set up networks of walled gardens in an attempt to ensure better control or security.