Abstract: This critical analysis evaluates Thomas Rid’s thesis in “Cyber War Will Not Take Place,” which argues that cyber operations do not fulfil Clausewitzian criteria for war. It supports Rid’s overall assertion while exploring nuances and limitations in his argument. Despite the compelling nature of Rid’s claim that cyber war as a standalone phenomenon is unlikely, the analysis underscores the complementary role of cyber operations in modern warfare. It highlights their strategic implications within the broader framework of hybrid conflict.
Problem statement: How should cyber operations be classified in the broader context of hybrid warfare?
So what?: Scholars, policymakers, and military strategists should embrace a balanced approach that acknowledges the complementary role of cyber operations in warfare. Restraint and non-violent uses of cyberspace should be emphasised to avoid unnecessary escalation and the risk of a cyber arms race.
Source: shutterstock.com/YinNarukami
Setting the Stage
In recent years, interest in cyber warfare has surged, driven by technological advances like artificial intelligence and growing awareness of vulnerabilities in daily life. Media narratives have amplified fears, portraying cyberspace as an unpredictable threat that could strike anyone, anytime, fuelling exaggerated and alarmist rhetoric. This has led to a securitisation of the topic, where fears dominate the discussion and sometimes provoke overreactions from governments. Such dynamics risk transforming speculative cyber threats into self-fulfilling prophecies that may accidentally escalate tensions.
The cyber domain represents another arena where traditional geopolitical competition extends. It does not mark a fundamental shift in warfare but rather a continuation of using new tools in existing power struggles. The portrayal of cyber operations as a revolutionary change often overlooks these broader political and strategic underlying dynamics.
Cyber developments have not triggered a revolution in military affairs but represent a natural progression in adopting new technologies—a pattern seen throughout human conflict.[1] The key changes involve expanding targets to include non-physical assets like data and accelerating interactions in diplomacy and public diplomacy.[2] However, such acceleration is not new—similar changes occurred with the advent of the telegraph or telephone. While some view the cyber domain as marking a radical shift, this perspective appears overstated. A more restrained, evidence-based portrayal of cyber threats by media outlets is necessary not to fuel fears and sensationalist discourses.
Cyber developments have not triggered a revolution in military affairs but represent a natural progression in adopting new technologies.
Recent conflicts, like the war in Ukraine, serve as prime examples of the supplementary role of cyber operations. Predictions of a new generation of predominantly virtual warfare failed to materialise; instead, traditional armed conflict prevailed, with cyber activities merely enhancing conventional tactics.[3] This trend holds true in other conflicts as well, demonstrating the supporting scope of cyber warfare rather than shaping battle outcomes.
Thomas Rid challenges these alarmist claims by relying on Clausewitz’s definition of war, emphasising violence, instrumentality, and political attribution. By adhering to this framework, Rid effectively dismantles the illusion of cyber war as a transformative force, demonstrating that cyber operations are simply acts of sabotage, subversion or espionage. Despite technological advancements, his core arguments remain relevant, highlighting the limitations of cyber operations as acts of war.
Overview of Rid’s Argument
According to Rid, cyber war has never happened in the past, does not occur in the present, and is unlikely to occur in the future.[4] In his article, Rid explains what Clausewitz identified as the three essential criteria that must be met simultaneously for an action to qualify as war: violence, instrumentality, and political nature. Rid argues that no cyberattack meets all these criteria, and, therefore, cyber operations cannot be considered acts of war.[5]
War inherently involves the use of force to compel the enemy to submit to the aggressor’s will, making violence a fundamental characteristic. Without the potential for violence, an action cannot be classified as war. Instrumentality emphasises that war serves a purpose—it employs violence to achieve political or strategic goals. Lastly, Clausewitz described war as inherently political, driven by clear political intentions and broader objectives. War is never an isolated event but part of a larger political context, and every act of violence must be attributed to one side, as history does not acknowledge acts of war without attribution.
Using this framework, Rid contends that cyber operations, while disruptive, fall short of being acts of war. Most lack direct physical violence, often producing metaphorical rather than literal impacts. Even when cyberattacks weaken enemy defences or manipulate behaviour, their instrumental use is limited. Furthermore, the anonymity of cyber operations complicates political attribution, a key criterion for Clausewitzian war.[6]
The anonymity of cyber operations complicates political attribution, a key criterion for Clausewitzian war.
Rid reached these conclusions through the analysis of case studies, always guided by Clausewitz’s criteria. One prominent example he examines is the 2007 “cyberattack” on Estonia, frequently cited as a notable case of cyber warfare. Estonia, as one of the world’s most interconnected nations, was particularly vulnerable to cyber threats. Starting on April 27, the country was hit by low-tech methods like ping floods and basic denial-of-service (DoS) attacks, which later escalated to more sophisticated botnet-driven distributed denial-of-service (DDoS) attacks. Remarkably, the attacks persisted for an unusually long time—three weeks, ending on May 19.
As Rid highlights, the attack’s main long-term result was only Estonia’s success in persuading NATO to establish the Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn. Rid uses this case to illustrate what is fundamentally lacking for such incidents to qualify as war. The DDoS attacks, while disruptive, did not involve violence, even potentially. Furthermore, the attacks were not instrumentally tied to a tactical objective, and the perpetrators remained unidentified, with no clear political backing. Therefore, this attack, often considered one of the first acts of cyber war, fails to meet any of Clausewitz’s criteria—not even one.
Rid further categorises cyberattacks into three distinct activities: subversion, espionage, and sabotage.[7] According to him, these activities, often carried out by both state and private actors, align more closely with criminal acts than traditional warfare. While these cyber actions do not qualify as acts of war, they still serve political purposes. Unlike warfare, they do not rely on violence to be effective, nor do they always need to be instrumental. Importantly, these activities are inherently political yet frequently avoid attribution. Rid also notes that cyber actions can complement military operations, blurring the distinction between cyber activities and conventional warfare.
Critiques from Scholars
John Stone, in his article “Cyber War Will Take Place,” written as a direct response to Rid’s argument, counters Rid’s claims by arguing that violence and lethality “are not inexorably linked,” particularly in the context of cyberattacks.[8] Drawing on historical examples, Stone demonstrates that war does not need to be inherently lethal. He highlights that cyberattacks, while not always violent, can still constitute acts of war by achieving strategic objectives through technological means. War “need not be lethal in character: [cyberattacks] can break things, rather than kill people, and still fall under the rubric of war.”[9]
Cyberattacks can break things, rather than kill people, and still fall under the rubric of war.
Similarly, Erik Gartzke, in his article “The Myth of Cyberwar,” argues that Rid’s strict adherence to Clausewitz overlooks the role of cyber operations in complementing traditional warfare. While he shares some scepticism about the exaggerated implications of cyberwar, Gartzke challenges Rid’s view that “cyberwar is not sufficiently violent or casualty-producing to be considered war”.[10] He warns that dismissing cyber operations risks overlooking their significant support role in traditional warfare. Gartzke emphasises that cyberwar doesn’t need to replace traditional war but can effectively complement “earthbound warfare”.[11]
Another key challenge is political attribution—cyber operations often lack clear responsibility, as no actor openly claims involvement. According to Clausewitz, acts of war must have political intent and serve a broader objective. Cyber operations that lack clear attribution fail to meet these criteria, as war is not isolated but part of a larger political strategy. Rid argues that attribution is not purely a technical problem but inherently political, involving subjective interpretation based on the context and actors. This makes defining cyber operations as war problematic when rigidly viewed through a Clausewitzian lens.
Valeriano and Maness, in “Cyber War versus Cyber Realities,” support Rid’s argument that cyber warfare differs fundamentally from traditional war as it fails to compel the enemy’s submission.[12] Historically, cyber conflict has been ineffective in changing state behaviour, and this trend is unlikely to change. What comes out of their analysis is that low-level cyber operations are often tolerated, while high-level operations are avoided due to risks of escalation. Cyber restraint, indeed, remains the norm, as states avoid crossing “red lines” to prevent triggering war, civilian harm, or economic retaliation. Valeriano and Maness argue that cyber operations lack the strategic impact needed to transform military strategy or international relations, and advances in cyber capabilities are unlikely to lead to a fully militarised cyber reality.[13]
Supporting Rid, Maschmeyer describes the “subversive trilemma,” which highlights the inherent limitations of cyber operations in achieving strategic objectives. The trade-offs between speed, intensity, and control limit their strategic utility, making cyber operations inherently constrained in effectiveness compared to traditional warfare. Cyber activities rely on secrecy and exploitation of system vulnerabilities, which keeps costs low but prevents them from achieving the level of impact seen in conventional warfare. As a result, they fail to reach the threshold of traditional warfare and struggle to fulfil their strategic potential, constrained by the very characteristics that define them.
Critiques and Counterarguments
While Rid’s argument is compelling, certain aspects require further discussion, particularly regarding his conception of physical violence and mediated confrontation. Although Rid’s position on the impossibility of cyber war is generally persuasive, some critiques and clarifications are necessary to refine and expand upon his argument. These nuances aim to address the evolving nature of cyber operations and their potential strategic impact, which Rid’s analysis sometimes appears to underestimate.
For example, Rid emphasises the absence of direct physical violence in cyber operations. Rid suggests that “in most armed confrontations, be they conventional or unconventional, the use of force is more or less straightforward,”. In contrast, in cyber warfare, the sequence of causes and consequences is “far more complex and mediated.”[14] He emphasises that the consequences of cyber warfare—such as fatalities or the disabling of military units—are indirect, delayed, and subject to chance and friction. However, this distinction oversimplifies traditional conflict, where actions like economic blockades or precision strikes can also have complex causal chains and delayed impacts.
In cyber warfare, the sequence of causes and consequences is far more complex and mediated.
In addition to arguing against the potential for cyberattacks to cause direct physical impact, Rid dismisses their capacity to achieve effects comparable to kinetic warfare. He bases this view on the limited impact of past cyber incidents. This perspective, however, overlooks the potential evolution of cyber capabilities, particularly with advancements in artificial intelligence and autonomous systems. While cyberattacks have not yet caused large-scale casualties, future operations could become significantly more destructive. Consequently, Rid also finds that cyber operations fail to meet the instrumentality criterion, as he views their effects as being too indirect, often producing complex and mediated outcomes.
Even if cyber operations lack the violence criterion, Rid underestimates the strategic impact of non-violent cyber activities. Cyber activities like disrupting infrastructure, destabilising governments, or crippling economies can have significant consequences without physical violence. For example, the 2010 Stuxnet attack on Iran’s nuclear program, which Rid himself mentions in his article but does not define as an act of war, caused significant disruption by targeting centrifuges at the Natanz facility. This operation delayed Iran’s nuclear ambitions without causing direct physical harm to individuals. It demonstrates how cyber operations can achieve strategic objectives and influence state behaviour, challenging Rid’s assumption that cyberattacks cannot produce effects comparable to kinetic warfare. In this case, using military means, such as airstrikes on nuclear facilities, would have carried major geopolitical and human consequences. While indirect, the use of cyber means avoided these repercussions while still achieving the intended strategic outcome.
Even if cyber operations lack the violence criterion, Rid underestimates the strategic impact of non-violent cyber activities.
Rid also emphasises the difficulty of political attribution in cyber operations, arguing that anonymity undermines their classification as acts of war. While the notion of war as a continuation of politics is generally accepted, focusing solely on straightforward political attribution seems overly simplistic. Cyber operations are inherently anonymous by nature; no actor is likely to claim responsibility for actions in this domain openly. The intent is often to inflict damage while avoiding escalation and retaliation. As a result, in the realm of cyber warfare, it is unlikely that actors will willingly take credit for their operations, making anonymity an intrinsic feature rather than a disqualifying factor.
![The subversive trilemma[15]](https://tdhj.org/wp-content/uploads/2024/12/Picture1-1.png)
The subversive trilemma[15]
Continuing to view hostile acts in cyberspace strictly through the lens of warfare risks either ignoring the vast swathes of cyber hostilities that don’t reach the requisite threshold for warfare or classifying all acts of cyber hostilities as warfare—neither of which is an ideal solution.[16] This rigid classification fails to account for the wide range of activities in cyberspace that, while disruptive, do not constitute acts of war but are still critical to understanding the broader landscape of cyber conflict.
Rid rightly highlights that cyberattacks lack direct physical violence. However, cyber operations can disrupt financial systems, create blackouts, or undermine public trust—achieving coercive power without immediate physical harm. The indirect nature of these attacks doesn’t diminish their potential impact, and advancements in AI and connectivity could allow cyber operations to bridge the gap between cyber and kinetic effects in the future.
Moreover, Rid also underestimates the role of cyber operations as complementary tools in warfare. As Gartzke notes, while cyber operations may not replace conventional conflict, they can act as force multipliers by disrupting logistics, targeting defence systems, or spreading disinformation, ultimately influencing outcomes on the battlefield. These indirect tactics may not meet Clausewitz’s strict criteria but can potentially influence outcomes on the battlefield.
While cyber operations may not replace conventional conflict, they can act as force multipliers by disrupting logistics, targeting defence systems, or spreading disinformation, ultimately influencing outcomes on the battlefield.
Rid’s argument minimises the strategic impact of cyber operations that don’t meet Clausewitz’s criteria for war. He doesn’t explore the grey area between full cyber dominance and the absence of impactful cyber activities, which falls under hybrid warfare. While Rid’s scepticism about alarmist predictions is valuable, it’s essential not to conclude that high-intensity cyberattacks will never occur. As Valeriano and Maness argue, the absence of major attacks may be due to strategic restraint, fear of retaliation, or collateral damage concerns rather than limitations of the cyber domain itself. Furthermore, theories like the subversive trilemma point to inherent limitations in subversive tactics that have so far kept cyber operations below the level of conventional warfare.
Finally, greater digital interconnection in the future does not necessarily lead to a fully militarised cyber landscape. Assuming inevitable large-scale cyber conflict risks creating a self-fulfilling prophecy. Instead, scholars suggest emphasising restraint and nonviolent uses of cyberspace. While cyber operations may not redefine warfare entirely, they need to be understood with a balanced perspective that neither overstates nor dismisses their potential.
Not A Distinct Phenomenon
Ultimately, Rid’s claim that cyber war will not occur as a distinct phenomenon remains convincing. Cyber operations continue to serve as supplementary tactics rather than replacing traditional forms of warfare, and the general hype surrounding cyber conflict often overstates its reality. The perception of cyber threats as fundamentally altering the nature of warfare is dangerous, and allowing this narrative to drive policies and arms acquisitions risks destabilising international relations.
Cyber operations are better understood as sophisticated forms of subversion rather than acts of war, as highlighted by Valeriano and Maness’s view. Maschmeyer’s emphasis on exploiting vulnerabilities further supports this, identifying cyber operations as subversion. However, Rid’s strict adherence to Clausewitz’s elements of war, emphasising direct violence, is perhaps overly rigid.
Cyber operations are better understood as sophisticated forms of subversion rather than acts of war.
In contrast, Gartzke’s argument views cyberattacks as a complementary tool within the broader warfare toolkit, supporting traditional military tactics rather than replacing them. This perspective is reinforced by the ongoing arms race in cyber capabilities and NATO’s recognition of cyberspace as an operational domain.[17]
Subversive tactics, while not dependent on conventional tactics, can contribute meaningfully to achieving strategic goals, even if they do not fit the traditional definition of “warfare”.
The hype surrounding cyber threats can potentially create a dangerous security dilemma, pushing states to expand their cyber capabilities, escalate tensions, and spark an unnecessary arms race. While Rid’s assessment that a standalone cyber war is unlikely remains valid, cyber operations’ role in modern warfare must not be overlooked.
Nicola Bonsegna is a student with research interests in defence technologies, military strategies, and cybersecurity. He has published articles on strategic studies, including topics such as the strategic integration of unmanned systems and defence innovation. His academic background focuses on international security and defence studies. The views contained in this article are the author’s alone and do not represent the views of the University of Trento.
[1] Brandon Valeriano and Ryan C. Maness, Cyber War versus Cyber Realities: Cyber Conflict in the International System (Oxford: Oxford University Press, 2015), https://doi.org/10.1093/acprof:oso/9780190204792.001.0001.
[2] Idem.
[3] Grace B. Mueller, Benjamin Jensen, Brandon Valeriano, Ryan C. Maness, and Jose M. Macias, “Cyber Operations During the Russo-Ukrainian War: A Preliminary Assessment,” Washington, DC: Center for Strategic and International Studies (CSIS), July 13, 2023, https://csis-website-prod.s3.amazonaws.com/s3fs-public/2023-07/230713_Mueller_CyberOps_RussiaUkraine.pdf.
[4] Thomas Rid, “Cyber War Will Not Take Place,” Journal of Strategic Studies 35, no. 1 (2011): 5–32, https://doi.org/10.1080/01402390.2011.608939.
[5] Idem.
[6] Idem.
[7] Idem.
[8] John Stone, “Cyber War Will Take Place!,” Journal of Strategic Studies 36, no. 1 (2013): 101–8, https://doi.org/10.1080/01402390.2012.730485.
[9] Idem.
[10] Erik Gartzke, “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth,” International Security 38, no. 2 (2013): 41–73, https://www.jstor.org/stable/24480930.
[11] Idem.
[12] Brandon Valeriano and Ryan C. Maness, Cyber War versus Cyber Realities: Cyber Conflict in the International System (Oxford: Oxford University Press, 2015), https://doi.org/10.1093/acprof:oso/9780190204792.001.0001.
[13] Idem.
[14] Thomas Rid, “Cyber War Will Not Take Place,” Journal of Strategic Studies 35, no. 1 (2011): 5–32, https://doi.org/10.1080/01402390.2011.608939.
[15] Lennart Maschmeyer, “The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations,” International Security 46, no. 2 (2021): 51–90, https://doi.org/10.1162/isec_a_00418.
[16] E. Crawford, “The Fanciful World of Cyber Warfare,” The Sydney Morning Herald, September 03, 2013, https://www.smh.com.au/national/the-fanciful-world-of-cyber-warfare-20130903-2tq2q.html.
[17] Tomas Minárik, “NATO Recognizes Cyberspace as a ‘Domain of Operations’ at Warsaw Summit,” NATO Cooperative Cyber Defence Centre of Excellence, July 2016, https://ccdcoe.org/incyder-articles/nato-recognises-cyberspace-as-a-domain-of-operations-at-warsaw-summit/.
