The geopolitical environment is becoming increasingly unstable, and cybersecurity professionals are finding themselves closer than ever to the front lines of global conflict.
In a recent conversation on CYBR.SEC.CAST, Dragos CEO and U.S. National Guard Lt. Col. Rob Lee warned that the cyber domain is now deeply intertwined with modern warfare and adversaries are increasingly targeting civilians.
“There's some really bad people that want to do really bad things to people that don’t deserve it,” Lee said.
Full Episode:
Bill Brenner
Lee drew a sharp distinction between traditional military conflict and the growing pattern of cyber operations aimed at civilian infrastructure. In kinetic warfare, soldiers understand the risks they accept when they put on the uniform.
“You sign a check up to and including your life,” he said.
But civilians are supposed to be off limits.
That boundary, Lee warned, is increasingly being ignored.
From cyber operations against healthcare systems to attacks on water utilities and energy infrastructure, adversaries are targeting systems that directly affect everyday life.
Examples:
George V. Hulme
George V. Hulme
While debates continue inside the cybersecurity community about terminology – whether certain incidents qualify as “cyberwar” – Lee believes the focus should be elsewhere.
Bad actors are conducting operations that can disrupt essential services, put hospitals offline, and potentially cost lives. In Lee’s view, that shifts the conversation away from financial risk or corporate liability and into something far more serious.
“We’re talking about existential risk to people’s lives,” he said.
Lee pointed to examples during the COVID-19 pandemic when adversaries attempted to infiltrate pharmaceutical companies working on vaccines. While those attempts did not ultimately succeed in manipulating vaccine formulas, the intent alone crossed an ethical threshold.
“That’s not something you can empathize with,” he said. “That’s actually evil.”
The same principle applies to attacks on critical infrastructure. When cyber operations deliberately target power grids, water treatment facilities, or hospitals, the objective is often to create disruption that affects civilians.
Lee believes the cybersecurity community must stop minimizing the consequences of these incidents.
Related:
Bill Brenner
“We’ve already had people die because of cyberattacks,” he said. “You can debate the technical chain of events, but the result is still the same.”
For Lee, the issue ultimately comes down to values. Military professionals across many nations may disagree politically or strategically, but there has historically been a shared understanding that civilians should not be directly targeted.
When that line disappears, the consequences escalate rapidly.
Cyber is no longer just about protecting networks. In many cases, it is about protecting human lives.
