the fifth (5th) domain of warfare
WELCOME TO THE BATTLESPACE
Why would Russia, or any hostile nation-state, care about your company?
In wartime, the answer has little to do with your size, your revenue, or whether you believe you are a strategically important target. Your company becomes relevant the moment it operates inside a nation-state considered an adversary in the conflict. That alone can place you within the battlespace either intentionally or as collateral damage.
Modern hybrid warfare does not respect corporate boundaries, sectors, or traditional notions of civilian immunity. The fifth (5th) battlespace of hybrid warfare has eliminated these physical boundaries. Private companies are now woven into the digital terrain on which nation-states maneuver, disrupt, and retaliate. As a result:
- You may be targeted for strategic advantage
- You may be attacked for tactical disruption
- You may be exploited as an access vector to someone else
- Or you may be simply caught inside a broad retaliatory campaign
Whether deliberate or incidental, your organization is now part of the contested domain - the fifth domain - cyber. This effectively conscripted role requires a shift from peacetime security assumptions to a wartime defense posture, one built on the expectation of more aggressive objectives and more severe business impacts.
To prepare, companies must understand what wartime cyber operations seek to achieve. Motives in wartime differ fundamentally from criminal hacking or financially motivated ransomware. In conflict, the intent is often to:
- Weaken the opponent’s economy
- Disrupt or degrade infrastructure
- Undermine public trust
- Sow instability
- Or disable the operational capacity of targeted sectors
Below is a model of potential wartime motives and objectives relevant to the private sector which is organized by motive and aligned to sectors most likely to experience their effects. This provides a foundation for readiness planning, risk assessment, scenario testing, and wartime posture development.
WARTIME MOTIVES
In a wartime cyber environment, the motives, intentions, and operational objectives of adversarial nation-states change dramatically. The familiar incentives that drive criminal cyber activity during peacetime such as data theft for resale, extortion, ransom negotiations, or monetization of stolen credentials become far less relevant once conflict escalates.
Wartime cyberattacks reflect strategic and tactical military objectives, not financial ones. In this context:
- Attackers are unlikely to pursue ransom or offer decryption tools.
- System lockouts may be permanent and deliberate, designed to deny you access rather than to profit from it.
- The goal shifts from “make money” to “inflict damage.”
Nation-state adversaries may seek to:
- Disable or degrade your operations
- Create economic disruption
- Undermine infrastructure stability
- Generate social unrest
- Execute retaliatory or punitive strikes
- Reduce national or sector-wide resilience and readiness
The practical reality is stark:
Once targeted in a wartime campaign, and you should operate under the assumption that compromise has already occurred, your company may face complete operational shutdown as a strategic outcome, not a collateral one.
Actions that would appear irrational or self-defeating in peacetime become entirely logical in wartime, where the objective is to weaken, distract, or destabilize the opponent at scale. Organizations must therefore adapt their planning, response posture, and expectations to reflect this fundamental shift in motive and intent.
WARTIME OBJECTIVES
The Cyber Defense Center has developed the world's most comprehensive wartime objective model and approach to wartime planning to address threats to companies which includes every nation-state tactic that materially impacts private-sector operations.
Conceptual Categories
The Cyber Defense Center Wartime Objective Model is the most complete and actionable model ever constructed for private sector readiness. This is the only model of its kind offered worldwide. The model includes eleven (11) wartime objective categories as part of a planning taxonomy which is intended to be used as private sector readiness categories to build tabletop exercises, risk assessments, and wartime playbooks around. These categories include:
1. Espionage & Data Exfiltration
2. Social Destabilization
3. Psychological & Information Operations (PsyOps/IO)
4. Economic Disruption
5. Sabotage & Destruction
6. Domain Control & Occupation
7. Force-Multiplication / Battlefield Support
8. Legal, Regulatory & Governance Warfare
9. Talent, Leadership & Insider Targeting
10. Supply-Chain & Ecosystem Manipulation
11. Public-Private Dependency & Coordination Pressure
Hybrid Warfare
The Cyber Defense Center Wartime Objective Model accounts for hybrid warfare realities without overreaching into pure military domain.
Modern Warfare Doctrine
The Cyber Defense Center Wartime Objective Model includes the most advanced and comprehensive list of readiness categories ever constructed developed in full alignment with U.S. DHS, CISA, NCSC, NSA, and NATO CCDCOE wartime doctrine.
Future Proofing
The Cyber Defense Center Wartime Objective Model is future-proofed, covering deepfake warfare, regulatory warfare, insider weaponization, and ecosystem compromise, all of which are rapidly becoming standard in modern hybrid warfare.
WARTIME OBJECTIVE MODEL
ESPIONAGE & DATA EXFILTRATION
PSYCHOLOGICAL & INFORMATION OPERATIONS (PSYOPS/IO)
ESPIONAGE & DATA EXFILTRATION
Adversaries target companies that possess information with strategic, military, economic, or technological value. During wartime, this includes not only classified or sensitive data but also intellectual property, engineering diagrams, operational telemetry, supplier relationships, and executive communications. Compromised information may be used to gain tactical advantage, accelerate weapons development, support battlefield planning, or undermine national resilience.
Primarily Affects:
Defense Industrial Base | Energy | Nuclear Reactors, Materials & Waste | Chemical | Critical Manufacturing | Communications | Information Technology | Transportation Systems | Financial Services | Government Facilities (private contractors)
SOCIAL DESTABILIZATION
PSYCHOLOGICAL & INFORMATION OPERATIONS (PSYOPS/IO)
ESPIONAGE & DATA EXFILTRATION
Adversaries may target the services your company provides to the public or to dependent industries in order to disrupt community stability, erode trust in institutions, or trigger fear, uncertainty, or doubt. These operations may involve coordinated disinformation, disruption of essential services, or exploitation of public-facing systems to create social, political, or economic unrest.
Primarily Affects:
Food & Agriculture | Energy | Water & Wastewater | Healthcare & Public Health | Emergency Services | Transportation Systems | Government Facilities | Commercial Facilities | Dams
PSYCHOLOGICAL & INFORMATION OPERATIONS (PSYOPS/IO)
PSYCHOLOGICAL & INFORMATION OPERATIONS (PSYOPS/IO)
PSYCHOLOGICAL & INFORMATION OPERATIONS (PSYOPS/IO)
Adversaries may deploy coordinated influence campaigns to manipulate perception, shape decision-making, or erode confidence in your company, its leadership, or the systems it operates. These operations can include fabricated narratives, deepfakes, impersonation, targeted fear-inducing messaging, or attacks designed to trigger confusion and operational hesitation. The goal is to weaken organizational resolve, disrupt coordination, and create cognitive overload during active conflict.
Primarily Affects:
Communications | Information Technology | Financial Services | Healthcare & Public Health | Transportation Systems | Government Facilities | Commercial Facilities | Critical Manufacturing | Food & Agriculture (public perception targets)
ECONOMIC DISRUPTION
DOMAIN CONTROL & OCCUPATION
PSYCHOLOGICAL & INFORMATION OPERATIONS (PSYOPS/IO)
Adversaries may target companies that support national or global economic stability in order to trigger financial shock or weaken an opponent’s economic resilience. These actions can disrupt key markets, halt essential services, or degrade public confidence as part of broader wartime strategy.
Primarily Affects:
Financial Services Sector | Energy Sector | Information Technology Sector | Communications Sector | Transportation Systems Sector | Commercial Facilities Sector | Food and Agriculture Sector
SABOTAGE & DESTRUCTION
DOMAIN CONTROL & OCCUPATION
DOMAIN CONTROL & OCCUPATION
Adversaries may target your company with destructive or disabling operations if your products, services, or infrastructure directly or indirectly support the wartime effort. These attacks aim to degrade battlefield readiness, disrupt military logistics, or weaken national resilience by impairing critical systems or supply chains.
Primarily Affects:
Critical Manufacturing Sector | Chemical Sector | Transportation Systems Sector | Defense Industrial Base Sector | Energy Sector
DOMAIN CONTROL & OCCUPATION
DOMAIN CONTROL & OCCUPATION
DOMAIN CONTROL & OCCUPATION
Adversaries may seek to seize, surveil, or redirect the digital environments your company operates when those systems serve as essential infrastructure for wartime operations. Instead of destroying these assets, attackers may co-opt them to gain tactical or strategic advantage—similar to capturing and controlling bridges or supply routes in conventional warfare. Companies that provide or enable critical technology pathways should expect to become priority targets for persistent access, covert monitoring, or full operational takeover.
Primarily Affects:
Communications Sector | Energy Sector | Information Technology Sector
FORCE MUTIPLICATION / BATTLEFIELD SUPPORT
FORCE MUTIPLICATION / BATTLEFIELD SUPPORT
FORCE MUTIPLICATION / BATTLEFIELD SUPPORT
Adversaries may target your company to enhance or accelerate operations that directly support hostile military or cyber campaigns. This includes exploiting your systems to increase their operational tempo, extend reach, or amplify the impact of other coordinated attacks. Companies unknowingly leveraged as digital “logistics nodes” or operational enhancers can become part of the adversary’s battlefield support infrastructure.
Primarily Affects:
Information Technology Sector | Communications Sector | Defense Industrial Base Sector | Energy Sector | Transportation Systems Sector
LEGAL, REGULATORY, & GOVERNANCE WARFARE
FORCE MUTIPLICATION / BATTLEFIELD SUPPORT
FORCE MUTIPLICATION / BATTLEFIELD SUPPORT
Adversaries exploit legal, regulatory, and governance mechanisms to weaken or immobilize private-sector targets. This may involve flooding organizations with fraudulent claims, triggering regulatory scrutiny, manipulating reporting obligations, or weaponizing compliance processes to consume resources and slow critical operations. Companies may also face attempts to undermine leadership credibility, exploit governance gaps, or coerce operational decisions through legal pressure and fabricated liabilities.
Primarily Affects:
Financial Services | Healthcare & Public Health | Information Technology | Communications | Critical Manufacturing | Government Facilities | Commercial Facilities | Transportation Systems
TALENT, LEADERSHIP, & INSIDER TRAGETING
FORCE MUTIPLICATION / BATTLEFIELD SUPPORT
TALENT, LEADERSHIP, & INSIDER TRAGETING
Adversaries may attempt to weaken your organization by compromising, manipulating, or removing key personnel who enable continuity, leadership, or mission-critical operations. This includes targeting executives, engineers, operators, administrators, or contractors whose access or influence can accelerate operational disruption. Efforts may involve coercion, recruitment, intimidation, burnout tactics, deepfake exploitation, or insider activation — all aimed at degrading your company’s ability to function, respond, or lead during wartime conditions.
Primarily Affects:
Defense Industrial Base Sector | Energy Sector | Information Technology Sector | Healthcare and Public Health Sector | Financial Services Sector | Government Facilities Sector
SUPPLY CHAIN & ECOSYSTEM MANIPULATION
PUBLIC-PRIVATE DEPENDENCY & COORDINATION PRESSURE
TALENT, LEADERSHIP, & INSIDER TRAGETING
Adversaries exploit the interconnected nature of modern business ecosystems by targeting upstream or downstream partners to reach you indirectly. These operations may compromise software providers, logistics networks, cloud platforms, or third-party service dependencies to bypass your defenses, disrupt production, or weaponize trusted relationships. The objective is to destabilize entire value chains rather than a single company.
Primarily Affects:
Information Technology Sector | Transportation Systems Sector | Critical Manufacturing Sector | Healthcare and Public Health Sector | Financial Services Sector | Food and Agriculture Sector | Chemical Sector | Communications Sector
PUBLIC-PRIVATE DEPENDENCY & COORDINATION PRESSURE
PUBLIC-PRIVATE DEPENDENCY & COORDINATION PRESSURE
PUBLIC-PRIVATE DEPENDENCY & COORDINATION PRESSURE
Adversaries may exploit the operational interdependence between your company and government entities to create pressure, confusion, or misalignment during wartime. This includes targeting organizations whose services, infrastructure, or data streams are relied upon by federal, state, or local authorities. Attackers may leverage this dependency to disrupt coordinated response efforts, overload public systems, strain emergency capabilities, or force your company into difficult decisions that affect national resilience.
Primarily Affects:
Energy Sector | Communications Sector | Information Technology Sector | Healthcare and Public Health Sector | Transportation Systems Sector | Water and Wastewater Systems Sector | Emergency Services Sector | Government Facilities Sector