Cyberwar and cyberwarfare have often been used interchangeably, leading many to believe that states do not engage in cyberwarfare. The traditional definition of a war is a conflict in which at least 1000 people die, whereas warfare merely denotes the use of force. In the realm of cyberspace, where there is no battlefield and no physical casualties, we must abandon preconceived notions of war and acknowledge that cyberwarfare is occurring but has taken the guise of an alternative method of conducting war, namely guerilla warfare.
In a guerilla war, nations no longer play a part, with armies dissolving into small group of combatants such as armed civilians or irregulars using alternative methods of fighting, namely ambushes, sabotage and hit-and-run tactics, rather than open confrontation. Therefore, cyberwarfare fits perfectly into this model with hackers that for all intents and purposes have no nationality and are grouped in little cells engaging in hit-and-run attacks in cyberspace.
Moreover, the typical government response to these hackers and their activities conforms to the guerilla model, with state responses being large and cumbersome, while hackers, being more mobile with no affiliations being able to melt back into the populace, until the opportunity arises.
Finally, cyberwarfare is the textbook definition of guerilla warfare, since force is used, but is not limited to personnel, and the goal is not inflict as heavy a loss as possible on the enemy, rather it is to harass and weaken the enemy through sabotage and the capture of enemy resources and intelligence. Moreover, the goal of cyberwarfare and guerilla warfare is to inflict psychological harm to the point at which the enemy is eventually unable to prosecute the war any longer, and is forced to withdraw, or is so preoccupied with fending off guerilla attacks that it no longer poses an offensive threat and is forced into a pure defensive position.
In conclusion, the threat of cyberwarfare must be recognized and the focus should not be placed on the crucial number of causalities, but rather it should focused on the frequency of attacks and the strength of state cyber security and whether or not it has been weakened to the point at which it can longer effectively deter further guerilla style cyber-attacks.