Digital security
In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally powerful and versatile business tool for both nation states and criminals.
January 29, 2024
•
,
4 minutes. read
For thousands of years, nations have engaged in espionage, spying on their neighbors, allies, and adversaries. Traditionally, this field of “espionage” relied largely on human intelligence, but this began to change in the early 1890s with the advent of technologies such as the telegraph, telephone and, subsequently, the intelligence by radio signals (SIGINT). However, in today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally powerful and versatile business tool for nation states and criminals, marking a significant evolution in espionage for the 21st century.
Six benefits of cyber operations
Cyber capabilities are extremely valuable to nation states pursuing political, economic, and military objectives because they provide significant benefits at a relatively low cost in terms of resources and risks.
- Cyber operations can be stealthyallowing undetected access to target systems for data collection or covert activities, as seen in incidents such as Solar winds.
- They can also be strong and disruptive or destructive, as evidenced by conflicts in Ukraine and the Middle East.
- Cyber means are manipulator, useful for influencing scenarios and increasingly deployed on most continents.
- They are lucrative for financial gain, as demonstrated by the activities attributed to North Koreafinancing its military program through ransomware campaigns.
- They can be outsourced by encouraging third party operations as mercenaries or hacktivists willing to undertake these attacks in exchange for money or even political goals and beliefs.
- And they have a high degree of denialas it can take time (including overcoming obfuscation techniques) to trace the origin of an attack with absolute confidence.
The cyber domain is also blessed with a variety of tactics, tools and techniques, supported by a thriving dark web market and an endless array of vulnerabilities to exploit. Additionally, the lack of significant deterrents or sanctions against cyber activities adds to its appeal to nation states.
Global Cyber Operations and the Evolving Tactics of Major Nations
The growing appeal of cyber capabilities among nations is evident, with many striving to maximize their cyber potential. Russia, China, Iran and North Korea are frequently mentioned for their malicious cyber activities. All countries are said to spy, but some are considered to go beyond accepted norms.
China, in particular, makes extensive use of the unique capabilities of cyberspace. The intelligence agencies of Five Eyes countries continually warn on the widespread activities of China-aligned groups that touch every continent. More recently, this alliance has highlighted the scale and sophistication of China’s theft of intellectual property and acquisition of expertise, which has been described as unprecedented.
Russia, while focusing on Ukraine to disruption and destruction, also engages in cyber espionage on a global scale, with Europe particularly in its crosshairs. Russia is also said to have led Influence campaigns in Africatargeting governments with close ties to the West and seeking to undermine governments in other countries that are less supportive of the Russian government.
North Korea-aligned groups remain focused on acquiring defense-related technology, generating revenue through ransomware, and espionage, particularly in Asia. The Lazarus group is probably the most infamous of North Korean hackers, including one alleged attack on Spanish aerospace company.
Iran-aligned groups are expanding their capabilities and reach, beyond their traditional focus on the Middle East. particularly targeting Israel.
Beyond these well-known actors, an ever-increasing number of states are developing their own capabilities to conduct cyber operations beyond their borders or target foreign entities, including embassies, international organizations, businesses and individuals, within their own country. For example, the alleged Belarusian group Moustached Bouncer He is believed to be able to access a Belarusian telecommunications operator to carry out a man-in-the-middle attack against foreign entities in Belarus.
But when internal capabilities are insufficient or to reinforce denial, some countries resort to the private sector and cyber mercenaries. The number of countries involved in cyber operations could exceed 50 and is growing globally. Actually, according to CERT-UE, there were 151 malicious activities of interest targeting EU institutions, including by groups aligned with Turkey and Vietnam. This global trend highlights the growing importance and evolution of the threat landscape.
A window into a complex world
Activities in cyberspace provide insight into the complexities of geopolitics, and often attacks can only be understood through the lens of political intent. The three great world powers are engaged in a struggle for influence, prosperity and power. In most regions, there are ongoing conflicts, latent tensions and political, security and economic challenges. In this climate of instability, heightened competition, often disillusioned populations and in an increasingly digitally connected world, cyber is an extremely practical tool for States to deploy. It is rare these days that bilateral disputes do not involve some form of cyber dimension, whether on the part of state actors, their proxies, or aligned/influenced hacktivists. While some conflicts in cyberspace between nations are predictable, bilateral conflicts can also erupt without warning.
Despite the efforts of the UN, reaching agreement on binding international standards for reasonable state behavior in cyberspace appears unrealistic in the medium term. Faced with this uncomfortable reality, the need for greater international cooperation, policy frameworks and awareness campaigns to manage and mitigate the risks associated with these malicious activities becomes more pressing than ever. Building resilience will require a holistic, society-wide approach, as the cyber domain will remain a crucial battleground in an increasingly turbulent world.