Cyber warfare hits a new level | Top 5 Risks | RiskMap 2020
Top 5 Risks
3 Cyber warfare hits a new level
Tensions are rising in the digital arena. As cyber weapons have become more capable and proliferated, the apparent restraint shown by most states is crumbling. At the same time, interconnectivity of cyber-physical systemsi is accelerating and will soon overtake other systems connected to the internet. This convergence of factors has created a global powder keg and 2020 may well provide the spark.
A failure of diplomacy
Cyber conflict and attacks affecting physical systems are not new. Since 2010 and the first discovery of Stuxnetii, most governments have sought to acquire and test digital capabilities that would support and sometimes replace conventional military and intelligence requirements. In 2020, this quest will become even more prominent.
Nation states sought strategies to mitigate and contain the risks associated with the unfettered proliferation of offensive digital capabilities. Multilateral and bilateral engagements on curbing the impact of cyber attacks emerged. At their helm, the US administration under President Obama engaged in a long-haul effort to leverage both diplomacy and coercion through public shaming and indictments of suspected cyber attackers, in a bid to maintain control of the digital arena.
These efforts were not focused on the potential physical effects of cyber attacks but rather on countering espionage and criminal operations. In 2015 the signature of the Obama-Xi agreement on curbing commercial espionage between the US and China was hailed as a significant victory for diplomacy in cyberspace. Norms seemed to rapidly take shape in regulating the behaviour of state actors in this domain. However, the combination of more disruptive attacks against critical infrastructure and a more confrontational US foreign policy under the Trump administration have led to a radical reversing of these efforts. This reversing will continue in 2020.
Between 2017 and 2019, US Cyber Command overtly retaliated against diplomatic and security incidents with disruptive cyber attacks on Russia, North Korea and Iran, impacting troll farms, internet infrastructure and military databases respectively. The 2015 agreement was torn to pieces. The rapidity of this change forced US allies and adversaries to consider their own retaliatory capabilities. While the show of force by the US in 2018 and 2019 has led to a more cautious approach by cyber threat actors, this lull was temporary; those actors are adapting to a more assertive US in cyberspace and have honed their tools in the interim. We expect a resurgence of disruptive activity in 2020.
The US will continue to increase its overt assertion of capabilities next year; Russia and Iran will resume disruptive operations. China is unlikely to step into this arena in 2020 but will continue to clash with the US in the battle for supremacy of infrastructure and technology.
North Korea, however, will likely return to its previous propensity for politically motivated disruptive operations, such as the attacks targeting Sony Pictures Entertainment in 2014. New players are also set to enter this arena: India and Pakistan have rapidly been projecting their conflict in the digital sphere. South Korea, France, Germany, Japan, Saudi Arabia and other jurisdictions are likely to be ready for escalation in cyberspace. Criminals are repurposing such capabilities for financial gains too.
Source: Control Risks
The consequences of this shift have already begun to manifest and will amplify next year. Following the physical attacks in the Strait of Hormuz, there have been cyber attacks against commercial vessels and disruptive attacks against Iranian military databases. These are all part of a rapidly escalating cyber conflict with Iran and the first signs of this new reality. Cyber capabilities are steadily becoming less covert, and more conventional tools of projecting force in the international arena.
The military strategies of most countries across the world now feature a prominent focus on cyber offensive capabilities. States’ ambitions are clear – to cripple an adversary’s critical infrastructure by deploying disruptive and destructive cyber tools. NATO in August 2019 asserted that Article 5, its mutual defence principle, could be invoked in response to a cyber attack. Although this remains unlikely today, given the historical challenges associated with this Article, it is a strong signal that NATO is willing to escalate in cyberspace. In 2017, Guillaume Poupard, the director of France’s national cyber security agency ANSSI, said:
“With what we see today — attacks that are criminal, from states, often for espionage or fraud but also more and more for sabotage or destruction — we are getting closer, clearly, to a state of war… that could be more complicated, probably, than those we’ve known until now.”
With the current tense global climate, 2020 may be the year where this new state of war materialises.
The spider’s web
The ubiquity of connected systems makes cyber an attractive and effective tool of coercion, espionage and eventually war. Digital tools have already been used for physical sabotage, espionage and even destruction. What has fundamentally changed is the potential for cascading and contagion effects across a globally interconnected digital infrastructure. WCry and NotPetya in 2017, reportedly the work of North Korean and Russian hackers respectively, showed the world how rapidly this contagion could occur – and neither of these attacks were operated well. They spread out of control, using tools that were already known and did not have the hallmarks of a carefully planned state operation. Still, their impact was felt by many with thousands of computers and servers around the world rendered inoperable and recorded losses in the billions of dollars globally.
The world is on the cusp of a revolution, with next-generation telecommunication technologies and computing likely to emerge in 2020. 5G networks, satellite internet coverage for remote locations, new subsea cables, smart cities and industry 4.0 will exponentially increase the number of devices connected to one another across the planet and will begin rolling out in 2020.
Emergence of 5G networks in 2020 with growth to 15% of mobile connections by 2025 (source GSMA The mobile economy 2019).
Most of these will rely on cyber-physical systems to function. Growth in 2020 and 2021 will see these systems overtake conventional computers in terms of their numbers across the world (see figure below). They rely on machine-to-machine connectivity, unhindered by human operators, bringing together a web of sensors across geographies to generate information and capacity that could provide staggering benefits to societies. These are the systems that are most likely to be targeted willingly, or affected unwittingly, when threat actors seek to disrupt or destroy their adversaries’ assets.
Source: IoT Analytics Research
A clash of clans
Public and private sector interests are increasingly at odds in the digital arena. Governments project force and erect digital boundaries. Private sector entities, however, are seeking to ensure seamless connectivity and unhindered technology rollouts to maximise commercial opportunities.
Whereas historically we would expect governments to win such a battle, cyberspace has unique characteristics. The infrastructure, systems and applications enabling the digital arena are built and controlled by the private sector. They are the primary users and will reap the rewards of technological advancements.
Don’t expect the public-private collision on these issues to peak in 2020, but more likely by 2030. In 2020, escalatory conflict in cyberspace will impact businesses around the world as interconnectivity continues to grow. An incident getting out of hand will spread through the global infrastructure that is run, operated and relied on by businesses.
The nature of cyber war is hybrid. That also means its targets and victims will not be contained to governments and militaries. Unconstrained capabilities and more frequent skirmishes, paired with unprecedented connectivity, will set the stage for an explosive year in cyberspace.
iCyber-physical systems are the integrations of computer systems, networks and physical processes. Largely used in manufacturing and heavy industries until recently, their internet-connected subsets – the ‘internet of things’ – are now being adopted much more widely.
iiStuxnet was a joint US-Israeli intelligence operation thought to have started in 2005 and aiming to use malware to disrupt and slow down Iran’s nuclear enrichment programme by targeting cyber-physical systems in enrichment plants’ centrifuges.