In 2022 we witnessed significant changes to the geopolitical landscape with the Russian war against Ukraine and the growing tensions between China and the West. This past year has caused major changes to the global world order and with it, also the cybersecurity landscape. Attacks in cyberspace has become a common part of both the war in Ukraine and the hybrid conflicts taking place in the grey zone between peace and war. Looking back at the developments in 2022, it is clear that we need to change our perceptions of the future threat landscape.
As we move into 2023, the landscape of cybersecurity is evolving rapidly. While traditional threats such as ransomware, CEO-fraud, phishing attacks, and data breaches remain a serious concern, the geopolitical aspect of cybersecurity is becoming increasingly more important. In particular, the actions and intentions of Russia and China in the cyber realm have the potential to significantly impact the threat landscape for businesses in the West.
Russia and China’s cyber activities
Russia has a long history of cyber activity, dating back almost to the Cold War. In recent years, the country has been accused of conducting cyber espionage and cyber warfare against other nations. In 2018, the U.S. indicted 12 Russian intelligence officers for their alleged involvement in the 2016 U.S. election interference campaign, which involved the theft and release of sensitive information. Russia has also been linked to a number of high-profile cyber attacks, including the 2017 “NotPetya” ransomware attack and the 2018 attack on the Olympic Winter Games in Pyeongchang. Ever since Ukraine started to sperate from Russian control and influence, the country has been the target for many Russian cyberattacks, among other advanced targeted attacks on the control systems in their electrical grid. Since the Russian invasion February 24th 2022, Ukraine has experienced a barrage of among other deface attacks, denial-of-service attacks and destructive attacks, many of the coordinated with conventional military attacks.
China, on the other hand, has a more nuanced approach to cyber activity, using cyber more for espionage supporting their own economic development. China have been attributed for conducting cyber espionage against other nations, it has also sought to position itself as a leader in cyber security. In 2015, China established a cyber security law that aims to strengthen the country’s cyber security infrastructure and protect its citizens’ personal information. However, the law has been criticized for its broad language and potential for abuse and today China is using technology to control and supress their own population.
Expectations for future attacks
In the current geopolitical situation, we are expecting to see a lot more grey zone conflicts and attacks. Some of the methods that we already have seen being used by Russia are irregular military forces (“little green men”) and other non-military security policy instruments includes cyber-attacks, disinformation, manipulation of the democratic system, influencing elections, real sabotage and various economic measures (investments, corruption, etc.).
When this conflict takes place on the internet, some of the methods we are expecting to be used are e.g. espionage to offset sanctions and advance economic and technological positions, cyber-criminal groups being used by governments to perform attacks where state attribution can be denied, various destructive cyberattacked camouflaged as criminal activities and lots of attacks trying to influence public opinion, create discontent and create chaos.
Supply chain security
Another important aspect is supply chain security. Especially during the COVID19 pandemic our reliance on foreign technology and products has become noticeably clear. But it has also become more obvious that technology can be weaponised and used to compromise us. That implies that we need much more control over the technologies we are using.
In conclusion, the geopolitical aspect of cybersecurity is becoming increasingly important in the modern world. This will have significant implications for businesses in Denmark and Europe moving forward. We need to adjust the way we are considering the threat landscape and realising that all companies have to deal with changing geopolitical conditions and this will be changing the threat landscape significantly in a negative direction moving forward.
Danish and European businesses must be proactive in protecting themselves in the light of the evolving threat landscape. In a coming article we will take a closer look at how businesses can protect themselves in this increasingly complex threat landscape.