Insights

Cyber Warfare in the Public and Private Sectors – a Spillover Effect of Geopolitical Tensions

Yuval Wollman, President, CyberProof, A UST Company

It's no secret that geopolitical and geo-economic tensions are escalating between the US and its three biggest adversaries in the international arena – Russia, China, and Iran. Overt military conflict has been avoided so far, but growing tensions are expressed in shadow cyber and information warfare. About a week ago, Ukraine accused Russia of orchestrating cyber-attacks that took down about 70 government websites. A warning – “Be afraid and expect the worst” – showed up before each site crashed. This is one example of the spillover effect of geopolitical conflict in state-sponsored cyber warfare. It has a wide-ranging impact – not only in the political sphere, but in the private sector, as well.

If All the World’s a Stage

Tensions between the US and Russia on multiple issues have been exacerbated by a large number of Russian troops amassed on Ukraine’s border. President Biden, and other US allies, threatened sanctions if Russia invades.

Regarding China, US Secretary of State Blinken described managing that relationship as “the biggest geopolitical test of the 21st century.”, eyeing Taiwan as the current focal point of the conflicting super-powers.

Iran is similarly thorny. Biden promised to improve Obama’s 2015 nuclear deal – but that’s looking less tenable. Iran or Iranian-backed militia groups are believed to be behind a drone attack at Tanf Garrison last October, and a second attack in December. Earlier in January Iranian proxy shot missiles on the UAE, a US ally.

Recent years saw the undoing of this role with a move toward retrenching – pulling back, spending less, sharing the burden with allies. President Obama, for example, drew a “red line” against Syria’s chemical weapons; but didn’t enforce it. His successor Trump reprioritized the traditional split between NATO and dictator-led countries; and redefined the NATO relationship and its financial structure.

How Shadow Cyber Warfare Works

A look at Russia’s claimed interference in the 2016 American election provides insight into the role played by nation-state cyber-attacks. A January 2017 assessment by US intelligence leadership concluded Russia’s interference in 2016 was designed to harm Hillary Clinton and assist Donald Trump. Military leadership knew the 2016 interference reflected Russian aggression. (Likewise, in 2018 and 2020).

But the public was less certain. Partly, the confusion reflected messaging coming from the White House. Trump was reluctant to confront Russia on that matter – maybe believing that acknowledging interference raised questions about his victory.

It’s probable that the public confusion was what Russia desired. It sowed confusion and discord, creating polarization and agitating the public – all part of Russia’s statecraft strategy, according to Jim Sciutto, author of The Shadow War: Inside Russia’s and China’s Secret Operations to Defeat America. “The purpose of this shadow war is simple: to create what Russian General Valery Gerasimov has called ‘a permanent front through the entire territory of the enemy state,’” says Sciutto.

National Cyber Programs

Governments activate rogue groups as proxies for large-scale attacks – like stealing COVID-19 research, disabling banks, destroying nuclear centrifuges, and turning off electrical grids. And in response, national cyber programs are being further developed.

Military defence budgets (which serve cyber programs) are rising, from 2.147% (of global GDP) in 2018 to 2.361% in 2020. Worldwide, spending reached $1.98T, with top spenders: US ($778B), China ($252B), India ($72.9B), and Russia ($61.7B).

And while cybersecurity expenditures are rarely published, research by The Record mapped spending by comparing data from different cyber agencies – revealing annual spending in: the US ($2B), Japan ($665M), the UK ($350M), Germany ($240M), and France ($165M). Across the board, budgets are increasing. US lawmakers, for example, called on the House Appropriations Committee to boost CISA’s 2022 funding by $400 million.

Based on projections, increase spending is necessary. According to Cyber Security Ventures, cybercrime is growing 15 percent per year, reaching $10.5 trillion in five years – representing the greatest transfer of economic wealth in history.

The Threat to Business

Nation-state threat actors once focused on infrastructure, think tanks, and government; they now attack the supply chain. Vendors, software, and networks that government organizations rely upon, are an entry point to primary targets.

They interrupt business operations, create massive losses of data and revenue, and leak information. Intellectual property such as coronavirus research is also targeted.

SolarWinds illustrates how far nation-state attacks on the private sector can go. In December 2020, a nation-state (presumably Russia) breached this IT company, leading to nine US agencies being compromised.

But approximately 100 private companies were also compromised. Many were technology companies whose products may generate additional intrusions, creating the potential for future follow-up attacks, according to Anne Neuberger, a senior cybersecurity advisor at the White House.

The Spillover Effect on the Private Sector

A study on nation-state attacks from HP found:

· 100% increase in attacks (2017-2021)

· Enterprises are being targeted (35%) over cyber (25%) or other agencies (12%)

This encapsulates the shift: First, geopolitical tensions escalate cyber warfare. Second, governments invest in cyber defense. Third, this forces nation-state threat actors to attack private companies, to try gaining access to government targets.

Fundamentally, nation-state attacks support the political goals of the country that sponsors them. The cyber-attack on Ukrainian websites is classic – illustrating how real-world conflict has a spillover effect on shadow cyber warfare. The attack took place when talks collapsed between Russia, the US and NATO.

But this spillover effect in the cyber sphere is mirrored by additional dimensions in the private sector. As cyber activity intensifies, the threat to enterprises grows – creating new challenges for private organizations. Further, on the defensive side, knowledge of threats is transferred from intelligence communities to the industry but this happens more slowly, because offensive proxies have government sponsorship; defensive capabilities are shared less directly. In the mirror arms race, the hackers have the upper hand.

These trends have obvious financial implications for enterprises, increasing cyber risk and thus the necessary resources that are allocated for cyber detection and response. It requires more attention and funding of business leaders, and a closer look by political chiefs.