Written by: Jasrene Hor Cover by Rosie Phillips
The information age has ushered in an era of network-centric warfare where cyber defence has become an integral component of national security. The high-impact, low-cost nature of cybercrimes has led to the proliferation of cybersecurity threats such as cyber espionage, cyber terrorism, cyber warfare as well as disinformation and narrative warfare. Rogue nations, transnational criminal organisations, and cybercriminals are using increasingly sophisticated cyber tactics to undermine democratic institutions, steal intellectual property and innovation, engage in espionage, as well as attack critical national infrastructure and systems. Given the increased connectivity of critical infrastructure systems and the growing complexity of cyber-attacks, it is imperative that countries worldwide implement a comprehensive, whole-of-nation cybersecurity strategy to tackle the transnational and complex security threats in the digital realm. This article examines the methods and techniques employed by hostile states and malicious non-state actors to direct attacks against government, military, and private sector targets. It then evaluates cybercrime's threats to national security and economic prosperity. Lastly, it assesses the effectiveness of cybersecurity and risk management strategies implemented by countries to enhance their resilience against increasingly sophisticated cybersecurity threats.
Dangers from the Cyber Realm
In June 2010, it was discovered that the controversial Natanz nuclear facility in Iran had been attacked. What had caused the destruction of many of the site’s centrifuges used to enrich uranium was neither a bomb nor a missile. Instead, it was a highly sophisticated malware known as Stuxnet, which later became known as the world’s first cyber warfare weapon capable of physically destroying strategic military targets (Collins and McCombie, 2012). While media reports alleged that Stuxnet was jointly developed by Israel and the United States to undermine Iran’s nuclear capabilities, the identity of the aggressor remains unknown. The cautionary tale of Iran sheds light on the ability of malevolent actors to wreak havoc on government and civilian infrastructure and disrupt critical systems, under the anonymity offered by the cyber realm.
The enhanced integrability of network systems has also facilitated the rise of cyberattacks by state actors to exploit the vulnerabilities of their foreign adversaries for strategic gains. Advanced Persistent Threat (APT) is a covert category of cyber-offensive work carried out by state actors against potential enemies (Wu et al., 2022). Belligerent states engage in continuous and stealthy hacking activities to gather sensitive information about their foreign opponents and access industrial control systems in critical infrastructure sectors. Only state actors can perform the sophisticated work of APT since they have the necessary resources and pool of expertise (Wu et al., 2022). The high degree of coordination involved in APT, along with its associated political motivation, differentiates it from regular hacking activities. Through APT, nations can gather critical intelligence to conduct military operations and weaken their targets before military incursions (Ahmad et al., 2019). Using cyber-offensive tools such as APT, battle plans conceived by adversarial political and military leaders can be obtained, allowing pre-emptive actions to thwart possible interventions.
One prominent example is Russia’s relentless cyberattacks on Ukraine, which have persisted since Russia's illegal annexation of Crimea in 2014 and intensified following the 2022 invasion. Over this period, Russian-backed cybercriminals launched a series of sophisticated cyberattacks targeting Ukraine’s critical infrastructure and systems (Willett, 2022). This includes sending phishing emails, distributing denial-of-service attacks, using data-wiper malware and surveillance software to steal information. These cyberattacks complemented Russia's use of kinetic warfare and severely undermined Ukraine's ability to resist the invasion. For instance, when Russian forces were attempting to capture Ukraine's eastern Donbas region, coordinated wiper attacks were employed to attack Ukraine's transportation and logistics systems used for military movement and the delivery of humanitarian aid (Devanny, Goldoni and Medeiros, 2022). This sheds light on the rise of hybrid warfare, with cyberattacks launched by rogue nations complementing the use of kinetic warfare in undermining the capabilities of their foreign adversaries.
In addition, espionage activities carried out via sophisticated cyber-attacks have been launched by hostile state and non-state actors against governments and private-sector organizations to steal intellectual property. For instance, the U.S. has repeatedly accused China of launching cyberattacks targeting U.S. and allied networks as well as software and hardware companies to illegally acquire intellectual property and gain access to sensitive networks (Jiang, 2019). In October 2022, the CISA, NSA, and FBI released a joint statement that China’s state-sponsored cyber activities remain one of the largest and most dynamic threats to U.S. national security (NSA, 2022). China has consistently denied the claims, instead accusing the US of cyber espionage efforts aimed at stealing Chinese user data and infiltrating the country’s telecommunications infrastructure (Harnisch and Zettl-Schabath, 2022). The onslaught of online espionage activities reveals how nations often engage in malicious cyber activities to weaken their adversaries and pursue their national interests.
Lastly, cyber disinformation campaigns have been used to undermine public trust in governments and democratic institutions. Constituting a form of psychological warfare, cyber disinformation operations seek to destroy the opponent's morale, break the tenacity and resilience of the populace, and instill the mindset of overwhelming defeat in their political leadership (Schia and Gjesvik, 2020). While the manipulation of information to subvert one’s enemies is not a new tactic, the pervasive use of Information and Communication Technologies (ICT) in today’s digital age has provided an almost instantaneous way to disseminate information quickly and effortlessly. This has been exploited by belligerent nations and transnational criminal organisations to stoke public discontent and undermine public confidence in the government’s ability to defend against future attacks. For instance, Russia is accused by US governments and Western leaders of using disinformation campaigns to advance its strategic agenda and undermine the Western-led global order (Giusti and Piras, 2020). The US Department of Defence (DoD) cited Russia’s use of malign social media operations and its leverage of cyber operations to support the rampant violations of global norms by the Putin regime. These range from internal human rights abuses to military intervention in neighbouring states and interference in national elections, all of which pose significant risks to the international order. Prominent examples include Russian interference in the 2016 United States (US) Election and the Russian cyber mal-information campaign in 2021 that targeted Polish government officials (Nagasako, 2020). These case studies shed light on the use of disinformation campaigns by threat actors as a psychological warfare tool to weaken their adversaries.
Implications for National Security and Economic Prosperity
The evolution of the international security environment has wide-ranging implications for international organisations, governments, businesses and individuals in the military, political, economic, social, and financial spheres.
Firstly, the emergence of cyber warfare has significantly changed the modus operandi of warfare. It has contributed to the rise of hybrid warfare, which involves a combination of tactics used simultaneously to disrupt an opponent's actions without engaging in open hostilities (Käihkö, 2021). These tactics include the use of proxies and insurgencies, economic manipulation, diplomatic pressure, cyberattacks, and disinformation campaigns. The advent of modern hybrid warfare has radically changed the dynamics of war and the overall security landscape. Instead of direct combat or physical confrontation, countries are resorting to hybrid warfare below the threshold of an armed conflict in pursuit of their zero-sum security goals (Gaiser, 2022). States embroiled in armed conflicts are also increasingly complementing their military pursuit with the use of sophisticated cyber warfare techniques aimed at crippling their targets and weakening their foreign adversaries.
As aptly described by the ancient Chinese strategist Sun Tzu: “the supreme art of war is to subdue the enemy without fighting”. Hybrid warfare allows countries to inflict damage on their foreign adversaries and achieve their strategic aims without resorting to direct military confrontation (McNeilly, 2015). The cyber-related and information-related aspects of modern conflicts are much less risky, inexpensive, and easier to implement than kinetic operations. Moreover, the deployment of unconventional strategies in contemporary warfare has rendered the line between war and peacetime obscure, making it challenging for states to discern the war threshold for the deployment of military assets during armed conflicts (Mumford and Carlucci, 2022). The ambiguity attributed to hybrid warfare also makes it difficult for targeted states to detect a hybrid attack, identify the perpetrators, and implement effective strategic responses to these complex threats.
Secondly, foreign actors have used cyber propaganda to sway public sentiments. These influence operations erode public trust, increase societal polarisation, threaten democratic processes, and undermine the legitimacy of states. For instance, in the lead-up to the 2020 US Presidential Election, North Korean and Russian state-backed hackers conducted spear-phishing attacks to gain access to the personal email accounts of campaign staff members working for former Vice President and Democrat candidate Joe Biden (Whyte, 2020). Meanwhile, Taiwan faced a disinformation campaign alleged to have originated from mainland China during its 2020 national election (Hung and Hung, 2022). A large number of online trolls and fake social media accounts were used to share pro-China content and alter search algorithms, to create mass confusion through divide-and-rule tactics. The above examples highlight the use of cyber-enabled foreign interference techniques by hostile state actors, namely the use of cyber operations to compromise voting procedures and the use of disinformation campaigns to manipulate public opinions. The integrity of elections and referendums is key to societal resilience (Dame Adjin-Tettey, 2022). These attempts, aimed at influencing the outcomes of national elections, will undermine trust in democratic institutions and impair the social contract that binds the state and its constituents together.
Thirdly, cyber-enabled disinformation campaigns have a ripple effect that can alter the dynamics of geopolitical relations and undermine the national interests of states. This enables belligerent nations to achieve long-term strategic goals, such as strengthening their relative national and regional influence and compromising international alliances that pose a threat to their interests (Lin, 2019). For instance, during the 2017 Qatar diplomatic crisis, the United Arab Emirates (UAE) allegedly orchestrated the hacking of the Qatari government and social media sites to post false quotes attributed to Qatar’s emir (Berni, 2020). Citing the emir’s purported quotes that expressed support for terrorism and warm relations with Iran, Saudi Arabia, the UAE, Bahrain, and Egypt immediately banned all Qatari media, and declared a trade and economic boycott against Qatar. This case study presents a cautionary tale of how cyberwarfare is leveraged by rogue nations to isolate and intimidate their neighbours. This has huge implications for small countries such as Qatar and Singapore, which rely on diplomatic means to advance their national interests and punch above their weight in regional and global affairs.
Lastly, cybercrimes have the potential to wreak massive havoc on economies and financial systems worldwide. A McAfee study estimated that global cybercrimes have cost the world’s economy an estimated USD 1 trillion, with almost 1.2% of the global Gross Domestic Product (GDP) lost every year (McAfee, 2020). This is a sizeable increase from a reported loss of USD 445 billion, approximately 0.4% of global GDP, in 2014. The growing popularity of digital currencies and bitcoins has contributed to the proliferation of cybercrimes worldwide. Additionally, inadequate data privacy protection and the increasing complexity of cyberattacks have led to many small and medium-sized businesses (SMEs) falling prey to ransomware malware, phishing attacks, and data breaches (Cremer et al., 2022). Recent, high-profile examples include malware such as TeslaCrypt and Cryptowall, which encrypt sensitive data and demand a ransom paid in cryptocurrency. Cybersecurity risks to the financial system have also grown in recent years, with financial institutions being the leading targets of cyberattacks. In February 2016, hackers targeted the Bangladesh central bank and exploited vulnerabilities in the Society for Worldwide Interbank Financial Telecommunication (SWIFT), the global financial system’s main electronic payment messaging system, in an attempt to steal USD1 billion (Mazumder and Sobhan, 2021). This episode served as a wake-up call for policymakers about the systemic cyber risks in the financial system. In February 2020, Christine Lagarde, president of the European Central Bank and former head of the International Monetary Fund, warned that a major cyber incident could trigger a serious financial crisis if not properly managed (Winder, 2020). Such an event would not only impose immense economic costs to nations worldwide, but it would also significantly undermine public trust and confidence in the global financial system.
Cybersecurity & Risk Management Strategies
Organisations and governments around the world have become increasingly cognisant of the need to tackle emerging risks in the cyber domain. The discovery of cyber weapons like Stuxnet, the reality of APT, and the unfolding of international crises such as Russia's cyber-attacks on Ukraine, reaffirm the need for policymakers to continually adapt and implement effective measures to deal with the ever-evolving cyber-threat landscape.
Recognising the increasing prevalence of hybrid warfare in today's conflict-ridden world, militaries and homeland security agencies worldwide have adopted comprehensive national security strategies to sharpen and strengthen their edge against hybrid threats. For instance, the US released its first National Cyber Strategy Paper in 2018 acknowledging the increasingly frequent and sophisticated cyberattacks it faces (US Department of State, 2018). The 2018 Cybersecurity Strategy details how the US will defend its homeland by adopting a multi-pronged approach. These include developing its cyber defence capabilities, enhancing the resilience of its critical infrastructure against cyber-attacks, aligning risk management and information technology activities, as well as facilitating international cyber capacity-building efforts. Similarly, the North Atlantic Treaty Organisation (NATO) has called on its allies to strengthen their national resilience against hybrid threats that seek to undermine the security of NATO member states (NATO, 2021). During the 2021 NATO Summit held in Brussels, NATO allies jointly endorsed a revamped Comprehensive Cyber Defence Policy. This supports NATO's three core tasks of collective defence, crisis management, and cooperative security, as well as its overall deterrence and defence posture. In developing NATO's cyber defence capabilities, the Cyberspace Operations Centre was established in Belgium to facilitate information sharing, the exchange of best practices, and to coordinate the operational activities of its member states in the cyberspace realm (Maigre, 2022). These examples shed light on the importance of countries adopting a coherent and comprehensive national strategy to defend their networks and operations against the growing sophistication of cyber threats.
To deal with the rise of cyber propaganda that seeks to undermine public confidence in national institutions and divide society, the concept of deterrence must be expanded to include efforts in bolstering society’s psychological and social defence. In this light, Singapore’s Total Defence is the appropriate framework to cope with the ever-changing landscape of global threats. Grassroots Organisations such as the People’s Association play a critical role in today’s divisive age, as it strives to keep Singapore’s social fabric strong and united (Matthews and Yan, 2007). A resilient and cohesive society is the most effective deterrence against external forces seeking to divide it. This is similarly evinced by Taiwan’s effective response to misinformation campaigns from China aimed at undermining trust in the Taiwanese government’s ability to tackle the COVID-19 crisis (Barss, 2021). Notably, Taiwan framed the COVID ‘infodemic’ as a ‘public crisis’ and adopted a transparent digital governance system aimed at encouraging civic engagement to curb the spread of COVID-19-related falsehoods. By providing opportunities for civic engagement, dialogue, and consensus building, the Taiwanese government was able to swiftly debunk the disinformation surrounding the COVID-19 pandemic. Taiwan’s case study illustrates that a high level of citizen engagement is essential for countries to develop resilient preparedness practices that can swiftly respond to national threats.
Lastly, governments should foster collaborations aimed at protecting and defending the economic and financial sectors against cyberattacks. While commercial banks and financial institutions have invested significant resources in developing cyber threat intelligence capabilities in recent years, they lack the capacity to provide a robust defence of their networks and infrastructure against state-level adversaries. To enhance the protection of the global financial system against cyber threats, the report titled “International Strategy to Better Protect the Global Financial System against Cyber Threats” published by the Carnegie Endowment for International Peace advocated greater collaboration among government agencies, financial institutions and tech companies (Maurer and Nelson, 2020). Highlighting the interdependent nature of the global financial system, the report also recommended that countries develop a standardised framework for the implementation of cybersecurity risk management strategies in the financial sector. To strengthen the resilience of the economic and financial sectors against ransomware malware and phishing attacks, governments should publish guidelines on how businesses and finance companies can implement multi-layered security approaches using a combination of antivirus software, firewalls, and multi-factor authentication (Beaman et al., 2021). These measures will strengthen the cyber resilience of financial institutions and businesses against increasingly sophisticated cyberattacks.
Conclusion
In recent years, the threat landscape has evolved to encompass not only kinetic warfare, but also the use of sophisticated cyber warfare techniques and misinformation campaigns by countries to undermine the capabilities of their foreign adversaries. Malicious state and non-state actors have also leveraged cyberspace to target businesses and financial institutions. As societies become increasingly reliant on digital infrastructure and financial technologies, governments have recognised the need to tackle emerging risks in the cyber domain. Many countries, such as the US and NATO member states, have adopted a coherent and comprehensive approach to tackle the latest cyber threats. These cybersecurity and risk management strategies have helped protect critical national infrastructure and institutions from offensive cyber operations. However, in today’s globalised world where nation-state digital attacks and cybercrimes often have spill-over effects across borders, international cooperation is the key to coping with various transnational cybersecurity threats. Therefore, countries should work together to develop a common framework for the implementation of cybersecurity risk management strategies to better prepare and respond to contemporary cybersecurity threats.
Bibliography
Ahmad, A., Webb, J., Desouza, K.C. and Boorman, J. (2019). Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack. Computers & Security, 86(1), pp.402–418. doi:10.1016/j.cose.2019.07.001.
Barss, E.J. (2021). Chinese Election Interference in Taiwan. Routledge.
Beaman, C., Barkworth, A., Akande, T.D., Hakak, S. and Khan, M.K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & Security, 111(1), p.102490. doi:10.1016/j.cose.2021.102490.
Berni, H.M.E. (2020). The Perceptual Shock of Qatar Foreign Policy in 2017 Crisis: Systemic Factors, Regional Struggles Versus Domestic Variables. Contemporary Review of the Middle East, 8(1), pp.96–119. doi:10.1177/2347798920976290.
Collins, S. and McCombie, S. (2012). Stuxnet: the emergence of a new cyber weapon and its implications. Journal of Policing, Intelligence and Counter Terrorism, 7(1), pp.80–91. doi:10.1080/18335330.2012.653198.
Cremer, F., Sheehan, B., Fortmann, M., Kia, A.N., Mullins, M., Murphy, F. and Materne, S. (2022). Cyber risk and cybersecurity: a systematic review of data availability. The Geneva Papers on Risk and Insurance - Issues and Practice, 47(1). doi:10.1057/s41288-022-00266-6.
Dame Adjin-Tettey, T. (2022). Combating fake news, disinformation, and misinformation: Experimental evidence for media literacy education. Cogent Arts & Humanities, [online] 9(1). doi:10.1080/23311983.2022.2037229.
Devanny, J., Goldoni, L.R.F. and Medeiros, B.P. (2022). Strategy in an Uncertain Domain: Threat and Response in Cyberspace. Journal of Strategic Security, 15(2), pp.34–47. doi:10.5038/1944-0472.15.2.1954.
Gaiser, L. (2022). Chinese Hybrid Warfare Approach and the Logic of Strategy. National security and the future, 23(1), pp.67–77. doi:10.37458/nstf.23.1.3.
Giusti, S. and Piras, E. (2020). Democracy and Fake News. Routledge.
Harnisch, S. and Zettl-Schabath, K. (2022). Secrecy and Norm Emergence in Cyber-Space. The US, China and Russia Interaction and the Governance of Cyber-Espionage. Democracy and Security, 1(1), pp.1–29. doi:10.1080/17419166.2022.2097074.
Hung, T.-C. and Hung, T.-W. (2022). How China’s Cognitive Warfare Works: A Frontline Perspective of Taiwan’s Anti-Disinformation Wars. Journal of Global Security Studies, 7(4). doi:10.1093/jogss/ogac016.
Jiang, T. (2019). From Offense Dominance to Deterrence: China’s Evolving Strategic Thinking on Cyberwar. Chinese Journal of International Review, 1(1), p.1950002. doi:10.1142/s2630531319500021.
Käihkö, I. (2021). The Evolution of Hybrid Warfare: Implications for Strategy and the Military Profession. The US Army War College Quarterly: Parameters, 51(3). doi:10.55540/0031-1723.3084.
Lin, H. (2019). The existential threat from cyber-enabled information warfare. Bulletin of the Atomic Scientists, 75(4), pp.187–196. doi:10.1080/00963402.2019.1629574.
Maigre, M. (2022). NATO’s Role in Global Cyber Security. [online] GMFUS. Available at: https://www.gmfus.org/news/natos-role-global-cyber-security.
Matthews, R. and Yan, N.Z. (2007). Small Country ‘Total Defence’: A Case Study of Singapore. Defence Studies, 7(3), pp.376–395. doi:10.1080/14702430701559289.
Maurer, T. and Nelson, A. (2020). International Strategy to Better Protect the Financial System Against Cyber Threats. [online] Available at: https://carnegieendowment.org/files/FinCyber_Executive_Summary.pdf [Accessed 18 Dec. 2022].
Mazumder, M. and Sobhan, A. (2021). The spillover effect of the Bangladesh Bank cyber heist on banks’ cyber risk disclosures in Bangladesh. The Journal of Operational Risk, 1(1). doi:10.21314/jop.2020.249.
McAfee (2020). New McAfee Report Estimates Global Cybercrime Losses to Exceed $1 Trillion. [online] McAfee. Available at: https://www.mcafee.com/de-ch/consumer-corporate/newsroom/press-releases/press-release.html?news_id=6859bd8c-9304-4147-bdab-32b35457e629.
McNeilly, M. (2015). Win All without Fighting. Sun Tzu and the Art of Modern Warfare, 1(1), pp.8–28. doi:10.1093/acprof:osobl/9780199957859.003.0002.
Mumford, A. and Carlucci, P. (2022). Hybrid warfare: The continuation of ambiguity by other means. European Journal of International Security, 1(1), pp.1–15. doi:10.1017/eis.2022.19.
Nagasako, T. (2020). Global disinformation campaigns and legal challenges. International Cybersecurity Law Review, 1(1-2), pp.125–136. doi:10.1365/s43439-020-00010-7.
NATO (2021). NATO’s response to hybrid threats. [online] NATO. Available at: https://www.nato.int/cps/en/natohq/topics_156338.htm.
NSA (2022). NSA, CISA, FBI Reveal Top CVEs Exploited by Chinese State-Sponsored Actors. [online] National Security Agency/Central Security Service. Available at: https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3181261/nsa-cisa-fbi-reveal-top-cves-exploited-by-chinese-state-sponsored-actors/.
Schia, N.N. and Gjesvik, L. (2020). Hacking democracy: managing influence campaigns and disinformation in the digital age. Journal of Cyber Policy, 1(1), pp.1–16.
US Department of State (2018). Release of the 2018 National Cyber Strategy. [online] United States Department of State. Available at: https://2017-2021.state.gov/release-of-the-2018-national-cyber-strategy/index.html.
Whyte, C. (2020). Cyber conflict or democracy ‘hacked’? How cyber operations enhance information warfare. Journal of Cybersecurity, 6(1). doi:10.1093/cybsec/tyaa013.
Willett, M. (2022). The Cyber Dimension of the Russia–Ukraine War. Survival, 64(5), pp.7–26. doi:10.1080/00396338.2022.2126193.
Winder, D. (2020). $645 Billion Cyber Risk Could Trigger Liquidity Crisis, ECB’s Lagarde Warns. [online] Forbes. Available at: https://www.forbes.com/sites/daveywinder/2020/02/08/645-billion-cyber-risk-could-trigger-liquidity-crisis-ecbs-lagarde-warns/?sh=2b029bdc7ca8 [Accessed 18 Dec. 2022].
Wu, Q., Li, Q., Guo, D. and Meng, X. (2022). Exploring the vulnerability in the inference phase of advanced persistent threats. International Journal of Distributed Sensor Networks, 18(3), p.155013292210804. doi:10.1177/15501329221080417.
Comments