In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike. The evolution of espionage in the 21st century has seen a significant shift towards the use of cyber operations for political, economic, and military goals. This has led to the emergence of six distinct advantages of cyber operations, offering a unique set of benefits that have proven to be highly valuable for various actors.
Cyber operations can be stealthy, allowing for undetected access to target systems for data harvesting or covert activities, as seen in incidents like SolarWinds. Conversely, they can also be loud and disruptive or destructive, as evidenced in conflicts in Ukraine and the Middle East. In addition, cyber means are manipulative, useful for influencing scenarios, and are increasingly deployed across most continents. Furthermore, they have proven to be lucrative for financial gain, as demonstrated by activities attributed to North Korea, financing its military program through ransomware campaigns. Cyber operations can also be outsourced by encouraging third-party operations as mercenaries or hacktivists willing to undertake these attacks in exchange for money or even for political goals and beliefs. Lastly, they have a high degree of deniability, as it can take time to trace the origin of an attack with absolute confidence.
The cyber domain is also characterized by a variety of tactics, tools, and techniques, buoyed by a thriving dark web market and an endless array of vulnerabilities to be exploited. Furthermore, the lack of significant deterrence or punishment for cyber activities adds to its attractiveness for nation-states.
The increasing appeal of cyber capabilities among nations is evident, with many striving to maximize their cyber potential. Russia, China, Iran, and North Korea are frequently mentioned for their malicious cyber activities. China, in particular, has been utilizing cyber’s unique capabilities extensively, with Five Eyes nations warning about the widespread activities of China-aligned groups affecting every continent. Russia has also engaged in cyberespionage globally, with Europe particularly in its crosshairs. North Korea-aligned groups continue to focus on acquiring defense-related technologies, generating revenue through ransomware, and conducting espionage, especially in Asia. Iran-aligned groups are expanding their capabilities and reach, extending beyond their traditional focus on the Middle East, particularly targeting Israel.
Beyond these well-known actors, an ever-increasing number of states are developing their own capabilities to conduct cyber operations beyond their borders or target foreign entities within their own countries. This global trend underscores the growing significance and evolution of the threat landscape.
Activities in cyberspace are glimpses into the complexities of geopolitics, and often attacks can only be understood through the lens of political intent. The world’s great powers are locked in a contest for influence, prosperity, and power, and cyber has emerged as an extremely convenient tool for states to deploy in various conflicts and disputes.
Securing agreement on binding international norms of reasonable state behavior in cyberspace seems unrealistic in the medium term despite efforts by the UN. Faced with this uncomfortable reality, the need for greater international cooperation, policy frameworks, and awareness campaigns to manage and mitigate the risks associated with these malicious activities is becoming more pressing than ever. Building resilience will require a holistic, society-wide approach, as the cyber domain is set to remain a pivotal battleground in an increasingly restive world.