The events in the cyber world mirror global politics. The outlook is bleak, crises are escalating, and tensions are rising. Cyber operations have become an alternative to military action in order to achieve political goals. It is also conceivable that cyber operations allow for more aggressive policies. Cyber sabotage must be seen as a new threat model, the importance of which is highlighted as part of hybrid operations and related information operations. The aim seems to be to create a deterrent effect and to plant uncertainty into people’s daily lives. It is becoming increasingly difficult to distinguish between the practices of state actors and of cybercriminals. We can detect the phenomena, but we cannot be sure of the origin or of its purpose. The old wisdom of warfare about the importance of concealment and deception as a success factor has also been adopted in cyber operations.
Developments and changes in the cyber world are rapid and often happen without warning, reflecting crises in global politics. It is especially important for Finland to assess the growth of Russia’s cyber capacity and the evolution of their operating methods. From Russia’s point of view, cyber performance is essential in spearheading hybrid operations. Developing cyber performance is significantly cheaper than building traditional military capabilities. Therefore, cyber performance is vital for Russia to be able to maintain its political power on a global scale and, if necessary, to act unexpectedly in regional conflicts. Russia’s economic conditions are no longer sufficient to maintain their position in the arms race. Hybrid operations create the conditions for preliminary action and political surprise attacks.
Europe is lagging behind in the global cyber arms race and total capacity depends on national cyber capabilities. Cyber operations and the used technologies are constantly evolving and the importance of cyber security as a component of national security is emphasised. Targets are chosen carefully and are based on the evaluation of the possible physical and informational effects of attacks. The goal of hybrid operations is to advance political goals by creating destruction, chaos, and political uncertainty. The repercussions of cyber attacks are always much more difficult to combat than the operations themselves.
The importance of cyber espionage will be emphasised in the future, as it is used to create the optimal conditions for hybrid and cyber operations. The distinction between criminals and state actors is unclear and it is becoming increasingly difficult to determine who is the perpetrator and what the real motives are. In recent years, cyber intelligence has reached a well-established position in the field of intelligence. Intelligence between states has become a day-to-day activity. The views on authorised and unauthorised methods, based on the legislation of different countries, have developed over the past decades. By using cyber intelligence, the line between the two is easily crossed, as the perpetrator does not physically come in contact with the target data. In addition, it is often difficult to determine the source of cyber operations. Leaked data eventually ends up in the data collection systems and targeting operations of the intelligence organisations of the great powers.
In addition to cyber operations and intelligence, there is widespread discussion of cyber warfare. The term is ambiguous because the definitions of war and peace in cyberspace are not as clear as in physical warfare. Cyber operations and reconnaissance could be interpreted as cyber warfare, if tangible harm is caused to the systems of the other party or, for example, the results of state elections are manipulated. Determining a rule requires international cooperation to define the characteristics of cyber warfare and the boundary of acceptable action.
The role of social media and the power and regulation of technology giants will be an increasingly difficult political issue. International law cannot keep up with the rapid changes in the cyber world. Security issues will also be highlighted in many technology solutions. The debate around 5G technology is a good example of this; Transnational cyber operations have increased over the past year, and it is being used more and more ruthlessly. Hacking, cyber espionage, and information operations through social media are increasingly candid, and the origins of which are often public knowledge.
The advanced cyber-influencing capabilities of states need to be taken seriously. Critical processes should be subject to regular risk assessments and long-term cyber security development. Contingency plans for hacking and usability attacks play a vital role in maintaining operational capability. The situational picture of hybrid operations should be constantly monitored in order to better identify and protect against influencing attempts. Cyber security plays a central role in combating hybrid interference and the quality and quantity of related expert resources must be safeguarded.
As offensive operation capabilities and defensive practices are built using the same systems it is often very difficult to maintain and build credible cyber capabilities. The fact that the attacker has access to the same system increases the difficulty in establishing an effective defence. Resultingly, many countries have implemented stand-alone systems which are designed to minimize threats posed by supply chain attacks.
Cyber attacks will continue to be carried out mainly through, or with the help of, individuals and employees. The importance of competence is emphasised, and the company’s internal risk must be considered in the cyber risk analysis, especially with regard to employees. The cyber culture of every organisation must be developed as an integral part of the security culture. Better classification of information and data, as well as new security methods, can also significantly improve the level of cyber security. Comprehensive cyber risk analysis provides a good basis for contingency and security planning. Each employee must be responsible for their actions as it is important when it comes to ensuring the cyber security of the operating environment. All safety instructions given to the end user should be strictly followed. Organisations should ensure that employees have secure work equipment and connections to ICT services. Employees should also know how to act in case of an emergency and how to deal with cyber security threats at an individual level.
The aftermath of the Covid-19 crisis will be visible in many situations over the next couple of years. Teleworking will remain a permanent practice and information leaked during the crisis will be used to plan new cyber and hybrid operations. The planning cycle for cyber operations is half a year to two years. Therefore, the risk of the likelihood of new elaborate cyber operations will remain high.
Critical societal infrastructure and services have been highlighted as the main targets of cyber attacks. ¨Smart city¨ thinking is the driving force behind urban development, with digital services and technologies at the heart. The vulnerability of modern society will increase if cyber security is not built into these entities following the security-by-design principle. As the impact of cyber attacks becomes more familiar to citizens, the importance of knowledge and situational awareness also becomes more apparent. A well-educated nation will be much better off in the face of these global security challenges. The development of cyber security therefore requires a lot of small actions that create a large body – the nation’s cyber resilience, or in other words, crisis resilience.
We can all be key players in the cyber security of our own lives by taking better care of our everyday cyber security and improving our skills accordingly.
Aapo Cederberg, CEO and Founder of Cyberwatch Finland
This article in its entirety and other interesting articles to read you will find
We’re on social media and we’d love you to give us a follow! You can catch us on LinkedIn and Twitter by using hashtags #cyberwatchFI #CyberCatchFI