More transparency, better law enforcement and a more robust engagement among the cyber superpowers can mitigate against the worst cybersecurity risks and reduce the influence of catalytic actors.
Over the past few years, the cyber domain has been the chessboard on which these cyber powers in the world -- Russia, China and the United States -- have vied for influence and control. This cyber statecraft, or “cyber nationalism,” manifests itself in intrusions, leaks and, on occasion, physical destruction. The superpowers are not alone on the board. Catalytic actors like North Korea, Iran and criminal groups also have disproportionate influence in this domain and inject a degree of chaos and uncertainty that can be destabilizing. A new balance of power built on cyber dominance is emerging in this dynamic and potentially strained world order.
While Russia’s economic capabilities, military strength and diplomatic influence are not on par with that of the United States, it has been more assertive in its use of cyber operations in pursuit of national objectives, particularly in support of military operations and international influence. This was seen in the 2007 Russian-Estonian dispute, which first saw the use of large-scale cyber disruption. Russia conducted a similar campaign against Georgia in 2008, escalating to critical infrastructure attacks against Ukraine in 2015 and, supposedly again, in 2016. Most recently, and perhaps, most infamously, Russia is said to have used a mixture of cyber espionage, state media, social media proxies and influence operations to interfere in the 2016 U.S. presidential election. After the election, intelligence officials indicated Russia would target European elections next, further undercutting democratic institutions worldwide.
Although China possesses more economic and technological advantages than Russia, its cyber forces lag in sophistication and operational tradecraft. Though less assertive, Chinese cyber forces have traditionally focused on internal control and furthering economic growth. This is changing, however. There is a tepid consensus among security researchers that China has refocused its cyber forces away from economic espionage. Even as these instances of Chinese commercial hacking have gone down, reform of China’s military cyber forces raises new questions of how a formidable military component will be used. Instead of targeting companies for their intellectual property, the Chinese may be looking for intelligence in support of military and policy objectives, something federal agencies like Office of Personnel Management have long had to contend with.
And then there’s the United States. There is little doubt that the U.S. is the world’s pre-eminent cyber power. Besides reportedly having the most advanced global surveillance system in the world, the U.S. has allegedly developed and deployed the most advanced cyber capabilities yet seen, notably with Stuxnet against the Iranian nuclear program in 2010 and against the North Korean missile program in an ongoing campaign since 2014.
This dominance is not unchallenged, however. The Shadow Brokers and the Vault 7 leaks, which purportedly reveal U.S. spy agency techniques and exploits, undercut the U.S. message abroad. They also narrow the gap between rivals like Russia and China and empower lower-tier actors with advanced tradecraft.
The cyber superpowers, however, are being joined by an increasing array of evermore capable lower-tier actors. Although relatively unsophisticated, criminal groups, hacktivists and rogue states like Iran and North Korea act with disproportionate influence in the cyber domain. Their operations are enough to be disruptive and increasingly incorporate destructive attacks. Last year, criminal actors were able to launch the largest known DDoS attack by volume, using Mirai malware against poorly secured internet-of-things devices to create massive botnets that disrupted a portion of the internet on the East Coast of the United States. Their efforts are helped by the proliferation of malware and tradecraft on both the deep and dark web, which helps them accelerate development cycles and provide tools and techniques that would have otherwise taken them years to learn or acquire.
The cyber domain is a dynamic space that challenges state authorities, creating a void where threat actors can grow and leverage threats at scale that technology allows. More transparency, better law enforcement and intelligence exchanges as well as a more robust engagement among the states best able to effect change -- the cyber superpowers -- can mitigate against the worst dangers and reduce the influence of catalytic actors. Government agencies, private-sector companies and individuals must understand that their devices and networks are in the crossfire of a much larger series of conflicts and arm themselves with a greater awareness of security risks and take necessary steps to ensure they don’t become victims or unwitting accomplices in nefarious actions that exploit poorly secured devices.