Competing cyber capabilities (on a spectrum from nation-state to non-state actors alike) and cyber-based conflict will continue to restructructure, reformulate, discombobulate, and transform the very essence of what power, prestige, international governance, and geopolitical strategy are in the 21st century.  Fueled by the Global Polycrisis, Cyberwars will continue to take center stage.  Further jagged transitions, strategies, binaries fractures, major developments, and crucial events in the ongoing cyberwars are compiled here.

Cyber War: Power, Prestige, International Governance, and Strategy in the Age of Global Polycrisis

Power

Russian Cyber Attacks in 2023: Shifting Patterns, Goals, and Capacities: The Computer Emergency Response Team of Ukraine (CERT-UA) and State Service of Special Communications and Information Protection of Ukraine (SSSCIP) have just released a report analyzing the evolution of cyber tactics, objectives, and capacities of the Russian government and government-controlled threat groups in the first half of 2023. The report and details here.

Undersea Telecommunications Cables and the Seabed are Geopolitical Contested Arenas:  Along with Africa and the Arctic, add the growing tensions between the U.S. and China about undersea cable deployment and seabed warfare to your geopolitical tracking, risk awareness, and strategic impacts for your business or organization. Find an overview of the core issues, tensions, and What’s Next? here.

Xi’s Long Game in Cyberspace is Not Just About Power:  A Chinese press has recently published Excerpts of Xi Jinping’s Discourse on Cyberspace Superpower, a book on Xi Jinping’s views on making China into an Internet powerhouse, and how such an endeavor is a necessary component to bolstering the country’s industries, economy, and ideological security.  The book is a comprehensive deep dive into Xi’s thinking about cyberspace and the Internet’s relation to state power, providing a summary of China’s Communist Party (CCP) experience implementing cyber-related regulation as an important facilitator for China’s technological development and overall cybersecurity posture.  This book serves as a complement to other volumes that have captured Xi’s speeches and writings on key issues as perceived through the prism of socialism with Chinese characteristics.  Ostensibly, the latest book achieves a similar objective, promoting his leadership as instrumental to China’s legal and regulatory cyber accomplishments.

Are the High Seas the Primary Cyberwarfare Theatre?:  This research caught our eye based on our recent analysis of the Weaponized IT Supply Chain, the Leviathan’s Attacks and Kinetic Naval Intervention in the South China Sea.  The Norwegian University of Science and Technology (NTNU) and the Cyber-SHIP Lab at the University of Plymouth collaborated on simulations and scenarios of cyberattacks at the high seas which transcend the usual narrative of the types of cyberattacks directed at the systems on most maritime vessels and offshore rigs.

Maturing HAMAS Information Operations Gives Iran Another Asset in the Region:  On October 13, 2022, HAMAS acknowledged that it had established a cyber unit dubbed the “al-Quds Electronic Army” as early as October 2014.  Since its inception and over the course of several years, the group executed numerous cyber attacks against Israeli security force and army organizations.  The targets disrupted included command-and-control systems of kibbutz communities in the Gaza Envelope, Israeli Defense Force (IDF) servers, and electricity providers, among others.  Like many other nonstate and terrorist organizations, HAMAS saw the benefits afforded to it by the Internet and has since steadily developed online capabilities to support its propaganda, recruitment, fundraising, and offensive operational needs.  Iran no doubt has played some part in this progress, having a history of providing HAMAS financial aid, weapons, and training to help its proxy efforts against Israel, though the extent with which this involves cyber is unknown.  However, what is clear is that HAMAS has quickly improved its capabilities over time

After Meeting in Moscow, Will Xi and Putin Combine “IT Armies” and ICT-driven Hybrid Warfare Efforts Against the West?:  The Washington Post reports that China’s Xi Jinping and Russia’s Vladamir Putin ended their three-day meeting in Moscow as signatories of “two agreements, one affirming their partnership and one setting out plans for economic cooperation, which they discussed at a joint news conference,” including (as the WSJ reported) “ten documents on economic cooperation stretching until 2030.”  What is more interesting is what Xi and Putin did not discuss at that news conference, which is the potential for the interplay and fusion of their information technology-driven hybrid warfare efforts directed at the West.  Our goal with this post is to provide an update on the ICT-driven hybrid warfare landscape, which – at this point – has been digitally carpet bombed by both the Chinese and Russians – burning and smoldering.  Our hope is that this analysis is differentiated from the coverage of the meeting that just concluded in Moscow – squarely putting unique, underreported issues (which were not propagandized at the meeting by China and Russia or covered by the global media) at the center of your risk awareness.

Lessons On The Future of Cyberwar From Russia:  As the conflict in Ukraine rages on, the implementation of offensive cyber operations has fallen under an intense microscope.  A reputed cyber power with capabilities that many believe are near-peer to the United States, many expected Russia to execute devastating attacks that crippled critical infrastructures, knocking out energy grids, impacting financial institutions, and showing the true power of cyber in the 21^st century.  However, to date, these types of attacks have not materialized, calling into question if cyber war has been over sensationalized, and why and whether the West has overestimated Russia’s cyber capabilities the way it appears to have done with Moscow’s conventional military power.

Without Consensus on Key Cyber Issues, the Global Cyber Weapons Market Flourishes:  This post seeks to inform your understanding of the cyber landscape from the perspective of the realities of the world as it is vice as we would like it to be.

Weaponizing the IT Supply Chain: Leviathan’s Attacks and Kinetic Naval Intervention in the South China Sea:  Leviathan, a Chinese APT [advanced persistent threat] actor and contractor known to support the Chinese Ministry of State Security, is targeting the supply chains of naval defense and energy exploration entities active in the South China Sea. According to continuous phishing operations identified by Proofpoint since mid-2021, this group has continued their campaigns without interruption since the US DOJ indictment in July of that year.  This talk will examine two specific use cases from June 2021 and March 2022, which support an exploration of how a known reliable MSS contractor, per the details of the historic US DOJ indictment, may now support intelligence requirements tied to the deployment of kinetic naval intervention in areas of active dispute between the Chinese Communist Party and other nations in Southeast Asia and Oceania. Further by examining the timeline of these attacks, this talk will present a previously undisclosed link to a Chinese State service branch actively carrying out maritime patrols and harassing energy projects in the South China Sea.

Bitskrieg: The New Challenge of Cyberwarfare by Dr. John Arquilla:  When Dr. Arquilla writes, it behooves cyber practitioners, policy wonks, and enthusiasts to read.  His latest work, Bitskrieg: The New Challenge of Cyberwarfare, is an important update on the literature of cyberwarfare and the challenges that we face in the 21st century.  Cyber is still maturing.  Its multifaceted nature makes it difficult to wrap our minds around.  It has and continues to revolutionize all aspects of global society, improving ways we conduct business, communicate, and execute organizational processes.  It also has become a tool for activists, criminals, “strategic crime,” state military and intelligence agencies, and political warfare.  In many ways, the offensive elements of cyberspace have outpaced the defensive aspects.  They have also garnered more media attention, causing sensational headlines and inspiring fear.  This is the world Dr. Arquilla’s book addresses, one that continues to favor attackers over defenders, and where security has taken an unfortunate backseat. 

Prestige and International Governance

Is Future Escalation in Cyber Conflict a Foregone Conclusion?: Here we present analysis relevant to cyber conflict including the potential of spillover into non combatants and provide insights on the relevance of recent Russian statements.

The ICC Will Now Investigate Cyber War Crimes: In this report we capture context on the shift in ICC intentions regarding investigating and prosecuting cyber war crimes.

Can Cyber Insurance Help Legally Codify an International Definition for Cyber War?:  Cybercrime and cyberespionage activity continue to proliferate against all industries and sectors inflicting financial and material damage on targeted networks.  Cyber insurance has assisted in mitigating the impacts of cyber malfeasance, offsetting costs associated with recovering from cyber attacks.  A Government Accountability Office report found that the increasing severity and frequency of cyberattacks led more organizations to seek cyber coverage, which has been increasing in price as the volume of attacks continue to escalate regardless of the motivation and intent of the individuals behind them.  Some expect the cyber insurance market to surge significantly headed into 2031, with an estimated compound annual growth rate of 23.78%.  It’s evident that organizations acknowledge in a digital world cyber insurance is a necessary complement to existing security strategies to reduce their risk.  However, the average price for cyber insurance rose 79% in the United States in the second quarter of 2022, after having doubled each of the previous two quarters showing that insurance is becoming an expensive option with carriers adjusting what they cover accordingly.

What Happens if China, Iran, and Russia Form a Cyber Tripartite?:  Recent reporting reveals that ties between Russia and Iran have tightened to the point where Russia is now Iran’s chief military patron.  This is extremely worrisome, especially for Washington that has seen the war in Ukraine push its traditional rivals closer together.  This military relationship has been categorized as unprecedented, with Tehran delivering military supplies like ammunition and drones, with the possibility of even providing ballistic missiles in the future in exchange for cooperation in joint drone production and Russia-provided technology.  Naturally, concerns over Russia supplying Iran with nuclear-related materials to spurn its nuclear weapons program have surfaced, putting at risk any hope of a deal between the United States and Iran over its nuclear ambitions.  Collaboration between two U.S. rivals threatens to prolong the war in Ukraine, while providing a heavily sanctioned Iran economic and defense support at a time where the United States’ attention is diverted elsewhere.

Global Democracies Need to Reign In Intrusive Surveillance Technologies:  This post provides observations and compelling views on the threat of intrusive surveillance technologies.

Abraham Accords Cyber Agreement: Constraining Iran in Cyberspace:  Recently, a bipartisan group of Congressmen put forth a bill that would formally authorize cyber cooperation between the United States, and those governments committed to the Abraham Accords.  Dubbed the Abraham Accords Cybersecurity Cooperation Act of 2023, the parameters of the bill would facilitate information sharing, provide technical assistance to Abraham Accords stakeholders, and participate in the Department of Homeland Security’s (DHS) annual cyber exercise program.  If passed, the legislation would help strengthen the collective cybersecurity postures of Israel, Bahrain, Morocco, Sudan, the United Arab Emirates, and the United States, and foster the type of cooperation that would coordinate collective responses to evolving threats.  Additionally, the bill would mandate that the Department of State and DHS report to congress on progresses made in this endeavor and detail any future plans to expand cooperations among member states.  The bill builds on a February 2023 meeting between DHS and cybersecurity leaders from Abraham Accords countries where they discussed opportunities to widen the scope of the Accords to include cybersecurity priorities.

The Cost Of Ignoring Cyberwar:  Nowadays, “cyber” is used mainly as a prefix for other words that converts anything to something to do with the internet, such as cybercrime, cyberbullying, Cyber Monday, and our topic, cyberwar. The etymology of “cyber” derives from a defunct area of research concerned with feedback mechanisms in animals and machines.

The State Department Launches the Office of the Special Envoy for Critical and Emerging Technology:  In April 2022, The State Department launched a new cybersecurity bureau, designed to enhance digital diplomacy and online standards around the world.

Strategy

Is There Any Surprise Left in a Cyber Attack?:  Over the last 2 decades cyber attacks have shifted from the theoretical to reality. This report provides insights from real world activities that can inform strategists and policymakers seeking to mitigate risks from nation state cyber attacks.

Cyber Defense Insights and Resources for the Corporate Board (Human Risk Management, Social and Human Engineering):  In the shadow of the recent MGM Cyberattack (and other recent ransomware attacks in U.S. and in the Pacific Islands), cyber defense is in the spotlight.  Specifically, what role should corporate boards play in human risk management, as well social and human engineering defenses?  Following are OODA Loop resources on these cyber threats, addressing the question of whether “the human factor” is properly addressed at the company culture level  – or is it purely an IT operational concern?

Does NATO Need Its Own Cyber Command?:  The Ukraine conflict had revealed how the global community can quickly come to the aid of a country that can be potentially overwhelmed by a stronger force.  NATO has responded by helping to coordinate Ukrainian requests for assistance and supporting Allies by delivering humanitarian aid, and other non-lethal provisions.  As part of bolstering Ukraine’s defense, the United States, as well as other public and private stakeholders, have come to the cyber aid of Kyiv in the form of cybersecurity specialists, and with respect to U.S. Cyber Command, hunt forward teams whose purpose is to disrupt adversary networks and operations in advance of pending cyber attacks.

What is the United States Information Strategy?:  This post provides insights into some major elements in the US government concerned with countering foreign malign influence, highlighting some overlaps and possible discontinuities.

Deep Fakes and National Security:  “In 2024, one billion people around the world will go to the polls for national elections. From the US presidential election in 2024 to the war in Ukraine, we’re entering the era of deepfake geopolitics, where experts are concerned about the impact on elections and public perception of the truth.

Russian Cyber War: An Elite Russian Hacker Spells Out His Vision for “Information Confrontation in World Politics”: Hakan Tanriverdi is an open-source intelligence-assisted reporter known for reporting and analysis on criminal and state-sponsored hackers in Europe.  Recently, Tanriverdi was working on an investigative report on what are known as the “Vulcan Files”:  leaks that reveal Putin’s cyber strategy, including Russian Secret Services’ plans for disinformation and attacks on civilian infrastructure using software from the Moscow company Vulkan.  While reporting on the leaked Vulkan files, Tanriverdi “received a tip: an interesting file had been dropped on Virustotal. It turned out to be the master’s thesis (titled “Information Confrontation in World Politics”) by Evgenii Serebriakov, the person who’s heading the infamous Sandworm team, part of Russia’s military agency GRU.”

The U.S. Turns Strategic Focus Towards Cyber Threat Vectors in Guam, Albania, and Costa Rica: There are no coincidences:  The recent arrival of 4 B-52 bombers in Guam – along with the Marines and the official opening in January of a reactivated, expanded U.S. military base on the U.S. territory – might have some causal relationship to a recent cyberattack on the mobile, television, internet, and telephone services of the island territory.

The Quad May Be Just the Thing to Apply to China’s Cyber Activities:In late January 2023, the Quadrilateral Security Dialogue, or “Quad,” issued a joint statement that pledged to collaborate to better secure cyberspace and foster an international digital economy to benefit the global community.  Dubbed “the Challenge,” this effort consists of a checklist for individuals as well as commercial entities to review their security postures and provides best practice cybersecurity recommendations to be implemented to make persons and entities more cyber resilient.

The DoD Cyber Workforce Strategy: Deploying an Agile, Capable, and Ready Cyber Workforce:  Amidst our coverage of exponential technologies and national cognitive infrastructure protection, it is easy to take a purely technology-based perspective and neglect the human factor: the role of trained talent and future innovators in building the technology and platforms to solve the most pressing problems and address future risks, opportunities, and threats. The OODA Loop Talent Superpower Strategy (The Human Factor) Series of posts over the course of this year is designed to track, research, and synthesize vital strategic issues from a human talent perspective. To start: an overview of the launch of a “cyber workforce of the future” effort at the DoD.

What did Cybersecurity and Cyberwar look like in 1999?:  Think all these news stories you are reading about cybersecurity, cyberwar, and cyberconflict are breaking new ground?  It is worth taking a read through the several hundred entries meticulously compiled in Mich Kabay’s 1999 Infosec Year in Review which I recently found on an old drive while searching for other content.

Additional Resources

Globalization Transformed and the Global Computer Chip IT Supply Chain Disruption:  Further jagged transitions, strategies, binaries fractures, major developments, and crucial events are compiled here as globalization is transformed and The Global Computer Chip IT Supply Chain Disruption continues astride as functions of the Global Polycrisis.

Geopolitical Futures: The Americas, The Northern Frontier of Mexico, The Arctic, and Africa:   In this era of global polycrisis, leaders are also reacting to the major macro economic trend of the last thirty years – the fundamental driver of the tetonic shifts in geopolitics and deep inside the economies of nation-states – which is that the BRICs global share of GDP May Overtake the G7 by 2028.  Further geopolitical players and regions of the global polycrisis (jagged transitions, strategies, binaries fractures, major developments, and crucial events) summarized here include: The Americas, The Northern Frontier of Mexico, The Arctic, and Africa .

The Global Polycrisis: The Middle East, China, The Indo-Pacific, Russia, Ukraine, and NATO: Polycrisis: A cluster of interdependent global risks create a compounding effect, such that their overall impact exceeds the sum of their individual parts.  The geopolitical players and regions of the global polycrisis (jagged transitiosn, strategies, binaries fractures, major developments, and crucial events) summarized here include: The Middle East, China and the Indo-Pacific, and Russia, Ukraine, and NATO.

Geopolitical Trends

Great power competition introduces new corporate risks, from supply chain disruptions to cyber threats. This competition extends to resources like food, water, and rare-earth elements, with heightened risks surrounding global computer chip supply.

Russian Invasion of Ukraine: Russia’s aggression against Ukraine prompts global repercussions on supply chains and cybersecurity. This act highlights potential threats from nations like China and could shift defense postures, especially in countries like Japan. See: Russia Threat Brief

Economic Weakness in China: China’s economy faces dim prospects exacerbated by disasters, COVID-19, and geopolitical tensions. Amid limited financial transparency, some indicators suggest China’s economic growth is severely stunted, impacting global economic stability. See: China Threat Brief

Networked Extremism: The digital era enables extremists worldwide to collaborate, share strategies, and self-radicalize. Meanwhile, advanced technologies empower criminals, making corruption and crime interwoven challenges for global societies. See: Converging Insurgency, Crime and Corruption

Food Security and Inflation: Food security is emerging as a major geopolitical concern, with droughts and geopolitical tensions exacerbating the issue. Inflation, directly linked to food security, is spurring political unrest in several countries. See: Food Security

Demographic Time Bomb: Industrialized nations face demographic challenges, with a growing elderly population outnumbering the working-age demographic. Countries like Japan and China are at the forefront, feeling the economic and social ramifications of an aging society. See: Global Risks and Geopolitical Sensemaking