The geopolitical cyberwar between Iran, China, North Korea, Russia and the liberal democracies is about to get very sophisticated
The new year is a time for reflecting on the old and considering the new. In cybersecurity, this leads to a prediction-fest where vendors tell us what to expect over the next 12 months.
But to really understand what is likely to happen, we need to examine not what happened over the last year, but what has been bubbling under the surface. From there we can assess how the criminals are likely to respond in their drive for either money or political advantage.
2019 was dominated by a global rise in geopolitical tensions between China, North Korea, Iran, and Russia and the liberal democracies. This is a war being fought economically and in cyberspace, and it is likely to increase throughout 2020.
In cyber, this means increased efforts to disrupt public opinion and affect elections – especially, of course, the U.S. presidential election – and increased efforts to steal western intellectual property and money.
But the adversaries have slightly differing motives. Iran and North Korea seek to punish the West for real or imagined slights. With tensions heightened, Iran may feel justified and motivated for cyberattacks on America. Russia seeks to weaken the West. China, however, seeks to learn from, emulate, and overtake the west both economically and militarily. In all cases, there is a blurring (and sometimes an elimination) of lines between the elite criminal hackers and the state hackers. Both benefit. The state acquires increased expertise while the criminals get access to resources and state protection.
The effect in 2020 will be an increase in sophisticated attacks by the world's elite hackers. Russian attacks will be disruptive; on the one hand seeking to sow discord within western populations, and on the other hand testing its cyber weapons. Iranian and North Korean attacks are likely to be noisy and dramatic – these two countries have little to lose either economically or in public opinion.
But the Chinese attacks are likely to be the most dangerous. China is playing a long game. In the Chinese philosophy and culture, it doesn't matter if it takes 100 or more years to succeed. These attacks will be less dramatic as China seeks to infiltrate western companies, steal military and technology secrets, dominate western economies, and learn how to disrupt critical industries. There are rumors, for example, that China is intercepting and storing massive volumes of secret encrypted telecommunications, waiting for the time it can decrypt everything through the power of quantum computers. We may not even hear about the majority of China’s attacks.
The two big technology developments were the proliferation of wireless connected devices (IoT) and the emergence of drones. Neither were new to 2019, but both reached a tipping point during the year.
The growth of IoT devices in the business world is being driven by business transformation, sometimes known as Industry 4.0. This process will gather pace through 2020, and the use of IoT will increase accordingly. Many new IoT devices will be manufactured in China; and even when they are designed and assembled in the West, the components will still mostly come from China.
There are two primary threats. The first is to the supply chain. There is the potential for hidden backdoors that can be exploited in the future, or methodologies for sending data back to the country of origin. The second is a more widespread lack of security. Whenever there is a burgeoning market, manufacturers rush to get new products to that market. And when they rush, security gets forgotten.
The result in 2020 will be an increased targeting of IoT devices by both nation-state and criminal hackers. This will apply to business IoT, smart devices in the home (such as cameras and routers), and personal devices (such as watches and activity trackers).
We should not forget that self-driving vehicles are effectively local collections of many IoT devices. The potential for hijacking smart cars has been frequently demonstrated in the past. As driverless vehicles – especially driverless trucks – take to the road, we will undoubtedly see attempts to hijack them.
Drones, like IoT devices, are not new. 2019, however, saw them transition from specialty to commodity items. At the lowest level, their nuisance and privacy intrusion activity will boom. Thousands of people have received low cost drones with cameras this Christmas, and many will be used to snoop on friends, neighbors, and strangers.
Higher up the criminal chain, drones will be equipped with Raspberry Pi computers and Wi-Fi sniffers to intercept and listen in on telecommunications. These will be listening for sensitive information and for credentials to access corporate networks.
Activists will also use drones to disrupt events or to make a political point – such as flying into commercial airspace to protest environmental pollution. At the opposite end of the same purpose, law enforcement agencies will use drones with facial recognition capabilities to monitor suspects and disrupt criminal activity.
Activist use is a short step from terrorist use. In September 2019 a successful drone attack against Saudi oil facilities was almost certainly directed by Iran. While this attack involved nation-state support, the use of drones as a weapon is no longer beyond the reach of even small terrorist groups. This is a danger that will grow throughout 2020.
Here, the standard prediction will be correct – there will be more malware throughout 2020. Nevertheless, three areas will be noteworthy:
AI has so far been seen as the great hope for cybersecurity. In the future, it will also be used as a weapon by cybercriminals. In future years it will become a major threat, but it has already started and will increase through 2020 in two significant ways:
Cybersecurity insurance has been around for about 10 years but is only now beginning to gain a serious foothold. While this should, in theory, be a safeguard rather than a threat, it will affect the security landscape in ways we cannot yet imagine. The main cause for this is its expected growth – it has the potential to become a larger industry than the entire existing cybersecurity industry. The question then will be whether the larger industry will refrain from dictating to the smaller industry.
While the cybersecurity industry is focused on defeating cyberthreats, the insurance industry will focus on minimizing losses. Today it does not dictate whether clients should or should not pay a ransom. This is unlikely to continue. When the insurer believes that it will be cheaper to pay the ransom than pay for recovery from encryption, it will do so. What then for the criminals? It will become a question of mathematics – criminals will be encouraged to cause more severe damage in the expectation that the insurer will pay.
Predictions are a balance between what is happening and what could happen, influenced by underlying factors. The influencing factors here are geopolitics, globalization, business transformation, artificial intelligence, and new technology. Against this background, criminals seek to make money while nation-states seek information and political advantage. We’ve looked at some of the ways they are likely to do this in 2020, but the reality is that they will always come up with new ways and new weapons to do so. Those we cannot predict.
Real war has come again to remind us that cyberwar, for all its terrors, is not yet on par with the damage done to flesh and family by bombs and bullets.
The rise of online tribes requires new strategies for countering the spread of misinformation. This is because your entire identity is wrapped up in a tribe and once you're a member, leaving can come with dire consequences.