Between 2009 and 2018, there was a 440% increase in documented global cyber warfare attacks. Within this period, over 50 countries experienced politically-motivated cyberattacks. Apparently, that was just the beginning!
From Estonia to the United States, the global landscape has witnessed critical and trajectory-altering cyber threats. How severe can cyber threats be? Is the world ready for a cyberwar? Where do we go from here?
Nothing is unhackable
The Microsoft Exchange Server hack was one of the most significant cyberattacks in 2021. It affected an estimated 250,000 servers and breached the data of at least 30,000 Microsoft customers. It was later discovered that the attack was perpetrated by Hafnium, a Chinese government-sponsored hacking group. While the motive is thought to be solely spying, some experts believe there may be more to it. In the same year, Estonia also had a similar experience. A hacker obtained over 280,000 personal identity photos following an attack on the state information system. The offender was quickly caught, and the stolen data was confiscated.
According to Florian Marcus, former digital adviser at the e-Estonia Briefing Centre, “the more honest proposition is that nothing is unhackable. Paper files can be edited, replaced, copied, and destroyed forever, and on a fundamental level, the same is valid for digital formats.” This he stated in the January 2021 edition of e-Estonia’s Speakers’ Corner. It seems being aware of this has made most progressive states and organisations 24/7 alert and radically innovative.
Estonia’s 2007 cyberattacks, a crucible for all
After experiencing what was, at the time, the most massive politically-motivated cyberattacks on a state, Estonia realised the need for heightened cybersecurity. The country adopted a wide range of national cybersecurity strategies to strengthen its digital security walls. It partnered with several companies from the private sector to build secure systems for public use, set up a secure data centre to house digital systems’ backups in another country, became an early adopter of innovations, invested in digital awareness campaigns, and also started pushing for more international cooperations with cybersecurity-focused organisations.
The state continues to update its strategies and infrastructure to stay ahead. Unsurprisingly, Estonia currently ranks 3rd on the Global Cybersecurity Index (GCI), an index that reviews 193 countries’ commitments to cybersecurity. Over a decade since the 2007 cyberattacks, other nations continue to reference the incident and what can be learnt from it. In his keynote speech at the “Working Together towards the Future of Cyber Security in South-East Asia” conference held in conjunction with the Defence Services Asia (DSA) and National Security Asia (NatSec) 2022 exhibitions earlier in March, Malaysia’s Minister of Home Affairs, Datuk Seri Hamzah Zainudin Hamzah emphasised the need for a safe and secure cyberspace.
“We must collectively learn from experiences, such as the Estonian cyber attacks in 2007 or the Ukrainian power grid attack in 2015. The act of cybercrimes disrupting our digital economic sectors poses a threat to our national well-being and must be dealt with at all costs,” he said. It is worth knowing that Malaysia ranks as one of the most digitally competitive and cybersecurity-committed countries globally.
Ready for a cyberwar?
While widespread cyberattacks could have varying motivations and might be perpetrated by a private or public entity, the basis and perpetrator of cyberwarfare are defined. States or their proxies wage war through coordinated cyberattacks against other states with the explicit intention of damaging their infrastructure. This, precisely, Ukraine’s digital infrastructure faced hours before being physically invaded. “Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure,” Brad Smith, Microsoft’s President, revealed in a public statement on the company’s website.
It was quickly discovered that the attack was aimed at dismantling Ukrainian public services and financial entities. Nonetheless, against all odds, Ukraine’s digital infrastructure still stands resiliently! How? The answer to that is rooted in its design. According to Peeter Vihma, “Ukraine has a lesson to teach us all.” Faced with a similar situation, can your state or company’s digital infrastructure stand strong, or will it immediately collapse?
Solidarity in times of crises
The war against Ukraine has shed light on some of the strengths and weaknesses of nations and organisations in the global landscape today. One of the major strengths has been the earnest display of solidarity. Thousands of states, organisations, and individuals are openly supporting Ukraine, even with the social and economic threats associated with doing such.
But beyond that, one of the biggest concerns in the face of the Russian invasion and standing in solidarity with Ukraine is that Russia could decide to wage cyber warfare against European nations and others getting involved as it had warned. On the one hand, both the European Union and NATO indicate that nothing recently suggested an increase in threat activity against their member countries.
On the other hand, Gert Auväärt, Deputy Director of the Information System Authority (RIA), revealed at a press conference that “Estonia’s cyber threat level has risen following Russia’s invasion of Ukraine and the cyber warfare efforts accompanying it.” He added that nations that supported Ukraine and were party to the sanctions imposed on Russia are additional cyber attack targets from both the Russian state and pro-Russian criminal groups. Regardless, beyond the humane standpoint (loss of lives and property in Ukraine), given the consequences the outcome of this war spells for international order, can any state afford to be neutral?
Where do we go from here?
While the European Union, NATO, and other major organisations continue to work hard to strengthen the security walls of members, defend them and protect the world at large, states, organisations, companies, and even individuals all have a part to play in this. At the state level, governments need to ensure that their infrastructure is solid enough to stand firm even in the face of unforeseen occurrences, vulnerabilities must be swiftly discovered and patched, and an around-the-clock cyber-watch needs to be enforced.
Organisations, private firms, NGOs, and even individuals can also go the extra mile to research and train on cyber defence and bring innovations to life in this sphere. Already, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) contributes substantially, but there could be more from other angles, primarily through collaborations. What can the regular people do in all these? The starting point might be paying more attention to news and news sources to separate genuine information from propaganda, thereby limiting the spread of misinformation.
Co-author and postgraduate student