The digital changes that are rapidly occurring today have had profound effects on life as we know it as a whole. Most of the economic, commercial, cultural, social, and political activities, whether between individuals or governmental or private institutions, are now being carried out in cyberspace and through the Internet.
This has led to the acceleration and intensification of information exchange, to the extent that cyberspace has become one of the fields of competition and conflict between international powers, and a place for confrontations between ideas and wills, with hackers infiltrating computers and launching attacks in an attempt to either block, alter or steal data.
Given that cyber-attacks occur through the control of computers, information, electronic networks, and information infrastructure, they are no less dangerous than conventional wars in terms of the threat they pose, the size of the destruction they can cause, as well as the speed of their occurrence and range, as they are usually carried out in ways that are often difficult to trace.
In this study, we will try to shed light on the nature of cyber-attacks and identify the cyber competition between countries to develop their capabilities in cyberspace, or carry out a proactive response or counterattacks, by explaining the potential and capabilities of some countries, including the United States of America, China, and other countries.
What are cyber-attacks?
A cyber-attack is defined as an electronic attack carried out by a computer via the Internet or different types of digital communications, to change or disable programs, destroy data, steal information, or hack control and command systems to cause damage to the systems, programs, and devices of the targets and disrupt their work.
Thus, a cyber-attack targets computer information systems and networks, including personally identifiable information, email addresses, customer financial details data such as credit card data, intellectual property such as trade secrets or product designs, access to information technology infrastructure, and sensitive personal, governmental departments, and agencies’ data.
Cybercriminals can utilize a variety of attack vectors to launch a cyber-attack including malware, phishing attacks, and ransomware.
Referred to as cybercriminals, these individuals can act alone or in cooperation with other attackers, or belong to an organized criminal group, trying to identify weaknesses or problems in computer systems and exploit them to achieve their goals.
Different motives for cyber-attacks
There are different motives behind the launch of cyber-attacks, as some seek to achieve personal or financial gain, while others are carried out by “cyber activists” for social or political reasons, or as part of the cyber-warfare operations carried out by countries against their opponents, or launched by known terrorist groups, or as part of espionage operations against countries and institutions.
Therefore, cyber-attacks became “weapons” that allow those who use them to inflict massive and long-term damage equivalent to sabotage or bombing and amounts to an act of war.
Such complicated attacks on infrastructure require preparation, planning, resources, and the development of existing skills.
In addition, institutions and organizations face a global shortage of cybersecurity experts, and the increase in the number of the global workforce in the field of cybersecurity, from 3.5 million in 2020 to 4.2 million in 2021, was not enough to fill the gap, and there are still 2.7 million vacancies left in this field.
Cyber competition and international powers
Today, the cyber confrontation between countries is intensifying in light of the intersection of interests and competition to enhance international standing.
From a military and intelligence perspective, some countries have capabilities that enable them to launch destructive cyber-attacks, which raises fears that it will turn into a comprehensive conflict at a certain moment between two or more countries. Especially given the increase in the frequency of such attacks and the expansion of their impact, in light of the fact that many countries possess cyber national structures capable of carrying out a preemptive or counter attack.
In the same sense, governments of different countries put cybersecurity at the center of their national security strategies, with the intention of enhancing their ability to compete in an ever-evolving digital world, apply appropriate guidelines for safe use, and coordinate cooperation among everyone in cyberspace at the level of individuals or public and private institutions.
Jean-Luc Weiss, Head of Security at the World Economic Forum and former Director-General of the Federal Police Office in Switzerland believes that cyber-attacks pose a very serious threat to the state of the world, explaining “The digitization of society has brought progress and empowerment, but it also has a dark side: Cybercrime and electronic warfare”.
A cyber-attack directed at a country can lead to several consequences, perhaps the most important of which are:
•Overthrowing the regime or threatening its national security.
•Preparing for the start of conventional warfare in the near future.
•Carrying out sabotage operations in vital sectors that affect the lives of the population.
•Damaging or undermining political and international relations.
•Causing several human injuries or endangering public health and safety.
•Spreading internal chaos and widespread turmoil.
•Undermining public confidence in religious, political, national, and ethnic beliefs.
•Causing serious damage to the national economy.
•Causing widespread destruction or disruption to the performance of national electronic assets.
With such attacks on the rise in the cyber field, the question becomes whether or not countries are ready to confront and address the issue of electronic warfare.
Here, we highlight some countries that have advanced cyber programs with military aspects, including but not limited to: the United States, China, Russia, Israel, the United Kingdom, North Korea, and Iran.
United States of America
The country that has the most cyber and military capabilities, is the United States, it has a unified cyber command called the cybersecurity and infrastructure security agency, which is based on the National Security Agency’s strategy or five-year plan for 2018.
The US Cyber Command relies on five basic components: Army Cyber Command, Cyber Fleet Command, Air Force Electronic Command, Marine Corps Electronic Command, Coast Guard, and National Guard units, these include about 133 cyber teams that carry out various tasks in the field of cyber security and protection.
The US cyber strategy is based on the principle of “advanced defense”, so some view US cyber power as an offensive force, based on integrating technological capabilities in all stages of its operations.
In 2003, China began implementing “Project Golden Shield”, a program of internal surveillance and internet censorship that has become known as China’s Great Firewall, to exercise sovereign control.
In 2009, China attempted to ban some US software applications (such as Facebook, Twitter, and YouTube) because of conflicts with censorship laws.
China’s first national cyber security strategy was published in 2016 and backed by China’s first cyber security law in 2017. The strategy outlined 9 core tasks, focusing on sovereignty and strengthening cyber defense.
According to the US Department of Defense, Beijing is interested in developing methods of cyber warfare that rely on artificial intelligence technology, and reports indicate that China may already be using artificial intelligence in the fields of military robots and missile guidance systems, as well as aerial and naval drones.
For its part, China continues to strengthen its cyber capabilities and has become a pioneer in many categories of this field, especially those related to electronic surveillance; it has also surpassed the power of the United States of America in trade.
The United Kingdom
The National Cyber Security Center (NCSC) is the parent organization that oversees the UK’s cyber activities, providing advice and support to the public and private sectors on how to avoid cyber threats, as well as the Center for Cyber Assessment (CCA), the Computer Emergency Response Team in the UK (CERT UK) and The Internet-related responsibilities of the National Infrastructure Protection Center.
The British government has already announced its new strategy to consolidate the UK’s position as a global cyber power, enhance defensive and offensive capabilities, expand the research capabilities of the National Cyber Security Center, and strengthen offensive policy measures to better equip the army and police to take the fight to Cyber threat actors.
Russia established the Internet Research Agency, AKA the “Army of Trolls”, affiliated with the Russian Federal Security Agency, which includes thousands of employees, and annually allocates about (300) million dollars from the Russian defense budget. The tasks of the Russian cyber army are as follows:
•Carrying out espionage operations on opponents.
•Launching cyber-attacks that cause damage to the infrastructure, economy, and government sites of hostile foreign countries.
•Waging information wars in the media and social networks, by hacking accounts and e-mails, creating fake accounts on the international information Network, and opening thousands of fake accounts on social networking sites such as (Twitter, Facebook, and others), to respond to thousands of comments and articles, spreading rumors and blurring the facts in an attempt to support the Russian position and direct public opinion against opponents.
Pyongyang’s cyber-warfare capabilities came to prominence internationally in 2014, when it was accused of hacking entertainment company Sony Pictures, in retaliation for its broadcast of “The Interview”, a sarcastic film about the North Korean leader Kim Jong-un, and the attack resulted in the publishing of a large collection of movies as well as classified documents.
North Korea is also accused of being behind several major cyber-attacks, including the theft of $81 million from the central bank of Bangladesh, and the WannaCry ransomware attack, which affected countries around the world in 2017, and penetrated about 300,000 computers in 150 countries.
In its 2021 Annual Risk Assessment Report, the United States acknowledged that North Korea “may have the experience to cause temporary and limited disruption of certain critical infrastructure networks” across the United States.
The report said North Korea’s cyber program “poses an increased threat of espionage, theft, and attacks,” according to the document released by the Office of the Director of National Intelligence.
Pyongyang’s powerful electronic warfare unit includes 6,000 members, known as “Boro 121” (Office 121), it is active in several countries, including Belarus, China, India, and Malaysia, according to a US military report published in July 2020.
Tehran has advanced cyber capabilities and is operating within a national strategy, which has established a number of government agencies, military, and intelligence entities that carry out cyber-attacks.
Iran tested these capabilities against a group of US banks, and Iranian hackers have great access to cyber networks and the cyber black market.
Iran has a huge network of people online that has been taking shape since 2008, its operations have targeted dozens of countries, and the IRGC has run an extensive program of cyber activities since Ahmadinejad’s second term in office when he began recruiting professionals for his cyber force.
The Rana Institute for Intelligent Computing, an organization operating under the Iranian Ministry of Interior, also conducts espionage operations and develops cyber tools to help it access a variety of foreign countries’ infrastructure, as well as monitor the content submitted by citizens inside and outside Iran.
The Iranian cyber program supports a group of proxies and affiliates, making it difficult to connect cyber-attacks to Tehran, which could increase the pace of their cyber activities against American targets.
The Israeli National Cyber Defense Authority was established in 2016, directly under the Prime Minister. Its main function is to manage, operate, and implement all defense and operational efforts in cyberspace, which enables a complete and lasting defensive response to cyber-attacks, including dealing with cyber threats and cyber incidents in real-time, formulating an assessment of the current situation, gathering and auditing intelligence, and working with relevant institutions.
In June 2015, an independent cyber branch was established to lead the defensive and offensive activity of the Israeli army in cyberspace, as the Israeli army assumes responsibility for leading the state’s cyber defense in wartime.
Cyber-warfare is based on independent Israeli capabilities, combining local innovation with global technologies. Israel’s approaches also incorporate the 3 original requirements of Israel’s traditional concept of national security:
Deterrence: Advanced cyber capabilities can be an effective way to deter Israel’s enemies. One example of this was Operation Stuxnet, attributed to the United States and Israel, which resulted in the disruption of Iranian centrifuges.
Early warning: Relying on advanced cyber technologies to gather accurate information about the opponent’s intentions and plans as well as prevent access to their databases at the same time.
Thus, Israel’s security services can provide the defense establishment with effective warnings about the opponents’ intentions to take the necessary measures against them at the right moment.
Decisive operational victory: using its advanced cyber tools, the Israeli army can gain an advantage in combat, enabling it to tip the scales of battle to its favor. For example, during the 2007 attack on the Syrian nuclear reactor, which has been widely attributed to Israel, Syrian radars were disabled by a hostile code that appeared to be transmitting normal signals, enabling the Israeli Air Force to penetrate the Syrian airspace undetected and to target and destroy the nuclear complex completely.
In conclusion, cyberspace has become a part of international interactions after threats have expanded and cyber-attacks increased dramatically, not to mention the increase in the number of parties in this field, which has had repercussions of multiple dimensions in terms of the nature of damage to infrastructure, destruction of information wealth, as well as spreading chaos and instability.
» By: Dr. Huda Al-Nuaimy (Senior Fellow /TRENDS Research and Advisory)