GEOPOLITICS' ROLE IN CYBER SECURITY AND STRATEGIC IMPACTS

To navigate the challenge of cyber threats successfully in 2021, leaders in both Silicon Valley and Washington must understand that cyber attacks can no longer be perceived through the lens of technical, financial, and legal implications alone. Multinational corporations, particularly US tech companies, are not insulated from national security issues. Both public and private sector leaders need intelligence about how geopolitics is likely to shape the cyber threat landscape, taking into account the clear political, social, and cultural dimensions that are essential to any effective, comprehensive cyber preparedness plan. As in other areas - economic, supply chain, physical security - understanding geopolitical trends and influences can help organizations predict and prepare for serious cyber threats before they happen.

At the beginning of 2020, climate change as an international political issue was on track to continue its upward trajectory on the priority list for national leaders and multilateral institutions, spurred on by an extensive series of extreme weather events, scientific developments, and growing pressure from the world's youth. However, the emergence of the black swan event that is the COVID-19 pandemic, and the fiscal measures implemented in response, coupled with historically low oil prices, accelerated calls for channeling government resources toward sustainability initiatives with unprecedented urgency. Because information is power, businesses can be targeted with systematic industrial and economic cyber espionage campaigns by national adversaries just as easily as governments. Theft of trade secrets, proprietary data, and intellectual property safely stored in the private sector can compromise national security, military capabilities, and economic prosperity. As a natural result, despite not being officially public servants, corporate CEOs are constantly faced with decisions that have obvious impacts on national security and the global geopolitical landscape.

Following are a few recent examples of private entities being targeted by state-sponsored cyber operations:

On December 8, 2020, the American cybersecurity firm FireEye announced that its systems had been hacked by "a nation with top-tier offensive capabilities," signaling the start of history's most significant cyber espionage campaign. The hacking campaign, which has now been formally blamed on Russia, was conducted secretly by installing malware through SolarWinds Orion, a trusted US-based IT company's third-party software application. Numerous US government bodies and three-quarters of the Fortune 500 corporations are one of the 18,000 global customers of the software. Microsoft, for example, identified more than 40 of its customers around the world as having been deliberately targeted by the hack. Eighty percent of the casualties are in the United States, with the other fatalities scattered throughout seven countries: Canada, Mexico, Belgium, Spain, the United Kingdom, Israel, and the United Arab Emirates.
In November 2020, cyberattacks originating in North Korea and Russia targeted seven pharmaceutical businesses undertaking COVID-19-related research in the United States, Canada, France, India, and South Korea. Chinese government hackers were previously "seen attempting to identify and illicitly collect valuable intellectual property (IP) and public health data" in May 2020. [US] networks and personnel involved with COVID-19-related research provided data on vaccines, treatments, and testing."
Beginning in early May 2020, the Vatican and the Catholic Diocese of Hong Kong were targeted by the suspected Chinese state-sponsored group RedDelta ahead of the anticipated September 2020 renewal of the landmark 2018 China-Vatican provisional agreement, a deal that reportedly gave the Chinese Communist Party more control and oversight over the country's historically persecuted "underground" Catholic communists.
Between January and March 2020, APT41, a dual-hatted cyber-terrorist group that carries out both Chinese state-sponsored espionage and financially motivated activity that is theoretically outside of state control, attempted to hack targets in the following industries: banking/finance, construction, defense, government, healthcare, technology, higher education, legal, manufacturing, media, non-profit, oil & gas, petrochemical, pharmaceutical, real estate, and telecommunications. Customers in Australia, Canada, Denmark, Finland, France, India, and the United Kingdom, Italy, Japan, Malaysia, Mexico, the Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States are just a few of the countries represented.

Cyber security threats will continue to rise in 2021 for one key reason: nations find cyber attacks appealing because proving attribution is often difficult, if not impossible. Targeted countries are unlikely to retaliate with kinetic action, and there is no international framework in place to prevent or prosecute such activities. Furthermore, the Global Power Competition between the United States, Russia, and China is essentially a digital Cold War, manifesting as both an international race for technology dominance and espionage directed at one's opponents via a combination of digital influence operations and data theft.

However, it is crucial to recognize that geopolitics has a significant impact on cyber security in businesses of all sizes. The term "geopolitics" should be avoided were targeted in the attacks.

Italy, Japan, Malaysia, Mexico, the Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States are just a few of the countries represented.

However, it is crucial to recognize that geopolitics has a significant impact on cyber security in businesses of all sizes. The term "geopolitics" should be avoided.

This tendency has the potential to blur the distinctions between nation-states and the criminal gangs to which they often outsource their cyber operations to maintain their deniability.

Nation-states can also manufacture or buy the tools needed to launch sophisticated cyber attacks with the help of private-sector technology corporations. The NSO Group, established in Israel and currently involved in litigation in the United States, is one such case. NSO developed the Pegasus app, which it sold to governments. The program could be loaded on a smartphone simply by making a WhatsApp call to it; the device's owner didn't even have to respond. Over 100 incidents of NSO abuse have been found by Citizen Lab, a research lab at the University of Toronto.

"If someone thinks their firm isn't at risk, I urge them to look at where their pings are coming from," Madhu Maganti.

At ABIP Advisors, he is a partner and a cyber security expert. "Without a doubt, Ukraine, Iran, China, and North Korea will be on the list." "Nation state-driven attacks are significantly more complex and frequently more harmful than opportunistic hacking attempts," Maganti continued, "since nations have vast resources and know exactly what information they are seeking."

Like a complex tartan, the cyber threat map is intertwined. It's just as crucial to be able to predict when Iran will feel squeezed and lash out, or which autocratic leader would turn the internet off in a country as political tensions grow, as it is to make sure corporate information is transmitted safely. The key to properly addressing this dilemma is to use a multi-pronged approach that includes geopolitical trends as a significant component of protecting your company's firewall and overall risk. As technology continues to spread throughout developing countries, (Internet penetration in Africa was around 40% in March 2020, falling behind the global average of 63%), the geopolitical dimension of cyber security will only grow in importance.

To successfully negotiate the problem of cyber threats in 2021, leaders in Silicon Valley and Washington must recognize that cyber attacks cannot be viewed solely through the perspective of technical, financial, and legal ramifications. Multinational enterprises, particularly those in the United States, are not immune to national security concerns. Both public and commercial sector leaders require information on how geopolitics is expected to affect the cyber threat picture, taking into consideration the distinct political, social, and cultural components that are critical to any effective, comprehensive cyber preparedness strategy. Knowing geopolitical trends and effects, like understanding the economic, supply chain, and physical security trends and influences may help firms predict and prepare for severe cyber threats before they materialize.

Climate change as an international political issue was on course to continue rising on the priority list for national leaders and multilateral organizations at the start of 2020, fueled by a slew of catastrophic weather occurrences, scientific breakthroughs, and mounting pressure from the world's youth. However, the appearance of the COVID-19 epidemic, as well as the fiscal measures enacted in response, combined with historically low oil prices, has spurred calls for government resources to be channeled toward sustainability efforts with unprecedented urgency.