The cybersecurity strategies of the Five Eyes alliance are a relevant source of information to understand the coming trends of cyber warfare and cyberterrorism. The Five Eyes nations – Australia, Canada, New Zealand, the United Kingdom, and the United States – are attractive targets for other nation-states due to the members’ economic, military and technological advantages. As the five countries face similar threats online, each Five Eyes government developed its long-term strategy to address the cybersecurity challenges in the future. Therefore, these forward-thinking cyber strategies are good candidates to demonstrate what the future brings regarding cyber warfare and cyberterrorism.
To begin with, each leader of the Five Eyes alliance in 2018 named cyber warfare as one of the emerging threats threatening their respective country. Shortly afterwards, all five members demonstrated their will to act against cyber warfare operations on two occasions. First, the alliance criticised China in 2021 for the coordinated cyber espionage campaign targeting every Five Eyes state. Second, the five states condemned the Russian Federation in 2022 for the series of hacking campaigns against the critical infrastructure of the Five Eyes. Both events illustrate how determined the Five Eyes members are to protect their online space from an enemy state. Offensive attacks are one of the main drivers why each member state developed its cybersecurity strategy.
How Can a Cyber Strategy Predict Future Trends?
What makes cybersecurity strategies of the Five Eyes nations a legitimate source of information about cyber warfare is the extensive research that went into the development of these strategies. First, the strategy of each Five Eyes member was based on an extensive public consultation process. The development of the strategies sought feedback from a diverse range of stakeholders, including academics, technology experts, business leaders, peak groups and government entities.
For example, the Department of Home Affairs (DHA) received 215 submissions for the 2020 Cyber Security Strategy of Australia. The organisations providing feedback for the upcoming policy were cybersecurity firms (e.g. RSA, Cynch Security, KnowBe4), peak bodies (e.g. ISC2, ISACA, AustCyber), universities (e.g. Charles Sturt University, University of Sydney), and government entities (e.g. NSW Privacy Commissioner, CSIRO).
As a result, the Australian strategy was built on a comprehensive analysis of cyber incidents in the past, the current status quo, and the coming trends of the digital world. Therefore, the extensive thought process makes the Australian and any other cybersecurity strategy authentic for predicting future cyber risks and threats.
Second, what also makes the predictions of the cyber strategies accurate is the high expenditures the implementation of the strategies requires. Because a substantial amount of public money is spent over an extended period, the strategies attempt to capture and forecast the future trends in cyber as precise as possible. Therefore, the forward-thinking nature of the Five Eyes cybersecurity strategies makes the predictions solid.
Lastly, the Five Eyes cyber strategies identify a range of adversaries typically associated with hostile operations. For instance, each strategy names nation-states, foreign state-sponsored actors, and proxy actors as adversaries typically involved in cyber espionage and sabotage. These cyber operations are usually attributed to China, Russia, Iran, and North Korea, and they “will play an increasingly vital role in warfare”.
In summary, the extensive consultation process, the high implementation expenses, and the detailed analysis of state-associated actors all make the cybersecurity strategies ideal for researching how the future of cyber warfare and cyberterrorism will look.
Varying Definition of Cyber Warfare
The Western world defines cyberwar as imposing a nation’s will on the enemy. In contrast, states like Russia view offensive cyber operations as a “strategic fulcrum in the exercise of state power, both in peacetime and in wartime”. Likewise, China builds its cyber warfare and espionage capabilities to accelerate military development and achieve economic advantage. Thus, the definition of cyber warfare outside the Anglosphere is different, and cyber-sabotage and espionage are considered military operations in countries like Russia and China. As each Five Eyes state considers sabotage and espionage a threat, their cyber strategies to manage these problems must address the acts of cyber warfare and cyberterrorism.
To conclude, the cybersecurity strategies of the Five Eyes nations provide valuable insight into the future of cyber. Each country faces identical threats, challenges, and enemies in digital spaces. To prepare the nation for tomorrow’s cyber threats, the Five Eyes cyber strategies attempt to provide an accurate prognosis of the emerging threats such as cyber warfare and cyberterrorism. This essay reviews the cybersecurity strategies of Canada, New Zealand, the United Kingdom, the United States and Australia for analysing the future trends of cyber warfare.
Canada’s National Cyber Security Strategy was released in 2018 in response to the ever-changing technology and risk environments. The strategy is based on over 2,000 submissions to the public consultation call from “the federal government cyber community, cybersecurity experts, business leaders, government officials, law enforcement, academics and engaged citizens”. As a result, the Canadian cyber strategy provides a holistic view of the current risks and future trends in cyberspace.
The priority areas of the National Cyber Security Strategy range from the cyber safety of the individuals, through the cybersecurity of private sector businesses, to the cyber-resilience of the critical infrastructure of Canada. In addition, the strategy names individual hackers and insider threats, criminal networks, nation-states, state-sponsored hackers and terrorist organisations as the most significant cyber adversaries of Canada.
Critical Infrastructure Attacks
One of the large-scale incidents affecting critical infrastructure happened in January 2022, when a nation-state attacked Global Affairs Canada (GAC). The GAC is a government department managing diplomatic relations, facilitating international trade, and providing consular support to Canada. Although none of the Canadian officials named the perpetrator of the attack, it was likely related to the ongoing diplomatic tensions between Russia and Canada. The GAC intrusion was discovered just after the Canadian intelligence agency, the Communications Security Establishment (CSE), was raising alarm bells over Russian actors targeting critical infrastructure in Canada. The GAC hack fits into the pattern of state-sponsored attacks against the critical infrastructure of Canada, which includes government, energy and utilities, transportation, healthcare, and six other sectors.
In late 2021, numerous regional healthcare services had to be shut down due to a series of cyberattacks affecting a number of health authorities. The ransomware attack against the health authorities prevented patients from contacting health care centres and emergency services over the phone.
As for other sectors, similar ransomware campaigns paralysed two public transportation companies, one in Montreal and the other in Vancouver. In August 2020, hackers managed to disrupt tax rebates and COVID-relief payments. According to the cyber strategy, the cyber-campaigns like these can cause a serious impact on public safety and national security.
In summary, the recent examples above demonstrate that Canada is under attack by enemy state actors and state-enabled cybercrime groups. The strategy names the theft of intellectual property and the destabilisation of democratic institutions as the primary motivators.
Cyber Warfare Predictions
As for the future, the National Cyber Security Strategy predicts that the various acts of cyberwar to intensify. First, hacking tools are becoming more accessible, while cybercrime is on the rise. In parallel, “critical infrastructure can be controlled remotely, and essential services are managed online”, future cyber incidents have more potential to compromise national security and public safety. Critical services are an attractive target because the attacks can erode trust in the Canadian government and its democratic institutions.
In conclusion, the Canadian government expects a high number of cyber intrusions from a diverse range of malicious actors in the forthcoming years. To prepare for the future war-like attacks against critical infrastructure, the latest strategy mandates the protection of critical government systems and services, in addition to the Canadians’ information held by the federal government. To achieve these cybersecurity goals, the strategy suggests improving the cybersecurity posture of all federal departments and agencies, increasing law enforcement capacities, and deterring state-sponsored cyber adversaries from attacking critical infrastructure.
The New Zealand Government released its latest cybersecurity strategy in 2019, just one year after Canada’s. The key insight of the New Zealand Cyber Security Strategy 2019 is that the number, scope, and extent of threats against the New Zealand cyberspace keep growing in the future. Cyber adversaries with state associations will continue attacking critical services for reasons including intelligence gathering, economic advantage, and destabilisation.
The Main Adversaries of New Zealand
The NZ strategy names two main adversaries posing a threat to the cyber posture of New Zealand: cyber criminals and state-backed actors. The strategy finds that the number of incidents – often associated with cyber warfare – is growing, and the sophistication of attacks is getting more complex than ever. The strategy mentions explicitly how the tools and capabilities of the state-sponsored cyberattackers enable them to “steal sensitive commercial information, to disrupt critical systems and to interfere with democratic processes”.
State Sponsored Espionage
The latest state-sponsored cyber campaign affecting New Zealand was the 2021 Microsoft Exchange Server incident. According to sources, the large-scale cyber-espionage campaign was affecting circa a quarter of a million servers worldwide. The Government Communications Security Bureau (GCSB) of New Zealand had found that the attacks can be linked to Chinese state-sponsored actors known as APT40 or the Hafnium group. The Microsoft Exchange vulnerability allowed the Chinese spies to access Exchange mailboxes even after the software bug was patched. Considering the previous targets of Hafnium, the victims were found to include defence contractors, think tanks and universities. In a nutshell, New Zealand is not unfamiliar with state-sponsored attackers even though the country’s small size and relative isolation.
Attacks Against Critical Infrastructure
Unfortunately, New Zealand is not resilient to ransomware campaigns either. In May 2021, all five Waikato District Health Board hospitals were affected by a ransomware attack associated with an unidentified group. As a result of the disruption of health services, hospitals had to assign their cancer patients to alternative health providers while their IT systems were being restored. Although services were restored a few weeks after the initial intrusion, an enormous trove of documents, including correspondence, medical records, and financial data, were released on the dark web. Experts confirmed that the sensitive information on the dark web belongs to staff and patients of the affected healthcare facilities.
Other notable cyber disruptions of the past were the 2020 distributed-denial-of-service (DDoS) attack against the New Zealand’s Exchange (NZX), the 2021 data breach involving The Reserve Bank, and the Kaseya ransomware attack affecting one hundred kindergartens in New Zealand.
The Future of Cyber Threats
According to the GCSB, about 30 per cent of the malicious cyber activity can be attributed to state-sponsored adversaries. The NZ strategy names “state-sponsored espionage, cyber terrorism, theft of intellectual property from government and critical infrastructures” as the main threats to national security in the cyberspace. The strategy states that today’s cyberattacks can affect government organisations, government and public services, and the private sector. Because of the geopolitical shift, “a greater range of state actors making the most of cyber-enabled tools to steal information, spread disinformation and launch attacks”.
In summary, even though New Zealand is the smallest nation in the Five Eyes alliance, acts of cyber warfare such as cyber espionage and cyber sabotage are not unfamiliar in the country. Recent incidents demonstrate that nation-state actors such as APT40 had New Zealand in their crosshairs, and criminal groups are not ashamed to disrupt the economy, government institutions, and essential services like healthcare. In short, New Zealand predicts a high adversarial activity against essential services, while the consequences will become more severe. The New Zealand Cyber Security Strategy names cyber-resilience as one of the critical priorities for the future.
The UK’s National Cyber Strategy was released in January 2022. The document features the newest threats as it was released two years into COVID-19 and just before the Russian invasion of Ukraine. The strategy is not only the most recent but also the most extensive of the Five Eyes’. It provides a comprehensive picture of the present and future threats to the United Kingdom.
Emerging Threats, Actors, and Motivations
The strategy observes that the COVID-19 pandemic has accelerated the digitisation of services, and as a result, cyberspace has become more complex than ever. For instance, the new remote working arrangements and the growing dependence on technology have changed the risk landscape.
At the same time, the number of enemies of the United Kingdom became larger. The strategy identifies state actors, criminal groups (often sponsored by nation-states), and activists as the main offenders involved in cyber warfare operations. The motivation of these bad actors ranges from espionage, and commercial gain, to sabotage and disinformation.
According to the strategy, what makes the attacks in common is the “significant financial loss, intellectual property theft, psychological distress, disruption to services and assets and risks to our critical national infrastructure, democratic institutions and media”. In other words, the strategy finds cyberspace as an “important arena of systemic competition and the clash of competing interests”.
As for the high-profile events, the strategy names the SolarWinds and Microsoft Exchange incidents as the most significant state-sponsored hostile activity in recent times. The strategy elaborates on how Chinese state-sponsored attackers actively exploited the Microsoft Exchange vulnerability for spying purposes. In a nutshell, the Chinese-led operation affected a quarter of a million servers worldwide and about 7,000 in the UK. The document discovers that the active exploitation was part of a large-scale cyber espionage campaign to steal intellectual property and personally identifiable information. In summary, the strategy concludes that China’s future cyber objectives will most likely shape the UK’s cyber strategy.
The other significant adversary is the Russian state, which is named as the main culprit for the SolarWinds hack in 2020. This cyber warfare operation was a classic supply chain attack allowing Russia’s Foreign Intelligence Service (the SVR) to access email servers across 18,000 organisations over the globe. The strategy finds that a large amount of threat originates from the Russian Federation (apart from China), and most of them are executed by actors associated with government entities.
The two other nation-state adversaries the National Cyber Strategy mentions are Iran and North Korea. The strategy finds they are also involved in theft and sabotage, but their operations are less sophisticated than China and Russia’s.
The Growing Threat of Ransomware
The other notable threat is ransomware operations targeting healthcare services, oil pipelines, schools, and businesses. The strategy recognises that ransomware are as damaging as intellectual property theft and espionage. In the past, the UK witnessed large-scale attacks against public infrastructures, such as the WannaCry and NotPetya campaigns affecting the National Health Service (NHS). A more recent ransomware incident is from October 2020, when the Hackney Council was brought to its knees, costing millions of pounds in damages amidst the worst of the COVID-19 lockdowns. The attack left the council’s online services at a standstill, disrupting benefit payments in critical times.
In conclusion, the strategy points to Russia as the primary source of ransomware activity and a safe haven for ransomware operators. It finds that ransomware had become the most serious threat to the UK in 2021. Secondly, ransomware is expected to become more sophisticated and damaging.
Evolving Challenges of the Future
The National Cyber Strategy 2022 of the UK notes that the digital world keeps expanding, and as a result, the underlying infrastructure and data grow as well. This expansion requires computer systems and services to be more interconnected and interdependent, opening new opportunities for hostile actors. In addition, the future will make critical infrastructures more distributed, bringing further challenges to the UK’s cybersecurity posture. These factors will make it difficult to understand risks and threats, therefore, the digital world will become more vulnerable to attacks.
Also, the strategy expects cyber threats to evolve and diversify. As the number of adversaries keeps increasing, the UK will experience unprecedented cybercrime activity in the future. The Crime in England and Wales survey supports these predictions, as it reports an 85% increase in cybercrime between 2019 and 2021. To make it worse, the high-end cyber capabilities of nation-states are becoming more accessible to criminal groups and proxy actors.
Finally, the strategy explains that state-associated and non-state adversaries will seek dominance in cyberspace. Cyberwarfare is to become an essential part of armed conflicts, and therefore, the UK’s defence capabilities need to match this trend. Shortly after the National Cyber Strategy release, the world witnessed this dominance in action when Russia invaded Ukraine. Before and during the invasion, Russia was launching a high number of cyberattacks supporting real-world military action against Ukraine.
The Five Eyes’ most prominent and most powerful economic power is the United States. In May 2018, the Department of Homeland Security (DHS) released the US Cybersecurity Strategy. In short, the strategy aims to increase the cyber-resilience of government networks and critical infrastructure while lowering the number of adverse cyber incidents affecting the United States.
The Digitisation of Crime
The US cyber strategy points out that the internet has become an essential service in the United States. The delivery of critical services, such as electricity, finance, transportation, water and healthcare, relies on the internet. In parallel to this, nation-states, terrorists, individual criminals, and criminal organisations moved their operations online. The strategy finds that the explosive combination of critical services and the adversaries both operating online represents a growing amount of risk to the United States.
Hostile Actors and Motivations
The DHS Cybersecurity Strategy reports that the adversaries’ motivation is diverse. The main drivers of the actors include “espionage, political and ideological interests, and financial gain”. Firstly, the strategy ascertains that the sophistication of the state-sponsored actors is high. Secondly, the capabilities of the non-state adversaries are on par with nation-states.
The strategy names criminals as the other source of the cyber threats. To begin with, crime groups can operate outside North America, out of reach of the US authorities. Also, the strategy names a special category of criminals: proxy actors. In this group, we find private sector companies, criminal groups, and hackers acting on behalf of a nation-state. Proxies are employed to avoid the real instigator being implicated in a cyberattack or allow a state to claim plausible deniability when the actors are caught. The US strategy found several large-scale cyber operations in the past involving proxy actors.
The US Threat Landscape
The number of threats is growing, as the cyber strategy found a 10-fold uptick in cyber incidents affecting US federal systems between 2006 and 2015. By 2015, the US experienced several high-profile intrusions through cyberspace. The strategy highlights the 2015 Office of Personnel Management (OPM) data breach, which involved the theft of the personal details of 22 million people. The attack was later found to be associated with state-sponsored attackers working for the Chinese government. The strategy mentions the 2015 Ukrainian power grid hack and the WannaCry and NotPetya ransomware campaigns between 2016 and 2017 as state-affiliated attacks on a similar scale.
Apart from espionage, the strategy recognises ransomware as the other source of a significant threat. One of the significant ransomware attacks against critical infrastructure was the 2021 Colonial Pipeline attack, in which the pipeline had to be shut down for the first time in its 57-year history. Experts found that the ransomware campaign was associated with the Darkside ransomware group based out of the Russian Federation. Although Darkside is not a state entity, the group is a proxy actor as the local authorities rarely prosecute hacking groups operating from Russia.
The strategy elaborates that critical infrastructure is essential for national security, public health and safety, and economic security of the United States. Unfortunately, the risks are changing for the worse due to the accessibility of hacking tools and the relatively low cost of ransomware attacks. Moreover, the dark web provides a low-risk marketplace for ransomware kits and stolen goods. This mix provides a fertile breeding ground for further ransomware activity in the future.
In conclusion, the strategy predicts increased state-sponsored and state-affiliated cyber activity against the United States. These activities include acts of cyber warfare, such as cyber espionage and cyber sabotage of US government systems and services and critical infrastructure.
The Cyber Security Strategy of Australia was released in August 2020. The document reveals that both the scope and the sophistication of the cyber threats to Australia will keep elevating due to the growing reliance on the internet. In short, the threats in the cyber world are increasing due to the hostile nation-state, state-sponsored actors, and criminal activity. The strategy anticipates nation-states to continue attacking government and critical infrastructure providers and stealing intellectual property in the future. The strategy finds that the cyber threat environment is worsening, and the increase in cybercrime is outpacing Australia’s ability to respond.
Nation-State Adversaries and Motivations
The strategy names nation-states and state-sponsored adversaries as one of the greatest threats to Australia’s cyberspace. According to the document, the adversaries’ goals include cyber espionage to “compromise networks to obtain economic, policy, legal, defence and security information for their advantage”.
In addition, the strategy finds that nation-states and state-sponsored actors are also determined to disrupt or destroy through cyberspace either in peacetime or as part of a real-world conflict. What makes these threat actors in common is their sophistication and resourcefulness. The strategy infers that cyber espionage and cyber sabotage intentions could negatively affect Australia’s national security and prosperity in the future.
In addition to nation-states, the other significant threat actor is the financially motivated criminal. According to the strategy, crime groups can not only damage private businesses but also threaten the economic interests of the Australian Government.
What makes these actors more dangerous than ever is the accessibility of the advanced ransomware toolkits. Second, the dark web allows the criminals to trade these complex hacking tools and the stolen information in anonymity. Third, the strategy mentions that the bar to getting into cybercrime is very low. In summary, criminals with low technical knowledge can easily purchase malware toolkits and services safely on the dark web and operate their ransomware campaigns against the unsuspecting public.
Critical Infrastructure Under Attack
According to the Australian cybersecurity strategy, 35.4% of the victims between 2019 and 2020 were government entities. Furthermore, another 35% of the incidents were associated with critical infrastructures like healthcare, education, finance, utilities, and transport. The strategy concludes that cyberattacks like these harm the economy and the “Australian way of life”. The strategy finds that Australia is vulnerable to attacks against critical infrastructure, and the only reason a major incident did not happen is that Australia “has been lucky”.
To summarise, the Australian cyber strategy acknowledges that further protection of businesses, essential services and critical infrastructure is required to match tomorrow’s cyberattacks. The strategy expects an increase in the complexity of hacking tools while they become more accessible to the enemies. Nation-states, state-sponsored and proxy actors and cybercrime groups are named the most significant hostile actors.
The cybersecurity strategies of the Five Eyes nations provide a candid insight into the future of cyber warfare. These strategies were developed after extensive public consultation and research, making the findings and predictions well-researched and objective. All five strategies anticipate nation-states, mainly Russia and China, increasing their cyber warfare activities. In addition, the competition of nation-states and the clash of ideologies will intensify cyber sabotage and cyber espionage operations.
All strategies found that Russia is responsible for most destructive attacks, such as ransomware campaigns, while China takes a low-key approach with covert cyber espionage operations. On the one hand, Russia relies on cyber warfare to exercise state power, for instance, in military actions like the recent invasion of Ukraine. On the other hand, China relies on state-sponsored hacking to boost its military capabilities and overcome economic underdevelopment. Although North Korea and Iran are also known for similar war-like activities, the cyber strategies expect China and Russia to dominate cyberspace.
The known adversaries include nation-states, state-sponsored actors, and criminals acting on behalf of the hostile country. The blurred distinction allows nation-states to employ criminal groups as proxy actors to deny the state’s involvement in illegal activities.
On the victim’s side, the number of potential targets is growing. Critical infrastructure, essential services, government institutions, and businesses are going online and getting more sophisticated day by day. The online exposure and complexity increase the overall attack surface and open new opportunities for hostile actors. According to the analysed cybersecurity strategies, each Five Eyes country will invest in the cyber-resilience of their digital spaces to resist the cyber warfare attacks of tomorrow.
Cover photo: The Register