Cyber subversion, the online propaganda and hacking that deliberately attempts to undermine the authority of political leaders, poses the greatest threat to state stability, according to GlobalData.
While it is not actively destructive, cyber subversion requires the least technological competence to implement and maintain, and is not typically considered when developing deterrence capabilities and cyber policies.
Emilio Campa, Thematic Analyst at GlobalData, comments: “When discussing cybersecurity, traditional threats such as data theft and operational disruption come most readily to mind. However, these types of attacks require high levels of organization to implement and maintain, as well as a certain level of technical competence. In contrast, cyber subversion exists over extended periods on the internet with minimal upkeep. If successful, it can undermine trust in the authority and competence of political leaders.”
An obvious example of cyber subversion was Russia’s role in the 2016 and 2020 US presidential elections. The goal was to undermine support for the democratic process and denigrate the Democratic Party’s candidates. In some US states, a small change in voting behaviour is enough to affect the ultimate outcome, and subversive action can cause that change. The various disinformation campaigns around the recent vaccine rollouts are also an example of attempts to undermine faith in government-backed operations.
Campa continues: “States must wise up to this type of threat, as the subversive potential of cyber operations has been realized. Espionage, sabotage and subversion have been conventional tactics in physical combat for thousands of years: Knowing what your enemy knows, taking out their key infrastructure, and undermining their political system have always been favoured strategies for defeating opponents. These tactics have now moved into cyberspace, and it is the cyber threat that requires the least technological competence to implement and maintain.”
The range of possible attacks has only grown with the interconnectedness of the Internet of Things (IoT).
Campa continues: “Everything is connected now, meaning companies have additional potential weaknesses that need constant defence. All attackers need to do is find one small gap that has been left unguarded in these increasingly vast networks. Further, in this globalized era, subversive cyber initiatives can come from anywhere. These campaigns can be reactive to current events in a way traditional cyberattacks cannot. They also require less technological power and understanding to implement and can be combined with other cyberattacks to maximize their impact. All of this makes cyber subversion a more dangerous threat to modern states than traditional cyberattacks.
“It is imperative that states are aware of this threat and ensure they are prepared. This may be through expanding deterrence capabilities or developing a global cyber-policy. Without effective strategies to prevent them, the potential threat of cyber subversion will only grow.”