In a world of extraordinary geopolitical volatility, the threat to Western nations and interests from cyber attacks has, contrary to expectations, remained remarkably stable. Asked to name the leading anti-Western nation state actors in 2015, any expert would have listed Russia, China, Iran and North Korea. Asked to do so in 2025, experts would give the same list. Moreover, in the 2020s, the sort of serious disruption to critical infrastructure – to energy facilities, healthcare and other sectors – long feared by governments have, insofar as they have materialised at all, been caused by Russia-based cyber-criminals. The biggest nation-state threat actors have, by-and-large, kept much of their cyber powder dry. Even in its invasion of Ukraine, Russia’s cyber forces underperformed as badly as their conventional ones in their illegal assault on Kyiv, and there was no serious attempt to use cyber disruption to deter western countries from backing President Zelenskyy’s fight for national survival. As ever, this relatively stable picture – one of significant threat but little actual change in that threat – has been accompanied by a steady drumbeat of commercial hype about how the cyber threat to anyone and everyone is getting worse all the time. That this is objectively untrue has not arrested the spread of the narrative. But such unrealised and unspecific scaremongering means we risk failing to notice when important shifts in the threat picture actually emerge. And there has been one profoundly important shift in the threat picture recently: over the past two years we have learned of a transformation of China’s cyber capabilities into a far more formidable strategic threat. This is, by far, the most significant shift in the cyber threat landscape in well over a decade. As a cyber actor, China has changed in three ways. First, the objectives of its cyber capabilities have shifted from economic to political ones. Second, its operations have changed from being opportunistic to strategic. Thirdly, and most importantly, it has moved beyond being simply a passive actor to an being active one. In other words, it does not just spy and steal anymore; it has also laid the ground for hugely disruptive cyber operations against western critical infrastructure, which hitherto it had shown no signs of doing.
Typhoons in Cyberspace (Ciaran Martin CB, RUSI)
Related articles
