Rethinking cybersecurity: Emerging threats, malign intent and the path ahead
Cybersecurity has received significant global attention due to the audacious attacks against critical infrastructure and the surge in digital crimes.
Given the ubiquitous nature of digital technologies, “cyberspace” has become synonymous with entertainment, commerce, politics, among others.
It has also become a symbol of innovation, openness, and empowerment. However, these same ideas, which underpins the current global digital revolution, are being weaponized by malign actors through asymmetric and gray zone strategies.
The current geopolitical rivalry between states is also evident in cyberspace. For instance, democratic states embrace the free and open flow of information.
While authoritarian states advocate for the control of information through legal and extra-legal means. In a 60-Minutes interview with Lesley Stahl, US Ambassador to China Nicolas Burns accurately described this dichotomy in big power competition as a “battle of ideas.”
I believe that the evolution of thought regarding cyber can be attributed to the ongoing weaponization of the digital environment. Initially based on a productivity and technology-centric view, this “efficiency first, security later” paradigm has resulted in the exploitation and eventual securitization of cyberspace.
For instance, renowned author and Harvard professor Joseph Nye argues that “cyber” is smart power, being able to achieve balance between hard (i.e. military and economic) and soft power (i.e. information and diplomacy).
While John Sheldon of the George Marshall Institute underscores the significant value of cyber power because of its ability to maintain considerable influence over an adversary during peace and war.
In addition, in Yuval Harari’s latest book, Nexus, he argues that unrestricted access to AI combined with quantum and cyber technologies can super charge conflict, thus posing a possible existential problem for humanity.
Interestingly, we are now witnessing these ideas come into fruition on the battlefields of Ukraine, in the US, Taiwan and even in the Philippines.
Today, we are now seeing cyber becoming a preeminent global security concern. In its 2024 Global Risk report, the World Economic Forum (WEF) presents two ominous trends related to digital technologies.
First, the increasing global polarization and technology risk will result in placing the “truth under pressure.”
The report further claims that this nature of subjective truth is due to the enormous volume of disinformation due to the surge in troll activity, AI-enhanced social engineering techniques, and the increasing quality as well as the rapid proliferation of deepfakes.
These malign activities are meant to undermine the democratic principles of free elections and speech as well as media freedom.
In addition, the WEF report cites that disinformation will increasingly insert itself into public discourse. Second, simmering geopolitical tensions combined with technology will drive new security risks. In particular, the report states the following:
The absence of concerted collaboration, a globally fragmented approach to regulating frontier technologies is unlikely to prevent the spread of its most dangerous capabilities and, in fact, may encourage proliferation.
It also warned that the absence of governance mechanisms can enable state and non-state actors to exploit the power of AI resulting in the development of new tools of disruption and conflict.
The Philippines is not exempt from this phenomenon. Deemed as “patient zero” in the global fight against disinformation and considered as one of the most attacked countries in cyberspace, below are some current numbers and incidents:
- According to the US cybersecurity firm Resecurity, the country experienced a 325% increase in hacking and cyber intrusions in the 1st quarter of 2024 compared to 2023. The favorite targets? Government agencies that are managing public health, demographic, and public safety data.
- A Statistica-Sumsub Identity Fraud Report for 2022-2023 cites a 4500% increase in deepfake enabled fraud.
- Numerous incidents of disinformation and the spread of AI-enabled deepfakes seem to occur simultaneously with developments in the West Philippine Sea. Viewed as part of Beijing’s gray zone strategy, belligerent activities in our maritime zones coincide with malign activities in cyberspace.
At this juncture, I think the question is “how do we now move forward given these formidable challenges”?
First, policy makers and security planners must recognize that AI and quantum computing are game changers as it will allow seamless convergence of offensive cyber and disinformation.
This confluence can amplify malign influence operations by shaping public opinion, redefining the notion of victory, as well as challenging the traditional views of sovereignty and conflict.
Therefore, clear lines must be drawn between AI’s open regime versus its restrictive use. Most importantly, the use of AI’s power must be rooted in shared values, the rule of law, and international cooperation.
For instance, the European Union’s AI Act and the Cyber Diplomacy toolkit are excellent starting points for strengthening the international legal framework.
While the confidence building measures proposed by the UN Open-ended Working Group and its Governmental Group of Experts are crucial in building the capacity of states to develop national policies.
Second, it is necessary for technology and policy actors to “connect the dots” and promote unity of effort in confronting digital threats.
Collective defense and safeguarding AI from malign use are important facets of this approach.
This also underscores the need to avoid a siloed, fragmented, and uncoordinated approach to cybersecurity.
The adoption of standards, the ability to share information, improving attribution capabilities, and the development of the needed competencies are important in mounting a proactive and resilient cyber posture. In addition, knowing your adversary’s playbook is paramount.
For instance, understanding the concepts of informatized-participatory warfare, 3-warfares approach, and united front operations is needed to anticipate attack vectors and exposing its malign intent.
Finally, in cyber, fighting alone is synonymous to losing. Therefore, I believe that there is a need to define the term “whole of society” or “whole of nation” approach.
A change in governance paradigm is needed since our traditional mandates, our resource allocation practices, and our current capacities are not designed to interoperate.
Instead of becoming a cliché, government must take the lead in defining the roles of the various sectors and creating a conducive policy environment that will enable the various actors to participate and contribute.
Sherwin E. Ona, Ph.D. is a non-resident fellow of think tank Stratbase-ADR Institute. Dr. Ona is also an associate professor of political science and development studies at De La Salle University.
- Latest
