Click to learn more about author Jonathan Reiber.
In this blog, I’ll note five trends that will accelerate digital risk or emerge as vital conditions for managing digital risk over the coming year.
5G and IoT will increase the speed of attacks and enable more actors to conduct a wider range of operations against targets globally. According to McKinsey & Company, the number of internet-connected devices is projected to increase to 43 billion by 2023. This rise in users, coupled with an increase in the Internet of Things (IoT)-connected devices, will create a larger attack surface, increasing opportunities for operations and attacks by nation-states and criminal actors alike. With more devices coming online and 5G gaining broader adoption, society will likely become more susceptible to attacks as it will speed up the pace of technical capabilities. Defensive capabilities may also be able to increase in speed, but I think we will see the balance tip in favor of the attacker in the short-term.
Our democratic discourse will remain vulnerable to domestic and foreign disinformation campaigns, forcing technology companies, media, and the government to develop and deploy innovative practices to quell disinformation. Disinformation initiatives are a cost-effective way for foreign governments to attempt to meddle with our democratic process, and technology companies need to work with the media and the government to combat disinformation campaigns during periods of tension and political transition.
In 2020, U.S. Cyber Command took significant steps with the Cybersecurity and Infrastructure Security Agency (CISA) to prepare for foreign attacks on American democratic discourse, yet the majority of disinformation ultimately came from domestic actors. During the 2020 election, Twitter took a step in the right direction as it implemented a new policy based on flagging and providing greater context for content on the platform that it believed to be significantly altered or false. Twitter repeatedly flagged or blocked tweets, including from a conspiracy theorist that will soon enter the U.S. Congress. Over the coming year, social media companies will continue to innovate their approach to disinformation, U.S. Cyber Command will continue to invest in counter-offense capabilities to “defend forward” and stop hostile foreign actors from conducting operations against American interests, and the U.S. government will continue to elevate the role of CISA as the leading agency for election security. American society will be made stronger as technology companies, media, citizens, and the government practice tactics to prevent the spread of disinformation from domestic and foreign actors.
Autocratic regimes will ramp-up the use of surveillance technologies for more effective control over their populations, forcing them into a sharper confrontation with the United States as it likely asserts increasing levels of support for democratic movements globally. The use of surveillance and facial recognition technology has become so commonplace in countries ruled by autocratic governments that there is even a phrase to describe the techniques, “high-tech illiberalism.” In China, citizens are required to take part in facial identification practices to apply for new internet or mobile services. China now has a database that includes nearly all of the country’s 1.4 billion citizens, which it uses to closely track their movements (including how frequently they travel abroad), grant them access to their housing complexes, find suspected criminals, and even shame those wearing pajamas outdoors.
In illiberal societies, those in power will seek to ramp-up surveillance capabilities using big data, machine learning, and AI to censor information and keep power in autocrats’ hands. During the pro-democracy protests against the Chinese government in Hong Kong, for example, we saw this practice on display when protesters who feared being identified and arrested by police using AI-powered surveillance technologies attacked “smart lamps” and wore masks to hide their faces, ultimately driving the Chinese government to ban masks altogether. Tensions over the use and abuse of surveillance technologies that leverage facial recognition and other sensitive biometric data will rise as governments continue their illiberal practices.
MITRE ATT&CK will continue to increase in prominence as the backbone framework for cybersecurity planning and threat-informed defense. MITRE ATT&CK is a globally vetted framework of known adversary tactics, techniques, and common knowledge (A. T. T. C. K.), a kind of periodic table that lists and organizes malicious actor behavior in an accessible, user-friendly format. But ATT&CK is not just a framework to understand adversary behavior; it is a tool for improving security effectiveness, and that trend is catching on and leading to a transformation in the cybersecurity community. Governments all over the world have begun to use the ATT&CK framework as a tool to communicate with the public about threats and how to mitigate them. The U.S. Department of Defense, the U.S. Cybersecurity and Infrastructure Security Agency, The Australian Prime Minister’s Officer, and many other governments have adopted ATT&CK in recent years, and we should expect ATT&CK to achieve greater prominence and utility in the coming years.
Why is ATT&CK catching on? For years in cybersecurity, defenders lacked a common vision of the threat landscape. In the private sector, cyberthreat intelligence was often based on after-the-fact forensic data, leaving defenders uncertain about the adversary’s future approach. Detailed knowledge of adversary tactics was often limited to classified government environments. Lacking a common lexicon for discussing adversary behaviors across the community, defenders fumbled in the dark to achieve security effectiveness. With the birth of the MITRE ATT&CK framework in 2015, this era of strategic ambiguity came to an end. ATT&CK gives the cybersecurity community a single, easy to access repository of adversary behavior to set a baseline against which they can prepare their cyberdefenses. It forms the basis of a threat-informed defense strategy, a transformational approach to security.
National leaders will play an increasingly prominent role in educating the public about the risks of digitization. One lesson learned from the COVID-19 pandemic is that decisive leadership has never mattered more for managing complex challenges. New Zealand Prime Minister Jacinda Ardern is one example of a leader who demonstrated how calm, deliberate actions in the face of crisis can have huge benefits for a population under stress. Her decision to rapidly implement a strict lockdown and an extensive testing program resulted in one of the lowest COVID-19 case and death counts to date and allowed for a quick pivot to economic recovery.
What does this mean for cybersecurity? In the United States today, the country is experiencing an acute level of strain from the onset of the novel coronavirus, systemic racism and disunity, and political instability. It is a moment ripe for cyberspace-enabled operations against American interests — a problem that can best be offset outside of technological innovation through measured, rational leadership. Since the Russian intervention in the U.S. presidential election in 2016, outside of sub-cabinet officials, the United States has not had a national leader play a prominent, consistent role in educating the public about the risks of digitization (to include cybersecurity and disinformation) for citizens and organizations. To help American society practice good cybersecurity and withstand disinformation, guidance from national leaders will play an increasing role over the coming year. The last time a U.S. president spoke to the public about the impact of rapid technological change on American society was in President Barack Obama’s farewell address. An increased focus by national leaders on cybersecurity and digital risk should help American society better address the diverse issues facing the nation, from improving cybersecurity effectiveness to countering disinformation.
Conclusion
Digital risks have increased significantly over the last decade as billions of more users have come online, but the onset of the novel coronavirus led to an acute risk elevation over the last year in particular. Factors contributing to this risk exacerbation included underlying economic disparities and political instability that rendered American society more susceptible to disinformation campaigns and stresses on the healthcare and government sectors from commodity ransomware attacks.
On the positive side, however, in technical matters, the expanded use of the MITRE ATT&CK framework is helping the global cybersecurity community adopt a threat-informed defense strategy and improve cybersecurity effectiveness. Finally, with a reset in national leadership, the United States is poised to strengthen its cybersecurity agenda and better withstand disinformation attacks going forward.