We didn't get the wild promise of cyber cooperation or a fiery cyber apocalypse. Today's cyber reality is both less frightening and more dangerous than it used to be. It has a series of less frequent, more consequential attacks that don't add up to a huge Hollywood disaster, but instead create a vague sense of vulnerability. It can be difficult to comprehend what is happening and how serious it is. Do we live in a new era or just more high-visibility cyber incidents?The trajectory of cyber activity in the last decade is not surprising, so the recent events are not surprising. These are the result of a gradual, but not unavoidable shift towards digital tools for international statecraft and political campaignation. What we see is subtly different to what experts thought would happen with cyber. Authoritarian governments have adopted digital tools over the past decade and relied on shadowy gangs made up of cybercriminals to do their dirty work. The pandemic has made the entire world more dependent on the internet, and provided a wealth of opportunities for those looking for leverage and money. Cyberspace could be less catastrophic than expected, but more like an infestation of termites, eating away at the foundations our digital societies. There is good news: the long-awaited international consensus regarding appropriate cyber policy uses may finally be coming together, which means that cyber disorder today may end.It is true that Russian cyber espionage and cyber criminals, Chinese intellectual theft, and private actors within cyberspace have been around for many years. Russian hackers have used Ukraine for years as a testing ground for their hacks of critical infrastructure, governance and military capabilities. The Kremlin ignored the burgeoning cybercriminal activity. Xi Jinpings China's cyber capabilities have increased over the years. It has launched large-scale espionage attacks (like the 2015 Office of Personnel Management data leak) and is currently facing severe economic sanctions due to its illegal attempts to steal intellectual property through cyberspace.Non-state actors, who have played a significant role in cyberspace for decades, were changing the balance of power in cyberspyware competition. DarkMatter, a company based in Emirati, gathered talent from all over the world (including ex-NSA employees) to create cutting-edge software that can track and monitor targeted users' phones, their communications, and even geolocate them. These spyware applications, which were commercially developed, were then given to many authoritarian governments in order to track journalists, dissidents and other international leaders. In particular, it has been claimed that Jamal Khashoggi's assassination was linked to spyware provided by the Israel-based NSO group to Saudi security officers. They purportedly used the software to monitor Khashoggis movements, and to influence the investigation into the murder. Both the Saudi government, and NSO, deny any involvement.Russian-linked ransomware, China's collective callout for the Microsoft hack, and revelations about NSO are all part of the same. There is also something else.First, the geopolitical environment in which cyber wars are fought has fundamentally changed. In cyberspace, the Obama administration's early years relied on limited sanctions, deterrence and attempts to establish cyber norms through United Nations. Trump's foreign policy changed this approach. It emphasized a zero-sum worldview, which was characterized by trade wars, great power competition and transactional relationships. Trump's cyber efforts were more focused on protecting the nation and pursuing a more aggressive strategy. This included preemptively entering enemy networks before they launch cyber attacks. It also ignored efforts to build international consensus on cyber warfare. The rise of personalist regimes around the globe has ushered in a new era for digital authoritarianism. Dictators have adopted artificial intelligence, disinformation and hack and reveal campaigns to consolidate their power, both in domestic and international settings.This digital tinderbox was made worse by a pandemic which not only drove countries apart ideologically and physically, but also made them more dependent on digital technology. They turned to remote work, automation and digital bubbles in order to protect themselves from the physical threat of Covid-19. Cybercriminals made easy targets of the pandemic-stricken societies by turning to virtualization for court systems, doctors, classrooms, and local governance. Ransomware attacks have increased in both economic and scope exponentially.Pandemic-induced cyber vulnerabilities were not just lucrative targets for criminals. These vulnerabilities also opened up new avenues for countries looking to increase their cyber security. States like North Korea and Iran could also target critical infrastructure companies that went digital to combat the pandemic. These states could use cyber vulnerabilities to attack power supply, data centers, and health and human services in an attempt to deter further escalations of a larger geopolitical crisis. Onlookers have been concerned that cyber attacks on critical infrastructure could be used as a signal to prevent further escalation.The rise of digital authoritarians, Covid-induced vulnerability and a more competitive geopolitical environment have all contributed to a final trend: the blurred lines between state and non-state cyberspace actions. As cybercriminals with unclear or loose ties to the government became cyber leaders, authoritarian governments have sometimes looked away. Cyber criminal campaigns have been used by North Korea to generate income for its regime. Russia pursued strategic and willful ignorance of criminal cyber activity within its borders and used cyber criminals to avoid any retribution for state sanctioned hacking. Even China, which made a concerted effort a few years back to crack down on its cyber militia, patriotic hackers seems to have rediscovered what state-sanctioned side hustles are. According to the White House, China is not only accused of failing to address cyber criminal activity but also of contracting criminals in order achieve its foreign policy goals.Cybercriminals are being used by governments in the same way as other non-state actors like maritime militias and un-uniformed special operation forces to achieve foreign policy goals without actually engaging in conflict. This is the murky middle, which international relations scholars refer to as the grey zone. States can use cyber criminal activity to generate revenue, use nonaffiliated groups to spread disinformation, and rely on civil companies and criminals for technologies and exploits that can be used against their adversaries. Indirectly, non-state actors can create chaos, confusion, and cost while creating enough uncertainty as to who is responsible for dissuading states from retaliating. These cyber-attacks are often less dangerous than traditional warfare, according to scholars. However, they can lead to conflict if you push too far.The post-pandemic cyber-world has greater vulnerabilities, more potential for economic and political exploitation, as well as more actors that blur distinctions between state and non-state involvement. These bad news trends have certainly contributed to the recent spate of cyber headlines. There is reason to be optimistic. There is reason to be optimistic. It might surprise outside observers to see how difficult it is for states and countries to agree on something as simple as cyber attacks.A few months ago, China joined the UN callout, following a UN report that was signed by 25 countries, including Russia and China. It stressed the need to stop cyber attacks on critical infrastructure. Although it may seem like an obscure report this was a diplomatic coup. It was the result of a long-fought multi-year effort by countries to reach a consensus on how responsible states should behave within cyberspace. If pandemic-induced cyber vulnerability had not prompted international action, this agreement (as well as the recent US-NATO EU statement against Chinese hacking), would not have been possible. A series of high-visibility cyber incidents in recent months combined with an administration by the United States that prioritizes cyber threats within its foreign policies may have given the international community the push they needed to start negotiating ways to punish cyber crime.Cyberattacks on hot dog plants and virtual elementary school classrooms might not be the end of the world Clapper and Panetta predicted. They insidiously destroy the foundations of digital economies and societies, as well as state power. These foundations are crumbling and we don't need cyber Pearl Harbor analogies today to understand the threat of cyberattacks. Can the U.S. and its allies capitalize on this momentum to reverse the shifts caused by authoritarian governments and the rise in non-state cybercriminals? Fingers crossed.
