Cyber security is comparable to medieval witchcraft; commonly perceived as mysterious, frightful or threatening, such that doctrine and magic amulets are sold for protection.
When it comes to cyber security, we have been aware of growing threats for quite some time. Slow to react and respond; defeat has been established as the starting point for our strategy. This approach can lead to disastrous results, allowing cyber threats to reach the threshold below armed conflict. Restraint and inaction has led to increased aggression. Resilience is important; however, the answer is to lead with defence going forward.
Dwight D. Eisenhower once said,
“Whenever I run into a problem I can't solve, I always make it bigger.”
Canada’s allies have adopted a strategy of Persistent Engagement, a strategic approach to cyberspace intended to counter and contest adversary advancements. Persistent Engagement involves an anticipatory proactive campaign focused on relentlessly tracking adversaries, followed by defending forward to take offensive action against them. The goal is to impose cumulative costs on the adversaries, degrade their ability to operate, and establish norms of behaviour. This cyber security strategy requires an immense quantity of cyber defence tools and packages. Therefore, Persistent Engagement requires a robust and continuous industrial capability to sustain an active defence.
Changing demographics, resource competition, environmental stresses, globalization, economics, governance, urbanization, geopolitics, and the unprecedented advancement in science and technology are all significant trends shaping the future of the cyber security environment.
The contest to control and influence cyberspace will be comparable in significance to the Manhattan Project and the Space Race.
Grim Dark
Grim Dark is a subgenre of speculative fiction with a tone, style, or setting that is particularly dystopian, amoral, or violent. In the grim darkness of the far future, there is only war.
There is a Grim Dark aspect to intelligent connectivity - the combination of high-speed, low-latency 5G networks, cutting-edge artificial intelligence (AI), and the linking of billions of devices through the Internet of Things (IoT). The connection of these devices to the IoT increases the attack surface in which adversaries can target. Any threat to AI's independence could have devastating cyber-physical consequences. 5G and AI cannot function without the other, making the co-dependent combination susceptible to cyber security attacks. The combination of these technologies can engineer planet-destroying Internet of Things (IoT) botnets. An IoT botnet is a network of devices connected to the IoT that is infected with malware and has fallen under the control of malicious actors. These risks can lead to the weaponization of the intelligent connectivity system. Russia and China are already weaponizing 5G and AI and have targeted Canada in these areas.
The Cyber Terrain
Competition, conflict, and war between states are occurring on cyber terrain owned, operated, and controlled by the private sector. Civil Society Organizations (CSOs) have been heavily targeted by nation-states such as Russia, China, Saudi Arabia, Iran, Syria, Iraq, and Israel.
Therefore, multi-stakeholder engagement is essential. Canada needs to engage in Cyber Norms discussions involving deterrence, escalation, Persistent Engagement, cyber stability, economics, and world order.
“If you don't have a seat at the table, you're probably on the menu.” - Elizabeth Warren
The Canadian government is further obligated to defend Canada from cyberattacks under NATO Treaty Article 3, which requires members to maintain and develop an effective capacity to resist cyberattacks against their nation’s critical infrastructure.
Trolls
Russia has proven itself as a significant troll in cyberspace. State-run troll farms have been implicated in antagonizing polarized discussions online, undermining liberal democracies, interfering in elections, stirring up the anti-vax movement, motivating climate change deniers, sowing fractured narratives, violently attacking anti-doping organizations, and spraying a firehose of falsehoods around the safety of 5G with the attempts to sabotage the industrial growth of Canada. Technologies like 5G represent the vital high ground.
Armed Conflict
Cyber has already breached the threshold of armed conflict. It has been alleged that the US planted mines along the Russian Nord Stream 2 pipelines, which were detonated remotely at a later date. Stuxnet malware, a malicious computer worm, is believed to be responsible for causing substantial damage to Iran's nuclear program. In May 2019, Israel responded to a failed cyberattack by retaliating with a kinetic air strike and Tweeted “We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.” Russia is well-known for its numerous cyber-intrusion campaigns and malicious cyber activities that enable broad-scope cyber espionage. The growing dependence and reliance on cyber will make urbanized warfare unavoidable.
Noble Bright
By 2030, it is estimated that three-quarters of the world’s population will live in 41 mega-smart cities. These cities will be the most densely censored environments on the planet, with an estimated 1 million devices per square kilometre. Each of these devices could have more bandwidth than the entire internet connectivity of a typical business or government department today.
Cyber will permeate space platforms, ships will behave as floating data centres, aircraft will look like software in the cloud, and soldier systems will act as fog computing. The largest mobile device that you will own will be your vehicle. The hardware, software and wetware in these domains will be seen as endpoints to an Internet of Everything (IoE), a cohesive system or network of connections between people, data, things, and processes that provide general intelligence and improved cognition across the networked environment, accessible at the speed of cyber.
The IoE can increase the efficiency of certain services. Machines will take over information collection and processing so that humans can focus on utilizing the data instead of spending time collecting it. Smart solutions, smart cities, and smart products can make life easier, increase productivity, and improve healthcare.
Entanglement of 5G-IoT-AI-QC
With great change comes great uncertainty. The complexity and speed of 5G requires AI to manage the infrastructure. The IoT will proliferate 5G dramatically. AI will capitalize on the big data universe provided by the IoT and 5G, while quantum computing will deliver faster computing and deeper censoring.
The disruptive technology of 5G, artificial intelligence, big data, mobile communications, nanotechnology, quantum computing, cloud, social networking, and the IoT are on a converging trendline; the emergent effect of which will be far greater than the sum of their parts.
Artificial intelligence, fifth-generation networks, the Massive Internet of Things (mIoT) and quantum computing promise a sea of change in scientific advancement. The components are individually powerful, but the cumulative whole will form the stuff of imagination.
Emergence is the tendency of an entity to develop higher properties that are not present in any of its constituent parts. By combining their energies, the individual parts give birth to something that transcends their potential while maintaining their value. Emergence is always present when evolution leaps forward. The emergent effects from the entanglement of these technologies will create the perfect storm.
Weaponization
A continued weaponization of cyberspace is foreseen. The buildup of offensive capabilities of nation-states and consolidation of dark web territories by transnational crime is supported by adversary states. This could ultimately lead to increased competition and conflict in contested space, thus raising the threshold of armed conflict. Canada will likely find itself involved in a hybrid, irregular, and asymmetric conflict. In this future, leading with soft power, cyber, and influence is preferable. Meanwhile, the gap between offensive capabilities and a traditional cyber security response will continue to widen.
Foreign militaries have overrun Canadian networks of importance, purposefully interfered with critical infrastructure, and have influenced and subverted the democratic process. Criminal enterprises are operating with the same duplicity. Electronic deception and disruption have imperilled life. The battle for full-spectrum cyber dominance has begun.
In the future, hostile intelligence services and militaries will continue to exploit, interfere with, and influence Canadian interests using cyber. The defence solution will require attribution, credible deterrence, and swift, consequential, and coordinated responses by governments and industries. Establishing norms of behaviour will be a joint effort within the private sector.
The criminal underworld continues to be supported by nation-states like Russia, always seeking greater control. Most crimes will be undetected and underreported. Law Enforcement will struggle to gain traction without cooperative military involvement, industry partnerships, and social awareness.
Hope Punk
Hope punk weaponizes optimism and encourages us to keep fighting, no matter what. Kindness and softness do not equal weakness, and in this world of brutal cynicism and nihilism, being kind is a political act.
Strategic deterrence and ‘forechecking’ requires credible offensive capabilities and persistent engagement. Attribution will likely remain a complex problem for cyber. Yet, it is necessary for active cyber defence and a legal imperative for an effective countermeasure.
The future will see the continued diffusion of power and influence from nation-states to non-traditional actors, particularly in cyberspace. The domain is already predominantly owned and operated by the private sector. Industry owns much of the terrain, technology, and talent. Hence, civil society and industry will remain the proxy target of nation-states. As a consequence, those most affected in the industry have evolved with a highly-capable active cyber defence capability.
Cyber defence is a team sport; it is clear that industry and government need to collaborate intentionally.