Public and government infrastructure is increasingly becoming the key target for cyber-attacks. The 20 per cent year-on-year increase in the number of attacks has brought some countries to a halt. The attacks are also evolving to be more brazen, with clear geopolitical associations. From the Finnish parliament’s website the day the country joined NATO to Kenya’s newly expanded eCitizen Portal last month, a new wave of distributed denial-of-service (DDoS) attacks are hitting governments’ digital infrastructure when their attention is diverted to larger issues. When an offer to send peacekeeping forces to assist in resolving a conflict can result in a week-long disruption of core public services by a hacktivist group that aims “to teach its arrogant government a lesson to not meddle in Sudanese internal affairs”, it is a rapid induction into the risks of unsecured digitalisation.
More importantly, it is a stark reminder for leaders of the interdependence of geopolitical instability, foreign policy and cyber-resilience. With countries’ core infrastructure in the firing line, leaders need to be confident that it is secure in the face of geopolitical instability and resilient from retaliation in response to diplomatic activity. If not, leaders may increasingly find their sovereignty under attack as their foreign policy is held hostage to the evolving agendas of state-backed hacktivist groups.
Digitalising government and public infrastructure is at the heart of becoming a strategic state that transforms its government services through technology. From artificial-intelligence (AI) assistants that help citizens access health and education to secure, decentralised digital ID that supports governments in understanding preferences for better service design, technology can be the backbone of 21st-century public infrastructure. The digitalisation of governments could free up to $1 trillion in economic value globally, with individual countries benefiting while increasing the quality of their public services. A recent Tony Blair Institute for Global Change (TBI) study showed that adopting digital ID in South Africa could translate into combined yearly savings of $620 million a year for marginalised populations. In Kenya, by 2018 – four years into its digitalisation project – the government had saved $290 million while increasing the efficiency of public-service delivery.
But with every capability comes vulnerability, and key to ensuring that countries can reap the benefit of digital maturity is matching that maturity with commensurate investment and commitment into cyber-security and resilience. Sadly, the majority of countries continue to underinvest in this area, leaving a gap for attackers to exploit and undermine governments’ investments on behalf of their citizens.
National Cyber Security Index
Closing this gap is imperative. If digitalised government and public services are the lynchpin of the 21st-century strategic state, then they are part of a state’s critical national infrastructure (CNI), and must be designated as such and protected accordingly.
The increasingly sophisticated “thought-out, tailored and persistent waves of DDoS attack campaigns” currently being carried out by groups emerging from the fragments of disbanded cyber-criminal gangs such as REvil, Conti and Hive have highlighted the need for sustainable and secure digitalisation. DDoS attacks are malicious attempts to disrupt a server, service or network by flooding it with internet traffic, creating an “internet traffic jam”. Attackers target networks of machines connected to the internet, including computers and other devices, and, by infecting them with malware, achieve effective remote control of those machines as “bots” (or “zombies”) in a “botnet”. Each bot in a botnet will then send requests to the victim’s IP address or server and cause the server or network to become overwhelmed and deny normal traffic. These can leave fledgling digital systems at risk of total paralysis, rendering newly digitalised critical public services unavailable.
More troubling than the rapid increase in attacks, however, is the motive of the attackers. Where previously the favoured motive of cyber-criminals was significant financial gain, the latest collection of operations seems rooted in projecting state power. With no real ransom demands or data theft – sometimes the attackers are interested in a simple apology – these attacks appear to be part of a new wave of state-backed, grey-zone warfare. The perpetrators of the July attacks in Kenya, Anonymous Sudan, have justified their attacks in other countries as responses to anti-Islamic sentiment, such as Quran burnings in Sweden and the use of the word “Allah” on clothes in Australia. The group has also claimed responsibility for regular attacks on Israel as part of its #OpIsrael, as well as a targeted campaign on Microsoft. Their alliances, though, are less straightforward: there is increasing consensus that the group is affiliated with the pro-Russian hacktivist collective Killnet. Alongside a reorganising of the cyber-crime group REvil, these three groups have publicly worked together since June 2023 as the “Darknet Parliament”, threatening Western banking interests from the SWIFT payment system to the European Investment Bank. Cloudflare has reported as many as 10,000 of these attacks directed at their websites over the past few weeks.
The rapid rise in these weapons of mass disruption may signify a new evolution of Russian strategies to destabilise the global order following the collapse of the Wagner Group after Yevgeny Prigozhin’s attempted coup. Prigozhin was the founder of Russia’s Internet Research Agency (IRA), also known as the “troll factory” linked to interference in the US election in 2016. As a new owner is sought for Prigozhin’s media interests, including the IRA, alternative malicious activities from state-sponsored cyber-groups are likely to increase, and countries need to ensure that their digitalised services are resilient to geopolitical bots.
With geopolitical rifts intensifying, an increasing number of cyber-experts are concerned at the prospect of a catastrophic cyber-event in the next two years. 2024 will see several high-profile national elections; those countries going to the polls will be high on the list of targets, meaning securing digital government infrastructure and public-service delivery will be critical for their national continuity. This requires strategies and solutions that are as creative, adaptive and forward-looking as the cyber-threat actors themselves, built around five key elements:
Designating digitised public services as CNI. If CNI is “the body of systems, networks and assets that are so essential that their continued operation is required to ensure the security of a given nation, its economy, and the public’s health and/or safety”, then as a country’s public services – from access to medical appointments to receiving benefit payments – are digitalised to the point that any interference with them prevents the smooth running of the country, then they need to be designated as such. Subsequently, they will require additional protections.
Implementing a holistic and forward-looking cyber-resilience strategy with robust requirements for CNI. Leaders should ensure that they have in place a whole-of-society cyber-strategy that draws together the private and public sector for a unified national approach towards protecting a nation’s most vulnerable and most critical assets. This includes creating the regulations and institutional mechanisms for proactive cyber-resilience, built around:
Next-generation forensics and incident-response capabilities
A next-generation security-operations centre
Predictive cyber-threat intelligence
Increased cyber-capacity training and awareness
Critical-infrastructure mapping and protections
Information sharing and collaboration
Investing in technical solutions to close the digital-security maturity gap. Leaders need to invest in technical security solutions that can both combat current threats and future-proof a state’s digital government architecture. This might include investing in protecting individual vulnerabilities, such as on-premise, cloud-based or hybrid DDoS mitigation protections for the application and network layer to detect threats, clean the traffic and stay operational, or more comprehensive solutions from large-scale providers supporting network security alongside data hosting and endpoint security. Key to long-term resilience, however, is that these investments protect the digital government infrastructure cohesively, are scalable, and are easily implemented and monitored.
Contributing to building regional resilience. Cyber-resilience to global cyber-threats cannot be achieved alone. Building and participating in strong regional initiatives, such as the joint cyber “Crystal Ball” project between the United Arab Emirates and Israel and the proposed African Centre for Coordination and Research in Cybersecurity to be established in Togo’s capital Lomé, provides the structures for information sharing and coordination to combat borderless common threats more effectively and efficiently.
Building tech-forward foreign policy. As geopolitical tensions converge in every level of digital infrastructure, from subsea cables to satellites, leaders need to have a clear understanding of the interdependence of tech and geopolitics. The role of technology in foreign policy can no longer be an afterthought and needs to be integrated into foreign-policy strategies so that leaders can visualise and understand the impact of their international relations on their cyber-resilience. By closing the gap between tech and foreign policy, leaders will have a stronger voice in shaping the norms and standards for global cyber-resilience, cementing their position of their strategic state both on the world stage and at home.
Cyber-threats are not going away; they are constantly evolving into new tools of geopolitical competition among an increasing number of actors. Any country could be the next target and the real victims are always the most vulnerable of its population – the end-user who needs a medical appointment, disability benefits or proof of their education to secure a job. The international community, both private and public, is beginning to require greater cyber-security commitments to protect their investments and to make attackers’ jobs harder, whatever their motives. But building cyber-resilience is a team sport – it is easier when countries and sectors stand together. And where leaders have the will and commitment to invest in digitalisation, TBI and its network of partners will work alongside leaders every step of the way to enable their cyber-resilience team-building nationally, regionally and internationally. Digitalisation is the foundation of the 21st-century strategic state. Ensuring its security is no longer optional.