Threats from cyberspace

Cyberspace is a virtual space that contains information from computers and digital networks around the world. It is a world that is being discovered every day, as new technologies advance at a dizzying rate. However, it would be a mistake to consider cyberspace as an isolated area, as it is a common space that has a great deal to do with our daily lives and everything that surrounds us. Cyberspace reveals not only a world of opportunities, but also of threats. Just as, for example, access to the internet has made it possible for workers around the world to carry out their work from their homes during the months of confinement due to the COVID-19 pandemic, during this period there have also been cyber-attacks on companies and public institutions in different countries. 

In terms of security and defence, it constitutes a new domain of military operations, joining the traditional physical environments (land, sea and aerospace). This consideration as a military operational domain is due to the growing importance of technological progress in political and security matters and to the increase in cyber-attacks and disinformation campaigns in recent years, whose main objectives have been to destabilise political regimes and steal data and information. Behind these attacks are state and non-state actors who take advantage of the absence of physical borders, the difficulty of attributing cyber-attacks and the lack of governance and jurisdiction over cyberspace to advance their political, ideological and economic interests. These circumstances show that, despite being a space common to all, the sovereignty of cyberspace depends on the ability of different actors to access it.  

Hybrid threats are multidimensional challenges resulting from the convergence of different elements. In other words, a state or non-state actor using a mix of conventional and non-conventional weapons to carry out an attack wages hybrid warfare. With the emergence of cyberspace, the concepts of hybrid threat and cybersecurity have become closely related, as these threats, which predominantly take the form of cyber-attacks and disinformation campaigns, are a constant in the challenges to cybersecurity. In the case of cyber-attacks, these are often aimed at interfering in elections, data theft or espionage. As General Miguel Ángel Ballesteros, Director of the National Security Department, pointed out at the 32nd International Seminar on Security and Defence, organised by the Association of European Journalists, "armed conflicts begin in cyberspace; today many things are done without the use of force".  

The very complex nature of these threats shows that we are facing an increasingly major problem. We find ourselves in a digital world, which has created a new order - the order of the network - which forces us to conceive of new states and borders. An example of this is social networks, which often serve as a channel of communication and recruitment for terrorist groups such as Daesh. The problem lies in the absence of physical borders and the consequent lack of jurisdiction, which is an advantage for cyber-attackers or, in this case, for terrorists seeking to spread messages and an added difficulty for the institutions responsible for ensuring cybersecurity. For this reason, it is important to find a balance between privacy and cybersecurity.

Another very relevant example today is the economic cyber espionage campaigns being carried out against laboratories in different countries of the world that are working on the development of a vaccine for COVID-19, the aim of which is to steal technological material that will save time and research.  

To combat cyber-attacks, it is first necessary to understand them. At the 32nd International Seminar on Security and Defence, Luis Jiménez, deputy director general of the National Cryptology Centre, stressed four elements for a successful cyber-attack. First, it is not possible to carry out a cyber-attack if there is no vulnerability. This must be followed by a programme that exploits this vulnerability and the possibility of introducing the necessary technology into the system. Finally, it is necessary to have the appropriate infrastructure to break the possibility of attribution of the attack.  

These elements show that if we want to deal with cyber-attacks, we are obliged to keep ourselves constantly updated. New technologies require new methods, new ways of doing intelligence. This translates into the need to increase resources for the fight against cybercrime, as well as a strict and effective work methodology based on prevention, detection, information analysis and rapid response. We must try to see the threats in advance, and this can only be achieved through constant information analysis and coordination. Coordination and cooperation must take place at both national and international levels, and must have a strong public-private partnership component. The commitment to a culture of cybersecurity, knowledge and research is the way forward to be at the forefront of global technology, which is the only way to have the capacity to deter cybercriminals.  

The other major threat to cybersecurity is disinformation campaigns, i.e. misinformation campaigns that are deliberately spread. Disinformation makes people's emotions and personal beliefs move people more than objective information. In this context, cyberspace plays a key role, as it gives disinformation a high transmission speed and increases its reach. In recent years, the problem of disinformation has become more complex due to digitalisation. Behind these campaigns there is an intentionality of political destabilisation, often using conspiracy theories that distort the reality of what is happening around us.  

An example of disinformation is the false letter that NATO Secretary General Jens Stoltenberg allegedly sent to Lithuania's defence minister a few months ago announcing that the Alliance was withdrawing its troops from the country because of the pandemic. This letter was e-mailed to Lithuanian media and was intended to discredit NATO and destabilise the situation in the Baltic country. In this respect, Paz Esteban, director of the National Intelligence Centre, pointed out at the aforementioned seminar that "democratic states are the most vulnerable to disinformation because they do not censor the content circulating on the Internet or control the media". 

This means that the media have the task of denying false information, and the duty to take advantage of their influential role in public opinion. This is a shared responsibility: of the media, the national authorities (as well as international organisations) and the citizens themselves. On the one hand, the authorities must raise public awareness of the risks of using the Internet and must cooperate in international bodies with other Member States to meet these challenges. On the other hand, the individual must demand the necessary security from the media that provide access to the networks and have a critical attitude towards what they read on the internet, especially if the source is of dubious origin.

Those responsible behind the persistent advanced cyber threats are specialised groups that, with or without the support of a state, carry out cyber-attacks or disinformation campaigns, among others. In response, and in the absence of a legal framework for judging these actions, affected states and international organisations typically resort to structures charged with preventing, detecting and responding to such scenarios, and sometimes to political prosecution. That is, cyber threats "do not necessarily require a cyber response", as Madeline Mortelmans of the US Department of Defense pointed out at the round table entitled "Challenges of cyber security for the 21st century".  

These incursions, in the case of the United States carried out mainly by China, Russia, Iran and North Korea, should be understood in the context of the technological and political warfare that the American country is experiencing with the other states. However, it is important to stress that the US is not the only country that has been affected by incursions of this kind. Indeed, China and Russia are the main suspects in other campaigns conducted against European countries and at NATO level.  

China is in the midst of a technological war with the US over control of technological advances and production materials. This war is an opportunity for the Asian country to change its economic model, in a challenging demographic context in which the growing national population is endangering China's prosperity. Indeed, in recent years it has taken much faster steps towards digitalisation than the West. The Chinese government knows that the digital economy is growing by leaps and bounds, and it does not want to miss the opportunity to be the leader of this global transformation. An example of the mistrust that foreign companies feel towards the government is the Cryptography Law passed earlier this year, by which companies operating in the country fear they are facilitating intellectual property theft and espionage. Russia's strategy, however, appears to be different. If China has a long-term vision of becoming a global technological giant, Russia uses cyber-threats for political purposes to destabilise the functioning of the democratic institutions of different states. Interference in elections, as occurred in the US in 2016, is of particular concern. In response, the US opted for prevention through intelligence work and subsequent national and international cooperation.  

In Spain, the National Cryptology Centre was created in 2004, attached to the CNI and the first body in Spain to ensure security in the field of cyberspace. The former offers the technical perspective, which complements the intelligence and counter-intelligence analysis work carried out by the latter. In addition, the CNI has Signal Intelligence (SIGINT), which allows it to regulate and analyse international signal traffic. This is a very powerful tool that allows the centre to combat cybercrime. Furthermore, Spain has a National Cybersecurity Strategy, the National Cyber -security Council and the Joint Cyberspace Command, thereby committing itself to modernising the armed forces and addressing a growing need to train them more continuously and permanently in this field.  

In the international sphere, NATO's response to cyber threats is particularly interesting. In 2014, the Alliance placed cyber defence at the heart of collective defence, declaring that a cyber-attack can be grounds for invoking article 5 of the North Atlantic Treaty. In addition, in 2016, the organisation declared cyberspace to be the domain of Alliance military operations. In practice, NATO fights cybercrime by understanding and analysing the information space and actively communicating with public opinion. This communication is based on transparency, speed of transmission and cooperation. This last element is more important than ever, as it facilitates the exchange of intelligence between international organisations (NATO-EU-UN) and with states, with the ultimate aim of strengthening collective capabilities.  

To conclude, cyberspace is a very important area for the international community in general and for Spain in particular. The technological developments to which cyberspace provides access present many opportunities, but also many threats. These threats are of a hybrid and asymmetric nature, making it difficult to combat and eliminate them. This is why cooperation at different levels is necessary now more than ever. On the one hand, public-private cooperation in our society and, on the other, at international level, through the international organisations of which Spain is a member. The current digitalisation process is a challenge and requires research and security investments, which in turn would provide levels of modernisation and technological progress that are essential for an increasingly changing multipolar world.