The Western states are still relatively new in the game, albeit we are catching up. The world is becoming increasingly aware of the threats and figuring out how to respond to them. Countries such as Russia, however, are in the front-runner position now, given how Russia, for example, has used the means of disinformation for a long time.
It is difficult to estimate what kind of cyber capacities countries have and who is working for them. In the future, any cyber arms race will be about who will get the best experts. Countries might be willing to hire former criminals as hackers to enhance their own capabilities and expertise. Cyber activities can furthermore be outsourced to cyber criminals and expert groups so that it is easier for the states to deny their role in possible attacks.
These newer forms of security threats are hazardous for both individuals and societies and there is little regulation in the field. Cyberspace operates in a different way and has different rules than our physical realm. Given the relative newness of the field and how far digital world can still develop, it is likely that we will run out of people who have the expertise on the subject.
Both individual cyber criminals and states are testing their limits as it is hard to detect the origin of the attacks. Cyber threats at their worst can paralyze whole societies and make them vulnerable if crucial infrastructure, like hospitals, are hit.
Europe has tried to answer to the rising threats by, for example, creating the European Centre of Excellence for Countering Hybrid Threats, located in Helsinki. During its EU presidency, Finland sought to increase the awareness of hybrid threats and the tools available to counter them within the EU. In addition, the goal was to improve the EU’s capability to handle and defend against possible crises. Finland organized crisis scenarios at minister level, which gained positive feedback. During the presidency, Finland tried to increase public’s awareness on these threats.
The EU has moreover sought to increase its cooperation with NATO. Recently the EU has tried to consider the possible cyber threats related to the 5G networks and this has created debates around the continent on Huawei’s networks and whether the company should be allowed to build networks in Europe.
On the health care security side, the European cybersecurity experts are going form a group to discuss how to fight attacks aimed at hospitals, for the health care sector is a very vulnerable area. Whereas the banking and energy sectors have already become more secure, the health sector is still lacking behind.
The EU should still act more to increase the cyber awareness among its leadership and population and make sure that we have people who have knowledge on the subject. Defence against these threats is also crucial and as well as developing our own European programmes on cyber security so that we will not become dependent on others. There should moreover be ways to punish cyber criminals. Of crucial importance is, that we will in the future be able to guarantee that our elections are fair and cannot be influence by outside powers or actors.
When it comes to hybrid and specially to cyber and information warfare, we are witnessing wars of narratives. These means are used to control people’s thoughts and change the way they see the world. The goal is to make citizens of the target country undermine their known worldview and question their political institutions and leaderships. Cyber and information warfare seek to sow distrust and insecurity in societies. These makes decision-making in the country more difficult. The goal is to be the master of narratives, and this can be achieved through the control of algorithms and right channels.
These new forms of warfare are moreover those that often operate in the shadows and in secrecy. Hybrid warfare is warfare done in the grey area, and it never ventures as far as being an actual war. In hybrid warfare, it is difficult to see who your actual antagonist is and as the attacks are often carried out by non-state actors, they become easy to deny. Hybrid is an ideal way to operate as the operator has smaller political risks than an open war.
In the future, it is likely that there will be an increasing amount of cyber, hybrid and information threats. That is why it is necessary that the EU acts upon the threats by becoming aware of them and by creating means to counter and attack them. We must hold on to the truth. The game is afoot and we still have time to participate in it.
TEXT Peppi Heinikainen
PHOTO Lewis Ogden, Flickr
The author has a BA degree in European Studies from the Maastricht University and a MA degree in International Peace and Security from King’s College London. The author has specialised in the EU defence and security policies, peace processes and negotiations, and Russian politics.