Global network fragmentation a source of increasing risk

The weaponisation of cyber space and ongoing geopolitical turmoil may lead to a “fundamental breakdown” of global networks into distinct regional or national architectures, increasing cyber and operational risks to organisations, according to a new forecast from risk consultancy Control Risks, which looks ahead to 2023 and beyond.

In its 2023 Risk map, Control Risks laid out how the war in Ukraine has brought a step-change in the cyber threat landscape, with actors backed by Moscow carrying out disruptive and destructive attacks against Ukrainian targets, while the Kremlin’s cyber criminal proxies and hacktivist networks target organisations outside the conflict zone.

It said that both criminal and hacktivist groups would emulate this pattern of behaviour in other geopolitical flashpoints, and in some cases this was already happening.

Western nations are likely to respond to this with increased funding for offensive cyber programmes, intelligence-gathering and joint military-intelligence cyber programmes, such as US Cyber Command and the UK’s own National Cyber Force in something of a tit-for-tat escalation of cyber capabilities.

These patterns of activity are likely to accelerate in 2023, enabled both by expanded attack surfaces and increasing automation. The cyber domain is “firmly anchored” as a critical part of modern warfare, it said, and as threat actors focus on developing their capabilities, the potential for lasting physical damage to critical sectors is increasing.

Alongside this, the report warned that nation states are trying to exert more control over what it termed national cyber space. Some of this activity takes the form of relatively beneficial data privacy regulations, such as Europe’s General Data Protection Regulation (GDPR) and a growing number of US state equivalents.

However, other actions, such as the US Chips and Science Act, which aims to reduce  the semiconductor supply chain’s dependence on China, and sanctions and controls on other technologies and suppliers, means that “the illusion of a truly global cyber space is fading”.

Control Risks CEO Nick Allan said: “In the fragmenting world order, the weapons of choice for many states will be found in the cyber sphere. This will either be through the spread of disinformation, aided by improving deepfake technology, or through cyber attacks, or both.

“As a firm that works in both the geopolitical and cyber arenas, Control Risks can see very clearly the direct correlation between geopolitical tensions and cyber aggression. An element of uncertainty and fear provides a level of state-versus-state deterrence, but corporates find themselves as easier targets for proxy and real wars. This is made worse by the transfer of military-grade cyber capabilities to criminal or radicalised groups.

“2023 will see more geopolitical and economic volatility, accompanied by operational challenges in energy and digital networks. The increasingly apparent effects of a changing climate will bring additional stresses and strains. Resilience, insight and courage will be the watchwords for business in the year ahead.”

Although digitisation continues apace and technology investments are still increasing, the consequences of these two phenomena for organisations could be nothing short of existential – with security teams tested daily by the proliferation of weaponised vulnerabilities, and cloud services and technology providers facing critical threats, leading to data and system integrity risks of an unprecedented nature, said the report. Automation and artificial intelligence have been heralded as business enablers and security controls, but threat actors are already weaponising those tools as well.

“While technology investments increase across the board, the principles and assets governing cyber space are eroding. Talk of Web 3.0 or the metaverse will continue to ripple through boardrooms; reality will be very different,” wrote the report’s authors.

Control Risks forecast that the ambition of operating single global networks for multinationals will be significantly challenged as the grim reality of nationalism in cyber space makes it all but impossible to centralise operations and supply chains. Ultimately, the need to comply with multiple competing governance and compliance regimes will force organisations to build regional, maybe even national, networks within their businesses, leading to fragmentation.

“The key to avoid the death of global networks will increasingly be decentralisation – reversing the prevailing trend towards centralisation to gain efficiencies and control,” said Control Risks. “Beyond 2023, decentralised digital environments will provide greater agility, security and resilience to those that adopt them.”