Digital risks escalated in 2020 under the onset of the novel coronavirus and shaped the cybersecurity policy landscape. Over the coming year, we can surmise five accelerating digital trends that will continue to exert their impact on security and human behavior. These include the proliferation of 5G and Internet-of-Things technologies, the continued use of disinformation tactics on social media (particularly around the coronavirus and issues of racial justice), the dangerous use of technologies by illiberal regimes, the rise of the MITRE ATT&CK framework as a tool for threat management, and the catalyzing impact of new U.S. leadership on policymaking and America’s national identity formation. Each will emerge as focal points in shaping the cybersecurity story over the coming year.
5G and IoT will increase the speed of attacks and enable more actors to conduct a wider range of operations against targets globally. According to McKinsey & Company, the number of internet-connected devices is projected to increase to 43 billion by 2023. This rise in users coupled with an increase in Internet of Things (IoT)-connected devices will create a larger attack surface, increasing opportunities for operations and attacks by nation-state and criminal actors alike. With more devices coming online and 5G gaining broader adoption, society will likely become more susceptible to attacks as it will speed up the pace of technical capabilities. Defensive capabilities may also be able to increase in speed, but I think we will see the balance tip in favor of the attacker in the short term.
Our democratic discourse will remain vulnerable to domestic and foreign disinformation campaigns, forcing technology companies, media, and the government to develop and deploy innovative practices to quell disinformation. Disinformation initiatives are a cost-effective way for foreign governments to attempt to meddle with our democratic process, and technology companies need to work with the media and the government to combat disinformation campaigns during periods of tension and political transition.
In 2020, U.S. Cyber Command took significant steps with the Cybersecurity and Infrastructure Security Agency (CISA) to prepare for foreign attacks on American democratic discourse, yet the majority of disinformation ultimately came from domestic actors. During the 2020 election, Twitter took a step in the right direction as it implemented a new policy based on flagging and providing greater context for content on the platform that it believed to be significantly altered or false. Twitter repeatedly flagged or blocked tweets, including from a conspiracy theorist who will soon enter the U.S. Congress. Over the coming year, social media companies will continue to innovate their approach to disinformation, U.S. Cyber Command will continue to invest in counter-offense capabilities to “defend forward” and stop hostile foreign actors from conducting operations against American interests, and the U.S. government will continue to elevate the role of CISA as the leading agency for election security. American society will be made stronger as technology companies, media, citizens, and the government practice tactics to prevent the spread of disinformation from domestic and foreign actors.
Autocratic regimes will ramp up the use of surveillance technologies for more effective control over their populations, forcing them into sharper confrontation with the United States as it likely asserts increasing levels of support for democratic movements globally. The use of surveillance and facial recognition technology has become so commonplace in countries ruled by autocratic governments that there is even a phrase to describe the techniques: “high-tech illiberalism.” In China, citizens are required to take part in facial identification practices to apply for new internet or mobile services. China now has a database that includes nearly all of the country’s 1.4 billion citizens, which it uses to closely track their movements (including how frequently they travel abroad), grant them access to their housing complexes, find suspected criminals, and even shame those wearing pajamas outdoors.
In illiberal societies, those in power will seek to ramp up surveillance capabilities using big data, machine learning, and AI to censor information and keep power in autocrats’ hands. During the pro-democracy protests against the Chinese government in Hong Kong, for example, we saw this practice on display when protesters who feared being identified and arrested by police using AI-powered surveillance technologies attacked ‘smart lamps’ and wore masks to hide their faces, ultimately driving the Chinese government to ban masks altogether. Tensions over the use and abuse of surveillance technologies that leverage facial recognition and other sensitive biometric data will rise as governments continue their illiberal practices.
MITRE ATT&CK will continue to increase in prominence as the backbone framework for cybersecurity planning and threat-informed defense. MITRE ATT&CK is a globally vetted framework of known adversary tactics, techniques and common knowledge (A. T. T. C. K.), a kind of periodic table that lists and organizes malicious actor behavior in an accessible, user-friendly format. But ATT&CK is not just a framework to understand adversary behavior: it is a tool for improving security effectiveness, and that trend is catching on and leading to a transformation in the cybersecurity community. Governments all over the world have begun to use the ATT&CK framework as a tool to communicate with the public about threats and how to mitigate them. The Department of Defense, CISA, the Australian Prime Minister’s Office and many other governments have adopted ATT&CK in recent years, and we should expect ATT&CK to achieve greater prominence and utility in the coming years.
Why is ATT&CK catching on? For years in cybersecurity, defenders lacked a common vision of the threat landscape. In the private sector, cyberthreat intelligence was often based on after-the-fact forensic data, leaving defenders uncertain about the adversary’s future approach. Detailed knowledge of adversary tactics was often limited to classified government environments. Lacking a common lexicon for discussing adversary behaviors across the community, defenders fumbled in the dark to achieve security effectiveness. With the birth of the MITRE ATT&CK framework in 2015, this era of strategic ambiguity came to an end. ATT&CK gives the cybersecurity community a single, easy-to-access repository of adversary behavior to set a baseline against which they can prepare their cyberdefenses. It forms the basis of a threat-informed defense strategy, a transformational approach to security.
National leaders will play an increasingly prominent role in educating the public about the risks of digitization. One lesson learned from the COVID-19 pandemic is that decisive leadership has never mattered more for managing complex challenges. New Zealand Prime Minister Jacinda Ardern is one example of a leader who demonstrated how calm, deliberate actions in the face of crisis can have huge benefits for a population under stress. Her decision to rapidly implement a strict lockdown and extensive testing program resulted in one of the lowest COVID-19 case and death counts to date and allowed for a quick pivot to economic recovery.
What does this mean for cybersecurity? In the United States today the country is experiencing an acute level of strain from the onset of the novel coronavirus, systemic racism and disunity, and political instability. It is a moment ripe for cyberspace-enabled operations against American interests – a problem that can best be offset outside of technological innovation through measured, rational leadership. Since the Russian intervention in the U.S. presidential election in 2016, outside of sub-cabinet officials the United States has not had a national leader play a prominent, consistent role in educating the public about the risks of digitization (to include cybersecurity and disinformation) for citizens and organizations. To help American society practice good cybersecurity and withstand disinformation, guidance from national leaders will play an increasing role over the coming year. The last time a U.S. president spoke to the public about the impact of rapid technological change on American society was in President Barack Obama’s farewell address. An increased focus by national leaders on cybersecurity and digital risk should help American society better address the diverse issues facing the nation, from improving cybersecurity effectiveness to countering disinformation.
This article first appeared in Homeland Security Today on December 14, 2020 at this link.