Cyber Espionage

From Espionage to Cyber Espionage

Intelligence is the collection of information that have military, political, or economic value.

According to the Aspin–Brown Commission (that was chartered by US Congress in October 1994 to conduct a comprehensive review of American intelligence), “it is preferable to define intelligence simply and broadly as information about “things foreign”— people, places, things, and events — needed by the government for the conduct of its functions.”

Intelligence refers to both:

- information about “things foreign” that is collected by clandestine means,

- information available through conventional means.

According to the Central Intelligence Agency, “reduced to its simplest terms, intelligence is knowledge and foreknowledge of the world around us—the prelude to decision and action by US policymakers.”

Espionage is a set of intelligence gathering methods.

The Oxford’s English Dictionary defines espionage as “the practice of spying or of using spies, typically by governments, to obtain political and military information.”

The Merriam-Webster's Dictionary has a slightly different opinion. Espionage is “the practice of spying or using spies, to obtain information about the plans and activities especially of a foreign government or a competing company.”

The U.S. Federal Bureau of Investigations (FBI) defines economic espionage as "the act of knowingly targeting or acquiring trade secrets to benefit any foreign government, foreign instrumentality, or foreign agent."

According to the 2019 Situation Report of the Swiss Federal Intelligence Service (FIS): "Espionage is driven by a variety of different motives and has more than one aim. For example, states strive, using information obtained by their intelligence services, to gain a fuller picture of the situation in order to improve the effectiveness of their actions.

It can furthermore be observed that information is increasingly being procured with the aim of influencing (in so-called influence operations) or damaging the actions of rivals. Both can be achieved through the selective publication of information. The aim of such activities is often to weaken the cohesion of international groups or institutions and thereby to restrict their ability to act."

Cyber is a prefix used to describe new things that are now possible as a result of the spread of computers, systems, and devices, that are interconnected. It relates to data processing, data transfer, or information stored in systems.

With the word cyber we also refer to anything relating to computers, systems, and devices, especially the internet.

The prefix cyber has been added to a wide range of words, to describe new flavors of existing concepts, or new approaches to existing procedures.

Intelligence gathering involves human intelligence (HUMINT - information collected and provided by human sources), signals intelligence (SIGINT - information collected by interception of signals), imagery intelligence (IMINT), measurement and signature intelligence (MASINT), geospatial intelligence (GEOINT), open-source intelligence (OSINT), financial intelligence (FININT), etc.

HUMINT is the oldest form of intelligence gathering. Cyber-HUMINT refers to the strategies and practices used in cyberspace, in order to collect intelligence while attacking the human factor.

Cyber-HUMINT starts with traditional human intelligence processes (recruitment, training, intelligence gathering, deception etc.), combined with social engineering strategies and practices.

Cyber espionage includes:

- unauthorized access to systems or devices to obtain information,

- social engineering to the persons that have authorized access to systems or devices, to obtain information.

Cyber espionage involves cyber attacks to obtain political, commercial, and military information.

Cyber espionage and traditional espionage have similar or the same end goals. Cyber espionage exploits the anonymity, global reach, scattered nature, the interconnectedness of information networks, the deception opportunities that offer plausible deniability.

Economic and industrial espionage, including cyber espionage, represents a significant threat to a country’s prosperity, security, and competitive advantage. Cyberspace is a preferred operational domain for many threat actors, including countries, state sponsored groups, the organized crime, and individuals. Artificial Intelligence (AI) and the Internet of Things (IoT) introduce new vulnerabilities.

Cyber economic espionage is the targeting and theft of trade secrets and intellectual property. It is usually much larger in scale and scope, and it is a major drain on competitive advantage and market share.

According to Burton (2015), cyber threats can be classified into four main categories: Cybercrime, cyber espionage, cyberterrorism, and cyber warfare.

Cybercrime is crime enabled by or that targets computers. Criminal activities can be carried out by individuals or groups who have diverse goals such as financial gain, identity theft, and damaging property. Usually cybercrime is financially motivated.

Cyber espionage activities are conducted by state-sponsored cyber attackers "for the purpose of providing knowledge to the states to obtain political, commercial, and military gain" (Burton, 2015).

According to Denning, cyberterrorism is “the convergence of cyberspace and terrorism" that covers politically motivated hacking and operations intended to cause grave harm such as loss of life or severe economic damage.

Cyber Warfare involves the use of computers and systems to target an enemy’s information systems. The use of cyber power in military operations is an important force multiplier. Since the armed forces are highly dependent on information technologies and computer networks, disruption of these systems would provide great advantages.

Cyberspace is regarded as the fifth domain of warfare after land, sea, air, and space. NATO Secretary General Jens Stoltenberg announced in June 2016 that “the 28-member alliance has agreed to declare cyber an operational domain, much as the sea, air and land are”.

According to the 2019 Situation Report of the Swiss Federal Intelligence Service (FIS): "Espionage operations which have come to light reveal that cyber tools and other communications reconnaissance instruments are being used in parallel and in interaction with human sources.

Depending on the objective, information is also being procured exclusively via cyberspace. The latter has gained in importance insofar as the use of cyber-based information-gathering tools has proven successful for many actors.

Cyber espionage is difficult to detect, the perpetrators can hardly be successfully prosecuted, as the purported country of origin does of course not help to elucidate the affair and determination by the means of intelligence of the origins of the cyber-attack (ʻattributionʼ) can simply be denied based on the lack of provability."

A major challenge today is the lack of awareness and training. Many organizations and companies continue to believe that cyber security is a technical, not a strategic discipline. They believe that cyber security involves the protection of systems from threats like unauthorized access, not the awareness and training of persons that have authorized access to systems and information.

The rule of the people, by the people, and for the people, requires citizens that can make decisions in areas they do not always understand. Our cybersecurity awareness and training programs increase the level of expertise and knowledge across companies and organisations, and assist in the establishment of a culture of cybersecurity. We promote increased public awareness of disinformation activities by external actors, to improve the capacity of citizens, firms and organizations to anticipate and respond to such activities.

Hybrid warfare and cyber espionage

Hybrid warfare blends conventional warfare, irregular tactics, and cyber operations to achieve strategic objectives. This approach leverages the full spectrum of military and non-military tools at a state's disposal, exploiting the legal and cognitive thresholds that define war. By operating across these domains, states engaging in hybrid warfare seek to achieve their goals often without crossing the threshold that would trigger a full-scale military response from adversaries.

The integration of cyber espionage into hybrid warfare poses significant challenges for targeted states and the international community:

Attribution: The covert nature of cyber operations complicates the process of attributing attacks to specific actors, a key challenge in both responding to and deterring hybrid threats.

Legal and Normative Gaps: Hybrid warfare exploits gaps in international law and norms, especially in cyberspace, where clear international legal standards and enforcement mechanisms remain underdeveloped.

Coordination and Response: Effective response to hybrid threats requires coordination across multiple domains (military, cyber, economic, informational) and between different national and international bodies, which can be bureaucratically and technically challenging.

Key Components of Hybrid Warfare.

1. Conventional Military Operations: These are the traditional use of military forces in direct combat operations, such as the deployment of ground troops, naval forces, and aerial bombardments. In a hybrid warfare context, these operations are typically used selectively and strategically to complement other, less overt methods.

2. Irregular Tactics: This involves the use of forces and tactics that fall outside the norms of traditional state military operations. It includes guerrilla warfare, the use of paramilitary groups, mercenaries, and other non-state actors to conduct sabotage, terrorism, and insurgency operations.

3. Cyber Operations: Cyber warfare is central to hybrid warfare strategies, encompassing a range of activities from cyber espionage to direct cyber attacks against critical infrastructure. The goal is often to disrupt, degrade, or gain access to important information systems, creating strategic advantages without physical confrontation.

4. Information Warfare: This includes the strategic use of information to influence, confuse, or demoralize the enemy, often involving the deployment of propaganda and disinformation campaigns. Social media and other digital communication platforms are utilized to manipulate public perception and sow division within the adversary's society.

5. Economic Warfare: Economic tools such as sanctions, blockades, and other financial tactics are used to weaken an adversary's economy. Hybrid warfare may also include economic subversion by undermining financial stability through cyber means.

6. Diplomatic Measures: In hybrid warfare, diplomatic strategies are employed to isolate the target nation internationally, using international institutions and bilateral relationships to weaken the opponent's geopolitical position.

7. Legal Warfare (Lawfare) This involves the use of legal systems to achieve military or political objectives. It includes manipulating international law and exploiting the legal frameworks within which international relations operate to constrain the actions of the target nation.

From the National strategy for the protection of Switzerland against cyber risks (NCS) 2018-2022

Cyber espionage: Cyber espionage is an activity for gaining unauthorised access to information in cyberspace for political, military or economic purposes.

It is carried out by both state and non-state actors. The attackers focus on companies as well as governmental, social and international institutions.

The Swiss economy is one of the most innovative in the world, and many international companies have their headquarters or important data centres here. Switzerland is also home to many international organisations and often hosts international negotiations. This makes Switzerland an attractive target for cyber espionage. The impact can vary greatly depending on the type and volume of data the attackers gain access to.

The impact is usually not immediately apparent, since political and economic disadvantages arise only when the attackers make use of the knowledge they have gained. Cyber espionage will become even more attractive, given that it is an efficient way of gathering information.

Attackers have developed methods to stay undetected as long as possible after the networks have been breached. Since Switzerland is highly dependent on foreign manufacturers in regard to its ICT, there remains the risk that these producers, in cooperation with the intelligence services of their countries, deliberately leave vulnerabilities open for the purpose of espionage.

Cyber sabotage and cyber terrorism: Cyber sabotage refers to activities aiming to disrupt or destroy the reliable and error-free functioning of ICT in cyberspace; depending on the type of sabotage and the target attacked, this may also have physical effects.

The motivation for such acts can vary considerably. For example, frustrated employees may decide to sabotage an organisation's ICT. If an act of sabotage is carried out by perpetrators with terrorist motives, it is referred to as cyber terrorism.

Cyber sabotage and cyber terrorism aim not only to achieve the greatest possible damage, but also to intimidate and to demonstrate power with the intention of destabilising an organisation or even society as a whole. While various acts of sabotage have been observed internationally, including against the energy supply of states, no major cases have come to light in Switzerland so far. However, should Switzerland or organisations in or from Switzerland become a target of state or non-state actors with the necessary capabilities for political reasons, the probability of such an event would increase considerably. The potential damage is very great.

The relevance of this threat will continue to increase with the progressive digitalisation of society and the economy. The increasing digital networking of physical devices via the internet of things also permits new forms of digital manipulation – again with a direct impact on the physical world.

Disinformation and propaganda: The threat posed by targeted spreading of false information or of information illegally obtained through cyber attacks with the aim of discrediting political, military or civil society actors has become increasingly prominent.

Such activities have been observed in various countries in the run-up to important elections. In Switzerland as well, the possibility must be considered that state or non-state actors may attempt to undermine the confidence of citizens in the state and institutions.

Given that the importance of social media as a source of information continues to grow, it must also be assumed that these channels are used for propaganda, with an extremely nontransparent mix of false information, political arguments and stolen information.

Cyber attacks in conflicts: While a war waged exclusively in cyberspace (cyber war) is currently considered to be an unrealistic scenario, it has been seen that cyber attacks of all kinds are used as a means of warfare in various conflicts.

Typically, these are hybrid conflicts in which political, economic and criminal means are used in addition to military force. One aim of hybrid warfare is to disguise responsibilities in a conflict. Cyber attacks are a proven instrument for this purpose, since they are difficult to attribute unambiguously, and since they cost comparatively little, have an immediate impact, can be employed over arbitrarily large distances, and allow political-military effects to be achieved in the grey area below the threshold of an actual war.

The considerable investments made by many states to protect and actively defend against cyber threats underscore the importance of cyber resources in conflicts. Accordingly, the importance of targeted cyber attacks for strategic purposes is expected to increase further. In order to prevent such activities, countries must include cyber defence and cyber diplomacy in their preparations for potential conflicts.

Cyber Risk GmbH, some of our clients