Cyber is politics by other means

The release of highly personal information on Simone Biles, Serena and Venus Williams, Bradley Wiggins and Chris Froome, amongst other athletes from WADA (Word Anti-Doping Agency), seems to be the latest Cyber element in the continued geopolitical fallout. WADA has attributed the leak to a Russian hacking group who has accessed WADA databases, including confidential medical information, through a compromised account created for the Rio Olympics.

The current issues seem politically motivated, and previous announcements by the New York Times that their Moscow Bureau has been targeted by cyber attackers form other public moves in an on-going geopolitical conflict between Russia and the United States playing out through cyber means.

The recent release of hacking software thought to be used by National Security Agency by a group called the Shadow Brokers, may sound like a plot from a 21st century spy novel, but indicates that cyber issues are a still a big part of the political, economic and business landscape.

After the Snowden revelations indicated the scope of cyber-attacks to support US foreign policy, the release of data from the Democrat National Committee, and calls from Donald Trump for Russia to release Hillary Clinton’s e-mails, further entwined the political and technological status between both countries

Historically, cyber threats to businesses were clear cut and often based on Intellectual Property based espionage or intelligence gathering, rather than as a proxy for wider conflicts.
This is compounded as Geopolitical exposure is hard to measure and isn’t well understood by the cyber community. If an organisation doesn’t work for a Government or create large amounts of IP it is rarely viewed as a risk, and – even if it is – it’s often accepted as being too costly to protect against.

Now businesses and individuals with interests in either Russia or the US – or those that may be perceived to represent them publically – are potentially at increased risk of being collateral damage in a cyber-version of ‘politics by other means’.

The excitement and hype once seen around nation state cyber attackers who are highly capable or aggressive has largely abated. This does not mean the threat has weakened: there is more evidence of nation states and those related to them turning to cyber and technology attacks to both gather information, but also to prevent action and to influence real-world events.

It is likely that the interests of both Russia and the US will continue to conflict publically with increased domestic and international attention around the US election. Taking steps to understand the geopolitical cyber exposure of an organisation should be embedded in any companies’ risk management strategy, with an expectation that more future conflicts will play out through cyber attacks.