Global Risk Themes 2020, #6: Privately operated assets as proxy targets

The world’s major geopolitical rivalries are all being pursued at least in part via proxy actors, including through militant and terrorist groups, organised crime, Advanced Persistent Threats and other state-linked cyber actors. Many of the targets during 2019 have also been proxies, with privately-operated infrastructure, networks and supply chains all impacted by state-linked attacks and intrusions.
This was particularly evident in and around the Persian Gulf, where Saudi Aramco oil facilities and assets were targeted by drone and missile strikes as political tensions escalated. Privately-owned tanker shipping was also attacked in the Gulf of Oman while banks in the US and UK were among the targets of cyber attacks with plausible links to Iran. 

Elsewhere, communications infrastructure was targeted by governments seeking to contain political dissent (including denial of service attacks against messaging services in Hong Kong). The energy sector also featured prominently in reported attacks and intrusions. In June, for example, the US grid regulator NERC warned that a hacking group with links to Russia had been conducting long-term reconnaissance against the networks of American electricity providers.
A ransomware that caused serious disruption to the operations of Norwegian aluminium and energy conglomerate Norsk Hydro in March appears to have been criminally motivated. However, it was another high-profile example of successful cyber targeting of industrial operating systems, a space in which Russia, Iran and North Korea all appear to be increasing their efforts. Acquisition and investment in capabilities developed by criminal groups is one of the ways in which they are doing this.

Most of the reported cyber attacks with credible links to China during 2019 appear to have been focused primarily on espionage as opposed to direct interference with operating systems. Nonetheless, China has strong offensive capabilities and the relative lack of specific recent cases in part reflects the fact that it is better at remaining undetected. Moreover, utilities and communication infrastructure have been prominent among the recent targets of Chinese cyber espionage, showing that China has strong penetration capabilities and strategic interest in these sectors.

With many cyber attacks and hybrid forms of warfare going unreported or undetected, it is inherently difficult to cite clear patterns in the number of attacks from individual state actors or against specific sectors. However, two trends appear clear: first, China probably has the world’s largest and most sophisticated offensive cyber programme but Russia, Iran and North Korea are featuring increasingly prominently in reported attacks with intent to disrupt operating systems; second, US and Western relations with all of those countries are on a deteriorating trajectory heading into 2020. As such, the proxy threat to companies working alongside Western governments in sectors including defence, communications, energy and critical national infrastructure is likely to increase further over the next twelve months.

Sibylline Annual Forecast 2020: Global Themes

This post is part of a series of eight global themes to watch in 2020. These form part of our annual forecast product, released to clients in December and including regional deep dives on the Americas, Europe, MENA, Africa, Eurasia and Asia Pacific in addition to an overview of key events and flashpoints in the year ahead. Please contact us if you are interested in receiving this product or finding out more about the World Risk Register.