The year 2024 will be marked by several significant political and geopolitical events that will have repercussions in cyberspace. What are they, and what are the cybersecurity risks?
The 2024 political elections
As the war in Ukraine and the Israeli-Palestinian conflict continue towards the end of 2023, major political elections will mark the year 2024 and cyberspace.
The presidential election in Taiwan
On 13 January 2024, the presidential election in Taiwan took place. This event was under close surveillance as the candidate from the ruling party (Democratic Progressive Party), whom China strongly opposes, was favoured by a divided Taiwanese opposition. The United States was also paying close attention to the situation, at a time when tensions with the People’s Republic of China were intensifying. The opposition parties, namely the Kuomintang and the Taiwan People’s Party (TPP), were said to be “in favour of easing relations with Beijing.” The result of the election saw the ruling party’s candidate securing a decisive victory, further cementing the Democratic Progressive Party’s position in Taiwan’s political landscape.
The U.S. presidential election
On November 5, 2024, the new U.S. president will be elected. This election has significant geopolitical implications, with the likely candidacy of former President Donald Trump. Should he win, his positions regarding the war in Ukraine or his repeatedly expressed desire to leave NATO would cause global upheavals.
The european elections
In Europe, from June 6 to 9, 2024, the European elections will take place. Over 705 Members of the European Parliament will be elected to represent the citizens of the 27 EU member states. Voters are called to mobilize for this election, which could lead to a historic reorganization of political alliances within the European Parliament.
UK General Elections
On July 4, 2024, the UK general elections could see the Labour Party return to power after 14 years in opposition. A month before the election, the party led by Keir Starmer is leading the polls with around 45% of the vote, far ahead of Rishi Sunak’s Conservatives, who are polling between 20% and 25%.
The 2024 Olympic Games
The Paris 2024 Olympic Games will be held from July 26 to August 11. This sporting event is also a geopolitical event that will greatly increase the visibility of the French capital and the country as a whole. Authorities have already warned of an unprecedented increase in the level of risk of cyberattacks during the preparation and launch period of the Olympics.
Repercussions in cyberspace in 2024
These geopolitical events provide opportunities for cyber attackers to conduct large-scale operations, leading to a likely increase in the alert level for nations and organizations, especially in critical sectors.
Three main types of cyber threats
Often state-sponsored or para-state in origin, these cyber threats can be classified into three main categories.
Espionage
Cyber espionage involves stealing confidential and sensitive data, sometimes classified, from a nation or organization. This could involve intercepting information about an upcoming election to learn the outcome or harming a company’s competitive advantage. A company’s intellectual property, as well as a nation’s scientific and technical potential, can also be at stake.
Sabotage
Some cyberattacks aim to sabotage a major event, infrastructure, or a country’s critical installation. They may target computer and communication systems, networks, or databases, disrupting their proper functioning or causing irreversible damage. The goal is to harm the security and economy of a nation. Activism can also be a cause of sabotage, for example, during the Olympics, to disrupt the events of a particular country. Sabotage generally results in temporarily or permanently ending an activity and leads to severe financial losses.
Known example of sabotage: Stuxnet. Discovered in 2010, this computer worm targeted and sabotaged centrifuges used for uranium enrichment in Iran. The virus was programmed to change the machines’ speed while displaying normal data to operators, causing irreversible material damage.
Subversion
Particularly used during electoral periods, subversion aims to weaken confidence in a personality, political party, or institution to influence public opinion. Disinformation campaigns, especially on social media or via the media, are the most visible part. On a national scale, subversion leads to political instability. In companies, it can lead to governance disruptions.
Example of subversion: the Hillary Clinton email affair. In 2015, The New York Times reported that Hillary Clinton used a personal email address for official communications while she was Secretary of State of the United States. This revelation raised questions about the protection of classified information. Just days before the 2016 presidential election, the FBI announced it was reopening the investigation after discovering new emails on the computer of the husband of one of Clinton’s aides. A major controversy that may have influenced the election outcome.
Other units active in subversion include UNC1151. Linked to the Belarusian government, the group conducts online disinformation operations to discredit NATO in the Baltic states. Since 2017, the Ghostwriter campaign has been spreading fake news hostile to the Atlantic Alliance, particularly regarding the deployment of nuclear weapons.
The hack and leak phenomenon
The “hack and leak” phenomenon involves cyber attackers obtaining data, through cyber espionage, for example, and immediately leaking it online. Generally used in disinformation operations, hack and leak is a method of subversion with political consequences.
Known example of hack and leak: In France, two days before the second round of the 2017 presidential election, the “Macron Leaks” affair occurred. Documents related to Emmanuel Macron and his movement En Marche! appeared online. The campaign team confirmed that fake documents were mixed with real ones, aiming for disinformation.
Increased vigilance for nations and organizations
In summary, in 2024, economic and geopolitical uncertainty, along with major political upheavals, expose nations and organizations to significant cyber risks.
Measures to strengthen cybersecurity and cyber resilience will be crucial. The mandatory implementation of the NIS 2 regulation within EU member states by the end of the year will be beneficial. However, the time between the obligation and regulatory compliance will take time for organizations.
From now on, companies and public administrations must double their efforts to prepare for these important international events and strengthen their digital operational resilience in the face of potential crises.
Opinion piece by Jean-Philippe Commeignes, Commercial Director @Tixeo
Europe, struck by the war in Ukraine for nearly two years, has been experiencing an intensification of the terrorist threat for several weeks following the outbreak of war between Israel and Hamas. In this extremely tense geopolitical context, the statement by the Minister of the Interior in a recent interview about access to data and encrypted messaging conversations has put back on the table the binary question of balancing privacy protection and the need for security.
The fundamental issue is not so much the debate on the unlikely negotiation of access to public encrypted messaging, but the strict control of the use, sale, and export of cutting-edge surveillance technologies. These technologies, beyond circumventing the encryption problem, represent a dangerous temptation within the European Union, as highlighted by Sophie in ‘t Veld, a Member of the European Parliament, in her latest opinion piece on the risks of this industry.
Global War on Terror and Mass Surveillance
After September 11 and the launch of the war on terror by the USA and its allies, the demand for surveillance and intelligence solutions exploded. A 2017 Privacy International report counts several hundred companies in this sector created between 2001-2013, 75% of which are from NATO countries. The approach, tinged with American techno-solutionism to address the threat, led to the implementation of mass surveillance programs revealed by whistleblower Edward Snowden in 2013, then employed by the famous NSA agency. This also revealed the role of major American platforms in this data collection.
Uncontrolled Changes in the Post-Snowden World
These revelations had two major effects:
• The gradual generalization of encryption, even in consumer solutions, making authorities more “blind” in technical collection, and prompting states to have means of circumvention;
• The tightening of data protection regulations, through the General Data Protection Regulation, positioning Europe as a standard-bearer for privacy protection worldwide.
Concurrently, the rapid adoption of smartphones, messaging, and social networks facilitated the coordination of social movements like the Arab Spring, creating a stronger demand from authoritarian countries for solutions to contain them.
“The Cyber Surveillance Industry Has Adapted Across the Entire Value Chain”
The cyber surveillance industry has adapted across the entire value chain to meet both domestic and export markets, in a mix of business and foreign policy. It’s a market with layers.
The first is the research and acquisition of unknown computer vulnerabilities to publishers, called 0-day, which allow those who hold them to compromise targeted software and equipment without user action (0-click). The second is spy software that uses these vulnerabilities as invisible vectors to deploy their real-time surveillance tools.
This was highlighted twice thanks to the work of journalist consortia and NGOs like Amnesty International. The first time in July 2021 by Forbidden Stories and 17 media outlets as part of the Pegasus Project, named after the spyware developed by Israeli company NSO. The second time, a month ago, in the context of the Predator Files, named after another type of software, this time developed by a consortium of companies based in Europe, particularly in France, Intellexa. This is emblematic of an ecosystem still adrift and used for political purposes. The Digital Violence platform, developed by Forensic Architecture, allows for a frightening but salutary immersion.
Today, the cyber surveillance industry market is estimated at $12 billion according to the director of the Citizen Lab.
The PEGA Commission and Its Recommendations Against Illiberal Temptations in Europe
The work of the Parliamentary Commission on Spyware, called PEGA, following the Pegasus scandal, has highlighted the main problems within the European Union.
Domestically
First, domestically, with the confirmation that 14 European countries and 22 security agencies had acquired this type of software and that 5 member countries had used it against civil society in disregard of the law and institutions. This underlines that even our democracies can be seduced by tools that bypass the indispensable control for legitimate and proportionate use, sometimes relying on a very broad definition of the concept of national security.
Internationally
Internationally, they showed the limitations of the EU’s export rules for these technologies, both permissive and without homogeneous application within member states. This allows for the implementation of opaque company structures to take advantage of these weaknesses for easier export.
A recent report by the Carnegie Endowment for International Peace indicates that EU member states granted 317 export authorizations in this segment between 2015 and 2017, compared to only 14 refusals. It also indicates that these exports are primarily to countries where human rights are secondary.
This is Europe’s paradox: being a model promoting democracy and human rights protection while importing and exporting, without strict control, the means of its regression.
European businesses and organisations are facing an increase in state-originated cyberespionage attacks, predominantly from Russian or Chinese sources, which have escalated since the Ukrainian war. Key statistics of state cyberespionage include:
In 2022, 77% of state cyberattacks involved espionage operations. (source: cfr.org/cyber-operations)
9 out of 19 cyber defence operations involved China-linked groups. (source: ANSSI)
As of 2023, 83% of identified state cyberattacks are espionage-related. (source: cfr.org/cyber-operations)
The 2024 Olympics: A Forthcoming Challenge
80 critical entities are involved in the Paris 2024 Olympics, out of a total of 350 organisations. The cyber risk level may reach an unprecedented threshold during this period. European organisations, especially French ones, need to prepare now, as international state cyber threat actors might exploit this global event to conduct attacks, including cyberespionage, to destabilise the Olympics and potentially the nation’s equilibrium.
Cyber Resilience More Necessary Than Ever
European organisations must now prepare for the worst, particularly in the tense geopolitical context with the war in Ukraine and the Middle East. Strengthening cybersecurity measures is crucial. The ANSSI has announced conducting around sixty audits and distributing training kits to the 350 entities involved in the 2024 Olympics, including 210 healthcare establishments. The goal is to better identify risks and respond quickly and effectively, using “rapid remediation plans” to maximise organisational resilience and ensure continuity of operations.