A special report from | With support from

FP Analytics Research Brief

Conflict in the Cyber Age

Why the world must act to end the cyber arms race

Chris Philpot illustration for Foreign Policy

Cyberattacks have occurred for decades, but the Stuxnet incident marked a pivotal moment in cybersecurity. Stuxnet, a cyber operation that targeted gas centrifuges used in Iran’s uranium enrichment program in Natanz, launched a global cyber arms race when it became public in 2010. While its impact was primarily contained to Iran’s nuclear facility, the high-profile attack demonstrated how nations can weaponize cyber tools to wreak havoc not only on computers and servers, but on critical infrastructure and government facilities to achieve foreign policy objectives. Since then, malicious actors have used and modified the Stuxnet code to attack a range of targets, including water treatment plants, power plants and gas lines. Although no one has claimed responsibility for Stuxnet, it possesses the signature of a state operation with cybersecurity experts linking its origin to US and Israeli intelligence.

Two years after Iran learned of Stuxnet, it initiated its own cyberattacks, first against the world’s largest oil company Saudi Aramco, in which hackers destroyed data on 30,000 computers, and later on American banks, causing millions of dollars in lost business. By 2014, North Korea joined in the cyber arms race with a hack into Sony Pictures that caused as much as $35 million in damages. Amid these attacks, then-US Defense Secretary Leon Panetta sounded the alarm over the potential for a “cyber Pearl Harbor” on critical infrastructure.

As threats to governments and private industry spread across borders, the UN’s Group of Governmental Experts (GGE) on Information Security called in 2013 and 2015 for the application of international law in cyberspace, including voluntary norms of responsible state behavior, state sovereignty, and the protection of human rights and fundamental freedoms, to which all members of the UN General Assembly agreed. In 2016, the North Atlantic Treaty Organization (NATO) similarly recognized the growing risks to international security, identified cyberspace as an operational domain and expressed the need for member states to bolster their cyber defense of national infrastructure.

To date, however, these efforts have demonstrably failed to deter attacks, hold bad actors accountable or sufficiently protect citizens. Rapidly evolving cyber capabilities, declining costs and relatively low barriers to entry have made the digital weapons increasingly accessible and powerful tools, and a force-equalizer among state and non-state actors. While essential for 21st-century economies, the proliferation and integration information and communication technologies (ICT) further expands the attack surface, requiring more agile and sophisticated defenses.

The Rise of State-Sponsored Hacking

Cyberspace is now a strategic domain as states use cyber tactics to conduct stealth attacks on rivals and target private industry for espionage and commercial gain, helping to level the geopolitical playing field. For state actors, the cyber domain is fast becoming the weapon of choice and is a “short of war” means to pressure other governments, manage conflict, impose costs on leaders and project national power. Over the last few years, the rate and sophistication of cyber incidents has increased sharply. According to a recent study by HP, from 2017 to 2020 the frequency of state-sponsored cyberattacks doubled, with an average of 10 publicly attributed cyberattacks per month in 2020. Threat actors’ techniques have also advanced, making them harder to identify and more threatening to targets.

According to Microsoft’s Digital Defense Report 2020, cyberattacks are becoming more sophisticated with state-sponsored actors employing new reconnaissance techniques to increase their chances of compromising high-value targets through credential harvesting, malware, and Virtual Private Network (VPN) exploits.

While the types of operations have varied, they have increasingly taken the form of mis- and disinformation campaigns. The Oxford Internet Institute found that in 2020, organized disinformation campaigns were waged in 81 countries, and government agencies in 62 countries used computational propaganda to shape public attitudes. States’ growing use of ICT-enabled covert information campaigns that seek to influence the overall stability of other states is raising concerns about their threat to the international community. These campaigns already permeate society and institutions, and we are only beginning to discern the breadth of damage and costs.

While mis- and disinformation attacks are on the rise, the preponderance of known state-sponsored cyberattacks involve data extortion through the use of ransomware, intellectual property (IP) theft and surveillance. As the boundary between the physical and digital world shrinks, such politically motivated cyberattacks can inflict widespread damage and tremendous direct and indirect costs—with consequences that transcend borders. In the past year alone, intelligence-gathering attacks to acquire vaccine-related IP have been linked to China, Russia and North Korea; Chinese state-sponsored surveillance operations and espionage efforts targeted pro-democracy organizations and individuals in Hong Kong; and unattributed ransomware attacks spread across more than 400 hospital and healthcare facilities in Puerto Rico, the United Kingdom, and the United States, causing an estimated $67 million in damages. While such attacks are a global issue, the US is the most targeted country for nation-state activities, followed by the UK, Canada, South Korea, and Saudi Arabia, according to Microsoft’s 2020 Digital Defense Report.

Perhaps as worrisome as the attacks themselves is their frequent and increasing use during peacetime, when rules of engagement and international humanitarian law do not clearly apply. As cyber defenses of high-value targets have improved, threat actors have turned to supply chain attacks in which they compromise a supplier’s software or hardware prior to installation in order to infiltrate data and manipulate IT hardware, operating systems, or services. In 2019, supply chain attacks increased by 78 percent. According to HP, at least 27 supply chain attacks associated with state-sponsored actors occurred between 2017 and 2020. The rapid digitalization of industry and services, and growing reliance on digital infrastructure, particularly during the pandemic, have experts anticipating further escalation of such attacks across cyberspace.

State actors also conduct cyberattacks targeting physical infrastructure during or in response to kinetic conflicts. This blend of conventional and non-conventional methods of warfare is known as “hybrid warfare.” In a 2020 study, 40 percent of analyzed state-sponsored incidents involved a cyberattack on assets that have both physical and digital components, such as power plants, waste water systems and running dams. Such strategies are invaluable to state actors’ efforts to advance their broader regional and geo-strategic policy goals, as demonstrated by the destructive attacks by Russian-backed hackers that sabotaged critical infrastructure in Estonia, Georgia, and, most dramatically, Ukraine, where in 2015 a quarter-million Ukrainians lost power after a cyberattack.

Global State-Sponsored Cyberattacks

Since 2005, 35 countries are suspected of sponsoring 510 cyber operations with China, Russia, Iran, North Korea and the United States engaged in the majority of the cyber activity. Of 121 operations in 2020, more than 77 percent were acts of espionage.

Note: This map was adapted from the Council on Foreign Relation’s (CFR) Cyber Operations Tracker to include a breakdown and description of the most common types of cyberattacks by specific countries and examples of cyber operations and their associated costs. All instances of publicly known state-sponsored cyber activity are collected from open-source information and existing repositories of state-sponsored incidents, such as CFR, Florian Roth’s APT Groups and Operations, the Center for Strategic and International Studies’ (CSIS) list of significant cyber events, and Kaspersky Lab’s Target Cyberattacks Logbook. The data exclusively tracks incidents and threat actors engaged with denial-of-service, espionage, defacement, destruction of data, sabotage and doxing.

Source: Council on Foreign Relations. (n.d.). Cyber Operations Tracker. Retrieved July 13, 2021, from https://microsites-live-backend.cfr.org/cyber-operations#OurMethodology

Cooperation Between State-Sponsored Attackers and Cybercriminals Elevates Security Risks

The cyber weapons used by state actors vary in sophistication and scope, with half of cyberattacks involving low-budget tools. More complex cyber weapons and operations can be resource-intensive and require vast domain and server infrastructure, as well as talented hackers on hand. For instance, threat actors may seek an unknown vulnerability in software – a zero-day exploit – in order to penetrate a system, especially one not connected to the internet. Such an operation can be expensive, with documented prices for a zero-day exploit ranging from $60,000 to $2.5 million, with no guarantee that the exploit will work. As a result, some state-sponsored attackers are leveraging the cybercrime market and collaborating with cybercriminals to fund and support their cyber operations.

The costs of these attacks to the victims and to society are growing exponentially. In 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas and carries gasoline and jet fuel to the southeastern United States, suffered a ransomware attack that resulted in a $4.44 million payoff ($2.3 million was later recovered), drastically raised gas prices, and necessitated restoration work costing tens of millions of dollars. Weeks later, JBS Foods, the world’s largest meat company by sales, also paid $11 million in response to a ransomware attack by a Russian-linked cybercriminal group that forced nine plants to shut down in Australia, Canada, and the US. Experts fear that the disruption, which put immense pressure on an already strained global food-supply chain, may inflate beef prices for the next two to three years. By 2025, cybercrime is anticipated to cost the global economy $10.5 trillion per year (or $20 million per minute), greater than the current nominal GDP of Japan and Germany combined.

Despite the high cost of such attacks, some governments remain unwilling or unable to prosecute these types of crimes, allowing many cybercriminals to continue their ransomware attacks with impunity. The US Ransomware Task Force called ransomware a “national security risk that threatens schools, hospitals, businesses and governments across the globe.” Proceeds from ransomware attacks can help fund state-sponsored objectives, such as developing a nuclear weapons program or evading economic sanctions. This was illustrated by a 2016 incident in which North Korean state-sponsored hackers attempted to steal at least $1 billion from financial institutions around the world and successfully ran off with $81 million from Bangladesh’s central bank. Such risks are compounding as threat actors learn from one another and replicate tactics and tools employed by advanced state and non-state actors alike. In some instances, governments have shared hacking tools with cybercriminals and have purchased custom-made weapons, such as targeted malware or software exploits, through the dark web and other covert sources, in addition to stockpiling zero-day exploits. The emergence of sophisticated “cybercrime-as-a-service” schemes have afforded anonymity to state actors that seek to mask their efforts behind third-party contracts, thereby establishing “an almost impenetrable wall of plausible deniability.”

As the ease of conducting cyber operations grows, and more actors navigate the cyber arena, hacks by smaller, loosely affiliated, and ideologically motivated groups are also emerging as security threats. Recent examples include the ransomware hacks against French hospitals, the attempts to change the chemical levels in a Florida water-treatment facility, and the attack on the Massachusetts Steamship Authority this past year. Although the occurrences of cyber incidents around the globe can appear isolated from one another, the capabilities and impacts transcend borders.

Cyber Incidents by Top State-Sponsors

The following countries were chosen based on the total number of cyber operations they have reportedly sponsored, according to the CFR Cyber Operations Tracker. The examples referenced were chosen based on publicly available information regarding the cost of an attack by a state-sponsored actor. Some examples may not be reflected in the CFR database.

China likely possesses the second most sophisticated cyber capabilities in the world, which it leverages to achieve its policy objectives. Chinese state-sponsored cyber activities have been mainly in the forms of cyber espionage operations to steal intellectual property and trade secrets from corporations in order to acquire Western technology, operations to censor content considered “politically sensitive” and damaging to the Chinese Communist Party’s legitimacy, and disinformation campaigns as seen during Taiwan’s 2019 elections.

Cyber Incident

Year: 2017
Type of attack: Distributed Denial-of-Service (DDoS)
Perpetrator: China
Target: Google
Cost: DDoS attacks cost on average $2 million for enterprise businesses and $120,000 for small to medium-sized businesses (SMBs).
Impact: Google suffered the largest DDoS attack on recorded, in which traffic on its networks peaked at 2.5 terabits per second (tbps). While the company was able to mitigate the attack, the incident emphasized the need to address cybersecurity internationally. More than four billion people use Google for search and more than 1.5 billion people use Gmail. Major companies, such as Airbus, Citigroup, Deutsche Bank, Goldman Sachs, PayPal and UPS, rely on Google Cloud, and a DDoS attack could disrupt the financial and logistics industries, among others.

To achieve recognition in claimed spheres of influence, Russian cyber activities work to constrain and undermine democratic governments and ideals. According to the Harvard Belfer Center’s 2020 National Cyber Power Index, Russia ranks fourth in terms of its cyber capabilities, following the United States, China and the United Kingdom. Russian disinformation campaigns seek to erode public trust in Western democratic processes and “sow divisiveness” among citizens. The Russian government has also regularly conducted cyber operations against European and US critical infrastructure.

Cyber Incident

Year: 2020
Type of attack: Supply chain attack
Perpetrator: Russia
Targets: SolarWinds, other private companies, and the US federal government
Cost: $25 million in damages, $90 million in estimated insured losses
Impact: The attack on SolarWinds is considered one of the largest and most sophisticated cyberattacks ever perpetrated from a technical standpoint. The operation may have affected an estimated 18,000 SolarWinds Orion IT management software customers. It targeted seven federal agencies in the US and private companies in Belgium, Canada, Israel, Mexico, Spain, the UAE, the UK and the United States. The hackers may have sought to obtain emails of corporate executives and files about sensitive technologies under development, and information on US government activities.

Iranian cyber operations are motivated by the regime’s desire to project regional power and to challenge historical opponents such as Israel, the UK and the United States. The country’s cyber capabilities typically focus on the surveillance of political opponents, attacks on critical infrastructure within Western countries (as seen with its attempted hack of a New York dam in 2013), and IP theft from commercial entities and universities in support of its key industries, such as defense, telecommunications, natural resources, and energy, among others.

Cyber Incident

Years: 2013–2017
Type of attack: Cyber espionage
Perpetrator: Iran
Targets: Universities, businesses, government agencies and international organizations
Cost: $3.4 billion
Impact: The coordinated cyber intrusion campaign affected computer systems of almost 8,000 professors at 320 universities around the world. The targets also included the United Nations, 30 US companies and five US government agencies. The hackers stole 31.5 terabytes of documents and data. In 2018, the US Department of Justice indicted nine hackers located in Iran for orchestrating the attack, but the suspects have not been extradited to the US because the two countries do not have diplomatic relations.

Although North Korea has one of the smallest internet presences in the world, with the majority of its Internet access routed through China, its government has dedicated resources to develop its cyber capabilities. According to the Center for New American Security (CNAS), most North Korean cyber operations center on espionage, theft, website vandalism, denial-of-service attacks and ransomware in an effort to circumvent financial sanctions and acquire the research and funds to pursue the country’s foreign policy objectives, particularly the development of its nuclear weapons program.

Cyber Incident

Years: 2017–2018
Type of attack: Ransomware
Perpetrator: North Korea
Targets: Windows XP computers
Cost: $4 billion to $8 billion
Impact: Using a leaked National Security Agency (NSA) exploit called EternalBlue, the attack encrypted user data and demanded payment in bitcoin to regain access. The incursion affected 200,000 computers across 150 countries. The attack on the UK’s National Health Service (NHS) cost an estimated £92 million ($100 million) and cancelled more than 19,000 appointments. In 2018, a new variant of WannaCry spread to 10,000 machines in Taiwan Semiconductor Manufacturing Company’s (TSMC) most advanced facilities, forcing TSMC to temporarily shut down several of its chip-fabrication factories. The disruption affected the company’s financial performance, resulting in a $170 million in losses.

By most estimates, the United States possesses the most advanced cyber capabilities of any nation. Described as the both the “hunted and hunter,” US strategy in cyberspace is grounded in “proactive defense,” in which hacking is done preemptively to deter potential attacks. Recently, the US government has struggled to retain top cyber professionals, with some former US government hackers accepting jobs with foreign governments and working for firms such as the UAE-based group DarkMatter, which has allegedly targeted Americans for surveillance.

Cyber Incident

Years: 2011–2016
Type of attack: Cyber espionage
Suspected Perpetrator: United States
Targets: Organizations across various industries and governments
Cost: Unknown
Impact: A group called Strider or Project Sauron has been conducting long-term cyber espionage operations against 30 organizations from the government, military, finance, telecommunications and scientific research sectors in Belgium, China, Iran, Russia, Rwanda and Sweden, among others. Given the level of sophistication of Strider’s operations and the vast resources needed to sustain these cyber activities, analysts believe that the group is state-sponsored, and according to CFR’s Cyber Operations Tracker, it is suspected to be sponsored by the United States. The group was last known to be active in 2016. While these operations have largely ceased, the group may still be active on computer systems.

Direct and Indirect Costs of State-Sponsored Attacks are Mounting

In addition to the harm inflicted on the direct targets, cyber vulnerabilities pose serious risks to the global economy as hacks cause large-scale business disruptions, revenue loss and reputation damage. For example, the 2017 NotPetya attack targeted Ukraine, but the impacts spread across Australia, Europe, and the United States, devastating global businesses and critical infrastructure and causing an estimated $10 billion in losses. According to the Foundation for Defense of Democracies, a three-day cyber disruption of a managed service provider can lead to an economic loss of almost $80 billion. The hidden consequences of cyberattacks include insurance premium increases, higher interest rates for borrowed capital if a potentially vulnerable entity is perceived as a high-risk borrower, loss of contract and future opportunity revenue, and loss of trust by customers and citizens.

While intangible losses are difficult to quantify, they play a significant role in the decision-making and risk assessments of potential targets. Often, in fear of reputational costs, companies overstate their confidence in their ability to address cyber threats, particularly those posed by states actors, with firms in Asia exhibiting greater concern and readiness than their European or North American counterparts. Indeed, a Ponemon study determined that 47 percent of private-sector organizations in the UK and the US have not assessed the readiness of their incident response teams. A 2020 review by Dragos also found that 90 percent of analyzed companies had little to no visibility into their industrial control system (ICS) environments, which play essential roles in critical infrastructure management and security. Given that in the US, 85 percent of federal infrastructure is owned by the private sector, according to the US Federal Emergency Management Agency (FEMA), these assessments suggest that government defenses are likely not faring much better.

Global Risks and Estimated Costs of Cyberattacks on Power Plants

Energy infrastructure, including power plants, is critical for the health, welfare, safety and economies of countries. Cybersecurity risks to critical power infrastructure are growing. A 2019 Siemens and Ponemon Institute study found that 56 percent of companies surveyed suffer at least one shutdown or loss of operational data per year. The following graphic illustrates the potential impact that a cyberattack on a country’s power plants could have on its power supply and its citizens.

Power substations present a particular cybersecurity vulnerability to countries’ electrical grids. A 2014 study by the US Federal Energy Regulatory Commission (FERC) found that if a cyberattack were to occur on nine strategic substations, it would cause a coast-to-coast electrical grid shutdown.

Note: The following countries were chosen according to their total primary energy consumption as of 2017. Because of limitations in publicly available data, 2017 is the most current information available on electricity generation, population total, share of the population’s access to electricity and estimated power plant generation. To calculate the percentage of a country’s electrical output that would be disrupted by a cyberattack on a power plant, the estimated electricity generation of the largest power plant in the country or the sum of the estimated generation of the top 10 power plants are compared with the total electricity generation of that country. Based on that calculation, the potential number of individuals who have access to electricity in each country that could be affected is determined. The loss of power in a country would affect both citizens and industries. This analysis estimates the impact that a successful cyberattack could have on the share of individuals in that country who have access to electricity.

Click buttons below to see potential affects of power plant attacks

China | 1.32% | 18,737,352

United States | 0.52% | 1,680,044

Russia | 3.76% | 5,470,575

India | 2.36% | 29,272,675

Japan | 6.63% | 8,451,243

Canada | 5.07% | 1,851,846

Germany | 3.81% | 3,153,418

Brazil | 0.07% | 145,619

South Korea | 7.07% | 3,609,628

Iran | 5.14% | 4,140,992

China | 5.8% | 82,879,502

United States | 4.8% | 15,708,294

Russia | 24.9% | 36,217,085

India | 12.5% | 154,444,313

Japan | 25.6% | 32,586,836

Canada | 29% | 10,602,005

Germany | 18.5% | 15,303,232

Brazil | 0.1% | 176,510

South Korea | 56.6% | 28,900,082

Iran | 25% | 19,976,549

SOURCES: U.S. Energy Information Administration. (n.d.). International. Retrieved July 13, 2021, from https://www.eia.gov/international/overview/world, World Resources Institute. (2021, June). Global Power Plant Database Data. Retrieved from https://datasets.wri.org/dataset/globalpowerplantdatabase, and the World Bank. (n.d.). Access to electricity (% of population). Data. Retrieved July 13, 2021, from https://data.worldbank.org/indicator/EG.ELC.ACCS.ZS?end=2017&most_recent_year_desc=true&start=2013

Current Cybersecurity Responses Are Insufficient to Deter Cyberattacks

There is no clear consensus regarding who is liable for cybersecurity breaches, what constitutes an act of war or how to impose penalties for specific cyber intrusions. Governments have used various “seen and unseen” responses, including sanctions, offensive cyber operations and kinetic attacks, such as Israel’s air strike on the Hamas Cyber Headquarters building in response to an cyberattack by the Palestinian organization in 2019. Since 2012, the US Treasury Department has issued 311 cyber-related sanctions—the greatest number against Russia, Iran and North Korea—and in 2020, the EU for the first-time imposed sanctions against individuals and entities from China, North Korea and Russia in response to foreign cyberattacks. However, continued hostile state-sponsored cyber activity suggests that these tactics have not been effective deterrents.

Although sanctions can potentially deter state-sponsored cyberattacks, evidence suggests that state and non-state actors have not been compelled to follow standard rules of behavior or relinquish their cyber capabilities. Malicious actors that seek to achieve short-term goals may not experience the medium- to long-term impacts of sanctions, thus hindering their utility and effectiveness as a deterrent. The efficacy of sanctions is further weakened by uneven enforcement in regions with poor sanctions compliance and legal frameworks, such as Southeast Asia, and countries with policies and governance structures that may mask suspected perpetrators’ identities. In some cases, governments may also refuse to extradite accused perpetrators when indicted for a cyberattack in another nation. These conditions cultivate an environment in which state and non-state actors have limited risk of prosecution.

To date, governments have largely attempted to combat cyber intruders independently, but given the millions of attempted cyberattacks occurring daily, it is extremely difficult for individual governments to effectively respond to all multi-faceted attacks.

In 2020 study by Deep Instinct, malware and ransomware attacks increased by 358 percent and 435 percent, respectively, as compared with 2019.

Adding yet another dimension of complexity, experts note that threat actors, particularly those that are state-sponsored, are adapting to more robust security in the critical infrastructure sector by looking for vulnerabilities among IT organizations, non-government organizations (NGOs), commercial facilities, critical manufacturing, financial services and the defense industrial base. These challenges, among others, require the cooperation among countries, the private sector and civil society, and the establishment of rules of behavior to protect the international community’s collective cybersecurity.

Greater Multistakeholder International Collaboration on Cybersecurity Is Needed

The private sector, governments and international organizations have put forth a number of frameworks and recommendations for international norms, including the March 2021 consensus report from the UN open-ended working group on developments in the field of information and telecommunications in the context of international security; a Russia-led proposed UN resolution on cybercrime; a UNGGE 2021 report on advancing responsible state behavior in cyberspace in the context of international security; the Global Commission on the Stability of Cyberspace; the Charter of Trust; and the Cybersecurity Tech Accord, among others. The Paris Call for Trust and Security in Cyberspace—with more than 1,200 endorsers, the largest multi-stakeholder group ever assembled in support of a cybersecurity-focused agreement—attempts to provide a baseline for continuing cyber norms discussions and enables meaningful cooperation among countries, civil society and the private sector, but it notably does not include China, Russia, or the US.

However, as the cyber arms race has escalated, these initiatives remain disparate with a lack of consensus on which international norms to follow. Critics point out that cyberattack motives are difficult to define, and that determining hackers’ identities can be difficult (although not impossible). More fundamentally, governments are reluctant to relinquish their cyber capabilities as tools of effective statecraft because they do not want to limit their own freedom to launch cyberattacks on adversaries. As a result, countries fail to follow voluntary norms on what is permissible in cyberspace. Absent effective governance and regulation, the private sector has established its own self-regulating mechanisms and standards of behavior, but they are insufficient as cyber activities escalate and impact all stakeholders in the digital ecosystem. The challenge for the international community will be to secure an agreement that establishes clear rules and enforcement mechanisms that would be acceptable to most countries while also addressing all attack vectors within the cyber domain, including mis/disinformation, theft of intelligence and IP, and critical infrastructure security. Such an agreement is sorely needed and would help to strengthen security in the global digital ecosystem. As digital connectivity proliferates, so does the global attack surface, underscoring the urgency to establish new norms of responsible behavior in cyberspace to mitigate the mounting costs of cyberattacks and risks to human security.

References

Ablon, L., & Bogart, A. (2017, March 8). Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits. RAND. Retrieved from https://www.rand.org/pubs/research_reports/RR1751.html
ACS. (2016, November). Cybersecurity: Threats, Challenges, Opportunities. Retrieved from https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf
Adonis, A. (2020, March 14). International Law on Cyber Security in the Age of Digital Sovereignty. Retrieved from E-International Relations website: https://www.e-ir.info/2020/03/14/international-law-on-cyber-security-in-the-age-of-digital-sovereignty/
Ang, C. (2021, May 10). The Most Significant Cyber Attacks from 2006-2020, by Country. Visual Capitalist. Retrieved from https://www.visualcapitalist.com/cyber-attacks-worldwide-2006-2020/
Baram, G. (2018). The Theft and Reuse of Advanced Offensive Cyber Weapons Pose A Growing Threat. Council on Foreign Relations. Retrieved from https://www.cfr.org/blog/theft-and-reuse-advanced-offensive-cyber-weapons-pose-growing-threat
Bartlett, J., & Ophel, M. (2021, May 4). Sanctions by the Numbers: Spotlight on Cyber Sanctions. CNAS. Retrieved from https://www.cnas.org/publications/reports/sanctions-by-the-numbers-cyber
BlackBerry. (2021). 2021 Threat Report. Retrieved from https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf
Brown, C. (2021, June 7). The high cost of beef drama. Axios. Retrieved from https://www.axios.com/beef-prices-cost-jbs-drought-pandemic-802d9e60-94c7-4ce6-b0a0-fcc51c6ab2ca.html
Bumiller, E., & Shanker, T. (2012, October 12). Panetta Warns of Dire Threat of Cyberattack on U.S. The New York Times. Retrieved from https://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html?pagewanted=all&_r=0
Bunge, J. (2021, June 2). Meat Buyers Scramble After Cyberattack Hobbles JBS. Wall Street Journal. Retrieved from https://www.wsj.com/articles/meatpacker-jbs-hit-by-cyberattack-affecting-north-american-australian-operations-11622548864?mod=article_inline
Chen, S. (2021, June 2). Massachusetts Steamship Authority hit by ransomware attack. Axios. Retrieved from https://www.axios.com/ransomware-attack-massachusetts-steamship-authority-b0d5198e-9dbe-4d96-bb4b-f5daf5339ff2.html?utm_source=twitter&utm_medium=social&utm_campaign=editorial&utm_content=technology-marandsomeware
Cimpanu, C. (2018, November 12). US, Russia, China don’t sign Macron’s cyber pact. ZDNet. Retrieved from https://www.zdnet.com/article/us-russia-china-dont-sign-macrons-cyber-pact/
Cimpanu, C. (2019, May 5). In a first, Israel responds to Hamas hackers with an air strike. ZDNet. Retrieved from https://www.zdnet.com/article/in-a-first-israel-responds-to-hamas-hackers-with-an-air-strike/
Cimpanu, C. (2020, July 15). Chinese state hackers target Hong Kong Catholic Church. ZDNet. Retrieved from https://www.zdnet.com/article/chinese-state-hackers-target-hong-kong-catholic-church/
CrowdStrike. (2021). 2021 Global Threat Report. Retrieved from https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf?mkt_tok=MjgxLU9CUS0yNjYAAAF9Kj5oisODDIwgH_myR3qqVwaLtM3KBsM9h7XHACrxJZv1-fK4kFTBLU97I5WLtclGNdMHpZYFO8-L7tbutIeY1fRgu-7Op-MAhiUsVlHXPzgHdh4
Deloitte. (2016, July). Seven Hidden Costs of a Cyberattack. Deloitte. Retrieved from https://www2.deloitte.com/us/en/pages/finance/articles/cfo-insights-seven-hidden-costs-cyberattack.html
Dragos. (2021, February 24). Dragos Releases Annual Industrial Control Systems Cybersecurity 2020 Year in Review Report. Retrieved from https://www.dragos.com/resource/dragos-releases-annual-industrial-control-systems-cybersecurity-2020-year-in-review-report/
Eaton, C., & Volz, D. (2021, May 19). Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom. Wall Street Journal. Retrieved from https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636
European Council. (2020, July 30). EU imposes the first ever sanctions against cyber-attacks. Retrieved from https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/
FEMA. (2011, June). Critical Infrastructure: Long-term Trends and Drivers and Their Implications for Emergency Management. Retrieved from https://www.fema.gov/pdf/about/programs/oppa/critical_infrastructure_paper.pdf
France 24. (2021, February 25). ‘Mafia-type’ groups likely behind cyber attacks on French hospitals, minister says. Retrieved from https://www.france24.com/en/europe/20210225-mafia-type-groups-likely-behind-cyber-attacks-on-french-hospitals-minister-says
Gisel, L., Rodenhäuser, T., & Dörmann, K. (2021, March). Twenty years on: International humanitarian law and the protection of civilians against the effects of cyber operations during armed conflicts. International Review of the Red Cross. Retrieved from https://international-review.icrc.org/articles/twenty-years-ihl-effects-of-cyber-operations-during-armed-conflicts-913
Gold, J. (2021, March 18). Unexpectedly, All UN Countries Agreed on a Cybersecurity Report. So What? Council on Foreign Relations. Retrieved from https://www.cfr.org/blog/unexpectedly-all-un-countries-agreed-cybersecurity-report-so-what
Greenberg, A. (2017, June 20). How an Entire Nation became Russia’s Test Lab for Cyberwar. WIRED. Retrieved from https://www.wired.com/story/russian-hackers-attack-ukraine/
Greenberg, A. (2018, August 22). The Untold Story of NotPetya, the Most Devastating Cyberattack in History. WIRED. Retrieved from https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Greenberg, A. (2019, August 23). The WIRED Guide to Cyberwar. WIRED. Retrieved from https://www.wired.com/story/cyberwar-guide/
Help Net Security. (2021, February 17). Malware increased by 358% in 2020. Retrieved from https://www.helpnetsecurity.com/2021/02/17/malware-2020/
Henriquez, M. (2021, February 9). Hacker breaks into Florida water treatment facility, changes chemical levels. Security Magazine.Retrieved from https://www.securitymagazine.com/articles/94552-hacker-breaks-into-florida-water-treatment-facility-changes-chemical-levels
Homberger, Z. (2019, April). Conceptual Ambiguity of International Norms of State Behavior in Cyberspace. EU Cyber Direct. Retrieved from https://eucyberdirect.eu/wp-content/uploads/2019/05/zine-homburger-conceptual-ambiguity-of-norms-april-2019-eucyberdirect.pdf.
Hornyak, T. (2015, February 4). Hack to cost Sony $35 million in IT repairs. Network World. Retrieved from https://www.networkworld.com/article/2879814/sony-hack-cost-15-million-but-earnings-unaffected.html
HP. (2021, April 8). New study highlights 100% rise in nation state cyberattacks in last three years. Retrieved from https://press.hp.com/us/en/press-releases/2021/new-study-highlights-100-percent-rise-in-nation-state-cyberattacks.html
HP. (2021, April 8). New study highlights 100% rise in nation state cyberattacks in last three years. Retrieved from https://press.hp.com/us/en/press-releases/2021/new-study-highlights-100-percent-rise-in-nation-state-cyberattacks.html
HP. (2021, April 8). New study highlights 100% rise in nation state cyberattacks in last three years. Retrieved from https://press.hp.com/us/en/press-releases/2021/new-study-highlights-100-percent-rise-in-nation-state-cyberattacks.html
HP. (2021, April 8). New study highlights 100% rise in nation state cyberattacks in last three years. Retrieved from https://press.hp.com/us/en/press-releases/2021/new-study-highlights-100-percent-rise-in-nation-state-cyberattacks.html
Ignatius, D. (2018, December 7). How a chilling Saudi cyberwar ensnared Jamal Khashoggi. The Washington Post. Retrieved from https://www.washingtonpost.com/opinions/global-opinions/how-a-chilling-saudi-cyberwar-ensnared-jamal-khashoggi/2018/12/07/f5f048fe-f975-11e8-8c9a-860ce2a8148f_story.html
Institute for Security and Technology. (2021, April). Combating Ransomware. Retrieved from https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force-Report.pdf
Jacobs, J. (2021, March 29). White House Weighs ‘Seen and Unseen’ Responses to Major Hack. Bloomberg. Retrieved from https://www.bloomberg.com/news/articles/2021-03-29/biden-in-final-stage-of-weighing-response-to-solarwinds-hack
Kaminska, M. (2021). Restraint under conditions of uncertainty: Why the United States tolerates cyberattacks. Journal of Cybersecurity, 7(1). https://doi.org/10.1093/cybsec/tyab008
Koehl, B., & Hannon, J. (2020, September 24). Microsoft Security—detecting empires in the cloud. Microsoft Security Blog.Retrieved from https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/
LIFARS. (2021, January 20). The Current State of Zero-Day Exploit Market. Retrieved from https://lifars.com/2021/01/current-state-of-zero-day-exploit-market/
Loeb, L. (2019, February 21). Supply Chain Attacks Increase 78%. DarkReading. Retrieved from https://www.darkreading.com/abtv/intrusion/supply-chain-attacks-increase-78-/a/d-id/749601
Lorber, E., & Schneider, J. (2015, April 14). Sanctioning to Deter: Implications for Cyberspace, Russia, and Beyond. War on the Rocks. Retrieved from https://warontherocks.com/2015/04/sanctioning-to-deter-implications-for-cyberspace-russia-and-beyond/
McAfee. (2019). What Is Stuxnet? Retrieved from https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/what-is-stuxnet.html
Microsoft Security Team. (2020, September 29). Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise. Retrieved from https://www.microsoft.com/security/blog/2020/09/29/microsoft-digital-defense-report-2020-cyber-threat-sophistication-rise/
Microsoft. (2020, September). Microsoft Digital Defense Report, September 2020. Retrieved from https://www.microsoft.com/en-us/download/details.aspx?id=101738
Microsoft. (2020, September). Microsoft Digital Defense Report, September 2020. Retrieved from https://www.microsoft.com/en-us/download/details.aspx?id=101738
Nakashima, E. (2021, June 7). Feds recover more than $2 million in ransomware payments from Colonial Pipeline hackers. The Washington Post. Retrieved from https://www.washingtonpost.com/business/2021/06/07/colonial-pipeline-ransomware-payment-recovered/
NATO. (2016, July 8). Cyber Defence Pledge. Retrieved from https://www.nato.int/cps/en/natohq/official_texts_133177.htm
Newman, L.H. (2020, September 28). A Ransomware Attack Has Struck a Major US Hospital Chain. WIRED. Retrieved from https://www.wired.com/story/universal-health-services-ransomware-attack/
Nolan, C., & Fixler, A. (2021, June 28). The Economic Costs of Cyber Risk. Foundation for Defense of Democracies (FDD). Retrieved from https://www.fdd.org/analysis/2021/06/28/the-economic-costs-of-cyber-risk/
Office of the Director of National Intelligence. (2021, April 9). Annual Threat Assessment of the US Intelligence Community. Retrieved from https://www.dni.gov/files/ODNI/documents/assessments/ATA-2021-Unclassified-Report.pdf
Office of the Director of National Intelligence. (2021, March). Global Trends. Retrieved from https://www.dni.gov/index.php/gt2040-home/gt2040-structural-forces/technology
O’Donnell, L. (2021, March 2). Post-Cyberattack, Universal Health Services Faces $67M in Losses. Threat Post. Retrieved from https://threatpost.com/post-cyberattack-universal-health-services-faces-67m-in-losses/164424/.
O’Flaherty, K. (2020, January 6). The Iran Cyber Warfare Threat: Everything You Need To Know. Forbes. Retrieved from https://www.forbes.com/sites/kateoflahertyuk/2020/01/06/the-iran-cyber-warfare-threat-everything-you-need-to-know/?sh=2e513dd315aa
Pearlson, K., Thorson, B., Madnick, S., & Coden, M. (2021, March 9). Cyberattacks Are Inevitable. Is Your Company Prepared? Harvard Business Review. Retrieved from https://hbr.org/2021/03/cyberattacks-are-inevitable-is-your-company-prepared
Programme on Democracy & Technology at Oxford. (2021, January 13). Industrialized Disinformation: 2020 Global Inventory of Organized Social Media Manipulation. Retrieved from https://demtech.oii.ox.ac.uk/research/posts/industrialized-disinformation/#continue
Reuters. (2019, November 26). Special Report: “Time to take out our swords” – Inside Iran’s plot to attack Saudi Arabia. Retrieved from https://www.reuters.com/article/us-saudi-aramco-attacks-iran-special-rep/special-reporttime-to-take-out-our-swords-inside-irans-plot-to-attack-saudi-arabia-idUSKBN1XZ16H
Shackelford, S. (2021, May 21). Zero-trust security: Assume that everyone and everything on the internet is out to get you – and maybe already has. The Conversation. Retrieved from https://theconversation.com/zero-trust-security-assume-that-everyone-and-everything-on-the-internet-is-out-to-get-you-and-maybe-already-has-160969
Smeets, M. (2019, March 20). There Are Too Many Red Lines in Cyberspace. Lawfare. Retrieved from https://www.lawfareblog.com/there-are-too-many-red-lines-cyberspace
Tavernise, S. (2021, June 8). Who is Hacking the U.S. Economy? The New York Times. Retrieved from https://www.nytimes.com/2021/06/08/podcasts/the-daily/colonial-pipeline-jbs-ransomware-attacks.html?showTranscript=1
Tech Accord. (2021, February). Securing a shifting landscape: Corporate perceptions of nation-state cyber-threats. Retrieved from https://cybertechaccord.org/uploads/prod/2021/02/eiu-cybersecurity-tech-accord-report.pdf
U.S. Department of Justice. (2018, September 6). North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions. Retrieved from https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and
U.S. Department of the Treasury. (2020). Ransomware Annex to G7 Statement. Retrieved from https://home.treasury.gov/system/files/136/G7-Ransomware-Annex-10132020_Final.pdf
United Nations General Assembly. (2013, June 24). Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security. Retrieved from https://undocs.org/A/68/98
United Nations General Assembly. (2019, November 25). Countering the use of information and communications technologies for criminal purposes. Report of the 3rd Committee : General Assembly, 74th session. Retrieved from https://digitallibrary.un.org/record/3837326?ln=en
United Nations. (2021, May 28). Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security. Retrieved from https://front.un-arm.org/wp-content/uploads/2021/06/final-report-2019-2021-gge-1-advance-copy.pdf
United Nations. (2021, May 28). Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security. Retrieved from https://front.un-arm.org/wp-content/uploads/2021/06/final-report-2019-2021-gge-1-advance-copy.pdf
Volz, D., & Finkle, J. (2016, March 25). U.S. indicts Iranians for hacking dozens of banks, New York dam. Reuters. Retrieved from https://www.reuters.com/article/us-usa-iran-cyber/u-s-indicts-iranians-for-hacking-dozens-of-banks-new-york-dam-idUSKCN0WQ1JF
Wilson, T. (2020, June 24). Black Hat Survey: Breach Concerns Hit Record Levels Due to COVID-19. Dark Reading. Retrieved from https://www.darkreading.com/threat-intelligence/black-hat-survey-breach-concerns-hit-record-levels-due-to-covid-19/d/d-id/1338167
World Population Review. (2021). GDP Ranked by Country 2021. Retrieved from https://worldpopulationreview.com/countries/countries-by-gdp.
Yannakogeorgos, P.A. (2014). Conflict and Cooperation in Cyberspace: The Challenge to National Security. Boca Raton, Fl: Taylor & Francis.

A special report from | With support from