Opinion

Digital geopolitics and the rise of cyberwarfare

Illustration of Millon Charles
Charles Millon
Reading time: 7 min

Europe must undertake major reforms to protect itself amid the digitalization of economies, communications and security.

NATO cybersecurity exercise
An error message on screens during NATO’s Locked Shields exercise in Tallinn, Estonia, on April 23, 2024. The annual event held by the NATO Cooperative Cyber Defense Center of Excellence is intended to boost the skills of experts defending national IT systems and critical infrastructure from cyberattacks. © Getty Images
×

In a nutshell

  • Critical civilian infrastructure is dangerously exposed to cyberattacks
  • Actors like Russia, China and North Korea pose increasing threats
  • The European Union must undergo reforms to defend itself

With the tragic return of history and the re-polarization of the world into competing civilizational blocs, globalization, as we have known it for the past 30 years, seems doomed to disappear. A clear demonstration of this paradigm shift is the continued increase in global defense budgets for the ninth consecutive year.

In 2023, the Stockholm International Peace Research Institute (SIPRI) estimated global military spending to be at 2.3 percent of global gross domestic product (GDP), with a clear balance of power: the United States in the lead, accounting for 37 percent of global spending ($916 billion), followed by China with 12 percent of global spending ($296 billion). Russia, India and Saudi Arabia rounded out the top five, while European Union member countries combined to account for about $313 billion, or 13 percent of global spending.

At the same time, the rapid digitization of economies has buoyed technology companies to such an extent that they are now responsible for nearly 30 percent of all global market capitalization, surpassing the energy and financial sectors. After two decades of the tech sector driving global growth, less than 15 percent of the 500 largest technology companies are European, compared to over half of firms coming from the U.S. and about a quarter from Asian countries.

Intensifying attacks

It is in the digital realm – beyond conventional conflicts such as Russia’s war on Ukraine, civil wars in Myanmar, Syria and Yemen, or Israel’s large-scale counterterrorism effort against Hamas – that the clashes are becoming especially fierce. Indeed, the systematic digitalization of our economies, defense and communications systems has expanded conflict zones and intensified hybrid warfare, especially with respect to cyberattacks and disinformation.

Although it may seem abstract at first glance, this emerging form of confrontation – on a global scale, between nations or regions – has very concrete consequences.

Cyberattacks have multiplied and intensified, not only in Europe but around the world, at the hands of Russia and other culprits. These attacks have affected communications networks, such as Kyivstar, Ukraine’s main mobile operator, and the Viasat satellite internet network, as well as media platforms (with targets like Netflix and TikTok), financial infrastructure (including the European Banking Authority) and cutting-edge tech companies (like Nvidia and Samsung).

EU competition law neglects aspects related to production, competitiveness between different global regions and national interests.

Strategic infrastructure, especially in energy, has also been compromised by cyberwarfare, as seen in the targeting of 6,000 German and Luxembourgish wind turbines in March 2022 or the broad assault on Danish critical energy infrastructure in November 2023.

There have been large-scale, multi-layered episodes, such as the apparent Russian attack that hit Sweden in January, a week before Turkey voted to agree to Sweden’s accession to NATO. Nearly 120 government offices, as well as cinemas, department stores and other businesses were affected, creating a climate of fear across the country. Sweden’s Minister of Civil Defense Carl-Oskar Bohlin said at the time that “cybersecurity must be a priority for all of society, both the public and private sector.”

Cyberattacks also directly affect military infrastructure, as evidenced by the leak of American and NATO documents apparently detailing strategies for military support for Ukraine in April 2023.

The global conflict

China is not to be outdone in this global confrontation. According to U.S. authorities, the Chinese “Volt Typhoon” hacking network has infiltrated critical infrastructure on behalf of Beijing, particularly on the island of Guam, which hosts an important American military base. It has also been said to target U.S. civilian targets in communications, transportation and the federal government.

China was implicated in February 2024, when the company I-Soon, posing as a computer security business, managed to infiltrate NATO and foreign governments, as well as social media accounts, personal computers and public institutions in Thailand, Taiwan, Vietnam and elsewhere.

North Korea plays another significant role in this escalating conflict. NATO’s Cooperative Cyber Defence Centre of Excellence estimates that an army of 6,800 hackers is now at Kim Jong-un’s service. At the same time, a recent United Nations report identified 58 North Korean cyberattacks that may have netted the regime nearly 3 billion euros.

Kyivstar store, Ukraine
A woman walks past a Kyivstar store in Kyiv, Ukraine. Ukraine’s largest mobile and internet provider was taken down by Russian hackers last December, resulting in the loss of phone reception and internet connection for more than 24.3 million customers. © Getty Images

To fully grasp the extent of the cyberwar phenomenon, one must start from a simple premise often forgotten by Western leaders: Any digitized information or system operating on a digital basis is, in principle, hackable, and potential countermeasures can be software, hardware or human in nature.

The U.S. was quick to realize what is at stake around cybersecurity, cyber defense, and disinformation in a digital world. Washington relies on highly specialized agencies employing tens of thousands of people with combined budgets of tens of billions of dollars – including the Department of Homeland Security, the National Security Agency, the FBI’s Cyber Division, the U.S. Cyber Command, the Department of Justice’s Computer Crime and Intellectual Property Section and the Office of the Director of National Intelligence, which coordinates activities across the intelligence community.

Europe in a blindfold

Meanwhile, in this new global reality, the EU seems to be overwhelmed by ever-increasing barriers posed by its accumulated technological backwardness, industrial decline and the weakness of its available skills (which was accentuated by Brexit via the departure of British human capital). But the highest wall, which now seems insurmountable, remains the ideological basis on which its laws and policies are based – dating from another era, not to mention another plane of reality.

EU competition law promotes the proper functioning of the internal market, focusing on consumer benefits while neglecting aspects related to production, competitiveness between different global regions and national interests. This limited approach has so far prevented the emergence of new digital giants in Europe and has contributed to the waning influence, or even the disappearance, of former European leaders in this field.

Read more from Charles Millon

Unlike other major geo-economic powers – which treat the digital sector as a strategic priority and adopt protective and strengthening measures (like ultra-concentration, massive capitalization, agreements between companies, state subsidies and protected markets) – the EU has historically opted for a different strategy. It favors an open, consumer-oriented market, a strict policy on standards, the prohibition of cartels and mergers that could form global giants (essential in a sector dominated by a “winner-take-all” logic) and a preference against state aid.

In a digitalized world where many global tech giants have gone from serving as soft power emissaries of their home countries to intelligence agents (or outright privateers or mercenaries), Europe is dancing blindfolded near the precipice. While it may seem audacious, this behavior is closer to a form of suicide than courage, coming in a geopolitical context that is as uncertain as it is explosive.

×

Scenarios

The latest cyberattacks that hit France on March 10-11 affected several ministries, primarily the inter-ministerial directorate that helps manage and secure information flows across the government and with third parties like the European Community network. The attacks demonstrated the absolute urgency for the EU to reform the very spirit of its policymaking and to adapt European competition law to the harsh realities of the digitalized, 21st-century world.

The risks of simultaneous, continent-wide cyberattacks targeting energy, transport, security and defense infrastructure are no longer science fiction. They are frighteningly realistic. These attacks would not only cause widespread panic but could also entirely disrupt European economies and deprive states of important defense capabilities.

The European Union must urgently reform itself – abandoning the pretense that it is not under attack and refashioning its policies and economic and technical norms, accordingly, so that member states can reconnect with power politics and sovereignty in strategic areas and assume their security obligations.  

For industry-specific scenarios and bespoke geopolitical intelligence, contact us and we will provide you with more information about our advisory services.

Related reports

Show all reports

Scroll to top

View this report on the web:
https://www.gisreportsonline.com/r/digital-geopolitics-cyberwarfare/

Report published:
May 3, 2024

Document version/created:
May 19, 2024