Social Security Worldwide

Along with the increasing digitalisation and intertwining of technical systems in the public and private domain, the vulnerability to cyberattacks (which public offices, companies and private users are subjected to every day) also grows. The methods of attack range from malware enabling the attacker to take control over the infected system, to denial-of-service attacks paralyzing entire networks, to so-called “Advanced Persistent Threats” (APT): persistent and targeted cyberattacks with a high level of technical sophistication, aimed at strategic facilities (like the weapons industry) or against governmental agencies. The targets of cyberattacks differ depending on the aggressor. While criminal hackers are primarily interested in money, “hacktivists” above all want to convey a political message. States usually use highly sophisticated cyberattacks and can only rarely be identified as the source.

In recent years a number of large-scale cyberattacks, which most likely originated from states or state-backed hacker groups, were revealed. The majority aimed at information-gathering, as in, for example, the repeatedly observed Chinese cyber espionage on US military facilities and western companies. The global extent of cyber espionage conducted by the USA itself was exposed by Snowden in 2013. Beyond espionage, cyberattacks are also used for sabotage. A possibly momentous case affected the US presidential election campaign in 2016: According to US intelligence agencies, Russia’s leadership launched a broad cyber campaign spreading disinformation amongst voters in the USA in order to help the Putin-friendly Trump to a victory. Trump finally won the elections with only a few thousand votes margin in the decisive states.

Cyberattacks can also cause physical damage. This is shown in the case of “Stuxnet”: this highly complex computer worm was infiltrated into the control units of Iranian uranium enrichment facilities in 2010 and probably led to the destruction of hundreds of centrifuges. In light of this destructive potential of cyberattacks, special attention should be paid to the protection of critical infrastructure (like transportation or energy and water supply). Numerous countries have developed cybersecurity strategies for the defence against digital threats. Hereby, an international “arms race” can be observed, with continuous technical developments taking place.