Future trends in cyber warfare: Predictions for AI integration and space-based operations
In this Help Net Security interview, Morgan Wright, Chief Security Advisor at SentinelOne, discusses how AI is utilized in modern cyber warfare by state and non-state actors.
AI enhances decision-making speed and precision for state actors, facilitating the launch of complex attacks across diverse targets. Non-state actors, including transnational criminal groups, are beginning to leverage AI for offensive operations, raising concerns about cybersecurity strategies and geopolitical implications.
How is AI utilized in modern cyber warfare by state and non-state actors?
The objectives of state and non-state actors vary widely. AI plays a pivotal role for state actors, significantly enhancing the speed and precision of decision-making in the face of adversaries. The capacity to process and analyze vast volumes of data using Large Language Models (LLMs) not only enhances the effectiveness of analysis but also generates a greater number of Courses of Action (COAs) in offensive operations than what human-only analysis typically achieves.
AI presents a significant advantage by enabling the launch and management of complex attacks across a broad spectrum of targets. In the pre-AI era, wars were waged based on the military size. The side with the larger numerical army held the upper hand. However, AI has emerged as a powerful equalizer in cyberspace, empowering state actors with fewer resources to mount aggressive campaigns against significantly larger cyber forces.
Non-state actors, particularly transnational criminal groups like ransomware gangs, have yet to fully exploit AI’s potential. However, the primary concern lies with non-state actors associated with adversarial state actors. China, Russia, and North Korea employ proxies to establish plausible deniability. These non-state actors are utilizing AI for seemingly benign activities that, in reality, support offensive operations.
Using readily available tools, non-state actors have analyzed code for vulnerabilities, translated technical documents about targeted systems, researched how malware could evade detection, and improved the look and feel of spear phishing emails.
How have recent cyber conflicts influenced the geopolitical landscape, particularly between major powers like the US, Russia, and China?
Critical infrastructure remains a top target for our adversaries. Chinese-linked groups like Volt Typhoon have conducted wide-ranging campaigns against multiple victims globally. The current tensions between Taiwan and China have created additional opportunities for offensive cyber operations designed to identify vulnerabilities and use them to destabilize Taiwan in the event of aggressive conflict.
China has a voracious appetite for intelligence and intellectual property. Their intelligence assets ignore international norms and exploit power and water systems vulnerabilities instead of traditional activities like espionage and intelligence gathering.
Russia continues to launch campaigns designed to go after power and water. In 2021, the US Department of Justice indicted four Russian nationals for two major hacking campaigns between 2012-2018. These campaigns targeted operational technology (O.T.) systems, including Wolf Creek Nuclear Plant in Kansas.
FBI Director Christopher Wray has repeatedly testified before Congress, highlighting the ‘broad and unrelenting’ threat from China. Russian threat actors are targeting underwater cables and industrial control systems. All of these activities continue to put pressure on bilateral and multilateral relations and have emboldened continued aggressive operations because they are so hard to stop.
What lessons can be learned from the cyber warfare tactics observed in the Ukraine conflict?
At the beginning of the war, Russia used a collection of novel malware packages to attack, command, and control communications, power, and water. Initially, they had limited success. However, their use of cyber weapons was constrained by the potential for NATO involvement if any of their weapons jumped containment from Ukraine and affected NATO countries.
In 2017, Unit 74455 of the Main Intelligence Directorate, GRU, launched the most destructive cyber attack ever conducted: NotPetya. This was originally a supply chain attack against accounting software but spread because of poor controls. Six intelligence officers were indicted for their role.
Operation-specific malware called Acid Rain was unleashed in Ukraine on February 24, 2022, and designed to take out satellite modems. But just five days prior, the Deputy Secretary of NATO warned that a ‘massive’ cyber attack could trigger Article 5 of NATO. Acid Rain also jumped containment and took out 5,800 satellite modems in Germany, a NATO partner, that controlled power generation for wind turbines.
The combination of the NotPetya operation and the spillover to Germany locked down malware to the point that it became ineffectual. Mutual defense treaties can shape the impact of offensive cyber operations. The NATO treaty left Russia to conduct conventional warfare against targets they otherwise would have used cyber tactics on.
Are military and governmental institutions adapting their strategies to address the increasing sophistication of cyber threats?
Undoubtedly, the military is embedding AI across all domains of war (sea, air, land, space, cyberspace). AI has enabled faster responses to more advanced and complex attacks. At the same time, it now takes fewer warfighters to conduct offensive cyber operations.
On October 30, 2023, the White House released an executive order on AI. It expanded the federal government’s role in accelerating the development and use of AI. In addition, the military and intelligence community have invested heavily in Large Language Models (LLMs) in a bid to increase the abilities of lesser-skilled personnel.
The other challenge is the rise of sophisticated transnational criminal groups, like ransomware gangs. These gangs target civilian and government entities, as well as all manner of private sector companies.
Another executive order directed US federal government agencies to modernize their cybersecurity posture through modern solutions like endpoint protection (EPP) and endpoint detection and response (EDR). This order was a direct result of the Solarwinds campaign conducted by Russia.
What are your predictions for the major trends in cyber warfare over the next few years?
We’re approaching a rubicon where it may become necessary to respond to a cyber attack with kinetic methods. There will be hybrid warfare soon, most likely between China and Taiwan, that will be on a much broader scale than Russia-Ukraine.
Using LLMs will improve the speed and capability of the military and intelligence to identify and address threats in a multi-domain environment. This should allow for a larger volume of targeted and complex campaigns.
Cyber warfare will also move to space. Using quantum-encrypted satellites (which China has already successfully launched) may change the domain for cyber warfare from terrestrial to extraterrestrial.