Cybersecurity is a hot government topic. The UK’s defence secretary, Ben Wallace, announced at the beginning of October 2021 that the UK will build ‘offensive’ cyberattack capabilities. This is in response to certain foreign states ‘waging cyber warfare on us every single day’.

However, the UK is yet to experience what it calls a ‘tier one’ catastrophic cyberattack. Which raises the question, what might such an attack look like?

Traditional notions of cybersecurity focused largely on stealing data and the potential for broader destructive effects. For example, the 2021 Colonial Pipeline attack was a ransomware attack that resulted in fuel shortages along the USA’s East Coast. Such attacks come to mind when catastrophic cyberattacks are mentioned. They are also the main cyber threat to corporations.

In recent years, however, the subversive potential of cyber operations has been realised. Cyber subversion, despite not being actively destructive, is where the greatest threat to state stability comes from. It is also the cyber threat that requires the least technological competence to implement and maintain. As such, cyber subversion is the greatest cyber threat modern states face.

Cybersecurity vs espionage, sabotage, and subversion

Espionage, sabotage, and subversion have been conventional state tactics for thousands of years. Knowing what your enemy knows, taking out their key infrastructure, and undermining their political system have always been favoured strategies for defeating your opponents. The use of these tactics has moved into cyberspace since the development of the internet, and the range of possible effects has only grown with the interconnectedness of the Internet of Things.

The last 30 years have seen several examples of cyber espionage and sabotage. They include: the 2007 cyberattack at Lockheed Martin where details on the F-35 electronic systems and design were stolen; the Stuxnet attack on Iranian nuclear facilities which was discovered in 2010; and Russia’s operations in Georgia 2008, in which cyberattacks were coordinated with conventional military action for the first time in history.

However, more recently, cyber operations have developed into the realm of subversion, – and, more strangely, the online QAnon conspiracy movement, which was identified by the FBI as a possible domestic terrorism threat in 2019. This subversion has increasingly taken the form of mis- and disinformation campaigns spread through social media networks.

Why cyber subversion is effective

Offline subversion requires significant organisation to implement and maintain. In contrast, cyber subversion exists over extended periods of time on the internet with minimal upkeep. Doing so requires having a message mainstream enough for enough people to get behind. However, all that is needed to be dangerous is to succeed in undermining trust in the authority and competence of political leaders.

Further, in this globalised era such initiatives can come from anywhere. These campaigns can be reactive to current events in a way traditional cyberattacks cannot. They also require less technological power and understanding to implement and can be combined with other cyberattacks to maximise potential. All of this makes cyber subversion a more dangerous threat to modern states than traditional cyberattacks.

It is imperative for states to be aware of this threat and ensure they are prepared. This may be through expanding deterrence capabilities or developing a global cyber-policy. Without effective strategies to prevent them, the possible impacts of cyber subversion will only grow.