Using cyberspace to disrupt elections in major European states is only one among several possible scenarios. What else does 2017 hold in store for cybersecurity? The Kosciuszko Institute consults experts from around the world to identify top 5 cybersecurity challenges facing us this year.  

1. The Internet of Things (IoT) as the next target for hackers

IoT-related cyber threats are very likely to dominate this year’s cybersecurity news headlines. The prevalent interconnectedness of people, places, and things will undoubtedly cause a surge in cyberattacks against the IoT. As Melissa Hathaway from Hathaway Global Strategies, LLC points out, we can expect the IoT to facilitate the emergence of the next-generation botnets, ransomware, and command-and-control servers. “They will affect our privacy, our business viability, and our economic and national security,” claims the expert. According to Dean Valore, former Assistant U.S. Attorney, this is the reason why “the demand for cybersecurity infrastructure in the private sector will drive the private business growth in 2017.” “In the face of the threat, we will have to elaborate cybersecurity standards for the IoT and consider introducing applicable regulations,” says Joanna Świątkowska, the Kosciuszko Institute’s expert and the European Cybersecurity Forum – CYBERSEC Programme Director.

2. Increasing danger of the Darknet and cyberterrorism

General Yair Cohen from PeriTech for Investment and Technology in Israel highlights that Darknet facilitates a wide range of criminal activities, both digital and conventional (such as illegal drug trade). “Fight against this network will be a mutual challenge for defence cooperation among states in the cybersecurity realm,” adds General. The growth of the Darknet might also translate into a spike in the number of terrorist cyberattacks. Commander Wiesław Goździewicz, Legal Advisor in the Bydgoszcz NATO Joint Force Training Centre believes that it is only a matter of time when terrorist organisations will come into possession of tools and technologies that will enable them to carry out a successful cyberattack. It is not entirely out of the question that the place where these tools will be found is the overlay network itself.

3. Growing international tensions caused by cyberattacks

The tendency became noticeable in 2016 as a consequence of cyberattacks taking place during both the presidential campaign in the U.S. and the Ukrainian conflict when cyberspace was actively used to wage information warfare. 2017 is the year of elections in several important European countries (e.g. France and Germany). As Aaron Ostrovsky, analyst at Memorial Sloan Kettering Cancer Center (USA) anticipates, we may observe an increase in cyberattacks aiming to either disrupt elections or influence their outcomes. These incidents will have a significant impact on security and political stability, and are most likely to occur during the election campaign in Germany. German officials will no doubt closely monitor the upcoming elections, paying special attention to hacking attacks. “The build-up to the election could, however, lead to accusations via media outlets, ultimately causing friction between Germany and Russia,” says Ostrovsky. Moreover, according to Dean Valore, Russian hacks of U.S. intelligence and domestic business platforms will further deepen tensions between Washington and Moscow. Commander Goździewicz goes even further claiming that hybrid operations, including the use of digital tools, will intensify in order to influence policies of the states remaining in the Russian “zone of influence”. He suggests that these new threats should eventually impose an update of NATO cyberdefence policies by taking into account the provisions agreed at the Warsaw summit.

4. Intensifying work on cybersecurity legislation

In Melissa Hathaway’s assessment, while the threat to our networked systems and infrastructures is real and growing, the legal and market resources are in short supply. “Therefore, in 2017, we can expect governments to increase their market interventions, primarily through regulation and law,” she says and adds: “As companies increase their automation, interconnectedness, and reliance on the Internet, they will become more vulnerable if they do not put the commensurate information security risk reduction activities as part of their corporate planning in place.”

5. Acute shortage of qualified cyber professionals

The necessity to train cybersecurity experts is a challenge with many facets. One of them is the fact that we need a pool of highly-qualified and competent educationists. Amelia Phillips from Highline College (USA) emphasises that they must also have industry experience to bring theory and practice closer together. In her opinion, an effective training system for cyber professionals requires a multidimensional approach to be adopted and, therefore, cannot be confined merely to technical experts.
***

The Kosciuszko Institute organises the European Cybersecurity Forum – CYBERSEC, an annual conference dedicated to the strategic aspects of cybersecurity. The 3rd edition of the Forum will be held on 9-10 October 2017 in Krakow, Poland.