Global intelligence assessments: you are the target

The duty and responsibility of every intelligence service is to collect, analyze, and disseminate intelligence information to its country’s policymakers. In a prior piece, we discussed the US Office of the Director of National Intelligence (ODNI) global threat assessment in the cyber domain. What follows is the perspective from other countries’ intelligence services on what the future may hold.

Those services whose assessments were reviewed and whose perspective is shared include the Australian Security Intelligence Organization (ASIO), Estonia Foreign Intelligence Service (EFIS), Finnish Security and Intelligence Service (SUPO), Norwegian Police Security Service (PST), Swedish Security Service (SAPO) and the European Union Agency for Cybersecurity (ENISA). The great power competition is alive and well and is the constant theme throughout the various assessments.

As they focus on very similar areas, there’s no need to dissect each country’s perspective individually — here’s what they collectively are seeing.

Russia

No one will be surprised to learn that Russia’s state entities and their proxies’ use of cyber for both espionage and influence operations found a prominent place within the various assessments. In addition, Norway noted a marked decrease in human operations in Norway and throughout Europe as Russian intelligence operations were disrupted by the expulsion of hundreds of Russian diplomats and intelligence officers across Europe immediately following Russia’s invasion of Ukraine.

Of note and highlighted again by Norway is the degradation in relations between Russia and the countries of Europe and the deleterious effect the expulsions have had on Russia’s access to information. Thus, Russia is relying more on its non-human intelligence apparatus to provide information, including information that used to be collected on the ground in any given country.

Nevertheless, Russian operations remain focused, and espionage and the use of computer operations is on the uptick. The Norwegians adroitly noted that “Russia has more to gain and less to lose by running intelligence operations” and that it will continue to accept the risk of compromise. Finland said that during the run-up to the invasion, Russian activity had diminished. That didn’t last long, and by mid-2022 Russia’s cyber operations were busier than ever.

China

As with Russia, few will be surprised by the assessment that China continues to flex its muscles in the espionage game. Norway termed Chinese efforts as “aggressive,” and that is being polite. The term attributed to China’s corrosive diplomacy was “Wolf warrior diplomacy,” meaning it is both confrontational and combative.

China’s fingerprints are everywhere, from supply chain operations to influence operations to human recruitment operations. Its intelligence apparatus painstakingly engages in the targeting of individuals of interest and then China’s all-of-government approach to engagement takes over.

Influence operations

Disinformation and misinformation were identified as primary areas of cyber engagement by several nation states, not just China and Russia, also Iran and North Korea. These operations are focused on spreading disinformation to electorates and attempting to sway diplomatic and domestic agendas. Australia went so far as to note the targeting of their elected officials.

Technology and intellectual property are targets

China, Russia, and Iran were identified as having an appetite and a willingness to conduct both cyber and human operations for the purposes of purloining advanced technologies. Russia, currently facing crippling sanctions, is especially keen to keep the pipeline of Western technology open, even if that pipeline requires the use of covert procurement mechanisms. China has been using its invitation methodology to acquire technology since 1986 when it launched Program 863, the master plan to acquire advanced technology from the West to advance China’s national interests.

Targeted insiders

China’s human intelligence operations were also a mainstay across the multiple assessments. With China’s tried and true technique of exploiting the “invitation mechanism” as a primary means of getting human targets of interest into China, where China would have the all-important home-field advantage and be able to put on a full-court press as it attempted to transition a cooperative target into a very compliant and collaborative covert asset.

Norway, again exhibiting directness in its analysis, highlighted that under the Chinese Intelligence Act every citizen, business, or organization is duty-bound to assist intelligence services if asked to do so. It also cited the example of Chinese government delegation visits to companies, organizations, and research facilities in that country for the purposes of making them recruitment platforms.

Mike Burgess, director general of Australia’s ASIO, likened its efforts in the counterintelligence realm to being engaged in “hand-to-hand combat.” Burgess continued to discuss the insider threat in his assessment and how damaging insiders can be when an individual with access to sensitive information is collaborating and sharing the nation’s secrets.

He dryly noted that only 16,000 Australians had noted they enjoyed the trust and confidence of the nation by highlighting their security clearance on a social network site (LinkedIn), down from 22,000 in 2021 when Australia launched its Think Before You Link campaign, calling it a win.

Burgess said that Australians have been offered enormous sums by third parties to train and improve the skills of China’s military. The prize for China, according to Burgess, is to turn those insiders from targets into a compliant resource­, willing to respond to direct tasking and passing on sensitive or classified information to their intelligence officer handlers.

It should come as no surprise that Russia and others were also pegged as having significant expertise in targeting individuals with phishing and software vulnerabilities, then using the insider’s access to conduct supply chain attacks.

CISOs should study and learn from intelligence reports

CISOs need to lead, from a position of trust and confidence, with the full knowledge that geopolitical geography means little in 2023, as every nation has the ability to reach out to any other physical location and engage your insider, be it virtually or physically. All of the assessments noted that the supply chains used by companies and organizations were prime targets by adversaries. Take note CISOs — you have supply chains.

Perhaps CISOs may use this collective analysis as impetus to either adjust resource distribution or engage as appropriate to acquire the necessary resources or redirect. Public-private partnerships exist in all countries and multinational companies should be engaging wherever they have presence or customers. Similarly, it’s essential to embrace the concepts of least-privileged access and ensure policies are clear and concise when it comes to accessing sensitive data.