Public and academic knowledge of cyber conflict relies heavily on data from commercial threat reporting. However, there are reasons to be concerned that these data provide a distorted view of cyber threat activity.
The authors of “A Tale of Two Cybers – How Threat Reporting by Cybersecurity Firms Systematically Underrepresents Threats to Civil Society“, after studying over 600 reports, published in the last decade, found that only 82 of 629 commercial cyber-security reports (13%) discuss a threat to civil society, with the rest focusing on cybercrime, nation-state hackers, economic espionage. This situation constitutes a market failure that leaves those most in need of accurate information about threats – vulnerable civil society actors – least well-informed.
To verify their hypotheses, the authors captured three types of selection bias:
- H1: Threats to civil society are underreported in commercial threat reports.
- H2: Reporting is geographically skewed toward the Global North.
- H3: Reporting is skewed toward operations attributed to the target audience’s main adversaries.
Below I present to you the nine key highlights and findings of the reports:
- Only 82 out of the 629 commercial reports analyzed (13%), discuss a targeted threat to civil society. And, out of the subset of commercial reporting, only 4% of total reporting place their primary focus on civil society.
- Commercial cybersecurity firms only focus on a subset of the universe of threats, and they only report publicly on a subset of the subset.
- High-end threats to high-profile victims are prioritized in commercial reporting while threats to civil society organizations, which lack the resources to pay for high-end cyber defense, tend to be neglected.
- Due to the lack of alternative sources of data, “policymakers, military professionals, and scholars must rely heavily on this new range of sources (such as CrowdStrike, FireEye, and Symantec) to understand developments in the cyber domain.
- Scholars and policy-makers suggest commercial threat reporting provides an incomplete picture of cyber conflict.
- The data shows that Citizen Lab reports have tracked the use of spyware against civil society in 22 of these countries. In comparison, only 8 out of 629 commercial threat reports (>1%) track the targeted use of commercial spyware, and two mention civil society targeting.
- In contrast, independent reporting reveals a host of targeted threats to civil society on these two continents:
- Commercial reporting attributes the vast majority (88%) of targeted threats to civil society to the United States’ key strategic competitors: China (18), Russia (11), and Iran (6).
- Independent reporting also covers six campaigns by these ‘big three’ (China, Russia, and Iran), underlining their importance. However, it also documents the use of targeted digital threats by a range of other governments absent from commercial reporting: Kazakhstan (1), Ethiopia (3), Kuwait (1), Saudi Arabia (1), United Arab Emirates (1), and Bahrain (1), and Mexico (3). Independent reporting shows not only a more evenly distributed attribution pattern, but the total number of operations by ‘other’ states is actually greater than those attributed to the ‘big three’.
In the end, the authors also suggest a solution that can help close the information gap. “The best available solution to close the information gap is awareness of the limitations of commercial research, as well as increased independent research of targeted threats across the entire spectrum of cyber conflict. There is an urgent need for more interdisciplinary research into targeted threats with academic rigor and transparency of methods and selection criteria”.
Authors: Lennart Maschmeyer, Ronald J. Deibert, Jon R. Lindsay
Published at: https://www.tandfonline.com/doi/full/10.1080/19331681.2020.1776658
(Image Courtesy: www.bing.com)