2022 will continue to see changing demographics, competition for precious resources, environmental stresses, globalization, concentration of wealth, increasing urbanization and meta-effects from the pandemic. Meanwhile, unprecedented advancements in science and technology will shape the future for defence, intelligence and security. Traditional agencies will be challenged to adapt to emerging non-orthodox national security threats like climate change, pandemics and cognitive warfare.
A rapidly globalizing World will pose significant challenges to Governance. Power will continue to diffuse amongst corporations, individuals, civil society, criminal organizations, and nation-states. The power-shift will be particularly acute in the cyber domain and will precipitate a re-adjustment of Westphalian models towards a new construct.
Traditional forms of hard and soft power wielded by governments will prove less influential. National governments, if they are unable to adapt and respond to power-shifts accelerated by digital empowerment, will find themselves overcome by non-state actors usurping national control. Attempts to regulate Cyberspace through norms or law will not be realized.
Cyber norms will require persistent engagement to remain relevant. Meanwhile, strike-back doctrine will become more appealing to industry, who are subject to proxy-wars between nation states.
Industrial cyber power will continue to grow and will challenge traditional models of governance and sovereignty, thus necessitating a new social contract and renegotiation of equities for public-private-partnerships. The private sector will conduct more military-like cyber and intelligence operations independently and in cooperation with the state, in order to defend critical operations.
RISE OF PRIVATEERING
Canada’s adversaries will increase their use of privateers, private military contractors and private-sector offensive actors (PSOA) for paramilitary cyber and influence operations requiring deniability and circumvention of the Law of Armed Conflict (LOAC).
OPEN SOURCE INTELLIGENCE
Secret intelligence will undergo an existential crisis, as big-data empowers commercial and open source intelligence (OSINT) services for the provision of timely, actionable and cost-effective alternatives accessible to both the public and private sectors. The answer will be partnership with and not competition against companies.
Allies will continue to outsource significant capability development, intelligence collection and operations to trusted industrial partners.
DEMOCRATIZATION OF DATA
Open media, big-data, the Internet-of- Things and ubiquitous mobile communications will be central to security and privacy issues. Contrarily, open access to the Internet will continue to be challenges by nation states seeking to regulate, balkanize, block, censored, shape, controlled and deny environments. The interests, values, norms and strategy of the Western liberal democratic vision of open networks and Internet freedom, will be countered by alternative models posed by states seeking to restrict and control the Internet along nationalistic boundaries. Norms and legal framework will struggle to keep pace with rate of change, or will fail completely in some environments.
Pervasive virtual worlds and augmented reality will merge with the Internet-of-Everything and give way to the Metaverse. Threat actors will exploit this environment faster than governments will understand it.
The democratization of data will fuel surveillance capitalism. Ubiquitous technical surveillance (UTS), like China’s SkyNet and SharpEye programs, raises the prospect of a World in which it becomes increasingly difficult to escape the proliferating technologies for wholesale data collection and analysis. Artificial Intelligence is seen as both an enabler to UTS and a counter to it.
CYBER POWER AND INFLUENCE
The contest to control and influence the fabric of cyberspace will be as significant as the Manhattan project. Soft power and influence will lead competition and conflict in strategic power struggles in hot spots like Ukraine and the South China Sea. China will seize vital high ground in cyberspace globally; seek control of big data, core internet infrastructure, Artificial Intelligence, Quantum Computing, and fifth generation mobile communications initiatives including launching low orbit 5G satellites over Canada. A Sino-Russian alliance will see Russian Gerasimov doctrine for hybrid warfare leverage China’s Three Warfares Strategy, Hundreds Talents Plan, United Front, and Road And Belt Initiatives. A digital iron curtain will balkanize cyberspace into East and West.
Canada will be subject to Russian cyber disruption and influence campaigns early in the year as the tensions in the Ukraine increase. Organizations that are not battle-hardened and mounting active cyber defences will be the first to fall.
China and Russia will leverage industry, government, military, intelligence services and organized crime to expand state power and influence cyberspace. The Kremlin’s reliance on proxies, weaponized disinformation, cyber disruption and deception measures will operate just below a level-of-armed-conflict. Russia will also dominate cyber crime and the dark web. Meanwhile China will continue to conduct aggressive cyber espionage against Canadian businesses steal intellectual property as part of efforts to re-innovate critical technologies.
China will invest heavily into quantum computing, artificial intelligence, big data and 5G technologies whilst clandestinely targeting those technologies and markets.
Post Snowden distrust of Western technology will continue to contribute to the colonization of developing-nation’s information infrastructure by foreign suppliers, most notably China. There will be a corresponding negative impact on human rights in those regimes.
China will continue to expand its state surveillance footprint and social credit system into the West through the sales of mobile devices, 5G infrastructure, forward routing points-of-presence and mobile apps, whilst covertly engaging in DNS poisoning/rerouting and targeted attacks against strategic targets using persistent malware, supported by traditional espionage.
SUPPLY CHAIN SECURITY
Attacks such as Solar Winds will highlight supply chain defence, mission assurance, the importance the critical information infrastructure interdependency and understanding complex systems. Actors will purposeful interfere with Canadian critical infrastructure by staging malware. Mass ransomwear extortion will continue unabated.
TRUTH AND MISINFORMATION
The war on information and truth systems, science and reason will emerge as one of the most significant challenges of our lifetime. The leadership vacuum in this space will become increasingly problematic in dealing with disinformation in an info-demic.
Foreign and domestic actors will continue to interfere in the Canadian democracy through influence and deception facilitated by network exploitation. China will resume covert repatriation programs, coercion and political kidnapping of Canadians. The Internet will still enable the ability to malicious actors to influence populations at scale. Disinformation campaigns in social media using semantic botnets will rise in strategic utility of threat actors.
Information Peace-Keeping (IPK) as proposed, may be the Canadian answer for cognitive warfare.
CROSS DOMAIN CYBER RISK
Cross-domain risk will contribute the greatest impact on governments, businesses and citizens. Nearly all cyber compromises will be socially engineered. The largest magnitude denial-of-service attacks will come from the Internet-of-Things. Cyber weapons will increasing generate a confluence of network, kinetic and cognitive effects.
The complexity of cyber defence will become out-of-reach of all by the most sophisticated organizations and talent. Meanwhile specialization will not solve the cross-domain challenges or build the systems-of-systems required for remediation. There will be an increased requirement for deep generalists and poly-disciplined teams.
CYBER SECURITY INDUSTRY
Security Orchestration, Automation and Response (SOAR) solutions will attempt to integrate a complicated multi-vendor ecosystem. But diminishing efficacy of conventional cyber security, shown to be reactive and costly, will necessitate an active defend-forward strategy involving upstream security and intelligence, cyber deception, threat hunt, adversary pursuit and the prosecution of actors before an attack becomes an incident. The gap between offensive capabilities and a traditional cyber security response will continue to widen. Attribution will be necessary for active cyber defence but remain unrequited. Intelligence will be even more important to cyber defence.
The dramatic digital and social transformation, which was triggered by the pandemic, will continue to oscillate. Organizations who fail to adopt office 3.0, secure cloud and remote communications will remain irrelevant.
Secure cloud computing will sky-rocket in importance. This will provide much improved capability, resiliency and security at the fraction of cost of traditional architectures, but will challenge conventional doctrine.
A shadow network of personal devices and apps will grow as an alternative means to communication and collaboration. Organizations will lose control of their information environment before it gets better. The line between professional and personal lives will blur.
Adversaries will take advantage of this ambiguity and instability by propagating misinformation, mounting destabilization campaigns, interference in critical infrastructures, ransomware attacks, defence supply chains, with disruptive cyber attacks and conducting systematic espionage while institutions are in flux.
5G will be completely deployed across Canada this year and will pave the way for the Internet-of-Things. The convergence of multiple industrial sectors and regulatory environments accelerate. The federal government will ban Chinese involvement in critical information infrastructure - two years after the telecommunications industry has already made the decision.
Artificial Intelligence will be required to moderate Internet content, but will drive social scientists, philosophers, civil society, privacy authorities and legislators to better define a set of universal values, ethics and norms so engineers can code the machinery of cyberspace.
Many trends can be forecast with a high degree of certainty. Yet the convergence of multiple trends and the emergence of new 2nd order effects remain less predictable especially where human behaviour and geopolitics are involved.