#xii Beyond Citations | Politics of cyber adversification
While Canada and the US may not see eye to eye currently, they are united in envisioning cyber adversaries based on political expediencies. But politics aside, who are the real cyber adversaries?
Just as countries have historically thought about their adversaries from an economic and military viewpoint, the last few decades have seen the rise of a new kind of adversary — the cyber one. Usually an economic and military adversary is also a cyber adversary. Take for example how the US views the China challenge. Consistently over the last few years China has been identified as an economic, military and cyber adversary in a bipartisan manner by the US.
What about Russia? Like China, Russia was the bipartisan multi-domain adversary for the last few years spanning the presidencies of Obama, Trump (version 1.0) and Biden. Russia’s invasion of first Crimea and then the whole of Ukraine clubbed with interference in the 2016 US elections did not particularly help its case.
But if there’s one major defining policy change under the Trump administration in the cyber domain (amid all the other chaos), it is the downgrading of the Russian bear in the cyber domain. The Trump administration in its new MAGA version 2.0 has waged a battle against Russian disinformation. Not by strengthening the processes to counter it, but by plucking out institutions, people and processes instituted to thwart it.
Defence Secretary Hegseth has reportedly asked the Cyber Command to pause offensive operations against Russia. The dual-hatted Cyber Command and NSA leader General Haugh — who has been known to have played a key role in cyber operations against Russia during Trump 1.0 — has been fired. The administration is dismantling efforts to counter Russian disinformation campaigns.
Who occupies the Russian bear’s space of eminence? As I argue in my recent piece for Moneycontrol, it will likely by the Chinese dragon:
If the choice of staffers in the National Security Council are any indication, the US may adopt a more aggressive posture. To make this possible, Trump may redirect the hitherto Russia-focused human resources in the Cyber Command and the NSA towards tackling the China threat. Unwillingness to intervene militarily in the impending Taiwan crisis, China not coming to the negotiating table over tariffs or China-based actors mounting a sophisticated cyberattack on a scale similar to that of Salt Typhoon are factors that can speed up the operationalisation of Trump’s endgame amid all the chaos — doubling down on offensive cyber operations against China.
This is not just an instance of big power machinations. Even Canada has demonstrated as recently as last year that cyber priorities are as much about politics as they are about cold calculations by people sitting with computer systems in cyber fortresses. As I have argued previously, Canada naming India a cyber adversary in its ‘National Cyber Threat Assessment 2025-2026’ was a deliberate last-minute political decision against the backdrop of the worsening state of India-Canada relations.
But politics aside, who are the real cyber adversaries for the world?
Nori Katagiri from the Saint Louis University in the US attempts to find out in a 2024 article for the Comparative Strategy journal:
Katagiri, N. (2024). Advanced persistent threats and the “big four”: State-sponsored hackers in China, Iran, Russia, and North Korea in 2003–2021. Comparative Strategy, 43(3), 280–299. https://doi.org/10.1080/01495933.2024.2317251
Katagiri focuses on a particular kind of adversary — Advanced Persistent Threat (APT). The US cybersecurity firm CrowdStrike defines an APT as ‘a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time. An APT attack is carefully planned and designed to infiltrate a specific organization, evade existing security measures and fly under the radar.’
With some mitigating care to avoid biases in identifying APTs prevalent globally, Katagiri examines open source data published by cybersecurity firms as well as research organisations. Limiting his investigation to 2003–2021, he identifies 112 cyber groups, 28 of which are APTs and 84 are non-APTs. Katagiri finds that 25 of the 28 APT groups are linked to what he calls the big four (China, Iran, Russia, and North Korea). Groups from the US and India also feature in the list.
Why do the big four states like APTs so much? These are Katagiri’s four main arguments:
… APTs (1) thrive in a small number of authoritarian states bent on using digital space to offset military inferiority, seek economic opportunities, and collect intelligence by (2) operating in ways that protect plausible deniability, (3) specializing in offensive action, and (4) challenging the institutional dominance of rival norms.
But Katagiri does not let the US and other Western countries such as Britain go scot-free. According to Katagiri, they do not need APTs that much because they rely on their own formidable official governmental agencies such as the NSA to conduct cyber operations.
Stretching Katagiri’s point, can it be argued that the US cyber agencies with their ‘defend forward’ and ‘persistent engagement’ strategy are the biggest APTs out there?