Cyber Non-State Actors (CNSA) are key figures in our globalized world: their operations could have a significant impact on international affairs, politics, and on the economy, as much as states do.
Non-state actors include multinational corporations, collectives of hacktivists, non-governmental organizations (NGOs), cybercrime syndicates, private military organizations, media outlets, terrorist groups, labor unions, organized ethnic groups, lobby groups, criminal organizations, private businesses, and others.
CNSA can operate with different aims: some are financially motivated, like cybercrime gangs, while others are politically motivated, like state-sponsored hackers and hacktivists. The capability of Cyber Non-State Actors to influence state decision-making processes depends on their specific category.
The role of CNSA is crucial, due to the growing importance of cyberspace to modern society. Cyberspace is a domain without borders, where businesses operate while nation-state actors conduct their activities. Some of those activities being malicious. The number of cyber-attacks continues to increase as well as their level of sophistication. For this reason, the behavior of each actor in the cyber arena is becoming a national security concern for every government. The asymmetric nature of the cyber-attacks, the problem of attribution, the adoption of different legal frameworks by states, the low barriers to entry make the cyberspace an attractive arena for both nation-state actors and CNSA. 6 Unfortunately, ever more often, we are observing a growing number of actors that are using cyber tools in warfare, cyber weapons that could allow attackers to achieve same results of a conventional weapon, while making attribution hard. The current conflict between Russia and Ukraine is characterized by the presence of multiple Cyber Non-State Actors, but this isn’t the first time that states have faced with offensives launched by this category of attacks. Looking back at 2007, Estonia fell victim to a powerful cyber-attack that shut down government services, telecommunications, and banks in the country. The attack was launched in response to the Estonian government’s removal of a Soviet war monument from downtown Tallinn. It was a massive distributed denial of service attack (DDoS), apparently launched by patriotic Russian hackers and cybercriminals. The involvement of CNSA makes it hard to attribute the attack to Russia and impossible to sanction Moscow.
The attack was organized to appear as independently orchestrated by different threat actors without an evident link with Moscow. It was launched with sabotage purpose along with a psychological effect on the targeted population. Some CNSA are therefore unofficial emanations of the States where most of their components are located and act as ‘corsairs’ for their country, often conducting activities aimed at: a) extorting and stealing money; b) attacking enemy countries institutions and infrastructures; c) cyberespionage. In fact, several states tolerate or even protect CSNA in order to: a) create the conditions for development and prosperity of as many cyber operators with hacking capabilities as possible (we will approach this specific topic further within this paper), b) to be able to get access to information and intelligence of a different kind.
Let me suggest reading the full paper available here:
(SecurityAffairs – hacking, non-state actors)