The RANE Cyber Risk Outlook was created to identify cybersecurity and emerging technology risks over the next three to five years that will impact a broad array of people, organizations and governments. Specifically, it is intended to help clients identify which risks to monitor and how to plan accordingly in a rapidly evolving digital threat landscape.
Each annual Cyber Risk Outlook edition – published early each year – focuses on themes relevant to the current digital threat landscape and explores how various outside experts and luminaries grapple with these emerging cyber-related risks. During each subsequent quarter, RANE will do a deep dive, highlighting relevant updates or changes pertaining to the chosen themes.
In the 2025 edition, we focus on the role of cyberspace in geopolitics and how countries across the world use the cyber domain to advance their national strategies. This initial overview first seeks to outline the role that cyberspace increasingly plays in the core components of statecraft, foreign policy and international relations. After that, the three quarterly installments will feature deep dives into the following topics:
The rapid growth of the digital domain and its increasingly essential role in all parts of life are elevating the importance of cyberspace in geopolitics as governments look to achieve a variety of strategic goals through their use and regulation of various technologies. In line with many other aspects of geopolitics, states are increasingly perceiving the cyber domain as a space in which foreign policy objectives can be advanced, whether through collaborative initiatives with allied states or through the pursuit of offensive campaigns that undermine adversaries. The role of cyber as a medium for geopolitical competition now spans a range of hard and soft power activities – from disruptive and destructive cyberattacks to espionage campaigns that steal valuable intellectual property to influence and disinformation operations that target the growing number of online users across the globe.
Over the next three to five years, the geopolitical importance of cyberspace will only grow further as various governments leverage the domain for greater international influence. As stated by Nathaniel C. Fick, the U.S. Department of State's first ambassador for cyberspace and digital policy, in an interview with The New York Times in May 2024, "Just about everyone is willing to acknowledge that technology is an important element of foreign policy, but I would argue that tech is not just part of the game — it's increasingly the entire game…Think about it — asymmetric advantage in the war in Ukraine, global competition with China on key technologies, the ability of Israel and its allies to intercept Iranian aerial attacks. All tech… The international order will be defined by whose metaphorical operating system dominates."
In response to the rising centrality of cyberspace, states have increasingly sought to shape the rules that govern the domain at both the international and domestic levels. Multilateral cyber norm-building efforts have largely manifested through participation in intergovernmental organizations like the United Nations, which has conducted an Open Ended Working Group since 2020, aiming to create common rules and principles for responsible state behavior in the digital sphere. While some progress has been made – for example, in March 2021, when all U.N. member states agreed to 11 cyber norms, including protections for critical infrastructure and not knowingly allowing cybercriminals to operate in their territories – these rules have been nonbinding, and there is ample evidence that states have not entirely adhered to them. As noted by Senior Vice President of the Center for Strategic and International Studies, James Andrew Lewis, in a February 2022 report, "Unfortunately, international experience …has shown that agreement on norms, even when politically binding, is by itself not enough to ensure their observation or create stability in cyberspace."
This process has highlighted states' differing and, at times, competing interests, which have stymied discussions as governments have continually failed to agree on whether legally binding cyber laws are needed and, if so, how international law should apply to cyberspace. In particular, multinational cyber norm-building efforts have laid bare conflicting visions for how the cyber realm should function: while Western powers largely argue that the internet should be a free and open domain, other countries like China and Russia have sought to steer the international community towards a more closed model of internet governance that prioritizes domestic sovereignty and the implementation of strong state controls over online activities.
States' conceptualization of how cyberspace should be governed has also extended to the domestic level, where different jurisdictions have implemented divergent regulatory regimes. Even among like-minded Western states, differing interpretations of how to regulate cyberspace in the public and private sectors have produced a wide range of regulatory approaches. The European Union, for example, has increasingly stood apart from the rest of the globe for maintaining one of the most stringent frameworks around data privacy and cybersecurity requirements for entities operating in the bloc, while the United States has comparatively shied away from moving beyond voluntary and light-touch obligations outside of national security-related cyber issues. Other governments, such as China's, have pursued stringent cyber regulations primarily for the sake of expanding centralized control as Beijing has repeatedly championed the idea of "cyber sovereignty" and implemented tools like the so-called "Great Firewall" to enable authorities to supervise and respond to online developments, particularly if those activities are perceived as threatening national security.
Discussions around national sovereignty and digital regulations are also increasingly extending to the manner in which data is housed, used and transferred across jurisdictions. Increasingly, jurisdictions seek to control where their citizens' data can be stored, how it can be used, and to which other countries it can be transferred. Once again, divisions are clear not only between competing blocs, such as China and the West but also within them, as Europe, for example, enforces much more stringent data privacy standards than the United States.
Outside of supranational bodies, governments are also increasingly pursuing objectives related to cyberspace through other partnerships as well as via bilateral agreements. Multilateral alliances like the North Atlantic Treaty Organization (NATO) have ramped up their scrutiny of the cyber realm and pursued a variety of information-sharing and coordination initiatives to combat evolving cyber threats. In November 2023, the alliance held the first annual Cyber Defense Conference, during which it established a NATO cyber center aimed at promoting cyber defense among allies. During the conference, then-Secretary General Jens Stoltenberg explained that the improvement of collective cyber defense was necessary to "avoid relying on equipment supplied by authoritarian regimes to build our digital backbone for the future," including adversaries like China and Russia, which are "determined to shape the future of cyberspace in [their] own image with little transparency and no regard for human rights."
Governments are also seeking to integrate cyber cooperation and development into their bilateral initiatives with other countries. Cyber-oriented diplomacy is particularly distinguishable as a component of foreign policy efforts by the world's superpowers, namely, the United States and China. As the two countries compete for international influence, the role of cyber has grown in their diplomatic efforts abroad. For example, in May 2024, the U.S. government announced the first International Cyberspace and Digital Strategy outlining plans to engage U.S. allies and partners in "digital solidarity" to advance multilateralism in cyberspace alongside a rules-based international order. While announcing the strategy at the RSA Conference in San Francisco on May 6, 2024, then-U.S. Secretary of State Antony Blinken explained, "Today's revolutions in technology are at the heart of our competition with geopolitical rivals…Our ability to design, to develop, to deploy technologies will determine our capacity to shape the tech future, and naturally, operating from a position of strength better positions us to set standards and advance norms around the world… We've learned from the 5G experience that we cannot be complacent and let strategic competitors dominate the technologies that form the backbone of the global economy and that determine how and where information flows."
Data transfer deals feature prominently in cyber cooperation agreements as a component of government efforts to collaborate in the digital domain. For example, Western allies and close partners maintain a variety of bilateral agreements that foster data flows across different jurisdictions. The United States and the European Union, for example, maintain the Data Privacy Framework, which facilitates organizations' ability to move consumer data freely across the Atlantic without incurring punitive noncompliance penalties resulting from differences in each jurisdiction's regulatory requirements. The agreement, finalized in July 2023 after previous frameworks fell apart, was celebrated by officials on both sides, such as European Commission President Ursula von der Leyen, who, in announcing the agreement, said, "Today we take an important step to provide trust to citizens that their data is safe, to deepen our economic ties between the EU and the U.S., and at the same time to reaffirm our shared values." Many other countries maintain Standard Contractual Clauses that stipulate cross-border data transfer requirements.
China has also sought to shape the digital space through its foreign policy activities like the Digital Silk Road, a component of its larger Belt and Road Initiative, through which China seeks to bolster the development of partner countries' digital infrastructure by providing financing and technology to build 5G broadband networks, data centers, telecommunications infrastructure and smart city projects – and thus enables Beijing to have a hand in developing the digital infrastructure for partner countries. Through these economic investments, China has been better positioned to enable developing countries to adopt similar internet control mechanisms used in China's authoritarian system, like surveillance capabilities, internet monitoring, content moderation and online restrictions – in turn bolstering China's broader influence on the world stage, especially vis-a-vis the Western model.
The cyber domain's rising strategic importance is also increasingly spurring governments to seek to gain the upper hand against competitors and adversaries through a variety of offensive cyber campaigns. At the most basic level, governments have transitioned perennial practice of espionage and intelligence gathering to the cyber domain, targeting other countries' government agencies, intelligence apparatuses and military networks, alongside a wide variety of private sector targets that are strategically significant. As the international system has become progressively multipolar, however, with a variety of recent destabilizing geopolitical trends – including the Russia-Ukraine war, conflict in the Middle East and escalating U.S.-Chinese economic competition – states are also increasingly engaging in more aggressive cyber threat activity.
Russia has arguably been the most prolific in its digital campaigns, pursuing a hybrid warfare strategy that seeks to integrate various nonstate actors like cybercriminals and hacktivists to conduct cyberattacks against Western entities to disrupt operations, cause reputational harm, generate cash, as well as probe networks and preposition malware for use in the future – all while still maintaining a veneer of plausible deniability that could provide clear evidence of state involvement. While Russia has primarily attempted to direct its more disruptive threat activity within the confines of Ukraine, pro-Russian groups have also conducted a range of low-sophistication campaigns against Western organizations in an effort to cause website outages and defacements – actions that fall below the threshold of significant disruption but nevertheless seek to intimidate targets and degrade Western support for Ukraine.
Russian threat actors have also leveraged cyberspace for numerous information campaigns that similarly seek to undermine Western cohesion through the proliferation of online narratives that criticize political officials or policies and exploit periods of domestic instability in the wake of a disaster or crisis. According to remarks by previous NATO Secretary General Jens Stoltenberg in June 2024, "We are threatened by something which is not a full-fledged military attack, which are these hybrid threats …everything from meddling in our political processes, (undermining) the trust in our political institutions, disinformation, cyber-attacks (…) and sabotage actions against critical infrastructure."
Beyond Russia, Chinese threat actors are also becoming increasingly aggressive in offensive cyber campaigns that seek to gain persistent access to Western networks at a grand scale, particularly those in the United States, which in the last two years alone have been victimized by repeated widespread Chinese intrusion campaigns which have compromised U.S. government networks, critical infrastructure entities and countless private sector organizations. While Chinese threat activity has a long historical precedent, there is no doubt "that the risk of Chinese cyberattacks has gone up…And Chinese capabilities have seemed to have notably increased over the last four years," as noted by Adam Segal, who served as a senior cybersecurity adviser in the State Department, in remarks to NBC News on Jan. 18.
Chinese cyberespionage activities illustrate the increasing interplay between geopolitics and the cyber domain. Most immediately, they are driven in part by the rapidly intensifying economic competition between the two countries, which has resulted in a range of U.S. and allied export controls, restrictions, and bans on companies, products and services, in turn elevating Chinese efforts to acquire lucrative intellectual property needed to advance its own economic ambitions. In a more escalatory scenario, however, Chinese intrusion efforts are also believed to support Beijing's preparation for a potential future conflict with the United States and its allies.
In testimony before the House Select Committee on the Chinese Communist Party in January 2024, then-U.S. Federal Bureau of Investigation Director Christoper Wray warned, "China's hackers are positioning on American infrastructure in preparation to wreak havoc and cause real world harm to American citizens and communities if and when China decides the time is right to strike." These suspicions have been echoed by other U.S. agencies, including the U.S. Cybersecurity and Infrastructure Agency, which, in a February 2024 advisory, warned about "the potential for these [Chinese] actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflict."
In an effort to mitigate adversaries' influence in cyberspace, some countries are also pursuing policy initiatives that seek to limit foreign countries' access to certain digital components. Just as enabling free data transfer flows is a core component of cyber cooperation, efforts to put restrictions on other countries' ability to obtain and use data is becoming more pronounced. For example, in late December 2024, the U.S. Department of Justice finalized a new rule that prohibits U.S. companies from selling sensitive bulk data of American citizens to adversaries ,including China, Iran, North Korea and Russia. In a statement about the new restrictions, Matthew Olsen, assistant attorney general for national security, explained that "This powerful new national-security program is designed to ensure that Americans' personal data is no longer permitted to be sold to hostile foreign powers, whether through outright purchase or other means of commercial access."
Looking ahead, the role of the cyber domain will continue to grow in the coming years as an integral component of geopolitical competition. As governments create different digital policies that align with their own state-level ideals and priorities, multilateral cyber norm development is likely to continue to stall, leading to an increasingly polarized digital realm where certain online freedoms are available in some jurisdictions and forbidden in others. The ongoing efforts by leading governments like the United States and China to influence other countries' approach towards cyberspace will further accelerate a polarized cyber domain in the coming years as these superpowers use various carrots and sticks to drive their vision for cyberspace.
Meanwhile, growing competition between the United States and China – coupled with a general rise of tensions between the West and countries like China, Iran, North Korea and Russia – will also manifest in an increasingly contentious digital landscape where damaging cyber campaigns occur more frequently and with greater sophistication. To this end, under President Donald Trump, the United States appears poised to take a more offensive approach against adversaries in cyberspace.
Referring to the highly sophisticated Chinese state-backed cyber threat group dubbed "Volt Typhoon," which has compromised broad swaths of U.S. critical infrastructure and government networks, Trump's incoming National Security Adviser, Michael Waltz, said in an interview with CBS News on Dec. 15, 2024, that, "We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation-state actors that continue to steal our data, that continue to spy on us, and that even worse, with the Volt Typhoon penetration, that are literally putting cyber time bombs on our infrastructure."
This expected shift into a more offensive U.S. cyber posture will also elevate the role of the cyber domain in geopolitical dynamics as governments seek to confront adversaries' cyber threat activity in a more explicit manner beyond current defensively-focused efforts to deter threats via improved cyberdefenses and "name and shame" perpetrators. But more aggressive cyber postures between great powers will also elevate tensions, open the door to escalations, and invite miscalculations as countries navigate the uncertain rules of operations in cyberspace – all of which will make for a riskier cyber environment that could easily spill over into real-world, kinetic violence.
As the Russia-Ukraine war enters its fourth year, Russian hybrid warfare tactics are also sure to continue and aim to blur the line between state and nonstate threat activity that enables the Kremlin to hide behind a layer of plausible deniability and avoid Western attribution. Russian online influence operations are also certain to target a range of key Western elections in countries – including Australia, Canada, Germany, Japan and Poland – to seek to undermine democratic processes, promote political instability and usher in more Kremlin-friendly candidates. As noted by former U.S. Senate Intelligence Chair Mark Warner (D-VA) in an Oct. 19 interview with Politico, "Russian malign actors target more than just U.S. elections — and have made a concerted effort to shape outcomes in elections of key U.S. partners, using many of the same techniques and tactics."
A major variable relevant to the future development of the digital realm will be the advancement of artificial intelligence, which has already begun to accelerate the pace and scope of operations in cyberspace on both the offensive and defensive fronts. In the context of geopolitics, AI tools will feature in governments' development of homegrown offensive cyber capabilities, namely, in their state-sponsored campaigns that seek to bolster national interests to gather classified government intelligence and steal sensitive corporate data. At a granular level, AI tools will become instrumental in bolstering a range of threat activities, including vulnerability exploitation, malware development, and intrusion tactics like phishing and social engineering.
At the same time, AI advancements will play a role on the opposite end of the spectrum, increasingly contributing to defensive efforts, including proactive vulnerability detection and patching, as well as enhanced endpoint detection and response mechanisms. In addition to bolstering governments' protection of domestic networks and data against adversaries, collaborative tools and information-sharing initiatives will further provide a role for AI in cyber diplomacy and cooperation.
As AI tools become more advanced, governments will also seek to extend norm-building and regulatory initiatives to AI. However, as already seen, competing visions for AI are likely merely to further embroil the emerging technology in governments' competition for influence. As noted by UN Secretary-General António Guterres in remarks to the Security Council on Dec.19, "The 'AI arms race' creates fertile ground for misunderstanding, miscalculation and mistakes. AI-enabled cyberattacks could cripple a country's critical infrastructure and paralyze essential services. Most critically, AI is eroding the fundamental principle of human control over the use of force… Let's be clear: the fate of humanity must never be left to the 'black box' of an algorithm."
Taken together, cyberspace has already become deeply interwoven into the geopolitical landscape, and its role will only continue to grow over the next several years. From augmenting the offensive cyber strategies of governments backing sophisticated threat actors to developing countries seeking to advance their regional influence, the cyber domain will be pivotal to achieving a range of end goals. While governments will seek to maximize their ability to leverage cyber activities for their own objectives, jurisdictions will also seek to implement controls for cyberspace through regulatory initiatives that offset adversarial campaigns. While there will be space for some cooperation among like-minded governments, overall, the growing role of cyberspace in geopolitics portends further regulatory balkanization, offensive competition and a turbulent environment for organizations to navigate.
