Photo: A long exposure shot of Avenida Paulista in São Paulo, Brazil.
Long before Russian forces physically entered Ukrainian territory on February 24, 2022, the Kremlin had already launched its war of aggression on a different battleground: cyberspace. From the significant increase in malware attacks in early January against Ukraine’s banks and government sites to a direct assault on the country’s power grid. Some of these attacks were highly sophisticated with serious technical implications, which, combined with their intended psychological effects, made for a highly effective war device.
Website defacements, malware operations, and ransomware attacks represent some of the tools employed by Russia so far. However, Russia doesn’t have a monopoly on the weaponization of cyberspace in this war effort. Take, for example, Belarus’ anti-Lukashenko Cyber Partisans group, which claimed that they hacked the railways of Belarus in order to stop Russia’s military from continuing to amass personnel and equipment via rail. In this case, a cyber incident stopped physical, offensive movement.
These examples show the changing character of modern-day conflict and how various actors can successfully deploy cybertools as secondary elements to the kinetic actions involving ground forces. The ramifications of this conflict go beyond the physical territory where conventional troops fight. Leading organizations like the U.S. Cybersecurity and Infrastructure Security Agency and the European Central Bank have both issued warnings about potential Russian cyberattacks against American and European assets. As similar threats increasingly emerge from various state as well as non-state actors, how ready are Latin American countries to face this changing architecture of security matters?
Protecting Critical Infrastructure from Non-State Actors
From one of the largest public utility companies in the world to major banks, manufacturing operations, or telecom providers, Latin American businesses are increasingly vulnerable to cyber threats. The region has become fertile ground for cybercriminals. One in every three ransomware attacks targets a Latin American country. In 2020, cybersecurity provider Kaspersky registered an average of 5,000 ransomware attacks per day against targets in Latin America.
Ransomware is a type of software malware that encrypts the victim’s files and demands a ransom to decrypt them. In 2021, Brazil’s Eletrobras suffered a significant ransomware attack. The incident highlighted a chilling fact: critical infrastructure in the region is increasingly exposed and even the largest power utility company in Latin America and the Caribbean fell victim.
With a few exceptions, legislative efforts to prepare the region for the threat posed by cyber incidents have been reactionary and insufficient in nature. In Mexico, policymakers in Congress are currently working on various initiatives to update the cybersecurity framework. One of these proposals even seeks to produce constitutional reform to include cyber threats as a primary national security concern. In the last couple of years, the Mexican National Guard and local private sector associations have increased awareness and cooperation to secure the cyberspace. In July of this year, Brazil’s National Electric Energy Agency (ANEEL) updated its cyber security policy, establishing new guidelines for operators in the electricity sector. These efforts recognize the challenge, but implementation across the region remains slow.
Great Power Presence and Competition in the Region
Latin America’s response to Russia’s invasion of Ukraine reflected the contradictions the region is going through regarding the influence of major global powers. Before the invasion, Russia launched a major diplomatic campaign and increased its engagements with various regional governments. Russian President Vladimir Putin had phone calls with his counterparts in Cuba, Venezuela, and Nicaragua, and many Russian high-ranking officials visited these countries before the invasion. Argentine President Alberto Fernandez and Brazilian President Jair Bolsonaro even visited Moscow just weeks before the invasion.
In the past, Russia has deployed warships and nuclear-capable bombers to Venezuela and directed Russian oil giants, including Rosneft and Gazprom, to pump South American crude. China has also continuously been elevating its presence in the region through infrastructure investments and the rise of closely-aligned companies such as Huawei in Latin American telecom markets.
These powers have gone beyond conventional physical presence and are now important components of the region’s cybersecurity landscape. Venezuela, for example, has claimed in the past that the recurrent blackouts in the country are the result of cyberattacks originating from the United States. The South American government has also acknowledged receiving Iranian assistance, even from the Revolutionary Guard, to secure the nation’s cyberspace.
However, the use of cybertools to increase or solidify physical dominance is not exclusive to state actors, as demonstrated by the evolution of the operating conduct of organized crime in countries like Mexico. Cartels are increasingly using social media and the clear and dark web for drug smuggling, human trafficking, and money laundering, but still commit physical beatings, murders, and kidnappings related to their essential criminal activity. The former head of Mexico’s financial intelligence unit (UIF), Santiago Nieto, recognized this issue while in office, explaining, “There’s a transition to committing crimes in cyberspace, like acquitting cryptocurrencies to launder money and the pandemic is accelerating it.”
Back in the digital theater of the Ukraine conflict, misinformation and disinformation campaigns are running rampant as Putin keeps the world guessing about his next moves. Users on Telegram, Twitter, and many other platforms detailed varying numbers of personnel, tanks, maritime vessels, and other equipment movements. The speed and volume of online content make separating genuine information from misinformation increasingly difficult for officials and social media companies alike. For example, just one month into the conflict, Meta amended its content policy six times.
Foreign Policy magazine recently reported that Russia’s state-owned media organizations unleashed a wave of disinformation targeted at Spanish-language speakers in January, to reduce Western Hemisphere support for Ukraine. The issue goes beyond the Russia-Ukraine conflict.
Domestic political battles in various countries continue to drive the rise of disinformation. In the U.S., cities like Miami, which has a large percentage of Spanish speakers, have been experiencing major problems with disinformation and misinformation campaigns. Governments across the Hemisphere have been slow to react, preferring instead to outsource responsibility to private companies.
Given the current dynamic, confusion is likely the way of the future. Cyber incidents provide possible obfuscation and a diversion while physical developments build up. Hybrid conflict disrupts most components of daily life, causing governments and responding forces to split resources and attention. Hybrid tactics will increasingly play a role in the theater of conflict, so Latin American leaders and the region’s public should prepare accordingly.
Steph Shample is a Non-Resident Scholar with the Middle East Institute’s Cyber Program and Senior Analyst at Team Cymru. For the past 17 years, her career has focused on analyzing Iran in various capacities, including its tense relationships with Middle Eastern countries as well as their bordering states, and countering Iranian roles in terrorism, proliferation, and narcotics. During her military career, Steph gained operational experience across the Middle East, Levant, and Central and South Asia. She also completed two deployments to Afghanistan, one military and one as a civilian.
Bryan Ch. Campbell is a Cuban independent political risk analyst based in Mexico City. He offers bespoke research and consulting services to support companies and stakeholders operating across the Caribbean and Central America. He also monitors legislative and policy developments in LatAm/Caribbean’s top emerging markets and produce in-depth analysis and original thought leadership. He is a regular external contributor with The Economist Intelligence Unit covering Cuba.