Submit your essay to the AI-Cybersecurity Essay Prize Competition by January 2, 2025.
The AI-Cybersecurity Essay Prize Competition
Read more
Main Logo Expert commentary on tech and security

How African states challenge cyber superpowers

Nate Allen 24 September 2024
Share On:
Countries such as Libya and Ethiopia are using digital technology to advance their interests in cyberspace
Main Top Image
Image generated using Midjourney

It is reflexively assumed that cyberspace is the domain of technological superpowers. At the pinnacle lie the United States, China, and Russia, each posting potent, sophisticated, and well-resourced offensive cyber capabilities. Just below, according to popular rankings and indices, lie powers with widely recognised technical expertise, such as the United Kingdom, Australia, South Korea, and Iran.

In this world, less technologically saturated states count for little. Insofar as African countries figure into debates about cyber geopolitics, it is nearly always through the lens of exploitation and inferiority. This is true of external discourse, which often frames Africa’s technology sector as an arena of zero-sum competition between East and West. But it is also true of discourse within Africa itself, where leading scholars and analysts warn of “digital colonialism” resulting from the continent’s reliance on technology it does not create or control.

These hierarchical assumptions rest on shaky foundations. In my latest article with Matthew La Lime, recently published in the Journal of Strategic Studies, we argue that even states devoid of significant offensive capabilities can limit the influence of cyber superpowers.

How African elites wield cyber power

Because many kinds of digital technology are less costly to spread than to invent, cyberspace is a domain rife for disruption by emerging powers and actors. Low costs and continued innovation have led to the diffusion of increasingly sophisticated offensive cyber capabilities. A basic ransomware kit costs $375; custom-made exploit kits can be rented from tens to hundreds of thousands of dollars annually; and some of the world’s most sophisticated capabilities, such as the now-defunct Pegasus malware, were rented for up to $7-8 million dollars per year.

The low cost and rapid diffusion of digital technology have increased the effectiveness of ‘partner diversification’ strategies African states and elites have long used to pursue their interests in the face of wealth and power gaps. Partner diversification strategies leverage competition between external actors to ensure their support aligns with local political objectives. At times, African elites may acquire a capability directly. But even when they are not able to do so, they can negotiate with one or more external partners to ensure that it is employed on their behalf.

This is illustrated in China’s espionage attempts against the African Union headquarters in Ethiopia and Russian information operations during Libya’s Second Civil War. Even though China and Russia are among the world’s leading cyber powers, African elites have found ways to evade or manipulate their power.

China, Ethiopia, and the African Union

For two decades, China has been Ethiopia’s major supplier of digital infrastructure and surveillance technology. China’s investments in infrastructure, including its construction of the African Union (AU) headquarters in Addis Ababa, the Ethiopian capital, enabled what is the continent’s most high-profile case of cyber espionage to date. Through the wireless networks it built, and later, through the CCTV cameras it installed, China was caught engaging in massive cyber espionage operations against the AU, dating back all the way to 2012 when the headquarters was built. These operations, and particularly the reluctance of AU officials to publicly recognise the espionage, have been viewed as a straightforward, emblematic case of growing Chinese influence.

Consider, however, the main reasons that Ethiopia turned to China to build out its tech stack in the first place: competitive prices and Western insistence that countries privatise their infrastructure, which did not align with Ethiopia’s statist goals. Moreover, Ethiopia’s relationship with China has not precluded the country from working with an array of actors, including Israel, the United States, and Italy, to acquire cyber capabilities and diversify its technology supply chain. Ethiopia’s former information security agency director Tekleberhan Woldearegay admitted to Carnegie Endowment scholar Steven Feldstein that: “the idea that Ethiopia’s drive to pursue digital surveillance is ‘a reflection of Chinese influence’ is a completely false perception… we, for example, bought technology from Israel, from Italy, even from Germany, including from America [and] also from China. [The goal is] always to protect your country to create a secure environment. We were searching for the best technologies from every part of the world.”

Through the capabilities it acquired and by working with a diverse array of partners, authorities were able to at least partially mitigate China’s espionage efforts. It was, for example, AU network engineers who noticed the intrusion and, working in collaboration with Ethiopian and Algerian cybersecurity experts, set up and tested a new, more secure IT and video-conferencing architecture independent of the Chinese. More recently, acting on a tip for researchers affiliated with the Japanese Computer Emergency Response Team, AU authorities discovered that the Chinese hacking group ‘Bronze President’ was stealing footage from the AU’s Chinese-installed CCTV cameras.

The fact that AU authorities were able to identify a Chinese Advanced Persistent Threat (APT) actor on their networks is an example of how partnerships in cyberspace can help even an unbalanced playing field. The AU possesses no offensive cyber capabilities and has a relatively small IT unit, but by working in concert with AU member states and external actors such as Japan and independent threat researchers, it can gain awareness of and take steps to mitigate cyberattacks from sophisticated states such as China. 

Russian information operations in Libya

Russia tried to prop up the Libyan warlord Khalifa Haftar through a disinformation campaign launched on his behalf during the Second Libyan Civil War, which lasted from 2014 to 2020. Superficially, the campaign appeared to be a straightforward success. Analysts agree that externally sponsored disinformation efforts were crucial in consolidating support for the warlord in the run-up to and during a 2019 offensive to take Tripoli.

Yet it may be argued that the disinformation campaign was more of a success for Haftar than the Russians. Haftar was not the preferred client of Russia, who viewed Saif al-Islam Gaddafi, the son of the late dictator, as more favourable to their cause. Haftar was strongly supported by the United Arab Emirates, Egypt, and Saudi Arabia, which launched a massive social media campaign that included influencers and bots and completely saturated the airwaves when the offensive launched in April 2019.

In the initial phases of the offensive, Russia attempted to hedge its bets by running social media campaigns in favour of both Haftar and Gaddafi. In December 2019, after Turkey intervened on behalf of the rival Government of National Accord, Russia attempted to shift the social media account Aljamahiriya, a pro-Gaddafi state-run broadcaster it had bought, to consolidate support for Haftar further. This attempt backfired. Followers of the account, many of whom were genuine Gaddafi supporters, lambasted it for the shift.

From one perspective, Libya is a textbook case of how external actor influence in the information space has undermined Libyan sovereignty. Yet the argument may also be turned on its head. By carefully managing his external relationships, Haftar, himself a master propagandist, helped ensure that numerous foreign actors cooperated to fund and manage a disinformation campaign on his behalf. In internal documents obtained by the London-based Dossier Center, Russian analysts appeared to be well aware of this, observing that Haftar’s strategy was to create “the public image of his immutable power and raising his stature to both internal and external players, which creates a threat to the peaceful political resolution of the situation in Libya and the realisation of Russia’s interests in the region and its influence on the situation.”

The fact that the Russians still felt obliged to support Haftar despite their reservations speaks both to Haftar’s success and the power of partner diversification strategies in an age of rapid diffusion of information and disinformation capabilities.

Effective deployment

This is not to say that China and Russia’s deployment of cyber capabilities have no impact. China’s status as Africa’s largest supplier of digital infrastructure likely gives it unparalleled cyber espionage capabilities. Likewise, Russia’s disruptive use of disinformation has advanced its strategy of undermining liberal democracy and propping up authoritarian regimes across the continent.

Yet rarely are the transactions that lead to the development and use of cyber capabilities zero-sum, nor are those against whom these capabilities are exercised without recourse. In both cases, strategies of capability acquisition and partner diversification enabled “weaker” cyber powers to advance their interests, at times in opposition to cyber superpowers.

A key lesson to be learned is that the cyber domain is one of disruption. The advancement of digital technology is rapidly reshaping global geopolitics. It is the powers who most effectively employ cyber power, not necessarily those who invent the technology, that benefit most from its spread. This includes less technologically advanced states with less visible capabilities.

* The opinions expressed in this article reflect those of the author and not the institutions with which they are affiliated.

avatar
Nate Allen

Related

Featured image
Hooked On Trends
Fighting fake war imagery
Kye Allen 14 December 2023
Read more arrow
Featured image
Hooked On Trends
Understanding patterns of cyber conflict coverage in media
Christos Makridis / Lennart Maschmeyer / Max Smeets 9 February 2024
Read more arrow
Featured image
Hooked On Trends
Civilian hackers blur the lines of modern conflict
Mauro Vignati 13 December 2023
Read more arrow

Terms and Conditions for the AI-Cybersecurity Essay Prize Competition

Introduction

The AI-Cybersecurity Essay Prize Competition (the “Competition”) is organized by the European Cyber Conflict Research Incubator (“ECCRI CIC”) in partnership with the Munich Security Conference (“MSC”). It is sponsored by Google (the “Sponsor”). By entering the Competition, participants agree to these Terms and Conditions (T&Cs).

Eligibility

The Competition is open to individuals worldwide who are experts in the fields of cybersecurity and artificial intelligence (“AI”). Participants must ensure that their participation complies with local laws and regulations.

Submission Guidelines

Essays must address the question: “How will Artificial Intelligence change cybersecurity, and what are the implications for Europe? Discuss potential strategies that policymakers can adopt to navigate these changes.”

Submissions must be original, unpublished works between 800-1200 words, excluding footnotes but including hyperlinks for references.

Essays must be submitted by 2 January 2025, 00:00 am CET., through the official submission portal provided by ECCRI CIC.

Only single-authored essays are accepted. Co-authored submissions will not be considered.

Participants are responsible for ensuring their submissions do not infringe upon the intellectual property rights of third parties.

Judging and Awards

Essays will be judged based on insightfulness, relevance, originality, clarity, and evidence by a review board comprising distinguished figures from academia, industry, and government.

The decision of the review board is final and binding in all matters related to the Competition.

Prizes are as follows: 1st Place: €10,000; Runner-Up: €5,000; 3rd Place: €2,500; 4th-5th Places: €1,000 each. The winner will also be invited to attend The Munich Security Conference

Intellectual Property Rights

The author retains ownership of the submitted essay.

By submitting the essay, the author grants ECCRI CIC exclusive, royalty-free rights to use, reproduce, publish, distribute, and display the essay for purposes related to the Competition, including but not limited to educational, promotional, and research-related activities.

The author represents, warrants, and agrees that no essay submitted as part of the essay prize competition violates or infringes upon the rights of any third party, including copyright, trademark, privacy, publicity, or other personal or proprietary rights, breaches, or conflicts with any obligation, such as a confidentiality obligation, or contains libellous, defamatory, or otherwise unlawful material.

The author agrees that the organizers can use your name (or your pseudonym) and an image of you in association with your essay for purposes of publicity, promotion and any other activity related to the exercise of its rights under these Terms.

The organizers may remove any essay-related content from its platforms at any time and without explanation.

The organizers may block contributions from particular email or IP addresses without notice or explanation.

The organizers may enable advertising on its platforms and associated social media accounts, including in connection with the display of your essay. The organizers may also use your Material to promote its products and services.

The organizers may, at its sole discretion, categorise Material, whether by means of ranking according to popularity or by any other criteria.

Data Protection

Personal information collected in connection with the Competition will be processed in accordance with Virtual Routes’ Privacy Policy. Participants agree to the collection, processing, and storage of their personal data for the purposes of the Competition.

Liability and Indemnity

ECCRI CIC, MSC, and the Sponsor will not be liable for any damages arising from participation in the Competition, except where prohibited by law.

Participants agree to indemnify ECCRI CIC, MSC, and the Sponsor against any claims, damages, or losses resulting from a breach of these T&Cs.

General Conditions

ECCRI CIC reserves the right to cancel, suspend, or modify the Competition or these T&Cs if fraud, technical failures, or any other factor beyond ECCRI CIC’s reasonable control impairs the integrity or proper functioning of the Competition, as determined by ECCRI CIC in its sole discretion.

Any attempt by any person to deliberately undermine the legitimate operation of the Competition may be a violation of criminal and civil law, and, should such an attempt be made, ECCRI CIC reserves the right to seek damages from any such person to the fullest extent permitted by law.

Governing Law

These Terms and Conditions are governed by the laws of the United Kingdom, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the courts of the United Kingdom. The participants agree to submit to the exclusive jurisdiction of the courts located in the United Kingdom for the resolution of all disputes arising from or related to these Terms and Conditions or the Competition.