Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

RUSI report: Countering state-backed cyber threats

(Ayrus Hill / Unsplash)

By Gonzalo Saiz Erausquin

Malicious cyber-enabled activities have become recurring threats in international security. States and their proxies use cyberattacks to disrupt critical services, steal sensitive information and undermine political processes. Alongside state activity, organised criminal groups use ransomware to disrupt and extort businesses and public institutions around the world. In response, sanctions have emerged as one of the principal tools available to governments seeking to expose and disrupt malicious cyber operations and impose costs on the perpetrators.

The US has developed an extensive cyber-related sanctions practice since 2015, applying it against state intelligence officers, criminal groups and the financial and technical enablers that support them. The EU’s cyber sanctions regime, launched in 2019, has been applied in a smaller number of cases, with restrictive measures forming part of the EU’s wider cyber diplomacy toolbox. The UK has followed a similar path, leveraging the cyber sanctions regime adopted after Brexit to attribute malicious activity and to coordinate responses with international partners. Together, these efforts reflect a growing determination by sanctioning jurisdictions to respond to cyber threats not only with law enforcement tools, but also with instruments of economic statecraft.

The effectiveness of these approaches remains contested. Some argue that sanctions have limited direct impact because the individuals targeted often hold no assets in Western jurisdictions and rarely travel abroad. Others note that sanctions can nonetheless disrupt wider ecosystems of enablers, alter adversary behaviour, ‘toxify’ perpetrators and their business models by publicly naming them and forcing their underground networks to distance themselves, and reinforce broader diplomatic narratives. They can also affect the decision-making of private sector intermediaries, such as exchanges or service providers, which may choose to withdraw support from sanctioned actors rather than risk exposure. These debates highlight the importance of understanding what sanctions can and cannot achieve in the cyber context, and how they can be better integrated into national and international strategies.

Read more at RUSI

Click to listen highlighted text!