The following is an excerpt from the Threat Lens 2019 Annual Forecast. This forecast does not focus on every global security trend expected in 2019. Instead, it concentrates on Threat Lens' core interest areas and examines the trends we expect to see shaping that space next year. The full version is available to Threat Lens subscribers.
Great Power Competition: The Industrial Espionage Threat
The great power competition will produce a surge in corporate espionage incidents involving Western companies in 2019. The rivalry will drive China and Russia to maintain, if not accelerate, their already-intense efforts. Chinese activity will eclipse Russia's, since China has more resources, though the United States is also more focused on countering China. Since the United States offers the most targets for corporate espionage, U.S. companies will be the ones affected the most, although the threat is not limited to American companies. The companies most likely to be targeted are in sectors that the Chinese and Russians have prioritized in strategic documents.
China will be driven to engage in corporate espionage as it seeks to reach technological self-sufficiency and to offset the adverse impacts of the trade war and continuing U.S. efforts to cut its access to foreign markets. Deepening financial pressure due to sanctions and a drive to make up for technological deficiencies will, meanwhile, drive Russia to conduct more corporate espionage. An intensification of U.S. counterintelligence efforts devoted to corporate espionage will bring more of these cases to light. The United States laid the groundwork for this initiative in November 2018 in a move that will fuel a surge in manpower and resources to counter Chinese corporate espionage.
As a result of these trends, in 2019 we are likely to see more arrests and indictments of Russian and Chinese intelligence officers, along with the agents they've recruited. We are also likely to see corporate espionage activity against U.S. companies in third countries — something that arrests or warnings issued by governments will reveal. Cyber operations will also play a factor, so we will be looking for reports of cyberattacks and other examples of compromised electronic communication linked to China or Russia.
China and Russia will, of course, respond to the increased U.S. scrutiny and will make the operating environment harder for U.S. companies in those countries. We expect to see hostile intelligence agencies detain or harass U.S. intelligence operatives, diplomats or civilians, such as employees of Western-linked nongovernmental organizations. Among other things, we expect Beijing and Moscow to increase their monitoring of Western business travelers and expatriates as they search for potential intelligence officers not using official cover.
But China will be hesitant to act too overtly in its response, since it still requires U.S. investment and technology, which necessitates the presence of U.S. companies. But China would be less likely to show restraint on this front if the United States were to sanction large Chinese financial institutions and tech companies — something U.S. officials have hinted they might do.
China will be hesitant to act too overtly in its response to Washington's crackdown on its spying activities, since it still requires U.S. investment and technology, which necessitates the presence of U.S. companies.
The U.S.-Iran Collision Course: Disruptions Ahead
The increase in U.S.-Iranian tensions will raise the risk of aggressive Iranian action indirectly affecting, or directly targeting, civilians and companies. The United States will continue its hard-line sanctions policy while more aggressive action by Western, Israeli and Gulf Arab intelligence services will prompt retaliatory action from Iran.
The breakdown of the Joint Comprehensive Plan of Action and the reimplementation of sanctions weakened moderate factions in Iran — which are more in favor of outreach to the West — and empowered more hard-line elements, including the country's effective intelligence services. This will increase the likelihood of more aggressive Iranian action, including cyberattacks, hybrid warfare and even physical attacks.
As a result of these trends, additional reports of malicious Iranian cyber activity will occur in 2019. Iran has the intent and capability of conducting a variety of cyberattacks targeting Israeli, Gulf and Western companies, and it has already laid the groundwork for such operations.
Iran plays a numbers game in its approach to cyberattacks, preferring large numbers of attacks despite a low success rate. The most threatened companies will be those with ties to the governments of Israel, Saudi Arabia, the United Arab Emirates or the United States. Iran's expanding target set and rapidly improving capabilities mean more sectors will be at risk of everything from distributed denial of service attacks to the theft of sensitive data.
Physical attacks conducted by Iranian intelligence services against Gulf Arab, Israeli or Western targets or Iranian dissidents will become more likely. Iran can stir up any one of its many proxies or other groups it has links to, and that move could increase political unrest and attacks in their respective areas of operations. Such groups include Hezbollah in Lebanon, the Popular Mobilization Units in Iraq, militant groups in Bahrain, the Houthis in Yemen, the Taliban in Afghanistan and Shiites in Saudi Arabia's Eastern Province.
Although areas where Iran has a direct presence or influential proxies are more likely to be affected, its global reach (it has attempted attacks on five continents through its embassies and proxy networks in the past decade alone) means that action anywhere is possible. Iran will also have an incentive to take more action against Westerners on its territory to use as bargaining chips. This could include blocking the entry of Westerners, harassing them in Iran or even detaining them.