Strengthening Defense Against Combined Cyber Threats during the Age of Technological Autocracy

In a world increasingly interconnected by technology, the risks and challenges posed by misuse and disinformation have grown exponentially. Here are some key developments and trends that highlight the complex and multi-faceted nature of this issue.

Meta recently dismantled a Bangladesh-based network linked to the former ruling party, which targeted domestic audiences with disinformation. This action underscores the need for vigilance against the spread of false information and the role of tech giants in maintaining the integrity of digital discourse.

Indonesia, too, has seen the manipulation of domestic discourse through 'buzzer' networks. These are paid operators who amplify propaganda and disinformation, a practice that undermines democratic processes and public trust.

The spread of general-purpose artificial intelligence (AI) has only expanded the risks, scope, and reach of technological misuse. As AI becomes more pervasive, so too does the potential for its misuse, making it crucial to establish safeguards and regulations.

Addressing this issue requires a multi-pronged approach. Societal resilience must begin with citizens, including media literacy embedded in education, prebunking scaled across languages and platforms, and safeguards against transnational repression of diasporas integrated into counter-disinformation strategies.

The European Union has a definition of hybrid threats as coordinated attacks below the level of armed conflict. Governance resilience requires cross-regional standards for platform behavior to prevent emergency powers from drifting into authoritarian use of technology.

In the Philippines, independent outlets have been targeted by cyberattacks, obstructing reporting, while the government itself suffered disruption when a 2023 ransomware attack on its health insurance programme paralysed services and exposed the data of over 13 million citizens.

In the United States, 'great replacement' narratives were prevalent in 2024, highlighting the potential for disinformation to influence public opinion and polarise societies.

Systemic resilience requires protection of critical infrastructure. This can be achieved by prohibiting opaque contracts and single-vendor lock-ins, mandating transparency in design and maintenance, and ensuring public, time-bound, and independently verified incident reporting.

Singapore's Total Defence doctrine and Whole-of-Nation Approach treat civil society as a frontline security actor. On the other hand, China has exported surveillance and 'safe city' systems worldwide, creating dependencies that pull states into its authoritarian model.

Hybrid threats arise from structural conditions that enable the authoritarian use of technology and involve states, corporations, non-state actors, and citizens. In Vietnam, drones developed for civilian use are now placed under military control, while in Bangladesh, surveillance and spyware were used against civic and oppositional actors, with reliance on Chinese telecom companies exposing it to risks of external monitoring and targeting.

Market resilience can be achieved by expanding investment support, tax benefits, and preferential procurement for firms developing privacy-by-design tools, secure communications, and open-source infrastructure. In India, AI-based biometrics pioneered for welfare are now being adopted by police, raising concerns about privacy and security.

The US continues to resist binding regulation of platforms and AI, threatening tariffs on countries that regulate its tech. Conversely, the European Union seeks to set standards through the Digital Services Act and the AI Act, but risks an inward focus at a time when technology is irreducibly transnational.

Countries that have regularly conducted internet speed test shutdowns in recent years include India, Iran, Ethiopia, and Myanmar; the highest recorded number of internet shutdowns in a single year was in 2019, with over 200 incidents globally. In 2024, 296 internet shutdowns were recorded in 54 countries.

However, the Federal Trade Commission warned US firms that compliance with EU or United Kingdom tech laws could compromise Americans' speech rights and privacy, indicating the complexities and challenges in establishing global standards for tech regulation.