How Will the Splinternet Impact Cybersecurity

Most people think of the internet as a globally connected resource. However, user experiences are not necessarily as consistent as they believe. Factors such as politics, regulations and censorship have made the internet a fragmented “splinternet” for some users. What are the potential implications for cybersecurity?

Changes in Social Media Platforms’ Policies

In the early days of the internet, people mostly went directly to website URLs and saw the same content regardless of where they lived. Eventually, companies began using technologies to determine site visitors’ locations and provide personalized content.

Social media companies have taken that approach to greater heights, allowing users to follow specific friends, businesses and other types of accounts. However, algorithms still work in the background, dictating what people see on their feeds.

Researchers explored how TikTok’s content adapted in response to Russian censorship laws following the country’s invasion of Ukraine. These policies resulted in a 95% reduction in the platform’s content available to people accessing it in Russia. Additionally, people trying to access accounts created outside Russia with Russian IP addresses saw blank pages. The researchers also found that these TikTok changes proliferated pro-war material on the platform for Russian users. This shift happened despite representatives claiming they banned new information uploads.

Another discovery was that TikTok promoted state-controlled stories. That decision, combined with users suddenly cut off from anything outside Russia, created cybersecurity risks by potentially making people unaware of genuine dangers, such as new online threats.

The short-term ban of TikTok in the United States also revealed that the platform can disappear overnight for some people. Those affected said VPNs did not restore their access, raising concerns about how the platform blocked them. One possibility is that it flagged accounts created in the United States — an approach that would adversely affect people who began using TikTok there and eventually moved elsewhere.

Social media algorithms arguably affect how people see the world. This reality could worsen the spread of misinformation, making cybersecurity professionals’ jobs more challenging, especially if people do not believe warnings of known threats — or never see coverage of them to begin with.

Potential for Fewer Cyberattacks

Countries including China, Iran and North Korea heavily censor users’ internet access. A common means of censorship is preventing people from using messaging apps made outside of those countries.

One of the few positives of that highly restrictive approach is that it could reduce the number of cyberattacks within those countries or targeting them. Severe limitations on how people can use the internet might make them less likely to experience malware or ransomware.

Recent events indicate that the splinternet could also curb the ramifications of third-party failures. A July 2024 Crowdstrike outage affected numerous countries, most notably making many airports’ technology infrastructures inoperable. A flaw within a threat-mitigation and monitoring sensor was to blame. China barely felt the impacts because many entities there do not use Crowdstrike technology. Most of the effects were on foreign organizations operating in China, including hotel chains.

Although China’s internet restrictions could make future cyberattacks less likely, they might also have the opposite effect — particularly if criminals learn to exploit the systems and brands used in the country. It’s easy to imagine a scenario where Chinese organizations are less able to defend themselves against cyberattacks because of the incompatibility of existing commercial solutions with the nation’s tech infrastructure.

Restricted Access to Reputable Cybersecurity Resources

Although many cybersecurity professionals may primarily rely on updates from the organizations in their countries, some frequently keep themselves updated about threats other countries have identified. For example, the United States’ Cybersecurity & Infrastructure Security Agency (CISA) publishes bulletins about known exploited vulnerabilities and provides suggested protective measures. Accessing that information is an excellent way to remain proactive against threats appearing in the global landscape.

However, someone who can only access the splinternet may lack that advantage if they can only get cybersecurity updates from entities within the same country where they live.

Sharing information about security threats can greatly reduce their effects. Professionals working to secure infrastructures within nations that limit internet access may be disadvantaged because they cannot learn about threats identified elsewhere.

Similarly, perhaps someone who aspires to work in cybersecurity and has only had access to the splinternet enrolls in an educational program in a country with virtually no restrictions. The sudden opening up of the internet to them could pose a steep, overwhelming learning curve. However, if they remain determined and earn their cybersecurity qualifications, the state of the market offers excellent job opportunities, regardless of where they choose to work.

Worldwide, cybercrime cost an average of over $8 trillion in 2023. People with the knowledge to combat it should find themselves in secure, in-demand positions for the foreseeable future. The only possible complication is that the splinternet may further segment the attack surface that cybercriminals target, making professionals’ work more demanding.

Responding to N ew Cybersecurity Concerns

Internet security professionals must remain vigilant against new threats and quickly determine how to combat them. While the splinternet is a cybersecurity complication many people likely overlook, those familiar with the matter believe the internet will only become more fragmented over time. Anyone interested in cybersecurity should stay aware of how things develop, even if the fragmentation does not directly affect them yet.

About the Author

Zac Amos is the Features Editor at ReHack, where he covers cybersecurity and the tech industry. For more of his content, follow him on Twitter or LinkedIn.