In any US-Syria conflict, cyberweapons could fly in both directions (+video)
Syria's cyberwar capabilities may be modest, but its allies and sympathizers – including Russia and Iran – could pose a more formidable cyber threat to the US, experts say.
(Page 2 of 2)
Iran and Russia, however, each have strong reasons to avoid becoming embroiled in any conflict with the US. Iran’s new president is trying anew to start up international talks on its nuclear program and lift economic sanction. But Iran’s cyber militia is believed to be behind ongoing cyberattacks against US banks.Skip to next paragraph
In Pictures Syria's civil war: a Middle East crisis
Subscribe Today to the Monitor
Since 2010, repeated cyberattacks have targeted the Iranian nuclear program, with considerable damage. As a result, Iran has made significant investments in offensive cyber capabilities, spending more than $1 billion since 2011, according to congressional testimony in March by Ilan Berman, vice president of the American Foreign Policy Council. Iran now boasts the “fourth largest” cyberforce in the world, including its regime-aligned “cyber army” of hacktivists under the control of Iran’s Revolutionary Guards, Mr. Berman testified.
Iran has also been blamed for an attack on Saudi Arabia’s national oil company, Saudi Aramco, that destroyed some 30,000 computer work stations with a computer virus.
Russia, meanwhile, remains at odds with the US over NSA leaker Edward Snowden, and relations are cool. Still, President Vladimir Putin likely wants to avoid any serious conflicts that may harm his country’s economy, experts say.
Even with these serious reservations, however, Russia or Iran could under certain circumstances be induced to take a cyber shot at the US, especially if they believed the attack could not be attributed to them, they say.
“With Russia it’s a political decision about whether or not they would let their cyber criminals help out Syria,” says James Lewis, senior fellow at the Center for Strategic and International Studies in Washington. “Or, you know, if the US accidentally killed some Russian in Syria that could change the equation.”
Iran and Russia could also feel driven to a cyberattack on US targets if either became seriously afraid that an ongoing US strike was threatening the Assad regime’s survival. If so, “that could justify a bigger fight with America involving cyber action,” Dr. Lewis says.
Another critical element: Neither Iran nor Russia are likely to jump into a US-Syria cyber fracas unless their leaders believe the Internet’s anonymity, or a proxy, will shield them from being tagged as the culprit and so avoid US retribution.
“Iran would like to do this, possibly, but only if they have assurances that it is not traceable,” says Hayat Alvi, an associate professor in the national security affairs department at the US Naval War College in Newport, R.I. “It’s not in Iran’s interest to be in a cyber or kinetic war with the US – far too risky, too devastating. But they can certainly try to do things through proxies like Hezbollah or the SEA.”
There is precedent for a cyberstrike on Syria. Israel in 2007 flew jets into Syria through its Russian-made radar defenses to bomb the nuclear reactor it was building. The bombers got through unscathed in part because Israel penetrated a cyber backdoor in the Syrian radar system, feeding it code that caused the radar to read all clear to its operators who never saw the Israelis coming.
Despite that past success, there are some good reasons to believe the US might do less with cyberweapons in Syria than some expect. For one thing, cyberweapons, once used, are usually no good anymore. If there is a vulnerability still in the Russian-made Syrian radar, for example, it might be better to hang onto that capability for another time when that attack system is more needed.
Indeed, because the American military has already lost the element of surprise in the pending attack on Syria, it’s much less likely to deploy cyberweapons en masse, says John Bumgarner, research director for the US Cyber Consequences Unit, a non-profit group that studies cyberconflict.
The US military will be utilizing stealth aircraft and ground-hugging missiles, some of which will destroy Syrian air defenses in the first few minutes of the conflict. Some of these air defense systems could still be cyber targets, he notes.
“While the US military has the capability to conduct preparatory or supporting cyberstrikes on Syrian targets, it's unlikely that these strikes would provide the US military with a greater tactical advantage than they already have,” Mr. Bumgarner says in a phone interview. “Unfortunately, a cyberstrike against a Syrian air defense system doesn't guarantee its elimination from the battlefield, but a missile strike does.”