In any US-Syria conflict, cyberweapons could fly in both directions
Syria's cyberwar capabilities may be modest, but its allies and sympathizers – including Russia and Iran – could pose a more formidable cyber threat to the US, experts say.
Cyberattacks to neutralize Syrian targets, such as its anti-aircraft radar systems, are likely be part of any US-led effort to bomb or assault the Assad regime. Yet Syria and its sympathizers are equally likely to launch retaliatory cyberstrikes against US targets, say experts in cyberconflict.
The US has had a cyber bead drawn on Syria for well over a year now, plenty long enough to infiltrate and compromise key Syrian military systems, several experts say. But to what degree the US will use that capability is far from clear, especially since it might not be needed to accomplish its key goals.
Still, many experts say it is quite likely cyberweapons will be launched. Some even suggest using them would be a good idea, adding the US should tell the world what is happening so it can be shown that such weapons can be used responsibly without killing people.
“There’s this mystique about cyberweapons – but nobody’s ever died from a cyberattack,” says Jason Healey director of the Cyber Statecraft Initiative at the Atlantic Council, an international diplomacy think tank in Washington. “Here the US has the opportunity not only to show how cyberweapons can be utilized responsibly under the laws of war ... [but also to] display how such weapons are more humanitarian than bombs that kill people.”
Michael Clarke, director-general of the Royal United Services Institute for Defense and Security Studies in London, says it’s clear any conflict with Syria is going to have a major cyber component.
“Cyberwarfare would likely play a more prominent role in an intervention in Syria than in any conflict to date,” he wrote in an analysis last year. “Cyber techniques are anonymous, deniable, inexpensive, increasingly effective, and comparatively risk-free, certainly in terms of own casualties. This makes them attractive in this highly complex, precarious, and fraught situation.”
Syria’s own offensive cyber capabilities are believed to be quite limited, including those of the Syrian Electronic Army hacktivist group it supports. In recent years the SEA has targeted websites of news media perceived as critical of Syria. Last month the hacktivist group knocked The New York Times site down for a day.
Knocking down websites is considered more of a nuisance than a threat to the US or its operations. Yet anti-American hacktivists worldwide could support Syria and its SEA. Add to that the possibility that Syria’s nation-state allies could join in – with unpredictable results.
“A cyberattack against the US from Syria is a significant area of concern that we need to be prepared for,” says Frank J. Cilluffo, director of the Homeland Security Policy Institute at George Washington University in Washington, D.C. The US government is doubtless sending warnings to operators of US critical infrastructure, such as the power grid, to be on guard for cyberattacks, he and others say.
Yet if Syria’s capabilities alone are modest, some Syrian allies with much more formidable offensive cyberwar capabilities – such as Russia and Iran – are far more dangerous cyber foes. Any cyberbattle that manages to draw in either of those nations could become suddenly much more dangerous for the US, these experts say.
“The Syrians clearly don’t have the capabilities some nations have,” Dr. Cilluffo says. “But what they lack in capability they make up for in intent. They can rent or buy capability. Obviously the level of escalation changes if Iran, Hezbollah, or Russia come into the fray.”
Iran and Russia, however, each have strong reasons to avoid becoming embroiled in any conflict with the US. Iran’s new president is trying anew to start up international talks on its nuclear program and lift economic sanction. But Iran’s cyber militia is believed to be behind ongoing cyberattacks against US banks.
Since 2010, repeated cyberattacks have targeted the Iranian nuclear program, with considerable damage. As a result, Iran has made significant investments in offensive cyber capabilities, spending more than $1 billion since 2011, according to congressional testimony in March by Ilan Berman, vice president of the American Foreign Policy Council. Iran now boasts the “fourth largest” cyberforce in the world, including its regime-aligned “cyber army” of hacktivists under the control of Iran’s Revolutionary Guards, Mr. Berman testified.
Iran has also been blamed for an attack on Saudi Arabia’s national oil company, Saudi Aramco, that destroyed some 30,000 computer work stations with a computer virus.
Russia, meanwhile, remains at odds with the US over NSA leaker Edward Snowden, and relations are cool. Still, President Vladimir Putin likely wants to avoid any serious conflicts that may harm his country’s economy, experts say.
Even with these serious reservations, however, Russia or Iran could under certain circumstances be induced to take a cyber shot at the US, especially if they believed the attack could not be attributed to them, they say.
“With Russia it’s a political decision about whether or not they would let their cyber criminals help out Syria,” says James Lewis, senior fellow at the Center for Strategic and International Studies in Washington. “Or, you know, if the US accidentally killed some Russian in Syria that could change the equation.”
Iran and Russia could also feel driven to a cyberattack on US targets if either became seriously afraid that an ongoing US strike was threatening the Assad regime’s survival. If so, “that could justify a bigger fight with America involving cyber action,” Dr. Lewis says.
Another critical element: Neither Iran nor Russia are likely to jump into a US-Syria cyber fracas unless their leaders believe the Internet’s anonymity, or a proxy, will shield them from being tagged as the culprit and so avoid US retribution.
“Iran would like to do this, possibly, but only if they have assurances that it is not traceable,” says Hayat Alvi, an associate professor in the national security affairs department at the US Naval War College in Newport, R.I. “It’s not in Iran’s interest to be in a cyber or kinetic war with the US – far too risky, too devastating. But they can certainly try to do things through proxies like Hezbollah or the SEA.”
There is precedent for a cyberstrike on Syria. Israel in 2007 flew jets into Syria through its Russian-made radar defenses to bomb the nuclear reactor it was building. The bombers got through unscathed in part because Israel penetrated a cyber backdoor in the Syrian radar system, feeding it code that caused the radar to read all clear to its operators who never saw the Israelis coming.
Despite that past success, there are some good reasons to believe the US might do less with cyberweapons in Syria than some expect. For one thing, cyberweapons, once used, are usually no good anymore. If there is a vulnerability still in the Russian-made Syrian radar, for example, it might be better to hang onto that capability for another time when that attack system is more needed.
Indeed, because the American military has already lost the element of surprise in the pending attack on Syria, it’s much less likely to deploy cyberweapons en masse, says John Bumgarner, research director for the US Cyber Consequences Unit, a non-profit group that studies cyberconflict.
The US military will be utilizing stealth aircraft and ground-hugging missiles, some of which will destroy Syrian air defenses in the first few minutes of the conflict. Some of these air defense systems could still be cyber targets, he notes.
“While the US military has the capability to conduct preparatory or supporting cyberstrikes on Syrian targets, it's unlikely that these strikes would provide the US military with a greater tactical advantage than they already have,” Mr. Bumgarner says in a phone interview. “Unfortunately, a cyberstrike against a Syrian air defense system doesn't guarantee its elimination from the battlefield, but a missile strike does.”